Slashdot Mirror
MPAA Requests Immunity to Commit Cyber-Crimes
The news has been buzzing around for the last couple of days that Representative Berman, whose palm has been crossed with silver by the entertainment industry, would introduce a bill permitting copyright holders to hack or DoS people allegedly distributing their works without permission. Well, the bill has been introduced - read it and weep. Although the bill wouldn't allow copyright owners to alter or delete files on your machine, they would be allowed to DoS you in essentially any other way. Let me restate that: the MPAA and RIAA are asking that they be allowed to perform what would otherwise be federal and state criminal acts and civil torts, and you will have essentially no remedy against them under any laws of the United States.
The Register is actually looking forward to this becoming law!
None are more hopelessly enslaved than those who falsely believe they are free. Johann Wolfgang von Goethe.
"And someone said, 'Fair Warning, Lord.
The young man gone to town.
Turned from hunted into hunter.
Gone to hunt somebody down.'"
-Van Halen
I wonder at what point the revolt will happen. Something tells me it will be when it's far too late, and anybody trying to be proactive about it will be called a terrorist or something.
When will the American people wake up? It's so blatantly obvious to the rest of the world that your corporations are out of control. When are you going to finally realize it's time to put a leash on them?
Where will all of this end? Does the MPAA/RIAA actually need the right to attack individuals over the internet for having an mp3 of Stairway to Heaven on their pc? Is there anything dsl/cable/whatever providers can do to protect their customers from this?
More questions and a film at 11.
Yeah!
This article over at The Reg gives a satiric slant on that.
Go get yur black hats, podners!
MjM
XKCD:Xeric Knowledge Comically Dispen
...hello again Fidonet, old friend. How you be? Here, let me help you with that (whatever.)
This had better not pass into law because it's an open invitation to civil war on the net. I can't believe such stupidity makes it this far in Congress, no, wait, yes I can believe it in the context of UCITA, DRM, etc., etc., seemingly ad infinitum.
Everything in the Universe sucks: It's the law!
I think it's the duplicity that the government is showing is what everyone has a problem with.
"DoS'ing people is bad. Bad bad bad bad bad. Oh wait a minute... except for them."
It's just another instance of someone trying to have it both ways.
So if you managed to place the files in question on a server which also had some commercial purpose (say, hosting images for an eBay auction) might this trip the $50 limit and allow prosecution or civil action? I am only the son of a lawyer and not one myself, but this seems like a low threshhold for such a bill
The MPAA would hire a couple of "consulting" companies to carry out these acts.
These consulting firms would attack and disable some script kiddies computer who is serving MP3s.
So, what does the script kiddie do? He and his bunch of script kiddies go and shut down the offending consulting firms internet connection(s) with a DoS that's about 100 times more massive (because they can use everyone elses poorly protected servers to do it). And that's just if they pick on a teenager in the US.
Say they try and shut down some actual knowledgable hacker in, say, Russia. Wait a second... why are the bank account numbers, credit card numbers, home address and telephone for the head of the MPAA up on MPAA.com? Weird.
My question is, how does this web site even stay up?
I'm sure the script kiddies internet provider will just be pleased as punch that the MPAA just hacked one of it's customers and possibly used a DoS attack to do it (there by degrading the quality of service for all their clients)
Sounds great to me. It'll work like a charm this new law (if passed).
And why does the MPAA sound like a police orginization to me?
From their website:
To battle the problem, in 2000, the MPA launched over 60,000 investigations into suspected pirate activities, and more than 18,000 raids against pirate operations in coordination with local authorities around the world.
The MPAA/MPA directs its worldwide anti-piracy activities from headquarters in Encino, California. Regional offices are also located in Brussels (Europe, Middle and Africa), Mexico (Latin America) Canada and Hong Kong (Asia/Pacific).
Uhmm... that scares me
Casual Games/Downloads
I sent off this Letter to the Editor to newspapers in Coble's 6th District in North Carolina (Greensboro, High Point, Burlington, Asheboro, Lexington) this morning, before the bill was officially introduced. Hopefully it'll get published in at least one of the papers:
######
To The Editor,
For years, Congress and law enforcement has been telling us about the dangers posed by computer hackers. They have warned computer users about how you should be on guard for the damage that hackers can do to your computer systems.
