Slashdot Mirror

← Back to Stories (view on slashdot.org)

MPAA Forced To Take Down University Toolkit

Posted by kdawson on from the sauce-for-the-goose dept.

bobbocanfly writes "Ubuntu developer Matthew Garrett has succeeded in getting the MPAA to remove their 'University Toolkit' after claims it violated the GNU GPL. After several unsuccessful attempts to contact the MPAA directly, Garrett eventually emailed the group's ISP and the violating software was taken down."

43 of 292 comments (clear)

  1. A new low has been acheived here on Slashdot... by garcia · · Score: 5, Funny

    Linking to a LiveJournal post that reads:

    MPAA don't fuck with my shit.

    (And yes, I did attempt to contact them by email and phone before resorting to the more obnoxious behaviour of contacting the ISP. No reply to my email, and the series of friendly receptionists I got bounced between had no idea who would be responsible but promised me someone would call back. No joy there, either.)

    Awesome.

    1. Re:A new low has been acheived here on Slashdot... by gringer · · Score: 4, Funny

      Or a new high...

      One might almost say that the summary of the article is more informative than the article itself.

      --
      Ask me about repetitive DNA
    2. Re:A new low has been acheived here on Slashdot... by _xeno_ · · Score: 5, Informative

      You missed the two screen shots. Essentially the post shows a "before and after" screenshot of the MPA University Toolkit page. The before picture contains a link that the after picture doesn't: "Click Here to Download The Beta Version of the Toolkit"

      There's also another link that links to a blog entry about the MPAA toolkit which, if you dive into the comments, explains the GPL violation. (Just search for GPL, it's easier than trying to find it.)

      So not entirely worthless, and therefore not a new low, just meeting the same low standards.

      --
      You are in a maze of twisty little relative jumps, all alike.
    3. Re:A new low has been acheived here on Slashdot... by enoz · · Score: 5, Funny

      1. send takedown notice to MPAA
      2. LiveJournal servers slashdotted to hell
      3. ???
      4. geekocalypse!

    4. Re:A new low has been acheived here on Slashdot... by commodoresloat · · Score: 4, Insightful

      One might almost say that the summary of the article is more informative than the article itself. Well, I wouldn't know, and you shouldn't either. We're not supposed to RTFA around here - turn in your slashdot ID at the door.
    5. Re:A new low has been acheived here on Slashdot... by Vthornheart · · Score: 3, Funny

      Can we play the Final Fantasy "fanfare" music?
      You got 20 gil.
      You found an MP3!

      --
      -Vendal Thornheart
    6. Re:A new low has been acheived here on Slashdot... by pfleming · · Score: 4, Insightful

      Aha, but this result is only possible because of copyright law. Thus, if one is celebrating this case, they are indirectly saying copyright is good. They are directly stating that the GPL enforcement is good. They are not saying that this software should be protected for 120 years (hell, a bug fix next week makes 120 years laughable).
      Copyright laws do need to be changed to take reality into account, but the issue here is that the software is being distributed in violation of the license. Copyright law is just the "enforcement stick" of this license.
  2. Duh by explosivejared · · Score: 5, Funny

    This is news?! What is up with that! Every body knows that the RIAA is a completely honest and upright organization. They practice what they preach. They obey everyone else's takedown notice, be it gpl or dmca, whatever, just like they expect you to obey their takedown notices. I can't wait to see the day that all these trolls on slashdot finally go the way of the dinosaur and the true intellectuals out there call the RIAA what it is! It is an honest, upright, artist first organization! IF YOU CAN'T HANDLE THAT GET OFF SLASHDOT!!

    ;)

    --
    I got a catholic block.
    1. Re:Duh by jamonterrell · · Score: 5, Funny

      Who said anything about the RIAA?

      --
      I can count to 1023 on my hands. Ask me about #132.
  3. Obvious retaliation by Oriumpor · · Score: 5, Funny

    Next they'll contract a russian ISP and put the torrent up on one of their trackers...

  4. Explanation. by Whiney+Mac+Fanboy · · Score: 5, Informative

    Explanation.

