Slashdot Mirror
MPAA Requests Immunity to Commit Cyber-Crimes
The news has been buzzing around for the last couple of days that Representative Berman, whose palm has been crossed with silver by the entertainment industry, would introduce a bill permitting copyright holders to hack or DoS people allegedly distributing their works without permission. Well, the bill has been introduced - read it and weep. Although the bill wouldn't allow copyright owners to alter or delete files on your machine, they would be allowed to DoS you in essentially any other way. Let me restate that: the MPAA and RIAA are asking that they be allowed to perform what would otherwise be federal and state criminal acts and civil torts, and you will have essentially no remedy against them under any laws of the United States.
The Register is actually looking forward to this becoming law!
None are more hopelessly enslaved than those who falsely believe they are free. Johann Wolfgang von Goethe.
If I deface their servers, I can go to jail.
If they distrupt my internet connection, they get immunity. The hell with buying a CD if this happens. They have a monopoly and are not playing fair. It isnt the consumer's fault that the market that their product is changing all the time.
This is just as ludicrous as if the candlemaking industry would have protested thomas edison inventing the light bulb. They would have thugs with hammers break lights so people just use candles.
DOJ vs RIAA NOW!
Canadian Law? European Law? Russian Law? Japanese Law?
If the screw with my computer, will I be able to sure them senseless since I live in a different country?
"And someone said, 'Fair Warning, Lord.
The young man gone to town.
Turned from hunted into hunter.
Gone to hunt somebody down.'"
-Van Halen
I wonder at what point the revolt will happen. Something tells me it will be when it's far too late, and anybody trying to be proactive about it will be called a terrorist or something.
When will the American people wake up? It's so blatantly obvious to the rest of the world that your corporations are out of control. When are you going to finally realize it's time to put a leash on them?
Where will all of this end? Does the MPAA/RIAA actually need the right to attack individuals over the internet for having an mp3 of Stairway to Heaven on their pc? Is there anything dsl/cable/whatever providers can do to protect their customers from this?
More questions and a film at 11.
Yeah!
This article over at The Reg gives a satiric slant on that.
Go get yur black hats, podners!
MjM
XKCD:Xeric Knowledge Comically Dispen
If they do not do this, then is it not true that they have proven that they (the senators) are no longer protecting and standing by the principles upon which the united states of america's constitution was written?
What's the purpose of having the right to bear arms again? (rhetorical question)
...hello again Fidonet, old friend. How you be? Here, let me help you with that (whatever.)
This had better not pass into law because it's an open invitation to civil war on the net. I can't believe such stupidity makes it this far in Congress, no, wait, yes I can believe it in the context of UCITA, DRM, etc., etc., seemingly ad infinitum.
Everything in the Universe sucks: It's the law!
You can DoS all the p2p kittens you like, and keep on giving capitalism a bad name. Why? Real fsckin' simple:
So... DoS the kittens all you like. But if you DoS me there's no immunity: only vengeance as I show Edmond Dantes how we do things in New York City.
I think it's the duplicity that the government is showing is what everyone has a problem with.
"DoS'ing people is bad. Bad bad bad bad bad. Oh wait a minute... except for them."
It's just another instance of someone trying to have it both ways.
So if you managed to place the files in question on a server which also had some commercial purpose (say, hosting images for an eBay auction) might this trip the $50 limit and allow prosecution or civil action? I am only the son of a lawyer and not one myself, but this seems like a low threshhold for such a bill
The MPAA would hire a couple of "consulting" companies to carry out these acts.
These consulting firms would attack and disable some script kiddies computer who is serving MP3s.
So, what does the script kiddie do? He and his bunch of script kiddies go and shut down the offending consulting firms internet connection(s) with a DoS that's about 100 times more massive (because they can use everyone elses poorly protected servers to do it). And that's just if they pick on a teenager in the US.
Say they try and shut down some actual knowledgable hacker in, say, Russia. Wait a second... why are the bank account numbers, credit card numbers, home address and telephone for the head of the MPAA up on MPAA.com? Weird.
My question is, how does this web site even stay up?
I'm sure the script kiddies internet provider will just be pleased as punch that the MPAA just hacked one of it's customers and possibly used a DoS attack to do it (there by degrading the quality of service for all their clients)
Sounds great to me. It'll work like a charm this new law (if passed).
And why does the MPAA sound like a police orginization to me?
From their website:
To battle the problem, in 2000, the MPA launched over 60,000 investigations into suspected pirate activities, and more than 18,000 raids against pirate operations in coordination with local authorities around the world.
