Slashdot Mirror
BSA Accuses OpenOffice Mirrors
sqrt529 writes "A German university was accused by the BSA of pirating MS Office, because they mirrored OpenOffice.org. The scripts from the BSA only check for "Office" in the filename and then automatically send out notices to the ftp admins. Did any of you get similar notices from the BSA?"
This is really funny actually. I'm going to start uploading mp3s named "office.mp3" to ftp sites now for fun.
Remember,democracy never lasts long.It soon wastes, exhausts and murders itself. John Adams (1814)
"I've got an idea! Let's write scripts that will automatically log in on FTP servers, waste bandwidth, cost people money, and also do a shitty job looking for pirated software!"
Yeah, that's really bright. If I were operating any servers that had been raped by the BSA's scripts like this, I'd be extremely pissed off. They should realize that bandwidth isn't exactly free, especially not in countries != US.
The Boy Scouts of America should stick to tying knots and keep their jamboreeing noses out of I.T.!
And imagine what the BSA would have loved to do to these servers if they were allowed to hack the offending boxes.
FTP is a file-sharing protocol, isn't it?
Doing the Right Thing should not be preempted by making a buck.
I know that some search sites "spider" ftp sites, but couldn't ftp site owners change the license agreements for their sites to disallow the spidering of their site for the explicit purpose of trying to find specific files. In this way the search spiders can still work, but a spider "looking" for anything specifically would not be allowed? I don't know if this type of thing is common in other contexts that may negatively be impacted by such a change though?
A German university was accused by the BSA of pirating MS Office, because they mirrored OpenOffice.org. The scripts from the BSA only check for "Office" in the filename and then automatically send out notices to the ftp admins.
Dadgumit, the Boy Scouts of America have gone too far this time! Back in my day, we helped little old ladies across the street... Now they're policing for pirated software? Sheesh...
In walking, just walk. In sitting, just sit. Above all, don't wobble.
-- Yun-Men
From the letter:
BSA represents that the information in this notification is accurate and states, under penalty of perjury, that it is authorized to act in this matter on behalf of the copyright owners listed above.
So the BSA has perjured itself; now what is the penalty?
Filename:
The above computer program(s) is/are being made available for copying, through downloading, at the above location without authorization from the copyright owner(s).
It seems almost astonishing that even the BSA can be as utterly incompetent as this (does BSA stand for Bloody Stupid Alliance?). Unless you go for the conspiracy theory that they're deliberately hassling their clients rivals...
Quote: "As you know, illegal on-line activities can result in 50 million people on the Internet accessing and downloading a copyrighted product worldwide without authorization - a highly damaging activity for the copyright holder."
Well I suppose 50 million people downloading OpenOffice would damage Microsoft's Office sales :)
From the BSA letter in the article:
>> FTP Login Name: anonymous
>> FTP Login Password: guest@nowhere.com
Hmm. Using a spoofed (or at least, invalid) e-mail address?
As most FTP servers allow anonymous access if you "Please provide e-mail address as password", I'd call that gaining access under false pretences. Is the BSA representing those same companies that get so pissy when people (for privacy reasons) use spoofed details on web "please register" forms?
If they can do it, so can we. I won't feel so guilty - not that I did anyway - next time I install software and register it to "nobody@mindyourownbusiness.com"..
I think that the practice of letting computers/searches/scripts do all of the work without applying any human intelligence to the process has become more and more common. Yes, it's worse in my mind when the BSA does it because I'm biased against them in the first place, but to be fair it's spread to just about everybody in my recent experience. I just moved, and when my wife and I changed our driver's licenses over she got a semi-threatening letter because she didn't also change over her car registration (our only car is registered in my name for no reason I can think of). I recently had my account put on hold by PayPal and then restored, but in the interim I sent a question to their help staff regarding something else entirely. Someone (apparently a bot?) from PP replied to me and said, basically "we can't restore your account until you do X, Y , and Z. Please contact us if you have any further questions. Thank you!" I don't think it's a good thing that organizations have become this brain-dead, but the BSA certainly can't patent a method for making themselves look like idiots by letting a search tool plow blindly through a set of data for them. Plenty of prior art there...