    As TFS & TFA have little info, here's some background:

    The MPA(A) released a Xubuntu derived livecd with a bunch of F/OSS tools to assist universities in monitoring their networks. *rolls*eyes*. More info about the software in this Washington Post article.

    Unfortuntately the CD as shipped contained no source & no written offer for the source, so was in violation of the GPL (and hence, the MPAA are in violation of various software author's copyright).

    After several attempts to reach contact the MPAA, the ubuntu developer sent a takedown notice to the hosting ISP.

    I hope he now presses for copyright violation - as he so elequoently says: MPAA don't fuck with my shit.

    --
    There are shills on slashdot. Apparently, I'm one of them.
    1. Re:Explanation. by zonky · · Score: 5, Interesting

      Should also be made clear that the tools only identified torrent users, and didn't make any attempt to distinguish between 'naughty' and legal torrents.

    2. Re:Explanation. by faedle · · Score: 4, Informative

      The MPAA was distributing "modified binaries" of GPLed software without distributing, or offering to distribute under the terms of the GPL, the modifications.

      Even if all you do is change a strcat(); line, you have to (at minimum) distribute that change's source.

    3. Re:Explanation. by faedle · · Score: 4, Informative

      Additionally, it is my understanding they actually made some changes to ntop, and did not provide any instructions on how to obtain the changes.

      So, it's not even a technical violation in the letter of the license, it's a legitimate violation of the spirit of the license. They are distributing a change to the code without source.

    4. Re:Explanation. by andy753421 · · Score: 4, Informative

      I would be really interested in seeing some data to back up this claim. When the toolkit was first released I downloaded a copy and checked the md5sums on both the ntop binaries and the snort binaries. Both corresponded to the binaries I downloaded form the Ubuntu server.

      There was also a page on the 'monitor' site that stated the software was released under the GPL, but I don't recall if it included a copy of the license itself. The MPAA code seemed to be kept separate and the license on that was unclear, however there were Java Server Pages distributed as binary only as well as some shell scripts and maybe some python (again, i don't remember).

      Does anyone know of a mirror of the original ISO? I would like to look at it further but I deleted the one I originally downloaded.

    5. Re:Explanation. by ravenlock · · Score: 3, Funny

      Two wrongs don't make a right, but three lefts do.

  5. Encouraging result by GroeFaZ · · Score: 5, Interesting

    but at the same time rather worrysome what a simple email to the ISP can do, even if it's for a good cause. Why not sue them and make things bullet-proof and at the same time strengthen the GPL in court, rather than sorting things out vigilantism-style? A pile of court-issued takedowns might be a more impressive repellant against future violations of the GPL (or any other such license) than a pile of social-engineering-issued takedowns. Don't associate "social engineering" with the negative connotation of spam/phising/etc. as I used it; instead, read it in its original meaning: someone requested a blocking of content from an ISP, essentially (TFA is void of details) only with convincing arguments but no hard proof that the GPL was indeed violated.

    --
    The grass is always greener on the other side of the light cone.
    1. Re:Encouraging result by ScrewMaster · · Score: 4, Insightful

      On the other hand, the MPAA should have had all it's ducks lined up in a row. They're big boys, they can afford to do things right. The fact that they didn't bother is another indication of their above-the-law attitude. They really just don't care. I'll bet they're caring now, and I'll bet there are some heads rolling in the legal department right now.

      The delicious irony here is that the MPAA drafted the DMCA and were primarily responsible for pushing it through Congress.

      --
      The higher the technology, the sharper that two-edged sword.
    2. Re:Encouraging result by Michael+Woodhams · · Score: 5, Informative

      No, the MPAA can't necessarily just reissue the toolkit with source code and suffer no further consequences.

      Once you violate the GPL, your right to distribute the licensed software is terminated. You can only start distributing it again if the copyright holder relicenses you to do so. In GPL violation disputes, the FSF have normally relicensed a distributer once they conform to the GPL's requirements - but this is not automatic, or written into the GPL.

      From GPL v2:

      "4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License."

      There is no clause about reinstating rights under the license.

      In other words - if any of the copyright holders in Xubuntu code insist, the MPAA can't ever distribute their software, even with source. IANAL, so I don't know if the courts would support this hard-line.