The MPAA/MPA directs its worldwide anti-piracy activities from headquarters in Encino, California. Regional offices are also located in Brussels (Europe, Middle and Africa), Mexico (Latin America) Canada and Hong Kong (Asia/Pacific).
Uhmm... that scares me
Casual Games/Downloads
I sent off this Letter to the Editor to newspapers in Coble's 6th District in North Carolina (Greensboro, High Point, Burlington, Asheboro, Lexington) this morning, before the bill was officially introduced. Hopefully it'll get published in at least one of the papers:
######
To The Editor,
For years, Congress and law enforcement has been telling us about the dangers posed by computer hackers. They have warned computer users about how you should be on guard for the damage that hackers can do to your computer systems.
However, Rep. Howard Coble is preparing to submit a bill in Congress that would grant almost complete immunity to large music and movie companies to hack into your computers, if they have the suspicion that you might be sharing copyrighted files. No proof or involvement by law enforcement will be needed. And what's more, if they damage your computers in this vigilante action, you'll need to prove real damages of over $250 and get the permission of the US Attorney General to file suit against them.
What Rep. Coble is saying is that computer hacking is bad, unless you're a rich corporation with lots of money to provide in campaign donations. The hypocracy of such a bill is stunning. The voters of Congressional District 6 need to decide whether Rep. Coble is looking out for their interests, or Big Hollywood's.
The logic of the MPAA is succinctly summarized in the caption to their copyright information page: "Copyright: The Engine of America's Economic Growth." That sort of logic is difficult to battle - it was used to justify slavery, among other things, and is successfully used to justify continued environmental degradation. "What's good for GM is what's good for America" has underlied a lot of policy in the past century - it's why we bail-out financial institutions and airlines, why white collar criminals who have reduced thousands of people to poverty still get smaller sentences - if any - than people who shoplift a bicycle or sell a few joints.
May I suggest that while we are discussing this abomination of a bill here on slashdot we also take the time to open our word processors and write letters to our representatives?
Remember that technically they are supposed to represent US, not the person/corporation with the biggest checkbook.
It may also do well to write your senators -- A similar bill will likely start up there eventualy, or if this mess passes the house it will wind up in the senate eventually.
Find your Representative and your Senators and make your opinion known.
(BTW - remember that paper letters are far more difficult to ignore than outraged emails. Especially en masse.)
/~mikeg
Before you can be punished for a crime, isn't due process required? And even if you are found to be committing a crime, since when were victims allowed to decide and administer punishment? This is seriously messed up stuff going on here, for this sort of thing even to be suggested by one of our representatives -- let alone if it actually passes!
It doesn't have one yet, but the text of the bill as introduced, is posted (in pdf format) on Declan McCullagh's site.
Under Berne all the script-kiddie DoS scripts are copyrighted by their authors ... Thus they will have to come up with new DoS scripts on their own. If we patent all the methods (heck the patent office has let much worse through) then all the attacks will be protected IP and the MPAA and RIAA will have to violate copyright and / or patent protections to attack. Could we organise a suit against them based on representing "John Doe's" interests since the authors of the scripts are unlikely to come forward? Could we consider the attacks to be derivitive works based on the code in firewalls that protects against them? Just some random thoughts since if this law goes through, this discussion might be a crimminal conspiracy...
Push the handle in the intended direction, just push it harder than expected.
- Tjp
I am in wallow with my inner money grubbing capitalistic pig. ... Oink!
"Also, consumers can boycott the movie and music industries."
Well that won't work. They'll just say their loss of sales is because of pirated music (er, wait) and then they WILL pass the bill.
Lets just say that I have T-1 line to the Internet and Verio is providing that line. When a DOS attack is launched it could potentialy flood every router between my box and the intiator of the attack.
Okay by law they were given the right to DOS me but not the ISP which can still file criminal charges. So, it sound like they are still shit out of luck unless the law gives them a "get out of jail free card" for all acts commited during the execution of a plan to attack the offender. Wow, now if that were the case it would open up a huge new can of worms.
"Help me Obi-/.-Kenobi,your my only hope!" -$
Assume that the MPAA and RIAA will be able to block packets from any P2P network that they identify as containing their works. I'm not sure how they'll do it, but it probably involves paying off the backbone owners and/or ISPs.
It seems to me that the obvious counter-measure is to use encryption and "trusted peer" techniques to preclude their ability to join the P2P network and/or identify who is trading what.
Folks, it is clear to me that the legislative process is so corrupted by the Copyright special interests that the laws that it produces are not legitimate representations of the will of the people.