"Linux doesn't exist. Everyone knows Linux is an unlicensed version of Unix"- Kieren O'Shaughnessy
If you check the BSA e-mail, they logged into the anonymous FTP resource with the address "guest@nowhere.com", which is obviously fake.
... they have lied when asked for their e-mail address!
In the UK this could be construed as attempting to access a system un-lawfully
It's clear the much feared BSA has made a mistake.
However, since their actions in the past have caused untold scrambling to find licenses on the part of many law-abiding but sloppy businesses, I think it is only fair that BSA likewise be caused to scramble. Because the BSA, likewise, has now been sloppy.
The university should have lawyer draft up some pompous letter indicating that
[I know, it will be only a paper tiger and never stand up. But I'm sure I'm not the only one that fantasizes about seeing the BSA have to eat their own dogfood for a change.]
"Provided by the management for your protection."
I don't know what's funnier... that they're claiming copyright infringement of OpenOffice, or that they thought Microsoft Office came as RPMs!!
This is the part I refer to:
-
What was located as infringing content:
Oh hell, I needed a laugh this morning...Filename: /mandrake_current/SRPMS/OpenOffice.org-1.0.1-9mdk. src.rpm /mandrake_current/i586/Mandrake/RPMS/OpenOffice.or g-libs-1.0.1-9mdk.i586.rpm
(199,643kb)
Filename:
(35,444kb)
The above computer program(s) is/are being made available for copying, through downloading, at the above location without authorization from the copyright owner(s).
"...America's great minds of today, teaching America's great minds of tomorrow. Poor bastards." -- A Beautiful Min
Just remember everyone, Unix-like operating systems (Free-BSD, Linux, GNU/Linux, HPUX, Solaris, etc.) have the capability to have "Empty" files. When you do an `ls`, they CAN show up as huge....
I think I'll go making a download page at my website with "Office.zip", "Word.zip", and "Outlook.zip", which all will appear to be 600 megs or larger.....
LongTail SSH Brute Force analysis tool is here!
.../mandrake_current/SRPMS/OpenOffice.org-1.0.1-9m dk.src.rpm
Hmmm, seem's as if their regexps need some fine-tuning...
-- There is no place like $HOME.
Micro$oft!
Been here long?
You think that I'm crazy, you should see this guy!
As it happens, I'm due to meet with the chairman of the BSA in the UK, a fortnight from now, to grill him about issues like this. What would you put to him, in that position?
Sue them for diffamation. In some moment they should learn that accussing someone for things nobody did have a cost (at least a generous salary for the one that had to check their affirmation, administrative costs, etc).
Terrorists don't have to send bombs around to spread terror and cause economic chaos... just mail in the name of BSA letters to all companies that inform that illegal software was detected in their systems and next week will go a team to check licenses, and billons of dollars will be lost.
In fact, I think BSA is fitting very well in the "terrorist" definition, could US army invade them to avoid further damage?
OpenOffice should sue for "unlauterer Wettbewerb". A competitor of theirs is using scare tactics to dissuade people from distributing OpenOffice. It's as if Burger King employees disguised as FDA inspectors raided a Mac Donald, showed phony badges, and told all customers standing in line that the hamburgers were infested with salmonella...
seriously. they sent you a legal notice that was false. they logged into your ftp server with false information.
if you sent the bsa a legal document that was false, could you get away with, "oops, sorry?"
US Citizen living abroad? Register to vote!
I note that the BSA email includes the details of how they accessed the "violating" software. This includes the anonymous ftp login using
login: anonymous
password: guest@nowhere.com
I doubt that the address guest@nowhere.com connects to the person that runs the script for the BSA. If servers had the policy requirement that all anonymous access required a valid email address as the anonymous login password the letter from the BSA would provide a valid point to charge the BSA with illegal access to a system.
