Slashdot Mirror
How The DMCA Is Enforced
Hank Scorpio writes "Bob Cringley's latest column talks about a company, BayTSP, that performs most of the enforcement of the DMCA on the Internet. This is the company that collects data about who is sharing music or movies online, and this is the company to go after when you get busted! They claim to "go to the same places any user could go, look at the same files anyone else could look at, and we only probe the ports on your computer that you have made public." Interesting."
So it's illegal to probe the HTTP port on computers in Maryland with robots because you didn't get permission from the guy who admins the web site?
Isn't a public port part and parcel with permission to access said port?
"Old man yells at systemd"
So let me get this straight.... a PRIVATE (non-govmt) company is basically doing the dirty work for the FBI and *AA's?
Shouldn't investigating and collecting evidence for criminal cases (which is what their doing, the DMCA is the law of the land whether we like it or not) be the responsibility of a government law enforcement agency?
Think For Yourself. Question Authority.
this means you can block 209.204.138.* and eliminate most probing from them
Um, no.
Their web site is hosted by sonic.net. Blocking that only means their web server can't probe your systems.
I'd bet they're using a variety of cable modems and DSL connections with dynamic IPs to do the probing.
> ...we only probe the ports on your computer that you have made public...
A number of people have pointed this out. However, if this was a valid legal/ethical statement, then that would be the perfect justification for any electronic crime. A hacker says, "I wasn't doing anything illegal! I was only probing the ports that they made public!"
I like the argument in a way. It says, "Hey, I didn't go beyond my authorization to do this. Their site already had the authorization wide open for me to do this!" On the other hand, it can be used to justify anything.
"Mark Ishikawa came to the data security business from the Dark Side"
Came from the Dark Side? Sold out to it more like
"So it is a precursor to this bad behavior"
So, by this logic, is owning a computer.
Thought we had a right to be considered innocent till proven guilty and a right to not be subjected to unreasonable search and seizures? Guess the DMCA somehow retracted important parts of the Constitution.
They read sites to check for possible coded messages. They scan computers for useful info and turn it over to corporations for suits and to law enforcement for arrest. Would have thought for sure to get those kinds of searches you'd need a warrant.
Oddly enough, on a related note, many of the tickets from the cameras at intersections have been thrown out because the systems were overseen/administered by private companies. Wouldn't this same tactic work against most legal actions based on info from BayTSP?
"Our algorithms are adaptive," claims Ishikawa. "You can cut a picture in half and we'll still find it, matching the cut-down version against a database of originals, effectively matching the electronic DNA of the target."
Shouldn't they be getting in trouble themselves for either 1, downloading kiddie pr0n, or 2, compairing the images to a database collection of kiddie pr0n the've collected over the years?
I know, they are doing it for the greater good and are not redistributing kiddie pr0n but it still sounds funny...
Ascalante: Your bride is over 3,000 years old.
Kull: She told me she was 19!
Surely, they're smart enough to do most of their searching from other IP addresses, right?
This may be their business address, but no self-respecting enforcement company is gonna do all their searching and spying from their business IP.
In fact, I'd wager you'd have better luck blocking *all* of AOL, Verizon -- and any other big ISP you can name.
I suspect they, too, tend to overthink their anonymous abilities and probably figure that they can blend in much easier if they get some big-name ISP account (maybe even off-shore) and hit you with what looks like just another script-kiddie attack from just-another big-name ISP IP block. They're probably right in doing it this way, but I bet they leave some pretty tell-tale signs that -- once folks figure it out -- will make them easier to block.
Of course, I might be wrong. Maybe the anonymity sniffers are really closer to 'anonymous' than the people who think they're surfing anonymously.
Maybe this outfit does indeed have some kickass, wicked spycraft that they're pulling.
Before anyone starts with the "but do you go around testing peoples' doorknobs?" drivel: Having a computer connected to the internet is not the same owning a house with a driveway into the street. Accessing a public-facing service on a machine is not the same as walking into someone's house just because the door was unlocked.
Running a server available to the public is more akin to hanging an "OPEN" sign above your front door and then wondering why people keep trying to come inside.
Logic error (as others have pointed out). Allow me to demonstrate:
Correlation is not causation.
However, that said I think people who ar turned on by kiddie porn have a problem, and people who DISTRIBUTE kiddie porn are criminals.
But let us not go down the slippery slope of incorrectly reasoning to justify our actions, 'mkay?
www.eFax.com are spammers
I think this comparison is poor. Not only is the door unlocked in this case, but sitting on the other side of the door is a functioning service that allows the public to view and download files. This is the equivalent of putting a sign in your front yard that says, 'Ruths Antiques' and a now open sign, and unlocking your door.
If you start providing a service to the public (paid or free), anyone may walk in, take a look around and even sample the free goods. (Unless you specifically ban them.)
This is exactly what they are doing... stepping into your front door to interact with your service to find out information about your activities. When there is a public access to your property, you can't turn around and claim privacy... you can, it just isn't going to work.
If they took the next step and took advantage of a flaw in your service to do damage to your computer or goods, this would be the equivalent of taking a baseball bat to a china shop, which is the wrong thing. If you crack in your store window or on your store shelves, you can't seriously claim your rights were violated when you get nailed.
