Slashdot Mirror
MediaDefender Explains Itself
I Don't Believe in Imaginary Property writes "Wired has an interview with MediaDefender in which they try to explain why they attacked Revision3, which uses BitTorrent to host its own content. Somehow it eluded MediaDefender that they had injected fake content into Revision3's tracker, so when Revision3 changed configuration to forbid this injection, MediaDefender's systems saw it as a pirate tracker with lots of illegal content (which MediaDefender had put there) and attacked. In other words, everything they did was intentional except for the choice of target. Given that they have 9 Gbps of bandwidth dedicated to denial-of-service attacks against torrent trackers, all anyone needs to do is to trick them into attacking a hospital or government facility. MediaDefender has never been very competent, after all."
They've bought senators, how can it be illegal when they've got paid for law makers fighting on their side(!)
todo - The developer's equivalent of confession: "Forgive me Father, for I have sinned..."
Both government facilities and hospitals both rely on BT for a number of things. The government's idea of a database file is many gigabytes in size. Moving those around is MUCH cheaper and easyer with BT. Hospitals that are affiliated with universities usually do some sort of medical research on-site and also send/receive data to the campus. BT is used a lot with sending around things like DNA maps and decoded genomes; that sort of thing.
BitTorrent is a legitimate method of distributing data, no matter what kind of data. It just happens to be a great way to send your entire mp3 collection to 12 friends in very little time and that's why people associate it with piracy and the like.
If you read the article, you'll see that the FBI is investigating. This generally has to be done before they get prosecuted, so they know what exactly to prosecute them for.
According to Wikipedia...
"In May 2008, MediaDefender was publicly accused of allegedly being the source of a distributed-denial- of-service attack on Revision3. Jim Louderback, Revision3 CEO charged that these attacks violated the Economic Espionage Act and the Computer Fraud and Abuse Act. The Federal Bureau of Investigations is currently investigating the incident."
Although that may have been written as of 5 minutes ago... plus the FBI isnt exactly notorious for accomplishing things in any sort of justified, or timely manour, and may very well side with MediaDefender.
I don't think you can use the unauthorized access if it was a public tracker, but i agree that i don't see how a DoS can be legal under ANY circumstance.
Take down letters, ISP turning your account off due to court order, sure.. But an intentional DoS? WTF?
Since when does 2 illegal acts cancel each other out ( not to mention no illegal act was being committed by Revision3 anyway )?
---- Booth was a patriot ----
"Denial of service attacks are illegal in the US under 12 different statutes, including the Economic Espionage Act and the Computer Fraud and Abuse Act. So is MD above the law?"
Nope.
And anyone who wants to look at the "howto" for this stuff, go HERE:
http://www.usdoj.gov/criminal/cybercrime/ccmanual/01ccma.html#F.
That's the applicable one.
Since Revision 3 is also in California, they have an open-and-shut case against Media Defender for civil damages.
Please note that vigilantism is _not_ something that justifies breaking US federal or state law. From the POV of Media Defender, the best they can get away with is pleading guilty to conspiracy, especially since they admitted in public that they're engaged in vigilante "net justice"
--
BMO - For Great Justice
Google and Yahoo have so much bandwidth and server distribution that an attempt at a DoS on them would be futile.
I don't know how media defender works, but it seems to me that if you could make [your target] "appear" to be a tracker, you could have media defender perform a DoS attack against whatever you want.
I work for a small ISP and DoS attacks really piss me off because they seem to have about as much accuracy as a shotgun. Depending on the attack, it can sometimes affect more than just then intended target. I'd really like to see media defender get raped for this, but I know how these thing usually seem to work..
While it was publicly accessible, I don't believe it was a public tracker, in that users other than Revision 3 staff should not have been able to upload new torrents to it; unless my understanding of the situation is completely off.
Don't just stand there, get that other dog!
From the Universal Declaration of Human Rights:
To increase speed, their tracker would track for any torrent id.
They wouldn't host arbitrary torrents, only track them.
They saw it was being used by other people so they disabled that.
You know the rest.
In a criminal case, the "victim" is not the individual, but rather society as a whole. The State brings the charges, because the state is the "victim." That's why the individual doesn't get to decide whether or not charges are filed, or have the final say in punishment. The individual victim's recourse is to file a civil suit.
Suse vivo vixi victum reduco is ea id creatura absit decessus a facultas Linux! Dev root, dev root!
It wasn't bush, it was his attorney general
The attack was launched with source addresses in AS 11393. Not that source addresses mean anything in a synflood. FiberConnexion is a suspected front for MD (and if they aren't they need to drop these shlubs realquicklike).
http://www.cidr-report.org/cgi-bin/as-report?as=AS11393
/. -- the Free Republic of technology.