Also if the BSA does not represent the copyright/left holders for OpenOffice then the BSA is open for a claim of false representation.
>> Based upon BSA's representation of the copyright owners in anti-piracy
>> matters, we have a good faith belief that none of the materials or
>> activities listed above have been authorized by the rightholders, their
>> agents, or the law. BSA represents that the information in this
>> notification is accurate and states, under penalty of perjury, that it is
>> authorized to act in this matter on behalf of the copyright owners listed
>> above.
not for defamation, for perjury:
:
from the mail
BSA represents that the information in this
notification is accurate and states, under penalty of perjury, that it is
authorized to act in this matter on behalf of the copyright owners listed
above.
they (BSA) obviously played it very softly(apologies and thanks), cause they feel a little weak on this one.
Not too much of a stretch. Microsoft has been a major contributor to the BSA since its inception. It harasses companies based on rumors of software non-compliance co-opting US Marshalls to act as a the gestapo. It is also growing power and influence worldwide.
Read this interview with Gates himself for more insight on Microsoft and the BSA.
To sum it all up, the BSA *is* Microsoft.
A net spider would appeal to me, but you can be damn sure i wouldn't be mailing out legal threats the moment the spider caught the word "office" in the filenames. Why wouldn't they just plop the server name and file name into a database where human eyes can check it out before mailing threats?
--- What
ftp> ls -la . ..
227 Entering Passive Mode (127,0,0,1,249,244)
150 Here comes the directory listing.
drwxr-xr-x 2 502 502 4096 Feb 28 15:40
drwxr-xr-x 12 502 502 4096 Feb 28 15:36
-rw-rw-r-- 1 502 502 0 Feb 28 15:37 BSA-are-morons.zip
-rw-rw-r-- 1 502 502 0 Feb 28 15:36 Microsoft.Office.XP-sucks.zip
-rw-rw-r-- 1 502 502 0 Feb 28 15:39 hazxxx0r
-rw-rw-r-- 1 502 502 0 Feb 28 15:39 illegal
-rw-rw-r-- 1 502 502 0 Feb 28 15:38 illegal.mp3
-rw-rw-r-- 1 502 502 0 Feb 28 15:39 microsoft.salty.bastard.zip
-rw-rw-r-- 1 502 502 0 Feb 28 15:37 microsoft.zip
-rw-rw-r-- 1 502 502 0 Feb 28 15:37 office.zip
-rw-rw-r-- 1 502 502 0 Feb 28 15:37 openoffice is better than microsoft word.zip
-rw-rw-r-- 1 502 502 0 Feb 28 15:38 touchisagreattool
-rw-rw-r-- 1 502 502 0 Feb 28 15:39 warezr0kr.rar
226 Directory send OK.
now i just sit back and wait for them to spider my ftp and send me a notice, then i can have the joy of telling them to piss off.
hopefully this will fuck them off a bit.
Yeah - but at least I'd have my software check some checksums on the allegedly pirated files - then have a human go check them out BEFORE mailing out threatening letters.
This sort of harassment needs to stop.
The problem is that it's cheaper to send out a threatening letter than to check carefully and THEN send letters only to true offenders. You just bet that 99% of recipients will stop doing whatever it is you suspect them of - which makes it a cost-effective way to work. The BSA doesn't have these people as customers - so what does it care if it pisses them off?
I suppose, what the world needs is a law to say that if you send someone a letter threatening legal action if they don't do something - then if they don't do it, you should be REQUIRED to take them to court - and to be liable for their costs, pain & suffering, mental anguish, etc, etc if they turn out to be innocent.
www.sjbaker.org
and put in the public/pirated/ms directory. Maybe the files can be filled with repeat copies of the US Constitution and the GPL. Add links from your website. Put out advertisements for it on Kazaa.
End of Line.
They couldn't have.
If memory serves me correctly, and it has been known to fail me at times, one of the requirements under the DMCA is that an expedited "takedown" notice has to be stipulated "under penalty of perjury" to be valid.