      --
      Quattuor res in hoc mundo sanctae sunt: libri, liberi, libertas et liberalitas.
    3. Re:Encouraging result by swillden · · Score: 5, Informative

      but at the same time rather worrysome what a simple email to the ISP can do, even if it's for a good cause... A pile of court-issued takedowns might be a more impressive repellant against future violations of the GPL (or any other such license) than a pile of social-engineering-issued takedowns.

      We're not talking about a "social-engineering" takedown, but about a takedown notice defined and authorized by federal law, and enforceable in any court in the land.

      IMO, the takedown notice defined in the Digital Millenium Copyright Act is one of the few good things in that law. It says that if someone is publishing your copyrighted materials on the Internet, all you have to do is send a notice to the ISP, stating that the material is yours. The ISP is then *required* to take it down, or else be considered guilty of infringement. On the other hand, if the ISP does take it down, they are granted a "Safe Harbor" status, meaning that they're absolutely free of any liability for the infringement.

      If something you've published on-line is taken down as a result of a DMCA takedown and it is not infringing, all you have to do is send the ISP a notice stating that the material is not infringing. The ISP can then put the material back on-line, without losing the "Safe Harbor" status. The system is set up so that the ISP doesn't end up trying to determine what is infringing and what is not.

      Both the DMCA takedown notice and the counter-notice are sworn affidavits, meaning that when the issue goes to court any untruths in the notices can be prosecuted as perjury. So there's a strong disincentive for someone to issue a DMCA takedown frivolously, as it will cost the publisher almost nothing to get the takedown reversed, and may land the issuer in hot water. Likewise, there's a strong disincentive for a publisher of infringing materials to issue a counter-notice.

      And, above all, the ISP who is caught in the middle is shielded from any potential liability, and doesn't have to make any attempt to adjudicate the ownership of the materials (which, obviously, no rational ISP would do anyway -- if in doubt they'd just take it down and leave it that way).

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
    4. Re:Encouraging result by dbIII · · Score: 5, Insightful

      They won't care. There's currently the idea that some people are above, below or completely outside the law. Since they were involved in drafting some copyright laws they are of the opinion that those laws are not for them and are only for the peasants.

    5. Re:Encouraging result by pjt48108 · · Score: 3, Insightful

      I believe the DMCA provides the legal framework for takedown requests.

      It probably stings terribly to be spanked with a paddle of your own design and construction.

      --
      Mmmmmm... Bold, yet refreshing!
  6. He should also sue... by gillbates · · Score: 4, Insightful

    for copyright infringement as well.

    Now that would be poetic justice.

    --
    The society for a thought-free internet welcomes you.
    1. Re:He should also sue... by sc0ob5 · · Score: 5, Funny

      Everyone that has GPL code in xubuntu and the tools that come on the CD should file copyright violation for $9250 per line of code shared.

  7. "Simple email" by ucblockhead · · Score: 4, Informative

    DMCA takedown notice is exactly the legal action you are supposed to take in these situations. It is not "social engineering". He has every legal right to do it.

    --
    The cake is a pie
  8. Actually by p3d0 · · Score: 4, Informative

    Even if you don't change a line of code, you still have to distribute (or offer to distribute) source if you're distributing the binaries.

    --
    Patrick Doyle
    I mod down every jackass who puts his moderation policy in his sig. Oh, wait a sec....
    1. Re:Actually by poopdeville · · Score: 5, Insightful

      I saw no indication that the MPAA was hosting their own apt repositories with source. If you mean that sources.list was pointing at Ubuntu's servers, that's not good enough. That's Ubuntu doing the distribution.

      --
      After all, I am strangely colored.
  9. Possible deterrent? by sessamoid · · Score: 5, Interesting
    IANAL, but why don't OSS developers offer a GPL-free version of their software for some really high price. That way, when big-media tries to steal (their words, not mine) their creative works, the developers can sue them for legitimate damages, citing a stratospheric market price per copy, then multiply the number of CDs they've distributed by their stratospheric market price to get damages from them?

    "The MPAA/RIAA has distributed 1500 copies of my work. I offer that software at $50,000 per copy. They owe me 75 million dollars in damages!"

