Slashdot Mirror
MPAA Requests Immunity to Commit Cyber-Crimes
The news has been buzzing around for the last couple of days that Representative Berman, whose palm has been crossed with silver by the entertainment industry, would introduce a bill permitting copyright holders to hack or DoS people allegedly distributing their works without permission. Well, the bill has been introduced - read it and weep. Although the bill wouldn't allow copyright owners to alter or delete files on your machine, they would be allowed to DoS you in essentially any other way. Let me restate that: the MPAA and RIAA are asking that they be allowed to perform what would otherwise be federal and state criminal acts and civil torts, and you will have essentially no remedy against them under any laws of the United States.
The Register is actually looking forward to this becoming law!
None are more hopelessly enslaved than those who falsely believe they are free. Johann Wolfgang von Goethe.
I wonder at what point the revolt will happen. Something tells me it will be when it's far too late, and anybody trying to be proactive about it will be called a terrorist or something.
When will the American people wake up? It's so blatantly obvious to the rest of the world that your corporations are out of control. When are you going to finally realize it's time to put a leash on them?
Yeah!
This article over at The Reg gives a satiric slant on that.
Go get yur black hats, podners!
MjM
XKCD:Xeric Knowledge Comically Dispen
The MPAA would hire a couple of "consulting" companies to carry out these acts.
These consulting firms would attack and disable some script kiddies computer who is serving MP3s.
So, what does the script kiddie do? He and his bunch of script kiddies go and shut down the offending consulting firms internet connection(s) with a DoS that's about 100 times more massive (because they can use everyone elses poorly protected servers to do it). And that's just if they pick on a teenager in the US.
Say they try and shut down some actual knowledgable hacker in, say, Russia. Wait a second... why are the bank account numbers, credit card numbers, home address and telephone for the head of the MPAA up on MPAA.com? Weird.
My question is, how does this web site even stay up?
I'm sure the script kiddies internet provider will just be pleased as punch that the MPAA just hacked one of it's customers and possibly used a DoS attack to do it (there by degrading the quality of service for all their clients)
Sounds great to me. It'll work like a charm this new law (if passed).
And why does the MPAA sound like a police orginization to me?
From their website:
To battle the problem, in 2000, the MPA launched over 60,000 investigations into suspected pirate activities, and more than 18,000 raids against pirate operations in coordination with local authorities around the world.
The MPAA/MPA directs its worldwide anti-piracy activities from headquarters in Encino, California. Regional offices are also located in Brussels (Europe, Middle and Africa), Mexico (Latin America) Canada and Hong Kong (Asia/Pacific).
Uhmm... that scares me
Casual Games/Downloads
I sent off this Letter to the Editor to newspapers in Coble's 6th District in North Carolina (Greensboro, High Point, Burlington, Asheboro, Lexington) this morning, before the bill was officially introduced. Hopefully it'll get published in at least one of the papers:
######
To The Editor,
For years, Congress and law enforcement has been telling us about the dangers posed by computer hackers. They have warned computer users about how you should be on guard for the damage that hackers can do to your computer systems.
However, Rep. Howard Coble is preparing to submit a bill in Congress that would grant almost complete immunity to large music and movie companies to hack into your computers, if they have the suspicion that you might be sharing copyrighted files. No proof or involvement by law enforcement will be needed. And what's more, if they damage your computers in this vigilante action, you'll need to prove real damages of over $250 and get the permission of the US Attorney General to file suit against them.
What Rep. Coble is saying is that computer hacking is bad, unless you're a rich corporation with lots of money to provide in campaign donations. The hypocracy of such a bill is stunning. The voters of Congressional District 6 need to decide whether Rep. Coble is looking out for their interests, or Big Hollywood's.
The logic of the MPAA is succinctly summarized in the caption to their copyright information page: "Copyright: The Engine of America's Economic Growth." That sort of logic is difficult to battle - it was used to justify slavery, among other things, and is successfully used to justify continued environmental degradation. "What's good for GM is what's good for America" has underlied a lot of policy in the past century - it's why we bail-out financial institutions and airlines, why white collar criminals who have reduced thousands of people to poverty still get smaller sentences - if any - than people who shoplift a bicycle or sell a few joints.
Sure there is. If it passes I'll be blacklisting every RIAA and MPAA netblock I can find. I'd also nominat the for an RBL listing due to the DoSing attempts from their netspace and their disregard for abuse@ mailings. They can't DoS my customers if they can't get past my border router. If they still flood me as a business, I'll sue for damages. :-)
Lets just say that I have T-1 line to the Internet and Verio is providing that line. When a DOS attack is launched it could potentialy flood every router between my box and the intiator of the attack.
Okay by law they were given the right to DOS me but not the ISP which can still file criminal charges. So, it sound like they are still shit out of luck unless the law gives them a "get out of jail free card" for all acts commited during the execution of a plan to attack the offender. Wow, now if that were the case it would open up a huge new can of worms.