Arguably, this was to prevent people from making stuff up to get other people's sites taken down. Otherwise I could send a letter to your ISP claiming that your site infringed on a copyright that I or someone who employed me held. The ISP would immediately take your site offline, doesn't want to loose its "safe harbor" immunity. By the time you contested it, your site would have been off line for a day or longer. This way, if you do send out a "take down" notice that you haven't checked and made sure that it did indeed contain infringing materials, you could be punished.
I think that the BSA should be taken to court. If they can have a program automatically generate notices to hundreds or thousands of sites automatically, whether or not they are actually infringing, it makes a mockery of swearing to something under "penalty of perjury".
Scripts shouldn't be allowed to threaten legal action. The DMCA is bad enough as it is. If someone doesn't put a stop to this soon, a large swath of the net could be censored by bogus "take down" letters. Saying "Opps, so sorry 'bout that" when some one calls you on your lie isn't good enough. What about all of the other sites that may have or will get taken down because of things like this that weren't caught?
Just my $0.02 (Canadian, before taxes)
Subj: MIT's policies regarding copyrights
---------------
In recent weeks, many members of our Community have received a letter from BSA (Business Software Alliance; www.bsa.org) and/or heard BSA sponsored advertisements regarding software licensing compliance.
At this time, I write to remind people of the Institute's copyright policy (see: for a complete statement of the policy):
At this time, MIT is not aware that the BSA has been granted authority to enforce the copyrights of its members. If the BSA contacts you regarding an alleged infringement, MIT's standard practices should be followed. The BSA should be directed to Stop-it, the MIT unit with responsibility for following-up on copyright infringement complaints resulting from network-based activities. Stop-it is found at stopit@mit.edu or at .
Without specific written authority from a copyright holder or other valid legal authority, the BSA has no right to inspect MIT computers for illegal copies of software. MIT most likely will have licenses covering the software in question. Those licenses often spell out the audit rights of the vendor as well as the rights MIT has to make copies of the software. Anyone approached by the BSA with a complaint of software piracy should confirm the license status before proceeding further. In the event appropriate licensed use cannot be confirmed, James D Bruce, VP for Information Systems, should be contacted for appropriate follow-up with BSA representatives.
For further advice on matters concerning BSA inquiries or copyright infringement in general, please contact the Office of Intellectual Property Counsel at (XXX) YYY-YYYY, the Office for the VP for Information Systems at (YYY) XXX-XXXX or Stopit (stopit@mit.edu).
From the BSA apology: (italics and emphasis mine)
Apparently our system detects the OpenOffice files as MS Office programs and alarms me, which in turn sends the notices. I failed my part by not reassuring clearly enough which property was infringed and now that I am aware of that fact we will try and fix the search terms of our system and of course be more aware of the possible mistake.
Apparently, they automatically assume that some one/organization is a crook by the "which property was infringed" statement. No human oversite of the 'bot, no extensive verification routines, etc. and the result is frivolous threats and accusations. This isn't the first time I've heard of this happening. To me, this sounds like routinely making false accusations against innocent people and businesses.
IANAL, however let's see if I can layout objectional behavior and possibly illegal behavior:
Frivolous accusation of wrong doing without due diligence to verify allegations made by threat. This cost the University money because employees had to deal with a claim without merit. At least 2 employees, and a potentially expensive number of man-hours. No doubt, the person who received the threat sent it to their boss, who either sent it to their boss or the legal department. At least one meeting would have ensued as well as researching the claim that the University stated that they did to check that in fact they were not distributing MS Office. That could be several thousand Euros or even more that ten thousand Euros based on time involved where these people could have and would have been engaged in productive work.
Despite the point of entry being anonymous FTP, the BSA engaged in what might possibly be theft of service (by consuming a finite resource for other than the purpose the allowed reason of access that the University pays for). This may also prevent others from using the system legitimately because of the expense of the system.