    That's basically what they big media is trying to do to the consumers, isn't it?

    --
    "No, no, no. Don't tug on that. You never know what it might be attached to."
    1. Re:Possible deterrent? by forkazoo · · Score: 3, Informative

      You don't really need "actual damages" because you can go for statutory damages. If you can prove willfull infringement, you can get 150,000 per offense. If you skip proving willfullness, I think this is the section that applies:

      (1) Except as provided by clause (2) of this subsection, the copyright owner may elect, at any time before final judgment is rendered, to recover, instead of actual damages and profits, an award of statutory damages for all infringements involved in the action, with respect to any one work, for which any one infringer is liable individually, or for which any two or more infringers are liable jointly and severally, in a sum of not less than $750 or more than $30,000 as the court considers just. For the purposes of this subsection, all the parts of a compilation or derivative work constitute one work.

      $30,000 a pop ain't bad money if you can swing it. I'm not sure exactly what the result would be if you claimed "actual damages" on a zillion dollar price tag despite never having had an "actual sale." Judge might throw out the claim, I suppose. AFAICT, worst case would just be to get laughed at with the huge price tag and then just fall back to statutory damages instead.

  10. Re:aww... by budgenator · · Score: 3, Interesting

    they still distributed in violation of the license and therefor copyright law! You can't make stuff up this funny, the MPAA in violation of copyright, LOL. The FSF can still go after them if they want to.

    --
    Apocalypse Cancelled, Sorry, No Ticket Refunds
  11. Nomenclature, please by Trailer+Trash · · Score: 5, Insightful

    Instead of saying they "violated the GPL", let's keep this simple. They violated copyright law. By their own definition, they're "pirates". They stole. Etc.

    --
    Do you have ESP?
  12. Stop talking shit by Chuck+Chunder · · Score: 5, Informative

    You do not have to distribute "changes in the form of a diff", or "distribute your code changes" in particular.

    You must distribute (or offer to) the complete source code corresponding to the binaries you distribute. The whole purpose of the GPL is that someone getting a binary can get the full source for the binary.

    --
    Boffoonery - downloadable Comedy Benefit for Bletchley Park
  13. Don't think that's true. by Kadin2048 · · Score: 5, Insightful

    If you are, in fact, a lawyer, I'll happily defer, but in my layman's opinion I don't think that's the correct conclusion.

    If you violate one of the GPL terms, your license to use the software is terminated. Fine. However, as long as the software is still being offered to anyone under the GPL, you can just go, conform to every part of the GPL, and use it again. You can think of it as one license being terminated, but then going and getting a new one; the GPL is an "infinite stack" of licenses: all you need to do to get a new one is to play by the rules.

    There's nothing in the GPL that says 'if you violate this once, you're out for good,' although I'm not sure that would be an entirely terrible idea. But that license-termination clause doesn't necessarily imply that.

    --
    "Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
    1. Re:Don't think that's true. by Anonymous Coward · · Score: 4, Informative

      Um, no. The GPL isn't an infinite stack of licenses where you can just help yourself to a new one every time you want; in fact, it seems that you are confused as to what the term "license" really means here.

      It does not refer to the right to modify or distribute a piece of software, it refers to the developer's decision to grant you that right. It's not an automatic right in copyright law, so it needs to be granted; without a license (that is, the developer's granting of this right), you don't have it. So if the developer decides to not allow you to do this anymore, you can't do anything: you can't "take a new license", because the developer simply isn't granting you this right anymore.

      Now, of course, you might say that once you've been granted a right, the developer can't arbitrarily take it away again whenever it suits them. That's true. However, the restrictions to your granted right to distribute and modify is subject to are explicitely spelled out in the GPL, so you know about them right away; you know right away what you can't do and what will happen if you do it anyway.

      So, yes, the GPL *does* say "if you violate this once, you're out for good" - unless/until the developer decides to grant you these rights again after all, something that is neither automatic nor guaranteed (even though most developers - notably, the FSF - will probably do so if you start complying with the license and show an understanding of why this is important).

