Slashdot Mirror
BSA Accuses OpenOffice Mirrors
sqrt529 writes "A German university was accused by the BSA of pirating MS Office, because they mirrored OpenOffice.org. The scripts from the BSA only check for "Office" in the filename and then automatically send out notices to the ftp admins. Did any of you get similar notices from the BSA?"
I know that some search sites "spider" ftp sites, but couldn't ftp site owners change the license agreements for their sites to disallow the spidering of their site for the explicit purpose of trying to find specific files. In this way the search spiders can still work, but a spider "looking" for anything specifically would not be allowed? I don't know if this type of thing is common in other contexts that may negatively be impacted by such a change though?
From the letter:
BSA represents that the information in this notification is accurate and states, under penalty of perjury, that it is authorized to act in this matter on behalf of the copyright owners listed above.
So the BSA has perjured itself; now what is the penalty?
BSA represents that the information in this notification is accurate and states, under penalty of perjury, that it is authorized to act in this matter on behalf of the copyright owners listed above.
And how is this different in truth from the common statement "You are receiving this message because you opted-in to our marketing list to receive special offers."
Filename:
The above computer program(s) is/are being made available for copying, through downloading, at the above location without authorization from the copyright owner(s).
It seems almost astonishing that even the BSA can be as utterly incompetent as this (does BSA stand for Bloody Stupid Alliance?). Unless you go for the conspiracy theory that they're deliberately hassling their clients rivals...
What is perhaps more disturbing is that the script logs into an anonymous FTP site using the password "guest@nowhere.com". The site allows anonymous access only if you provide YOUR EMAIL ADDRESS as the password. guest@nowhere.com is not the email address of anyone at the BSA. The BSA therefore ILLEGALLY ACCESSED that ftp site and should be taken to court for COMPUTER HACKING.
From the BSA letter in the article:
>> FTP Login Name: anonymous
>> FTP Login Password: guest@nowhere.com
Hmm. Using a spoofed (or at least, invalid) e-mail address?
As most FTP servers allow anonymous access if you "Please provide e-mail address as password", I'd call that gaining access under false pretences. Is the BSA representing those same companies that get so pissy when people (for privacy reasons) use spoofed details on web "please register" forms?
If they can do it, so can we. I won't feel so guilty - not that I did anyway - next time I install software and register it to "nobody@mindyourownbusiness.com"..
I think that the practice of letting computers/searches/scripts do all of the work without applying any human intelligence to the process has become more and more common. Yes, it's worse in my mind when the BSA does it because I'm biased against them in the first place, but to be fair it's spread to just about everybody in my recent experience. I just moved, and when my wife and I changed our driver's licenses over she got a semi-threatening letter because she didn't also change over her car registration (our only car is registered in my name for no reason I can think of). I recently had my account put on hold by PayPal and then restored, but in the interim I sent a question to their help staff regarding something else entirely. Someone (apparently a bot?) from PP replied to me and said, basically "we can't restore your account until you do X, Y , and Z. Please contact us if you have any further questions. Thank you!" I don't think it's a good thing that organizations have become this brain-dead, but the BSA certainly can't patent a method for making themselves look like idiots by letting a search tool plow blindly through a set of data for them. Plenty of prior art there...
"Linux doesn't exist. Everyone knows Linux is an unlicensed version of Unix"- Kieren O'Shaughnessy
If you check the BSA e-mail, they logged into the anonymous FTP resource with the address "guest@nowhere.com", which is obviously fake.
... they have lied when asked for their e-mail address!
In the UK this could be construed as attempting to access a system un-lawfully
It's clear the much feared BSA has made a mistake.
However, since their actions in the past have caused untold scrambling to find licenses on the part of many law-abiding but sloppy businesses, I think it is only fair that BSA likewise be caused to scramble. Because the BSA, likewise, has now been sloppy.
The university should have lawyer draft up some pompous letter indicating that
[I know, it will be only a paper tiger and never stand up. But I'm sure I'm not the only one that fantasizes about seeing the BSA have to eat their own dogfood for a change.]
"Provided by the management for your protection."
There should be some way of specifying that FTP are not allowed to be spidered. There is robots.txt on websites, a similar idea should exist for FTP's... Or, you could just find out the IP block(s) of the BSA scanners and disallow them from entering the FTP :)
The Boy Scouts of Ameria should sue the Business Software Alliance and force them to change their name, kind of like what the World Wildlife Federation(Foundation?) did to the World Wrestling Federation which is now WWE.
They might also be sued for for cyber squatting on BSA.org,com,net,etc...