"Help me Obi-/.-Kenobi,your my only hope!" -$
It is time for everyone to start faxing their Congressmen.
Here is the simul email/fax I sent today:
Dear Representative Combest,
Recently, your colleague, Representative Howard Berman from California, introduced a bill that would allow copyright holders such as movie studios, publishers, or record labels to take 'technological measures' against computer networks they suspect of violating their copyrights.
These 'technological measures' are computer 'Denial of Service' or 'DOS' attacks, computer cracking, and other actions that are otherwise considered computer crimes. Right now, if an individual did the same thing that these content industries are asking to do via Berman's bill, he would be investigated by the FBI and put in prison for harming a computer network or a computer. These 'technological measures' are no different. Besides harming an individual's computer, who may or may not be guilty of copyright violation, they also harm Internet Service Providers, Universities, or any other business that is connected to the Internet. The bandwidth lost to 'Denial of Service'-type attacks doesn't affect just people the content industry suspects being guilty of copyright infringement, but everyone connected to the Internet by reducing the amount of bandwidth available for legitimate data.
Worse, if these industries are allowed to start perpetrating these kind of attacks on individuals or companies, it will become impossible for computer administrators, police forces, or federal investigators to differentiate illegal attacks from sanctioned attacks. Computer 'hacking' and cracking will rise in frequency and volume simply because malicious criminals will be able to take advantage of the 'noise' generated by legal attacks.
There is no difference between malicious computer attacks and the 'technological measures' proposed by Representative Berman. I urge you to oppose his bill in the strongest possible terms.
The next Slashdot story will be ready soon, but subscribers can beat the rush and slashdot the links early!
You ever see the movie "Brazil?" Not the horrible horked version, but the director's cut (Terry Gilliam.) If not, you're really missing something great. Anyway, at the beginning of the film there's a short scene where a national government official is being interviewed on television and the subject is his government's war on terrorism. Here's the dialog from a draft script, the movie has very minor differences:
...? ... in a free society information is the name of the game. You can't win the game if you're a man short. ... ... ... and a very merry Christmas to you all.
INTERVIEWER: Deputy minister, what do you believe is behind this recent increase in terrorist bombings?
HELPMANN: Bad sportsmanship. A ruthless minority of people seems to have forgotten certain good old fashioned virtues. They just can't stand seeing the other fellow win. If these people would just play the game, instead of standing on the touch line heckling -
INTERVIEWER: In fact, killing people -
HELPMANN: - In fact, killing people - they'd get a lot more out of life.
INTERVIEWER: Mr. Helpmann, what would you say to those critics who maintain that the Ministry Of Information has become too large and unwieldy
HELPMANN: David
INTERVIEWER: And the cost of it all, Deputy Minister? Seven percent of the gross national product
HELPMANN: I understand this concern on behalf of the tax-payers. People want value for money and a cost-effective service.
INTERVIEWER: Do you think that the government is winning the battle against terrorists?
HELPMANN: Oh yes. Our morale is much higher than theirs, we're fielding all their strokes, running a lot of them out, and pretty consistently knocking them for six. I'd say they're nearly out of the game.
INTERVIEWER: But the bombing campaign is now in its thirteenth year
HELPMANN: Beginner's luck.
INTERVIEWER: Thank you very much, Deputy Minister.
HELPMANN: Thank you, David
Everything in the Universe sucks: It's the law!
Talking about "getting them back" is pointless.
They will probably direct their DoS attacks against the internals of the P2P protocols, rather than the users machines. They will use disposable (and anonymous) nodes to do so--they may be unscrupulous, but they are not stupid.
Nonetheless, the proposed law is extremely prone to being abused.
What we need to do is start designing the next generation P2P systems that will be immune to things like legitimate-looking users posting bogus files, etc.
----------------
Here's what I can think of on the spot
1) Community-based systems (akin to slashdot) where some nodes have more "credibility" points.
Node "karma" would be based on
-Total Kbytes streamed out
-Moderation by other "trusted" nodes
The community aspect must not get in the way of reaching a "critical mass" of users, without which any P2P system is bound to fall.
2) Ability to randomly sample small segments of files on remote nodes in order to determine whether they are legit. This would stop them from uploading complete garbage, or legitimate-looking beginnings followed by garbage.
3) Distributed method of establishing trust. This is the tricky part. We could use public-key crypto in some fashion. Perhaps nodeID blacklists or whitelists could be distributed among the users, or uploaded to FreeNet. Before downloading a song from an unknown node, my machine would query 10-20 random nodes for blacklist info. This would make it a lot more difficult to set up random nodes hosting garbage.
5) Other heuristics to determine the trustworthiness of nodes and/or files.
7) Doing all of the above in a relatively speedy (i.e., not impractically slow such as gnuTella) and relatively anonymous/pseudonymous way.
-----------
Please reply (i.e., follow-up to the post) with any further ideas. Perhaps we can seed the minds of the developers who'll be coding the next generation of P2P software. Are there any ideas we can glean from eBay's trust management system?