RIAA Plans Cyberwar Effort

Richie Z writes "This article at the New York Times talks about new anti-piracy efforts from the music industry, some of questionable legality. One idea simply redirects users to a website with legal downloads. But two other programs freeze the user's system or delete music files determined to be illegal. Another proposed idea is basically a DoS attack against downloaders. I guess the RIAA believes the law only applies to their enemies." They had a solution to illegality planned.

but

[The+Clockwork+Troll]

I thought Christina Aguilera's latest offering was the first volley in the RIAA cyberwar.

Virus Scanners

[yeoua]

So will virus scanners detect these or will they be paid off as well?

If not... there really isn't much use in them if they can be paid off to not detect such things (so the gov can do the same and bill gates can do the same etc...).

What's good for the goose...

[OrbNobz]

I hope they don't mind a few counterattacks!
Opening up this type of warfare could get nasty.
I will relish the challenge.

- OrbNobz
I swear! It's like they're waging a anti-piracy jihad!

Cry havoc! And let slip the dogs of war...

[Neologic]

Hmmm, the RIAA up against real hackers... Personally, I think this war will be much more entertaining than the Iraq war. I think we should encourage the RIAA to do this, it just might be the I-beam to break the back of public opinion.

two wrongs do not equal a right

[thadeusPawlickiROX]

Now, I understand the stance that the music industry wants to "frustrate pirates" and get them to stop downloading music. But are they serious with some of these methods? Some of them are blatently illegal:

A more malicious program, dubbed "freeze," locks up a computer system for a certain duration -- minutes or possibly even hours -- risking the loss of data that was unsaved if the computer is restarted. It also displays a warning about downloading pirated music. Another program under development, called "silence," scans a computer's hard drive for pirated music files and attempts to delete them. One of the executives briefed on the silence program said that it did not work properly and was being reworked because it was deleting legitimate music files, too.

So now they are above the law, and can cause a computer to become unstable and crash? Or they can scan your hard drive and delete files at will. I mean, there is a problem with their "silence" program in which it deletes legit music. What's to say it doesn't have the power to delete _any_ files it wants? So now the music industry can have free reign to scan hard drives and delete file they find inappropriate? With that idea in mind, would I be allowed to hack a computer and scan the hard drives, deleting any files I don't like? I think not.

But it's all in the name of stopping pirates, right? It's scary to see such tactics even being considered, and the thoughts of these being used is even worse. Just more steps for Big Brother to have full control. Give them the right to tamper with hard drives, it'll keep snowballing from there...

Re:two wrongs do not equal a right

[MikeFM]

I have my doubts that they could even get these attacks to work on my computer. 1.) It's Linux, 2.) I'm paranoid about my security, and 3.) I'm a programmer and will just write a detection script to locate and remove these trojans. If I can defend against this bullshit than I'm sure other geeks will do the same. All the RIAA seems to be doing is creating a market for secure P2P software and quite possibly giving Linux a good chance for a killer app.

Now the DoS attack might be effective but that game goes both ways. If they start attacking individuals how long will it be until P2P clients come with the ability to detect DoS's and trigger the whole P2P network to do a DDos on the source of those attacks? They'd be hard pressed to handle such a DDoS with legal threats if they did it first and I can just imagine the negative public relations off an Internet war that'd no doubt disrupt large portions of the Net at once.

Why don't these morons figure out that the only way to beat P2P is to offer cheaper cd prices and affordable (non DRM) downloads of songs themselves. Legal or technical attacks aren't going to be very functional and have dangerous tailspins off their customer base.

DDoS attacks

[evil+byte]

DALnet is dead, DDoS attacks, and supposedly no one knows who was doing it, strange coincidence that the RIAA is "planning" anti-priracy acts. It isn't to much of a leap to say that they are already doing them.

Bit torrent is gaining popularity and is difficult to directly attack, but relies on various websites to distribute .torrent files for the program to work, so what happens? These web-sites are attacked.

The "war" has already begun...

Just wondering...

[NetDanzr]

Whenever I buy a new CD, I immediatelly rip all its songs into mp3 files, so that I can mix them into the music I listen to on a constant loop. By ow, I have over 5GB of such mp3 files. If the RIAA really releases that "silencer" how will it determine whether my files are legal or not?

Re:questionable?

[GimmeFuel]

Illegal for us, the peons? Yes.

Illegal for them, the multibillion dollar international corporation? No.

See the "They had a solution to illegality planned." link. The courts already look the other way for them all the time. This bill was just them deciding "We can spend $X bribing a bunch of judges, or we can invest in the long-term solution of spending $Y to get a law that makes it legal for us to do all this."

