Slashdot Mirror
Legalizing Attacks on P2P Networks
miniver writes: "Rep. Howard Berman (D-Calif.) wants to legalize DoS attacks on P2P networks such as Kazaa and Morpheus by 'copyright holders.' The Washington Post reports on his proposed legislation here. Berman's bill, to be introduced in the next several weeks, would attempt to minimize the illegal trading of copyrighted songs and other content on "peer-to-peer" (P2P) networks by permitting copyright holders to use technology against pirates. As can be expected, the RIAA is in favor of the proposed legislation."
While I think that technology is really the only thing that's going to realistically provide the media industry the defense they've been searching for, I'm wondering what exactly this law will permit. For example, I produce copyrighted works on a daily basis on my website, at my office, etc. So do I then, suddenly, have the right to launch attacks on P2P networks? Furthermore, what kinds of attacks will be legitmized. Would be rather bizarre to have a nasty and dangerous worm become legal simply because it was launched against a P2P network.
Seems like another case of a congress critter trying to bring the law into an area he truely does not understand..
This sig has been temporarily disconnected or is no longer in service
"Rep. Howard Berman (D-Calif.) wants to legalize DoS attacks on P2P networks such as Kazaa and Morpheus by "copyright holders".
Umm okay. They can have that right if I can have the right to DoS the RIAA for infringing on my fair use rights. After all, all men are created equal.
"Derp de derp."
Flip forward 150 years, and those who copy data without the authors' permission are called pirates. Fearsome mercenaries of the sea, to be sure. But in an ironic turnabout, California wants to make it legal for mercenaries to get under the skin of these modern pirates.
I wonder what they'll call these P2P mercenaries once the states change their minds?
I think there is an interesting question remaining about systems which judge the fidelity of an MP3 file.
Imagine a 3rd-party system which keeps track of the audio fingerprint for a known "good" copy of a song. Then somebody could fingerprint their version of the song through the 3rd-party verification system.
IMHO, the 3rd-party verification system is not directly contributing to piracy. The RIAA would not have a good case to sue them, since there are many non-infringing reasons to have the information (and the verificaton site wouldn't actually have a copy of the MP3). But it would be a very valuable check before downloading a file one found on the Internet.
Sort of a "Good Musickeeping Seal of Approval".
Would this be useful (and not get itselt sued)?
Here's the big thing. Who will this affect? If the RIAA has any say at all (and this goes above and beyond whatever means they use) it will affect everyone. That would be everyone in the world. Everyone in the world regardless of whether or not the US Constitution even affects them.
Sure it's been said, and maybe not even necessary for this topic, but I can see no good coming of this when a US bill gives the RIAA power over everyone in the world. That's impossible, but very likely that it will be taken as such. No bill in the world, save from maybe a direct mandate by the UN, can give a company this power (and the UN is a little busy right now trying to stop people from killing each other, not making sure I don't download the latest N'sync auditory torture). Why don't we just launch targeted deterrents against everyone pirating music? Oh, wait. We can't. Sure we "can", but it would be illegal in THEIR country and wide open to a good old All-American lawsuit, just like everybody else. Or maybe we just forgot this little fact.
Oh please let someone in Belgium sue the RIAA. It would just be funny.
- Relativistic? That's barely Newtonian!
ok, maybe we need a p2p trust ring.
a cross between advogato.org's trust rating and ebay's seller rating..
nmarshall
The law is that which it boldly asserted and plausibly maintained..
--Colonel Burr 1783
This will become law.
Wanna know why?...
- because the US govt can wiretap and you can't
- because the US can have nukes but other nations are punished for the same thing.
- because US govt can use high level encryption and you can't
- because cops can speed and you can't
- and finally because you live in America
But don't forget that the price to actually buy boat loads of computers to attack P2P networks will be payed for by the little teeny-boppers buying N'Sync CDs and they'll get so angry that they'll just start using Kazaa anyway. Kind of shooting yourself in the foot huh RIAA?
The real generation of high Gnutella user counts will occur when those service based P2P applications get attacked.
Here's one example: If a person is on your trusted list, you can get files from them, people they trust, and so on down for as many levels as you like.
Each trusted node would be identified by a unique ID and a matching key. All that's needed is an optimized searching system for finding friends. It would be easy to cache friends' trust lists, signed with their key. When trusted friends aren't on, you can check with their friends for caches.
Searching would be expensive while priming caches, and there'd be a bit of extra traffic involved with this, but you might also limit friends to people with decent bandwidth and be sure to have a few friends who're always connected. Include blacklists as well in the same scheme, and sites giving bogus data (as well as sites that like to shut-down with transfers incomplete or allow too many connections for their bandwidth) would vanish from your acceptable search set in a hurry.
There's nothing like a little adversity to foster innovation. Of course there are gaping holes in the current suite of P2P apps. The upshot to RIAA or the record companies trying to disrupt service is that it will force people to sit down and actually think about these weaknesses, and fix them. End result: much more secure, robust P2P networks. Just off the top of my head, adding PGP-style "webs of trust" on top of any of the current P2P networks would seem like a good way to circumvent this sort of attack. Someone sends you white noise in place of your Black Sabbath? Shitlist them. Similarly, clients that you repeatedly, successfully transact with become "trusted" in your eyes. And depending on how much you trust them, their "trustees" become trusted (and their shitlisteed, erm... shitted) to you, as well. Granted, it's 12:50AM and I'm babbling, but the beauty of this approach is that it harnesses the inherent power of the a distributed network. There's no single point of failure, so there's no way a rogue client could spoof these webs of trust. Every client speaks for itself. Get enough shithits (God, the lingo alone makes fleshing this system out worthwhile) on a certain client--for the sake of discussion, we'll call him "dmca.riaa.org"--and you just start ignoring it. And so does everyone that trusts you, etc. etc. etc. This type of system has I'm sure been worked out in much more detail and analyzed for potential weaknesses than I'm capable of doing at the moment. Anyways, moral of the story is that this sort of forced evolution, even though it usually gets painful and ugly in the short-term, is often be a good thing in the long-run. (If you haven't guessed yet, you're speaking to someone who treats capitalism as a religion and social Darwinism as God's gift to man :)
I think there is a world market for maybe five personal web logs.