Trespassing possibly. SPAM has been cited as trespassing due to the use of others assets for transmittal and storage. Perhaps this can be construed like this as well.If in fact accusations like these directed against the University of Muenster have been occuring for some time against others for doing similar things, than the apology (from the organization since I can't speak for the individual) most likely is not sincere and means that this behavior will in all likelihood continue, the the University and others. I believe we can be reasonably sure that the BSA has not ceased this behavior because of this incident.
I feel that this situation is akin to this scenario: I give or sell a dozen cookies to people or organizations in Boston. Then, I walk into every office in New York City and exclaim that because there is some food on a desk, food waste in the trash, etc., that they obviously stole my cookies because cookies are food. Cookies are the metphor for software and an unlocked door at an office is the metaphor for anonymous FTP.
What this shows is that the BSA is engaging in activities in multiple countries. Because their membership is dominated by the major software companies, and here they threatend the distribution of a competing, if free, product, perhaps this can be construed as collusion by the software giants and anticompetive behavior. Can someone cite other similar instances?
No, it's more like this:
After college you use a small inheritance to open up a wicker basket shop. What's wrong with that? Just because you're a man doesn't mean you can't sell wicker bastkets! It has NOTHING to do with your sexuality. Anyway, one day an odd man walks into your shop, picks up a basket, and starts screaming "You haff stolen mein design! Look at zis basket!"
Quickly you rush over to get him to stop screaming. He looks at you oddly for a second, then mutters "my mistake" and shoves the basket into your hands and stumbles out. As you start to put the basket back on the shelf, you notice a strange capsule on the bottom. "Odd." you think.
Since it's your lunch hour the next time the shop is empty you put up your closed sign and sit back in your office. Examining the small capsule you realize that you can open it. When you do so a small piece of translucent plastic pops out. "Wait a minute," you think, "that almost looks like microfilm..." This has turned into a strange day. You put the plastic back in the capsule and hide it in the office safe, behind the picture of dogs playing poker. All through the rest of the day you puzzle over the odd events. Finally, you close up shop and leave; since tomorrow is Saturday, you open up late. Maybe you can head over to your alma mater, the local community college where you studied Wicker Science and use one of their microfiche machines to see if that strange strip of plastic really is microfilm.
As you stop by your office early Saturday morning you sense something is wrong. Quickly entering your office you're horrified to find that the place is trashed; papers are strewn about, furniture has been moved, and figurines from your porcelain kitten collection have been thrown to the ground, and now lay in shards. Breathlessly you check your safe; apparently they didn't check the painting, and the capsule is still there. You feel a cold ball of fear settle in your stomach; what the hell is going on?
If you've read this far you'll find it's not really an analogy, but I wanted to write a little story featuring a wicker shop. Maybe next time a post on slashdot mentions a wicker basket shop I'll write part II of the story.
BSA did impersonate the owners of OpenOffice. And BSA likes to portray themselves as an organisation that has para-governmental rights (such as forcefully searching companies' premises).
2) They did not say that anything was wrong with the files, they only said that they owened them.
They said it was wrong to have the files on the ftp server...
3) You're a dufus.
Thanks. Same to you!
In California, it's probably extortion, too. "Extortion: To unlawfully obtain money, property, or any other thing of value, either tangible or intangible, through the use or threat of force, misuse of authority, threat of criminal prosecution, threat of destruction of reputation or social standing, or through other coercive means." That's a felony. Because there was an illegal predicate act, the "unlawfully" element of extortion is satisfied.
Some legal action is definitely indicated.
IANAL but (pay attention this is important!) ...
Even though the legal claim is bogus, it is important that everyone that receives such a notice replies within 10 days to (in pretty much these words) respectfully agree to withdraw offending files, provided that the BSA can prove that there is a legal reason for you to do so.
The alternatives:
* To ignore such a notice is a strike against you should you ever go to court against the BSA.
* To be disrespectful is also a strike against you should you ever go to court against the BSA.