Seriously, though - isn't this an "evil stupid BSA" topic? We'e had a dozen or so "evil stupid BSA" stories in the last few months - why not make an "evil stupid BSA" logo? Since "BSA" is also the initials of the Boy Scouts of America, why not make it like a three fingered salute with a big "NO!" slash through it?
Then again, after hundreds of stores on Google there's still not a Google Topic, so maybe you have to piss of Slashdot before you get your own topic. I'd say you have to advertise on Slashdot, but Google already does that (with those little, yellow, different server rack accessories).
Schnapple
Anyone have the IP ranges of the network the BSA scans from? I don't need my bandwidth wasted by these clowns.
"Powers. I have them."
- "IDSA has a good faith belief that
... [WoS] infringes the rights of one or more IDSA members."
- "[BSA has] a good faith belief that none of the materials or activities listed above have been authorized"
I'm sorry, but Ms. Beck's apology doesn't cut it. A web robot cannot assert a "good faith belief."Well, they made a mistake, fine, that's forgivable. The thing here is that the BSA's first email here stated:
"BSA represents that the information in this notification is accurate and states, under penalty of perjury, that it is authorized to act in this matter on behalf of the copyright owners listed above."
Note the second part, where they claim to be acting on behalf of the copyright holder, under penalty of perjury. It's a step that they apologized, at least, but by their own statement, are liable to a lawsuit for perjury here.
This has been a test. Had this been a real emergency, we would have fled in terror and you would not have been informed.
As it happens, I'm due to meet with the chairman of the BSA in the UK, a fortnight from now, to grill him about issues like this. What would you put to him, in that position?
Sue them for diffamation. In some moment they should learn that accussing someone for things nobody did have a cost (at least a generous salary for the one that had to check their affirmation, administrative costs, etc).
Terrorists don't have to send bombs around to spread terror and cause economic chaos... just mail in the name of BSA letters to all companies that inform that illegal software was detected in their systems and next week will go a team to check licenses, and billons of dollars will be lost.
In fact, I think BSA is fitting very well in the "terrorist" definition, could US army invade them to avoid further damage?
I note that the BSA email includes the details of how they accessed the "violating" software. This includes the anonymous ftp login using
login: anonymous
password: guest@nowhere.com
I doubt that the address guest@nowhere.com connects to the person that runs the script for the BSA. If servers had the policy requirement that all anonymous access required a valid email address as the anonymous login password the letter from the BSA would provide a valid point to charge the BSA with illegal access to a system.
Also if the BSA does not represent the copyright/left holders for OpenOffice then the BSA is open for a claim of false representation.
>> Based upon BSA's representation of the copyright owners in anti-piracy
>> matters, we have a good faith belief that none of the materials or
>> activities listed above have been authorized by the rightholders, their
>> agents, or the law. BSA represents that the information in this
>> notification is accurate and states, under penalty of perjury, that it is
>> authorized to act in this matter on behalf of the copyright owners listed
>> above.
I think this maybe proves a point about why it's a bad idea to use generic words as your product names (ahem... "word", "office", "windows", et cetera...)
(Spudley Strikes Again!)
not for defamation, for perjury:
:
from the mail
BSA represents that the information in this
notification is accurate and states, under penalty of perjury, that it is
authorized to act in this matter on behalf of the copyright owners listed
above.
they (BSA) obviously played it very softly(apologies and thanks), cause they feel a little weak on this one.
This is more like, you run a shop and sell wicker baskets you created, so your door is always open (anonymous FTP access in this case). Someone walks in, masquerading as someone else (guest@nobody.com for the password field). A day later, you get a letter saying you copied a design of theirs; you contest, they agree.
The thing of note here is the time that it took to respond to this letter, if nothing else, the BSA should at least be billed with that, nonwithstanding the original letter's claim that under penalty of perjury the BSA was acting on behalf of the copyright holder (which they were not).
This has been a test. Had this been a real emergency, we would have fled in terror and you would not have been informed.
The Racketeer Influenced and Corrupt Organizations (RICO) Act
The BSA is certainly morally corrupt but I must admit I don't understand what the parent poster was trying to say by suggesting they should fall under RICO.
-j
I don't see where anyone else has noticed this, but doesn't the BSA more or less falsely identify itself by using the e-mail address of guest@nowhere.com?
Infringement Details:
First Found: 24 Nov 2002 15:31:40 EST (GMT -500)
Last Found: 24 Feb 2003 01:19:59 EST (GMT -500)
IP Address: 128.176.191.21
IP Port: 21
Protocol: FTP
FTP Login Name: anonymous
FTP Login Password: guest@nowhere.com
I'm sure the owners of that domain would be happy to know about the false identification the BSA is using...