Music CD with EULAs

[mattso]

It's not uncommon these days for music CD's to have extra PC content. Installers, screensavers, etc. Usually it's just a few music videos, but I've bought CD's that actually had full installers with EULAs. I think it wouldn't be unexpected if they were to add text to the EULA that they can scan for copies of MP3's and delete them/report them/etc, then install the necessary "virus" software to do it. Or at least these "outside tech" companies would like us to believe that, since let's face it there aren't many legal resources they can do softwarewise. So they need to hype these "illegal" things to stay in business

I think turning off autorunning on CD's should be considered necessary for basic system security. It would be too easy for a music CD to run a fast installer and bang you have a anti-pirate virus installed. Even if they don't "delete files", they could (if you didn't have an outbound firewall) scan for music and send lists to the RIAA. Report on installed P2P software. Send any and all usage logs from that software, etc.

Sure they will hold off till they can get laws on their side, but right now I'm not sure congress really is looking after consumers all that much. This "right to hack" nonsense has come up too many times recently.

Re:RIAA

They will REALLY be in for shit if they try this. It won't just be home users who get hit -- corporate machines and networks will too.

Even in the best case for the RIAA, imagine somone in my firm is downloading mp3s at work. The RIAA robot sends them something that damages their machine, causing loss of productivity, loss of valuable business data, and consumption of IT resources. Unless the RIAA wins some additinal legal immunity, their damage of my corporate property will not be legal and OmniMegaCorp will have the incentive and resources to create major legal trouble if it happens very often.

Now imagine that the employee wasn't actually downloading copyrighted music and gets hit by mistake for whatever reason.

Or, that the RIAA hack attack takes down an important corporate server.

Or, that the RIAAs DoS attack does stop my employee's downloading, but also my whole firm's net connection -- say I'm a brokerage that gets cut off from the market for hours. I do some IT work for Wall St. firms, and I can only imagine the reaction if I had to explain that our day's trades got screwed up because of an RIAA attack, even if some receptionist was guilty of downloading the latest Madonna song. The partners would be quite happy to join the inevitable class action lawsuit the next day.

I can't imagine they'll get immunity from damages even when their attack is an outright error -- and mistakes WILL happen, whether in targeting the wrong people or causing more damage than intended.

I'm sure it'll make corporate america tighten up their "no downloading" policies, but when it comes to actually causing damage to business operations, firms will view it is just another hack/virus attack -- except this time coming from someone with a well known mailing address for the subponeas and criminal complaints.

RIAA...... bring it on

[ThresholdRPG]

I seriously hope the RIAA does try to go the cyberwar route.

They will get absolutely and utterly bent over and destroyed if they open that Pandora's Box.

Please RIAA... I am begging you... Start a "cyberwar."

When lawyers run a company

[Strudelkugel]

The RIAA never ceases to amaze with their stupid antics. Within a couple of days of the successful iTunes deployment, they leak this bit of lunacy. I can not think of another industry doing so much to alienate its customers, all the more amazing given that a CD is a totally discretionary purchase. How long before they cross the line and get hit with a general boycott?

The idea of launching destructive software is really mind-boggling. IANAL, but it sure seems to me that they could get hit with some massive liability lawsuits if one their destroy bots is a bit more successful than intended. Gotta admit though, it would be sweet irony to see these idiots sued out of existence.

What about Sony? While the record division is trying to impede piracy, the hardware people are abetting it by producing CD-R drives, among other things. What happens if a legit use of a Sony hardware product is impacted by a Sony Music destroy bot?

Maybe something else is going on. Perhaps the real panic in the industry is caused by the notion that a smart artist could put their files on p2p to get exposure w/o signing a record deal. If technology can improve the bargaining position of the artist before signing a deal (of their choice), the extreme reactions of the industry are a bit more understandable. NOT agreeable, however, and as stupid as one can imagine, but understandable if one takes the perspective of those who have been feeding at the music cartel trough for so long.

Dang, I was looking forward to getting an iTunes account, but now I'm conflicted. I'd like to support Apple and the artists, but I hate the idea of any money going to the RIAA overlords who should have been supporting iTunes-like products a long time ago. The pirate networks aren't really free, they just take a lot less time than going to CD store, have better selection in many cases, and allow one to sample. A good pay service with reliable connections, selection and organization, let alone the absence of all the spyware would be much preferable to the "freeware." That's why I think there is something else on the RIAA's mind - Not loss of the customer, but rather loss of the artist...

Fun with ping!

[grishnav]

Windows: Go to start->run If on Windows 9x, type "command" If on Win2k/XP, type "cmd" Enter command: ping -t -w 0 -l 20000 riaa.org Linux: Get root console, ping -fs 20000 riaa.org

Re:questionable?

[Exatron]

Tehcnically, billions aren't lost in illegal downloads- the potential for billions is. There is no guarantee that a person who downloaded song X would have purchased it if it weren't available for download.

Backwards Priorities

[cbbyers]

Large technology companies say they can't do anything about spam, yet the RIAA thinks they can stop music sharing. If only everyone were this ambitious.

If we could somehow convince the RIAA that spam promotes mp3 sharing, we'd be set.