I believe that the only moral response in such a case is to violate those laws. Screw the MPAA. Screw the RIAA. Screw Congress. It is time for freedom loving people to declare openly that they will not recognize copyrights held by the MPAA and RIAA.
Here's your chance to legally hack Microsoft and see if they're using your GPLed code.
Here's what I want to see happen:
Maybe the state's highest function is to grind out insoluble problems. (Zelazny, Hall of Mirrors)
Why is it always "a week", or "a month". Why not just boycott the bastards for good?
Jeez, does this mean after the boycott week we can run back to the record store with a wad of cash and buy up all those CDs we went without for a week?
Do you really think "a week" boycott will matter one bit to these nazis? No, the only thing which will work is a boycott of these clowns and their "products" for the forseeable future.
It is time for everyone to start faxing their Congressmen.
Here is the simul email/fax I sent today:
Dear Representative Combest,
Recently, your colleague, Representative Howard Berman from California, introduced a bill that would allow copyright holders such as movie studios, publishers, or record labels to take 'technological measures' against computer networks they suspect of violating their copyrights.
These 'technological measures' are computer 'Denial of Service' or 'DOS' attacks, computer cracking, and other actions that are otherwise considered computer crimes. Right now, if an individual did the same thing that these content industries are asking to do via Berman's bill, he would be investigated by the FBI and put in prison for harming a computer network or a computer. These 'technological measures' are no different. Besides harming an individual's computer, who may or may not be guilty of copyright violation, they also harm Internet Service Providers, Universities, or any other business that is connected to the Internet. The bandwidth lost to 'Denial of Service'-type attacks doesn't affect just people the content industry suspects being guilty of copyright infringement, but everyone connected to the Internet by reducing the amount of bandwidth available for legitimate data.
Worse, if these industries are allowed to start perpetrating these kind of attacks on individuals or companies, it will become impossible for computer administrators, police forces, or federal investigators to differentiate illegal attacks from sanctioned attacks. Computer 'hacking' and cracking will rise in frequency and volume simply because malicious criminals will be able to take advantage of the 'noise' generated by legal attacks.
There is no difference between malicious computer attacks and the 'technological measures' proposed by Representative Berman. I urge you to oppose his bill in the strongest possible terms.
The next Slashdot story will be ready soon, but subscribers can beat the rush and slashdot the links early!
So, correct me if I'm wrong, but doesn't this leave Google (and a slew of others) open to attack from $cientology because of both cached copies of pages, and supposedly copywrited documents?
If anyone who has copyrighted material on the internet can attack a server to prevent the distribution, what will it mean for Google's humongous (and often convenient) cache of stored webpages?
Perhaps this will finally force security to the forefront where it belongs. File traders to protect themselves from Hollywood, Hollywood to protect themselves from everyone else...
--hsm
...what they're about to unleash.
Even if this laughable bill doesn't become law, the very fact that the MPAA and RIAA are pushing for it is probably going to land the IP address ranges of both companies in an awful lot of locally-maintained E-mail and web proxy blacklists, just on principal alone.
As for their tactics; Any SysAdmin worth their salt can easily detect, isolate, and block a DoS attack at the router level. Such an attack has little effect if the attacking system gets no response whatsoever from the target IP.
In any case, that's really beside the point. The way I see it, this kind of crap has the potential to release a widespread public-relations and consumer backlash that the industry as a whole may never recover from.
Bruce Lane, KC7GR,
Blue Feather Technologies
George Bush and Oil Industry CEOs - 'Can we have immunity from laws protecting the environment and virgin wilderness in order to increase our profits and control of the energy industry by drilling in Alaskan wilderness and completely ignoring global warming and any other environmental concerns that are too expensive for us to worry about?' - Pending.
IIRC - the Arctic National Wildlife Preserve has nothing at all to do with global warming. Whether they drill there or not doesn't make one bit of difference in the overall global warming picture. All drilling up there is going to do is kill a bunch of endangered (or soon to be endangered) species, which are pretty crucial to the ecosphere up there, which is already on the verge of collapse due to effects of global warming which has already happened. So basically, it doesn't really matter whether they drill up there anyway. Those animals are already living on borrowed time. Pity.
These are my friends, See how they glisten. See this one shine, how he smiles in the light.
I'm glad someone else thought of this..... Quite simple really - write a song, doesnt matter what it is, or even if you know how to play - bang two tin pots together or something, and record it. Then put it on a CDR, and copyright it. Sell it to a friend for 10 cents and you have LEGALLY distributed it. Now..... lets go see if anyone has pirated my song thru P2P. Where can we hack into and search first? Microsoft? Yahoo? Department of Defense??? The possibilities of what you can now do LEGALLY are endless.....