I have a friend who had a program called 'decss' which removed CSS tags from a webpage, hosted on a University computer. The MPAA emailed the University with a threat of legal action if the program wasn't removed. Really quite humorous.
The Anti-Blog
Public FTP servers usually have the restriction that the user enter a valid email address, which the BSA's spidering/searching software faked in order to gain access.
Hell, isn't that illegal under the DMCA? They're circumventing a protection measure to gain access to digitally protected work. Heh. That'd be awesome, if someone would sue the BSA for breaching the DMCA...
Also, here in the US, it's very common to be charged a flat fee for internet service, such that one would pay (say) $400 a month for a guaranteed pipeline of 3Mbits (numbers are made up, but you get the idea.) Whereas, in other parts of the world, billing is much more commonly based on the amount of data transferred. Which means that if I host a server here, I pay for the line to it - no matter if the machine is accessed once or two million times in a month, whereas in other countries (especially Europe, including Germany), the difference between once and two million accesses is quite large, and may result in higher bills due to more data transfer.
My point is that the BSA wasted bandwidth, needlessly scared a sysadmin at a German university, and may have even violated the DMCA in doing so. Again... Wow, that was stupid of them.
Many of the tactics that BSA employs would actually be illegal if the law was applied in an even-handed approach. BSA operates be threats and false premises. The problem is that they have the backing of our current admin (Clinton's admin was not much better). If they treaten you and you do not comply, they get a warrent and come back with Ashcroft's FBI, who then take ALL of your computers for the next year. I have been told by somebody that they can hold the equipment up to 5 years. We used to get upset when these kind of actions were done in Soviet Union, Nazi Germany, and a number of third world dictatoships. Now, it is all in the name of security.
I prefer the "u" in honour as it seems to be missing these days.
Hmm... when I log into the server it asks me for my complete email address:
User (128.176.191.21:(none)): ftp
331 Guest login ok, send your complete e-mail address as password.
Password:
Yet the BSA used
>> FTP Login Name: anonymous
>> FTP Login Password: guest@nowhere.com
But nowhere.com exists, and is someones homepage! Is it good that they
a) abuse someone elses domain by logging requests as being from someone else
b) don't comply with the very valid request to supply contact details for the person accessing the ftp server.
Grr!
After building up some more money, I've often considered doing the following (this applies to music but could easily apply to other mediums):
Putting up a server with tons and tons of mp3 files named after popular songs. Don't put up the real files however, just audio clips with a voice saying "this is not the file you are looking for" and enough silence or noise to make the filesize/length similar to an actual mp3 of the song.
Next, let several well-respected citizens, or perhaps those in law see that the site does not contain any real copyrighted music.
Wait for the cease and desist. Ignore or send a somewhat ambiguous reply stating something like "there's nothing to cease" but not mentioning the lack of actually pirated files
Wait for the court case...
Even with a crap lawyer, having some strong witnesses and playing 1-10 of the supposed pirated files to demonstrate that the *AA (or BSA) do not actually check file contents but simple use shitty filters and scare tactics should make the case an easy win - and leave the plaintiff with egg on their face.
*note: This works better since I'm in Canada. Loser pays the legal fees, and there's always the countersue, etc, as well as I believe measures for frivolous lawsuits.
Ok, I doubt anyone from them would dare to do it, but I'd love to see an official BSA representative to step up for a /. interview.
------------------
You may like my a cappella music
Subj: MIT's policies regarding copyrights
---------------
In recent weeks, many members of our Community have received a letter from BSA (Business Software Alliance; www.bsa.org) and/or heard BSA sponsored advertisements regarding software licensing compliance.
At this time, I write to remind people of the Institute's copyright policy (see: for a complete statement of the policy):
At this time, MIT is not aware that the BSA has been granted authority to enforce the copyrights of its members. If the BSA contacts you regarding an alleged infringement, MIT's standard practices should be followed. The BSA should be directed to Stop-it, the MIT unit with responsibility for following-up on copyright infringement complaints resulting from network-based activities. Stop-it is found at stopit@mit.edu or at .
Without specific written authority from a copyright holder or other valid legal authority, the BSA has no right to inspect MIT computers for illegal copies of software. MIT most likely will have licenses covering the software in question. Those licenses often spell out the audit rights of the vendor as well as the rights MIT has to make copies of the software. Anyone approached by the BSA with a complaint of software piracy should confirm the license status before proceeding further. In the event appropriate licensed use cannot be confirmed, James D Bruce, VP for Information Systems, should be contacted for appropriate follow-up with BSA representatives.