Yeah, but that's the risk people knowingly take when they decide to infringe the **AA's copyrights. They had to consciously think "I know I can get a huge fine for this, but I'm going to do it anyway." Is it really too much to expect people to take responsibility for their actions?
Right now, the legal choices are:
There is no "Disregard the law and do whatever you want" option. If they're willfully breaking the law, it shouldn't be a very big surprise when they get punished for it. And right now the penalty for copyright infringement is a big fine.
Maybe not
Currently working for large governemt department. We are assessing bittorrent as a method of distributing large read only databases to multiple servers as a way to reduce load on individual servers and speed up average deployment times. Having said that, the likelyhood of MediaDefender seeing our tracker would be very low as this would be on an intranet with very low exposure to the rest of the net.
This does highlight one important point for us. How do we protect our trackers form hosting any old thing?
A sig is placed here
To display how futile
English Haiku is
guns, knives, or whatever you can get your hands on?
Yeah, but that's the risk people knowingly take when they decide to infringe the **AA's copyrights. They had to consciously think "I know I can get a huge fine for this, but I'm going to do it anyway." Is it really too much to expect people to take responsibility for their actions?
Except there have been cases where the person did not violate their copyrights. They don't prove someone did it before threatening or suing them, and those people who are innocent still have to fight to prove they're innocent. Then the RIAA holds up paying damages in court for years -- like the case where they tried to claim they shouldn't be liable for attorney's fees. I can't recall the specifics but they were found to be wrong and the defendant then sued them for costs and they called her claimed attorney's fees "outrageous" then refused to publish their own lawyer fees*. It was on Slashdot a few months ago.
* "Objection, your honor!"
"On what grounds?"
"...It's extremely damaging to my case!"
sales@mediadefender.com
info@mediadefender.com
jobs@mediadefender.com
president: try herrera@mediadefender.com, oh@mediadefender.com,
ceo: try randy@mediadefender.com (personal), saaf@mediadefender.com or rsaaf@mediadefender.com
controller: try: rr@mediadefender.com, rousselet@mediadefender.com
parent company: artistdirect (stock ticker: ARTD)
Investor relations: ir@artistdirect.com
Chairman: diamond@artistdirect.com
CEO: try villard@artistdirect.com, dv@artistdirect.com
Auditors: Gumbiner, Savett, Finkel, Fingleson & Rose, Inc
rgreene@gscpa.com (Ronald Greene) http://marketcenter.findlaw.com/scripts/display_profile.pl?id=173844
Have fun.
Implied Consent...
They charged someone with the power to act on their behalf (MediaDefender) who presumably had permission to upload these files to the the internet via Bittorrent. They *KNOW* how Bittorrent works and theres no way in hell they're gonna be able to claim ignorance on that after all the campaigning they've done to try to kill P2P ever since the Napster days.
By uploading it on bittorrent they knew that others would grab peices from others thus reducing the load on their servers (which is what Bittorrent distribution is all about!) so in other words, the downloaders who are also uploaders are reducing the strain on their servers and should charge them for using their machine as a server.
09F911029D74E35BD84156C5635688C0
+2 Troll is Slashdot's way of saying groupthink is confused
Please read the powerpoint presentation:
http://www.mediadefender.com/marketing/MP3_Music_Sponsorship_Presentation.ppt
You will note that these files are "sponsored". Media Defender gets a company to sponsor an MP3 then they put that MP3 on the popular file sharing networks. The MP3 album art is an advertisement for that sponsor instead of the actual art. The Kanye West song on here is sponsored by "Boost".
If you are downloading a Media Defender distributed and corporate-sponsored MP3, then is that corporation paying for my license through their advertising?
Well, we do have the informal notion of "pressing charges". Basically, in many cases the testimony of the victim is crucial to a prosecution winning the case. Hence if the victim refuses to testify, the case must be dropped, or the victim compelled to testify. Compelling a victim to testify is terrible form, so it is not uncommon for the case to be dropped, or formal charges never filed if the victim indicates that they are not willing to testify. Further, I am not certain, but there might be cases where victims rights would prevent the compelling of testimony.
However, there are Common Law countries, where private prosecution is possible. AIUI, generally, in those places any attorney that has been admitted to the bar of the court (i.e. is a barrister) can file criminal charges by following the exact same procedure the Prosecutor's Office follows. From that point forward, the case is treated no differently than any case brought by the Prosecutor's Office. The Office can terminate the prosecution or assign a new prosecutor (i.e. assume control of the case), just like with it's own cases.
Stylish sheet to fix many problems in Slashdot's D3: https://gist.github.com/801524
Actually, in this case, it sounds like the tracker in question was open, and so other people started using it to track infringing files without Revision3's knowledge or consent. MediaDefender notices this and adds fake content, as well as presumable connecting to non-fake content and requesting pieces to gather evidence against the uploaders.
Now when Revision3 made the change, MediaDefender thought that this tracker had become a private tracker (one of those password needed-trackers) when in fact it just stopped tracking files other than those Revision3 had intended it to track.