* (Strangely,) To disagree is a strike against you should you ever go to court against the BSA.
* And finally, to admit any wrongdoing is a definite strike against you in court, and would give the BSA a good reason to bother you even more....
What was located as infringing content: /mandrake_current/SRPMS/OpenOffice.org-1.0.1-9mdk. src.rpm
(199,643kb)
Filename:
Filename: /mandrake_current/i586/Mandrake/RPMS/OpenOffice.or g-libs-1.0.1-9mdk.i586.rpm
(35,444kb)
Notice the line:
Filename: /mandrake_current/i586/Mandrake/RPMS/OpenOffice.or g-libs-1.0.1-9mdk.i586.rpm
(35,444kb)
The bolded text is what the script must have caught! how hilarious! it searches for *MS*OFFICE* LOL What a lame script! whoever wrote that script needs to be shot!
With your heart beating heavily, you grab the capsule and head off to the college.
;-)
:)
The library is busy, with both microfiche machines in use. You pace impatiently, waiting for one machine to become free. After the longest five minutes that you can remember, the student at the right hand machine gathers up his papers, pushes the chair back, stands up and leaves.
Quickly, you grab the chair and sit, tense with anticipation of what you might find. Opening the capsule hastily, the film flutters out onto the desk. Carefully, you place the film in the viewer.
Blurry lines come into view. A few seconds play with the controls and you start to see a photograph of a document. It looks like an internal memo for some organisation. At the top of the page, a small logo that look like an eye in an equilateral triangle stares blurrily at you from the screen. Underneath the logo, two succinct sentences explain:
"Le Méridien Heliopolis, Cairo. March 1st, 4pm Main Bar.
"1-555-648-9777"
Why would this need to be on microfiche? What was the eye in the triangle? Why was there a phone number?
You quickly copy the details and, pausing only to see if your activities have attracted attention (they haven't), you grab the film and head to a nearby phone booth. You stare at the phone for a long time before deciding to call the number. I mean, what harm could it do? A public phone. Whatever the number was, you could call it and hang up if things got weird.
You dial the number. Within one ring, a women answers, addresses you by name, and tells you that your flight will be leaving this evening and that it would be in your interest to be there on time. Oh, and your ticket, passport and expenses can be picked up from the AirEgypt check-in.
"But, hang..." - the phone is already dead. You redial. This time you get a line disconnected tone.
Your shop is trashed, you're no longer the Wicker Man(tm). Curiosity killed the cat but, after the day you've had, you decide you need to follow this through.
The pickup at the airport is smooth, the passport is a perfect fake. "Dr. Kim Brown, Phd". Apparently you are an Australian importer going to check out some sculptures for your company. Wicker to sculptures? You're sure you can make the transition easily enough.
The flight is long and uneventful. You sleep fitfully with omenous dreams. You awake as the screach of tyres on asphalt announces your arrival. You go straight to the hotel and unpack. Still an hour to go.
AT five minutes to four, you enter the bar and buy a large shot of Bourbon to steady your nerves. As you bring down your glass, you see a man sat opposite you smiling.
"Dr. Brown, welcome. Please come with me. I need your help to move some 'rocks'."
You follow the small stranger down several back alleys until the streets open up and you are in a field. With real rocks. Not rocks.
"Help me push this rock", your guide motions.
Both of you push the rock, but it is stuck solid.
"We need some more help. Go to the street and grab five or six people to give us a hand. Tell them I'll pay them 5 pounds each if they'll help."
Ten minutes later I return with six locals, happy to make some easy money. We all push together, but the stone is still solid. My guide thinks for a second.
"We need more help."
He asks each of the locals to run off and grab some others to help.
Suddenly, realisation dawns on you and you run, run for your life. What a fool you have been. You travel halfway around the world under mysterious circumstance, only to find out it's a damn Pyramid Scheme.
Better luck next time, eh?
cLive
ps - if you made it here, well done
-- Trinity in high heels carrying a whip: The donimatrix - there is no spoonerism