Suppose I, situated in Europe, shared something your (RI,MP)AA would object to. What then? Would your p(r)etty "Congress" yet another time rule that fscking USian law has to be applied _worldwide_ (much alike Sklyarov)?
Right now I'm fantasizing about DMCA vs. EU cybercrime directives, the latter _explicitly_ making (d)DoS illegal.
But, as the old saying goes:
-- Q: What is the DMCA, exactly?
-- A: The Copyright Lawyers Lifetime Employment Act.
Talking about "getting them back" is pointless.
They will probably direct their DoS attacks against the internals of the P2P protocols, rather than the users machines. They will use disposable (and anonymous) nodes to do so--they may be unscrupulous, but they are not stupid.
Nonetheless, the proposed law is extremely prone to being abused.
What we need to do is start designing the next generation P2P systems that will be immune to things like legitimate-looking users posting bogus files, etc.
----------------
Here's what I can think of on the spot
1) Community-based systems (akin to slashdot) where some nodes have more "credibility" points.
Node "karma" would be based on
-Total Kbytes streamed out
-Moderation by other "trusted" nodes
The community aspect must not get in the way of reaching a "critical mass" of users, without which any P2P system is bound to fall.
2) Ability to randomly sample small segments of files on remote nodes in order to determine whether they are legit. This would stop them from uploading complete garbage, or legitimate-looking beginnings followed by garbage.
3) Distributed method of establishing trust. This is the tricky part. We could use public-key crypto in some fashion. Perhaps nodeID blacklists or whitelists could be distributed among the users, or uploaded to FreeNet. Before downloading a song from an unknown node, my machine would query 10-20 random nodes for blacklist info. This would make it a lot more difficult to set up random nodes hosting garbage.
5) Other heuristics to determine the trustworthiness of nodes and/or files.
7) Doing all of the above in a relatively speedy (i.e., not impractically slow such as gnuTella) and relatively anonymous/pseudonymous way.
-----------
Please reply (i.e., follow-up to the post) with any further ideas. Perhaps we can seed the minds of the developers who'll be coding the next generation of P2P software. Are there any ideas we can glean from eBay's trust management system?
That they work for US.
WE pay their salaries, WE pay their employees, WE pay their artists when WE buy their products.
If they get us sufficiently mad, WE will not spend our hard-earned money on their products any more and THEY will feel it.
It's about time to organize a month-long media boycott. Show the "big boys" exactly how much power we have over "their business". Pick a nice date like January, 2003, and just swear off ANY CD/Movie Ticket/DVD purchases for a month.
Easy to do - if you wanna watch a movie or listen to some music, just borrow it from a friend, but don't spend a RETAIL DIME purchasing anything.
"Nothing strengthens authority so much as silence." - Charles de Gaulle
Writing to our elected officials is important. We also need to remember that there are some very good organizations that really understand these issues and are out there fighting for our rights every day. They need and deserve our support.
Even small donations will make a difference. There are a lot of us, people; once we get into the habit of putting our money where our mouths are, the **AA's will be in deep trouble.
If you can afford it, consider donating $100 a year to each of these organizations, as I do. It's really worth it.
- The Free Software Foundation
(click on "Donate", or volunteer, or contribue hardware or expertise)
- Electronic Frontier Foundation
It appears that the MPAA/RIAA, etc. will only have the ability under this law to:
a) restrict people from trading works to which they are the copyright owner (meaning every company that owns copyrighted material will have to employ these countermeasures or have someone do it on their behalf)
b) intervene only on the P2P network itself (deleting files on file traders PC's is expressly prohibited by the legislation) as those files may have been created via fair use.
c) only affect "Public" P2P networks (e.g. Gnutella)
What they are trying to get approval for basically amounts to running programs (some kind of bot maybe) that interrupts or interferes with downloads of whatever files they are trying to prevent from reaching public distribution. They can only
"block, divert or otherwise impair the unauthorized distribution, display, performance, or reproduction of his or her copyrighted work on a publicly accessible peer-to-peer file-trading network, if such impairment does not, without authorization, alter, delete, or otherwise impair the integrity of any computer file or data residing on the computer of a file trader."
This will deter casual users from trading files with P2P, and the most popular media will probably be very hard to obtain for some time after its release. I don't think they'll give a shit about your rare old Morrissey bootlegs or anything that's not on the Bestsellers lists.