      Finally, allow me to say that you seem pretty confused about the GPL in general, anyway: you talk about a "license to use the software", yet no such thing exists. In fact, the GPL specifically does not apply to mere *use* of the software, and you do not have the accept it in order to do so. You don't even have to accept it to modify the software (at least in the GPLv2); you only have to accept it if you want to *distribute* the software, modified or unmodified.

  14. Re:Except in one scenario by dwater · · Score: 5, Insightful

    Well, it depends on what they changed. If they added code to phone home a lot with lots of personal information....that would be interesting from more than a purely academic point of view (IMO).

    --
    Max.
  15. Re:aww... by wish+bot · · Score: 4, Funny

    You wouldn't steal a purse! You wouldn't steal a car! GPL software distribution without following the license - IT'S STEALING!!!

    --
    lemonade was a popular drink and it still is
  16. Re:No GPL Violation by dido · · Score: 3, Interesting

    None of what this AC says is true. It doesn't matter if the MPAA never changed any code, the fact remains that they were distributing the code, changed or not. Now, if you want to distribute GPLed code, either you comply with the license and provide source code, or you find yourself just as guilty of copyright infringement as these people torrenting movies that they are so quick to prosecute. What happened was the latter. As for suing them for copyright violation, the fact that no one lost any money is also immaterial. There is such a thing as statutory damages, which would be at minimum US$750 for each copyrighted work thus violated, and could be as high as US$30,000. They would thus theoretically be on the hook for statutory damages for every GPLed package in the Xubuntu distribution, just like Ms. Jammie Thomas. There are hundreds of GPLed packages in Xubuntu... You do the math.

    --
    Qu'on me donne six lignes écrites de la main du plus honnête homme, j'y trouverai de quoi le faire pendre.
  17. i like the post article by Tsiangkun · · Score: 4, Insightful

    quote ">Seriously?
    No, this is all just a joke. Really.

    >I don't nor does the Slashdotters posting here except the rabid, fanatical F/OSS fanboys.
    How can you assert that? Did you do a survey?

    >This is not a victory.
    Then tell us what it is.

    >Silly kids, go trim your neck beards and worship Stallman some more.
    How do you know "kids" are responsible for this? What backs up your suggestion that if they are kids that they are silly? How old do you think Matthew Garrett is? Go google it.

    Maybe you should take a chill pill and leave this topic alone if you aren't interested in it. You are making baseless assertions just to try and stir shit.

    You come across as a dumb ass.

    1. Re:i like the post article by Adambomb · · Score: 3, Funny

      Careful, your chill pill will be countered by his get off my lawn. Maybe if you play a take it easy gramps, he wont have to bust out the cane shaking of ultimate exasperation.

      --
      Ice Cream has no bones.
  18. If I may be a geek... by VeryVito · · Score: 3, Funny

    I read this post and immediately pictured Ewoks dancing in the forest as the Death Star burned above them. Sure, you know it's not over, but what a nice blow against the Dark Side.

  19. Re:Uuuuubunnnntttuuuuuuuu Correction... by Technician · · Score: 3, Interesting

    Read the article.. it's XuuuuuBuuuuuTTTuuuuuuuuu !!

    "The University Toolkit is essentially an operating system (xubuntu) that you can boot up from a CD-ROM. The package bundles some powerful, open-source network monitoring tools, including "Snort," which captures detailed information about all traffic flowing across a network; as well as "ntop," a tool used to take data feeds from tools like Snort and display the data in more user-friendly graphics and charts. "
    http://blog.washingtonpost.com/securityfix/2007/11/mpaa_university_toolkit_opens_1.html

    --
    The truth shall set you free!
  20. Re:aww... by RobNich · · Score: 5, Funny

    You wouldn't steal a handbag!

    You wouldn't steal a car!

    You wouldn't steal a baby!

    You wouldn't shoot a policeman

    and then steal his helmet.

    You wouldn't go to the toilet in his helmet!

    And then send it to the policeman's grieving widow.

    And then steal it again!

    --
    Hello little man. I will destroy you!
  21. Re:aww... by l-ascorbic · · Score: 4, Informative

    [citation needed] http://www.youtube.com/watch?v=MTbX1aMajow