However, Rep. Howard Coble is preparing to submit a bill in Congress that would grant almost complete immunity to large music and movie companies to hack into your computers, if they have the suspicion that you might be sharing copyrighted files. No proof or involvement by law enforcement will be needed. And what's more, if they damage your computers in this vigilante action, you'll need to prove real damages of over $250 and get the permission of the US Attorney General to file suit against them.
What Rep. Coble is saying is that computer hacking is bad, unless you're a rich corporation with lots of money to provide in campaign donations. The hypocracy of such a bill is stunning. The voters of Congressional District 6 need to decide whether Rep. Coble is looking out for their interests, or Big Hollywood's.
The logic of the MPAA is succinctly summarized in the caption to their copyright information page: "Copyright: The Engine of America's Economic Growth." That sort of logic is difficult to battle - it was used to justify slavery, among other things, and is successfully used to justify continued environmental degradation. "What's good for GM is what's good for America" has underlied a lot of policy in the past century - it's why we bail-out financial institutions and airlines, why white collar criminals who have reduced thousands of people to poverty still get smaller sentences - if any - than people who shoplift a bicycle or sell a few joints.
May I suggest that while we are discussing this abomination of a bill here on slashdot we also take the time to open our word processors and write letters to our representatives?
Remember that technically they are supposed to represent US, not the person/corporation with the biggest checkbook.
It may also do well to write your senators -- A similar bill will likely start up there eventualy, or if this mess passes the house it will wind up in the senate eventually.
Find your Representative and your Senators and make your opinion known.
(BTW - remember that paper letters are far more difficult to ignore than outraged emails. Especially en masse.)
/~mikeg
Before you can be punished for a crime, isn't due process required? And even if you are found to be committing a crime, since when were victims allowed to decide and administer punishment? This is seriously messed up stuff going on here, for this sort of thing even to be suggested by one of our representatives -- let alone if it actually passes!
It doesn't have one yet, but the text of the bill as introduced, is posted (in pdf format) on Declan McCullagh's site.
Lets just say that I have T-1 line to the Internet and Verio is providing that line. When a DOS attack is launched it could potentialy flood every router between my box and the intiator of the attack.
Okay by law they were given the right to DOS me but not the ISP which can still file criminal charges. So, it sound like they are still shit out of luck unless the law gives them a "get out of jail free card" for all acts commited during the execution of a plan to attack the offender. Wow, now if that were the case it would open up a huge new can of worms.
"Help me Obi-/.-Kenobi,your my only hope!" -$
Assume that the MPAA and RIAA will be able to block packets from any P2P network that they identify as containing their works. I'm not sure how they'll do it, but it probably involves paying off the backbone owners and/or ISPs.
It seems to me that the obvious counter-measure is to use encryption and "trusted peer" techniques to preclude their ability to join the P2P network and/or identify who is trading what.
Folks, it is clear to me that the legislative process is so corrupted by the Copyright special interests that the laws that it produces are not legitimate representations of the will of the people.
I believe that the only moral response in such a case is to violate those laws. Screw the MPAA. Screw the RIAA. Screw Congress. It is time for freedom loving people to declare openly that they will not recognize copyrights held by the MPAA and RIAA.
Here's your chance to legally hack Microsoft and see if they're using your GPLed code.
Here's what I want to see happen:
Maybe the state's highest function is to grind out insoluble problems. (Zelazny, Hall of Mirrors)
It is time for everyone to start faxing their Congressmen.
Here is the simul email/fax I sent today:
Dear Representative Combest,
Recently, your colleague, Representative Howard Berman from California, introduced a bill that would allow copyright holders such as movie studios, publishers, or record labels to take 'technological measures' against computer networks they suspect of violating their copyrights.
These 'technological measures' are computer 'Denial of Service' or 'DOS' attacks, computer cracking, and other actions that are otherwise considered computer crimes. Right now, if an individual did the same thing that these content industries are asking to do via Berman's bill, he would be investigated by the FBI and put in prison for harming a computer network or a computer. These 'technological measures' are no different. Besides harming an individual's computer, who may or may not be guilty of copyright violation, they also harm Internet Service Providers, Universities, or any other business that is connected to the Internet. The bandwidth lost to 'Denial of Service'-type attacks doesn't affect just people the content industry suspects being guilty of copyright infringement, but everyone connected to the Internet by reducing the amount of bandwidth available for legitimate data.