This isn't the sig you are looking for... Carry on...
Hmmm, So we go after people for crimes they have yet to commit, is what he is arguing. Someone should make a movie about that
>Hmmm, So we go after people for crimes they have yet to commit
Collecting Kiddy Porn is illegal in most states though, so there's still a crime.
Can't somebody just embed a virus in an image that mails the personal info of these perverts to the FBI or something? - phorm
I think the bigger issue is that you are encouraging people to take naked sexual pictures of children who are not mentally capable of making rational decisions about such things. To support a child porn industry, you need to victimize children.
This isn't the sig you are looking for... Carry on...
There's already a hue and cry over the words, "we only probe the ports on your computer that you have made public". Note that he doesn't say how the ports are scanned. BayTSP could easily be using a windoze macro-bot to run, say WinMX, looking for all files containing the letter "a", then capturing the results. Repeat for other letters and digits. Then repeat for IRC clients, etc.
Nothing for 6-digit uids?
I can see at least one good thing coming of it. That would be the increased use of strong crypto. And it has the addedd advantage of pissing off guys like this. Since those of you who know what I'm talking about and agree with me already agree with me I'm not going to go on and on. For anyone who does not know what I'm talking about but hates the DMCA I'm simply going to post a few URLs and you can educate yourselves.
b erhose.org/o gle.com/search?hl=en&lr=&ie=UTF-8&oe =UTF-8&safe=off&q=crypto&btnG=Google+Searc h
http://freenet.sourceforge.net/
http://www.rub
http://www.gnupg.org/
http://www.go
Also research on the SSL enabled IM clients and servers out there could lead to SSL enabled P2P. Good stuff.
Cypherpunks: Civil Liberty Through Complex Mathematics. Those who live by the sword die by the arrow.
I see a lot of arguments on here about how he shouldn't be able to find out what stuff you're sharing by probing your ports.
This is so stupid.
You're illegally sharing files (I'm not here to debate whether it's right or wrong.. merely that it IS illegal), making them available to be downloaded by complete strangers anywhere in the world. And then you complain that it's possible for someone to find out that you're sharing them!? Get a grip people.. what did you expect was going to happen? Whining about "port probing"... what do you think the file sharing software does when it queries your computer? They probably just reverse engineered the query protocols.
There will be some high profile arrests, and it will probably cut down on some of the most flagrant sharers. People will still share files, and if the environment becomes more hostile to them, it will simply drive file sharing underground, to private FTP sites and the like, where it has always been, and always will be.
--
They said FUD was bad, so I started spreading DUF.
"Mind, as manifested by the capacity to make choices, is to some extent present in every electron." -Freeman Dyson
OK, here's another one. Nearly 100% of people who commit grand theft auto were at some point cited for speeding. Therefore, speeding is a precursor to more serious car-related crimes.
So, we have an entity who is trying to go after the offenders (and primarily just the big ones), and many people here are criticizing it as some kind of evil activity. This seems pretty hypocritical.
This guy is obviously not just in the business of going after people who illegally distribute music or movies. That has nothing to do with the DCMA, its a copyright crime, and if he can make a buck off of it, thats great.
The problem with this guy is that he is going after people like Dmitry Sklyarov and others who are breaking the DCMA, and by doing so he is contributing to the indocrination of that law, which is bad for all. Basically, he's back for more cash - taking advantage of an unjust law while it lasts.
As a result, the content providers' response has been to enact the DMCA, which has been bad all around because it attempts to eliminate fair use and petty violations but does little to stop big time piracy.
The DMCA is *not* about priacy. It is about breaking security. Napster and its friends are not about encryption or security, they are about copyrighted materials. Two very different things. Like I said, if this guy wants to go after copyright pirates, he can do it, with my blessing even. I'm pissed about him going after people that do nothing more than talk about security concepts for any number of reasons: academic knowlege, improvement of security, etc..
Everyone seems to forget that copyright piracy was on the books long ago. The DCMA is the new evil that threatens to put any one of us in jail for describing how to watch our own DVDs on our own laptops.
Do you have Linux and a DotPal? Click here now!
"There seems to be an increase in child abductions and murders in the U.S.," says Ishikawa, "and when the abductors are caught and you look on their home computers, you inevitably find kiddy porn. So it is a precursor to this bad behavior, and just as the Internet makes it easy to distribute child pornography, it effectively encourages these criminals. We are working to end that."
There has been no increase in child abductions or murders, it is just that a few cases have gotten a lot of publicity. There has also been no increase in child sex molestation, in fact it has gone down 30% in the last decade. As disgusting as child pornography is, there is no evidence it causes people to become sex offenders.
The logic is very strong.
You go on to, say, gnutella. By searching gnutella, your computer reveals to other computers that your computer has something speaking http running on port 80 that is likely sharing files.
They go and look at those files.
They have not 'hacked' into anything.
They go and search for files the same way every other file searcher does, though perhaps they use some custom software, and then they keep a record.
IT makes perfect sense.
The Slashdot community. Y'all some evil sonuvagun vigilantes.
There is nothing inherently safe about liberty. That's why so many people died protecting it.