Simple solution. Totally black list any riaa sites from the rest of the net. Enter their ips on the major backbone routers, and blackhole their traffic. Think about it, you dos someone, and we blackhole 100% of your traffic. No email, no vpn's, no nothing for you riaa pigs. A dos attack is an abuse of the net. And if the fascists want to abuse the net, then they simply dont need it. And i think its likely that the riaa WOULD get their net nuts cut off if they started this crap, simply because a dos is against any kind of TOS (terms of service) in existance. If your uunet, exodus, etc, would you tolerate that kind of crap on your network? i sure as hell wouldnt.
Lawyers, MBA's, RIAA? A jedi fears not these things!
Does anyone have any information on how they propose to define the P2P networks they will be targetting? The lawsuits that shut Napster down were able to be directed because of its centralised nature. Fake files, multiple accounts and the like can certainly slow users of sharing networks, but what happens when the next generation of software allows for filtering by IP, allows search by some form of checksum or provides a 'thumbnail' in the form of a low quality/highly compressed image of the original?
Is anyone who uses file-sharing software part of one of these 'pirate networks'? If that argument can be sustained then the more common DoS that we see from script-kiddies may become if not legalised then certainly decriminalised.
This, then, begs the question - Is it possible to characterise the RIAA as a P2P network under this legislation?
This is great news, however the bill is too limited in scope to be really effective.
The bill should be expanded to allow the victms of all crime to directly take action against those who commit crimes against them, be it copyright infringement, property theft, assult, or murder.
Imagine a world where the RIAA can commit DOS attacks on those who they claim would infringe their copyright. Imagine a world where a rape victim could stalk and ultimately castrate her attacker. Imagine a world where parents of murdered children could take the life of the person accused of that crime.
Allowing the RIAA to DOS p2p networks is legalising revnge and retribution. Keep going down that road, and you will find the above examples. I cant beleive there are people in your government that actually believe this would be a good thing. I only hope such people dont exist in ours.... Unfortunately Im beginning to think they do.
"If I could only live my life with my threshold at 4... " -- Wil Wheaton
His bill would allow copyright holders to set up decoy files and use other techno-tricks like file-blocking and redirection to throw P2P pirates off the trail, but it would forbid those holders from employing tactics that would damage or destroy pirates' own computer systems.
Destroying, crashing or damaging people's computers, software or other technology systems is illegal under the Computer Fraud and Abuse Act, as are many of the ideas Berman is suggesting should be available to content owners - though he said that viruses should not be used as defense mechanisms.
The major goal of this bill is probably not to give the RIAA and MPAA new tools against p2p pirates, but legitimize tactics that they're already using. I can't imagine that they haven't already started putting up bogus files - I mean, people are already doing this to each other (go find the Minority Report avi on gnutella and tell me if you like watching the Scorpion King trailer over and over and over again). What probably spurred on this proposal was that someone, somewhere within the RIAA and/or MPAA realized that they might be breaking some sort of laws relating to online misrepresentation or - god forbid - violating the Terms of Agreement of the p2p software, so they're just making loopholes in existing laws in order to wreak havoc legally.
What would happen if the RIAA violated the Morpheus terms of agreement? Would that mean we're allowed to redirect their network connections or flood them with bogus files, since they're using the software in ways other than it was originally intended? Does that misuse violate the DMCA, or are they going to write the bill so that they are allowed to get around the DMCA in order to protect their copyrights?
Finally, as someone else suggested, are they allowed to spew garbage traffic all over private networks on which these p2p apps are run? Of course, I'm sure Roadrunner (a la AOL Time Warner) won't mind, since they're aligned with the RIAA and the MPAA, but it should be interesting if someone sues because they can't legimately use their favorite p2p app because the record labels have been flooding its network.
First they ignore you, then they laugh at you, then they fight you, then you win. -- Gandhi
First they ignore you, then they laugh at you, then they fight you, then you win. -- Gandhi
and for Americans. What happens if this goes through in the US and they hit a person outside? Could the person sue the instigator for damages?
I envision a whole new world. One in which differences of opinion are solved by ddos attacks. Don't like the way your senator voted? ddos him. Object to the afghan campaign? ddos a few military networks. Think that abortion is wrong? ddos ddos ddos.
Blah. Why do people elect retards?
"In The Minority Report..."
The UK already tried to imprison people 'likely to commit a crime' -- based on histories of violent behaviour, mental illness, etc.
So don't assume a democratic society isn't capable of doing such things. Eternal vigilance and all that...
It's more like a letter of reprisal. The question is if a generalized letter of reprisal is passed (entirely constitutional) would this legalize hacking the RIAA et al for any copyright violations they might be doing?
OK, so I live in Canada and exchange files with friends in Brazil.
How can the RIAA use an American law to "legalize" an attack on me?
But, they just loaded up a lot of routers along the way. Are they going to forewarn ISPs that they're about to swamp them? Are they going to reimburse that ISP's customers who couldn't connect? It seems to me that these fucking morons think that Britney Spears CDs should cost money, but bandwidth is just there for them to clog and abuse. If this passes, the first few court cases should be VERY entertaining.