For further advice on matters concerning BSA inquiries or copyright infringement in general, please contact the Office of Intellectual Property Counsel at (XXX) YYY-YYYY, the Office for the VP for Information Systems at (YYY) XXX-XXXX or Stopit (stopit@mit.edu).
IANAL, but I'm evil and devious enough to be one.
"You're never ready, just less unprepared."
This just makes the BSA look extremely lazy... you'd think they'd at least have someone that verifies what when script finds before the emails are sent out.
"To confine our attention to terrestrial matters would be to limit the human spirit." -Stephen Hawking
This USA Today account of a small business owner that went through license flogging, a fine, then wiping clean and starting fresh with open source software.
"Provided by the management for your protection."
In California, it's probably extortion, too. "Extortion: To unlawfully obtain money, property, or any other thing of value, either tangible or intangible, through the use or threat of force, misuse of authority, threat of criminal prosecution, threat of destruction of reputation or social standing, or through other coercive means." That's a felony. Because there was an illegal predicate act, the "unlawfully" element of extortion is satisfied.
Some legal action is definitely indicated.
If they don't comply with the audit sue for the additional costs incurred to accused organization to protect itself from future false accusations (extra, unnecessary due-diligence required to deal with the BSA's reckless behavior).
Hopefully this can become a $1M mistake for the BSA which might begin to moderate their behavior.
To get raided by the FBI a warrent needed to be issued. For a warrent to be issued evidence needed to be presented. If the BSA fabricated evidence they're liable for all the damages caused by the raid + punative damages.
The BSA is effective because many companies are rather cavalier in terms of piracy to the point that executives have moved right into the criminal violations catagory. Faced with a choice between paying the BSA's fine and actually having a law enforcement agency invistigate they go for the fine. I've seen far more piracy in corporations than I have BSA abuse. Managers that would never think of allowing (or sometimes even ordering) employees to steal physical goods have no problems ordering them to do the same with electronic property.
And imagine what the BSA would have loved to do to these servers if they were allowed to hack the offending boxes.
FTP is a file-sharing protocol, isn't it?
You actually have a very interesting point. Lets look at file-sharing protocols and RPC-based protocols for generating and sharing files:
FTP
HTTP
SMTP
Jabber
Various proprietary IM systems
NFS
AFS
Etc.
If the BSA/RIAA/MPAA was allowed to do retaliatory attacks, it would be theoretically possible to attack any site at any time.
LedgerSMB: Open source Accounting/ERP
Note that they impersonated someone from "nowhere.com" when they signed in to the FTP server - that domain is owned by:
Tiller's Rule: Never use a word in written form that you've only heard and never read. You will end up looking foolish.
IANAL but according to the email these statements are being made under oath. Also according to the apology:
She purgered herself by when she declarce the info was correct without validating it.
If someone is passing you on the right, you are an asshole for driving in the wrong lane.
What was located as infringing content: /mandrake_current/SRPMS/OpenOffice.org-1.0.1-9mdk. src.rpm
(199,643kb)
Filename:
Filename: /mandrake_current/i586/Mandrake/RPMS/OpenOffice.or g-libs-1.0.1-9mdk.i586.rpm
(35,444kb)
Notice the line:
Filename: /mandrake_current/i586/Mandrake/RPMS/OpenOffice.or g-libs-1.0.1-9mdk.i586.rpm
(35,444kb)
The bolded text is what the script must have caught! how hilarious! it searches for *MS*OFFICE* LOL What a lame script! whoever wrote that script needs to be shot!
Many of the tactics that BSA employs would actually be illegal if the law was applied in an even-handed approach.
Name three, please.
Extortion, racketeering, and violation of due process.
Heh, heh; you're right; we've gotta stop those aging Boy Scouts before it's too late ...
n e.html
Since this was the second story today of copyright enforcers using file names as evidence of infringement, I've added these names to one of my web directories:
Barbarian.html
OpenOffice.html
SoldierOfFortu
This should get me some cease-and-desist letters. Can we get a list together of other file names that we should have that will attract their attention? I'll link to all of them. Everyone else should do the same. Maybe we can get this idiocy out into the open. Or even better, into a courtroom.
Those who do study history are doomed to stand helplessly by while everyone else repeats it.
Alright, so now that all of Satan's children who are trading the Evil Microsoft Office know that someone is out to get them, I bet they will rename their MS office files to OpenOffice version 2000/XP/whatever. Be careful, next time you download your favourite GPL'd Office suite, it may be the real deal.
"600 MB" which takes just a couple of KB on your HD.