Worse, if these industries are allowed to start perpetrating these kind of attacks on individuals or companies, it will become impossible for computer administrators, police forces, or federal investigators to differentiate illegal attacks from sanctioned attacks. Computer 'hacking' and cracking will rise in frequency and volume simply because malicious criminals will be able to take advantage of the 'noise' generated by legal attacks.
There is no difference between malicious computer attacks and the 'technological measures' proposed by Representative Berman. I urge you to oppose his bill in the strongest possible terms.
The next Slashdot story will be ready soon, but subscribers can beat the rush and slashdot the links early!
...what they're about to unleash.
Even if this laughable bill doesn't become law, the very fact that the MPAA and RIAA are pushing for it is probably going to land the IP address ranges of both companies in an awful lot of locally-maintained E-mail and web proxy blacklists, just on principal alone.
As for their tactics; Any SysAdmin worth their salt can easily detect, isolate, and block a DoS attack at the router level. Such an attack has little effect if the attacking system gets no response whatsoever from the target IP.
In any case, that's really beside the point. The way I see it, this kind of crap has the potential to release a widespread public-relations and consumer backlash that the industry as a whole may never recover from.
Bruce Lane, KC7GR,
Blue Feather Technologies
George Bush and Oil Industry CEOs - 'Can we have immunity from laws protecting the environment and virgin wilderness in order to increase our profits and control of the energy industry by drilling in Alaskan wilderness and completely ignoring global warming and any other environmental concerns that are too expensive for us to worry about?' - Pending.
IIRC - the Arctic National Wildlife Preserve has nothing at all to do with global warming. Whether they drill there or not doesn't make one bit of difference in the overall global warming picture. All drilling up there is going to do is kill a bunch of endangered (or soon to be endangered) species, which are pretty crucial to the ecosphere up there, which is already on the verge of collapse due to effects of global warming which has already happened. So basically, it doesn't really matter whether they drill up there anyway. Those animals are already living on borrowed time. Pity.
These are my friends, See how they glisten. See this one shine, how he smiles in the light.
Talking about "getting them back" is pointless.
They will probably direct their DoS attacks against the internals of the P2P protocols, rather than the users machines. They will use disposable (and anonymous) nodes to do so--they may be unscrupulous, but they are not stupid.
Nonetheless, the proposed law is extremely prone to being abused.
What we need to do is start designing the next generation P2P systems that will be immune to things like legitimate-looking users posting bogus files, etc.
----------------
Here's what I can think of on the spot
1) Community-based systems (akin to slashdot) where some nodes have more "credibility" points.
Node "karma" would be based on
-Total Kbytes streamed out
-Moderation by other "trusted" nodes
The community aspect must not get in the way of reaching a "critical mass" of users, without which any P2P system is bound to fall.
2) Ability to randomly sample small segments of files on remote nodes in order to determine whether they are legit. This would stop them from uploading complete garbage, or legitimate-looking beginnings followed by garbage.
3) Distributed method of establishing trust. This is the tricky part. We could use public-key crypto in some fashion. Perhaps nodeID blacklists or whitelists could be distributed among the users, or uploaded to FreeNet. Before downloading a song from an unknown node, my machine would query 10-20 random nodes for blacklist info. This would make it a lot more difficult to set up random nodes hosting garbage.
5) Other heuristics to determine the trustworthiness of nodes and/or files.
7) Doing all of the above in a relatively speedy (i.e., not impractically slow such as gnuTella) and relatively anonymous/pseudonymous way.
-----------
Please reply (i.e., follow-up to the post) with any further ideas. Perhaps we can seed the minds of the developers who'll be coding the next generation of P2P software. Are there any ideas we can glean from eBay's trust management system?
That they work for US.
WE pay their salaries, WE pay their employees, WE pay their artists when WE buy their products.
If they get us sufficiently mad, WE will not spend our hard-earned money on their products any more and THEY will feel it.
It's about time to organize a month-long media boycott. Show the "big boys" exactly how much power we have over "their business". Pick a nice date like January, 2003, and just swear off ANY CD/Movie Ticket/DVD purchases for a month.
Easy to do - if you wanna watch a movie or listen to some music, just borrow it from a friend, but don't spend a RETAIL DIME purchasing anything.
"Nothing strengthens authority so much as silence." - Charles de Gaulle