MediaDefender then begins DoSing the server, trying to take down this "private tracker". Even at this point MediaDefender was completely unaware that this was tracker intended for Legal content only, or that it was Revision3's tracker in particular. As far as MediaDefender knew, it was just another tracker that was tracking infringing content.
Stylish sheet to fix many problems in Slashdot's D3: https://gist.github.com/801524
Well, that's weird.
In my country (the Netherlands) you cannot sue someone over something that is a crime in itself.
Joe wants to kill John and hires Jack to do it. He pays Jack a million â. Then, Jack does not kill John. This is fraud (or something like that, breach of contract, you name it) and would be punishable if the main act were legal. Killing a person is not legal, thus, Joe does not have a case.
Obviously you never read much news about this, so stop making false statements about arrests you don't know anything about:
http://www.usdoj.gov/opa/pr/2006/February/06_crm_103.html
It even mentions the RIAA's help (probably through media defender lol).
I seem to recall another case as well about some fans of some artist group sharing some popular music before release (they claimed they didn't know it was wrong), but I can't find it with a quick search.
Also, copyright infringment is not always a civil matter.
This federal law I'm going to show you gives 3 years in jail for taking a snapshot of a movie with a cell phone camera.
"Family Entertainment and Copyright Act of 2005"
You probably haven't heard of this given your reply, and also likely don't know what that they put into it.
The actual text of the law shown here: http://www.publicknowledge.org/content/legislation/s167 says:
"(2) AUDIOVISUAL RECORDING DEVICE- The term `audiovisual recording device' means a digital or analog photographic or video camera..."
So digital cameras and cell phone cameras count because it says photographic OR video camera. Someone could be prosecuted under that law for an instant 3 year jail sentnance just for taking a digital snapshot of the film.
BTW, the law also permits and indemnifies theatre operators from any civil/criminal lawsuits and if they want to detain and interrogate you.
"(1) may detain, in a reasonable manner and for a reasonable time, any person suspected of a violation of this section with respect to that motion picture or audiovisual work for the purpose of questioning..."
"(2) shall not be held liable in any civil or criminal action arising out of a detention under paragraph (1)"
So not only can you be arrested for criminal charges and 3 years in jail, the theatre operaters can gestapo nazi interrogate you and are held harmless and blameless and unsueable/unchargable under this law.
BTW, here's another arrest for music sharing, this time a guy on campus:
http://www.mp3newswire.net/stories/2000/victim.html
Oh yeah and that family copyright act also is the one that allows arrests if you have a music file in your shared folder:
http://news.cnet.com/Bush-signs-law-targeting-P2P-pirates/2100-1028_3-5687495.html?tag=nefd.top
Oh and don't forget that young woman who was arrested for recording a 20 second clip of transformers to show her brother (yeah its not music, but it IS copyright infringment thats now criminal):
http://www.cinematical.com/2007/08/03/19-year-old-arrested-charged-for-recording-20-seconds-of-trans/
I believe you have a couple of facts wrong. First, the tracker was not "open" per-se. MediaDefender utilized an exploit, or hack as they are sometimes called to illegally access another system and illegally plant data. I don't know where you got the part about other people also illegally accessing Rev3's systems but perhaps I missed it. To my knowledge it was not MD noticing illegal torrents - it was MD noticing the perfectly legal torrents that Rev3 hosts themselves.
It doesn't fscking matter if it was or was not "another tracker that was tracking infringing content". It doesn't matter that MD was "completely unaware that this tracker was intended for Legal content only." It is criminally illegal in the US to 1) hack into other people's systems 2) DOS other people's systems - (and here's the point you seem to miss in your apologia) regardless of any criminal activity on those systems. Full stop.
There is no wiggle room for MD here especially since they have admitted to the crimes. The only thing that could save them is the corporate cash defense - "we have a lot of money, and corporations run by a higher law so we're obviously not guilty." Unfortunately, that one seems to work all too well today.
No, but it sure can add reason. Judges are human too (though sometimes it seems they aren't often enough and other times they are human too often), and if someone can give a good enough reason why they thought they needed to break the law, a judge could acquit them because of the reason.
Judges believe in the law. If something needed to be done then for safety (driving on the wrong side of the road to avoid a deer), then it may be excusable. But things which could be settled later with no change in the outcome (DoS of a site vs injunction), then they will generally look at that quite unfavorably. Also, automated systems designed for illegal actions (even if they hope those actions will be considered justified) shows a premeditation for committing illegal actions, so if any of their actions are shown to be non-justified, they should also be considered deliberate. You can't "accidentally" buy a 6 Gbps pipe labeled "dedicated illegal DoS pipe" and expect the judge to think you accidentally used it for a DoS with no knowledge it was capable of that.
Learn to love Alaska