Re:Not so

[ComputerSlicer23]

Not precisely. The economic value of the song is diminished. That is what was taken away. Even if you wouldn't have purchased it, the economic value is diminised, precisely because a copy was made. So supply is increased, holding demand constant, drops the value. Simple economics. Your simple illegal copy diminishing their value, makes you liable for a lawsuite. Simple legal analysis. Now if your are a clever person, you'll respond that CD's are price fixed. Which is probably true. As a consumer do you know how to make the price move? Stop buying music. That doesnt' involve becoming a copyright infringer to get a copy anyways.

The reason this hasn't been a problem in the past, was that being a copyright infringer wasn't free. Now it is. Doing it to scale, and not getting caught was difficult. The internet and technological advancements have made that possible, and why it's a problem now.

You might not have bought the song either way, but your getting the enjoyment of said song. That has some value to you. If it didn't, you wouldn't have downloaded the song. Or at the very least you wouldn't have put it up on display for others to download. So clearly the song has value to the people whom are putting it up for download, and it has value to some of the people downloading it.

Those songs aren't naturally occuring objects. They don't just grow on trees.

Do you understand the Lockean princepals that are the rational and foundation of our current system of gov't? Know why people can claim they own land? Go read John Locke's "Second Treaties on Government". Very good book, you'll learn a lot about ethics and princepals in it. A lot about the justification for gov't, ownership, and property rights.

They can claim ownership by working the land, and improving it. You can claim ownership because you've put forth the effort to change and create the land from it's natural state. That's how one claims ownership of such things. I think that the individual artist, and the corporations behind them have put in the work to create the objects, and thus have a moral right to their ownership of the music.

Personally, I think that P2P networks should be left alone. They are fine constructions that have legitimate purposes. I think that if the RIAA is going to go after individuals who are copyright infringers, that's great. I think the people they went after recently who created search methods is wrong. I think those people should have been left alone. I think the RIAA should just crucify several copyright infringers in court, and keep doing it, until people realize the risks. It should continue doing so, one after another. It's illegal, it's copyright infringement, it's against the law. That's all there is to it.

Copyright is a *WONDERFUL* thing. It's what makes the GPL tick. It's what makes being a writer, and a programmer a viable proposition. It's what makes so very many occupations work.

Copyright intentionally makes scarcity of non-scarce objects, for the specific purpose of creating economic value. Did you catch that? It was an intentional construction, put forth by the founding fathers, who clearly thought about the matter at length. I think fair use is a good thing. I think making backup copies is a good thing. I think copyright is a good thing (not as currently implemented in the US or internationally by the Berne Convention).

Now, I think that copyright is a screwed up deal. I think they are entirely too long, and that they are fundamentally broken in that respect. However, you should respect copyrights. If you don't, there are innumerable things you enjoy which will disappear, precisely because they are what creates the economic incentive to create. That's why the founding fathers created copyright.

If you've got a problem with the Music business, stop consuming their product, support a different product. The music business doesn't have a right to a business model, so they can't just randomly sue people

Use the law, Luke

[alexo]

1. Set up a honeypot.
2. Make sure the content looks "illegal" but, in fact, is not
(i.e., MP3 files named for popular songs but containing only commentary on them).
3. Get hit.
4. Sue for damages.
5. Profit!

OK, joking aside, in most countries, even accessing a computer without authorization is illegal.

The Canadian criminal code forbids it (look here for a longer version).
TITLE 18, PART I, CHAPTER 47, Sec. 1030 of the US code also looks applicable (but IANAL so if somebody who IAL reads this, please comment).

So, with the law on your side, you can also sue them in a small claims court. That way, they cannot use their financial advantage to subvert justice.

anyone home?

[Tom]

Please turn on your brains. The RIAA is not stupid. Quite to the contrary, they have a bunch of very smart people.
The game isn't cyberwarfare. The game is psychological warfare. Most of /. may call them crazy over such ideas, but somewhere out there a 12 year old has been scared away from copying music (legal or illegal, doesn't matter, neither for the boy nor for the RIAA).
A few homes further down the street, a mother is frightened, and tells her son to remove that gnutella program again, and never use that again or he'll be grounded.

You don't have to actually write or use these programs. Making enough people believe that you do has almost the same effect, with none of the legal dangers or possible repercussions.

Wake up, people. These guys have been at the game for a while longer than any of us have. They aren't playing our game, they're playing their own game. They're not writing code, they're writing press releases, strategy papers, and while they're at it, the next copyright laws.

Re:questionable?

[sjgman9]

Vigilante Justice will NOT be tolerated. They do not want the wrath of the Telecom industy and ISPs, who will gladly turn over reams of data detailing these illegal denial of service attacks.

They also do not want computer scientists angry at them. They have no right to go into my computer and erase MP3s of some CDs that I owned and ripped.

The RIAA does not have the power to do that. They are a trade organization, period. They are not judge, jury and executioner. They will be well advised not to start a war with us.

I have a better idea: The RIAA should ignore the fact that the internet exists. It will save them and us a lot of grief.