Slashdot Mirror
MediaDefender Explains Itself
I Don't Believe in Imaginary Property writes "Wired has an interview with MediaDefender in which they try to explain why they attacked Revision3, which uses BitTorrent to host its own content. Somehow it eluded MediaDefender that they had injected fake content into Revision3's tracker, so when Revision3 changed configuration to forbid this injection, MediaDefender's systems saw it as a pirate tracker with lots of illegal content (which MediaDefender had put there) and attacked. In other words, everything they did was intentional except for the choice of target. Given that they have 9 Gbps of bandwidth dedicated to denial-of-service attacks against torrent trackers, all anyone needs to do is to trick them into attacking a hospital or government facility. MediaDefender has never been very competent, after all."
They've bought senators, how can it be illegal when they've got paid for law makers fighting on their side(!)
todo - The developer's equivalent of confession: "Forgive me Father, for I have sinned..."
Both government facilities and hospitals both rely on BT for a number of things. The government's idea of a database file is many gigabytes in size. Moving those around is MUCH cheaper and easyer with BT. Hospitals that are affiliated with universities usually do some sort of medical research on-site and also send/receive data to the campus. BT is used a lot with sending around things like DNA maps and decoded genomes; that sort of thing.
BitTorrent is a legitimate method of distributing data, no matter what kind of data. It just happens to be a great way to send your entire mp3 collection to 12 friends in very little time and that's why people associate it with piracy and the like.
According to Wikipedia...
"In May 2008, MediaDefender was publicly accused of allegedly being the source of a distributed-denial- of-service attack on Revision3. Jim Louderback, Revision3 CEO charged that these attacks violated the Economic Espionage Act and the Computer Fraud and Abuse Act. The Federal Bureau of Investigations is currently investigating the incident."
Although that may have been written as of 5 minutes ago... plus the FBI isnt exactly notorious for accomplishing things in any sort of justified, or timely manour, and may very well side with MediaDefender.
I don't think you can use the unauthorized access if it was a public tracker, but i agree that i don't see how a DoS can be legal under ANY circumstance.
Take down letters, ISP turning your account off due to court order, sure.. But an intentional DoS? WTF?
Since when does 2 illegal acts cancel each other out ( not to mention no illegal act was being committed by Revision3 anyway )?
---- Booth was a patriot ----
"Denial of service attacks are illegal in the US under 12 different statutes, including the Economic Espionage Act and the Computer Fraud and Abuse Act. So is MD above the law?"
Nope.
And anyone who wants to look at the "howto" for this stuff, go HERE:
http://www.usdoj.gov/criminal/cybercrime/ccmanual/01ccma.html#F.
That's the applicable one.
Since Revision 3 is also in California, they have an open-and-shut case against Media Defender for civil damages.
Please note that vigilantism is _not_ something that justifies breaking US federal or state law. From the POV of Media Defender, the best they can get away with is pleading guilty to conspiracy, especially since they admitted in public that they're engaged in vigilante "net justice"
--
BMO - For Great Justice
I don't know how media defender works, but it seems to me that if you could make [your target] "appear" to be a tracker, you could have media defender perform a DoS attack against whatever you want.
I work for a small ISP and DoS attacks really piss me off because they seem to have about as much accuracy as a shotgun. Depending on the attack, it can sometimes affect more than just then intended target. I'd really like to see media defender get raped for this, but I know how these thing usually seem to work..
While it was publicly accessible, I don't believe it was a public tracker, in that users other than Revision 3 staff should not have been able to upload new torrents to it; unless my understanding of the situation is completely off.
Don't just stand there, get that other dog!
From the Universal Declaration of Human Rights:
To increase speed, their tracker would track for any torrent id.
They wouldn't host arbitrary torrents, only track them.
They saw it was being used by other people so they disabled that.
You know the rest.
In a criminal case, the "victim" is not the individual, but rather society as a whole. The State brings the charges, because the state is the "victim." That's why the individual doesn't get to decide whether or not charges are filed, or have the final say in punishment. The individual victim's recourse is to file a civil suit.
Suse vivo vixi victum reduco is ea id creatura absit decessus a facultas Linux! Dev root, dev root!
Yeah, but that's the risk people knowingly take when they decide to infringe the **AA's copyrights. They had to consciously think "I know I can get a huge fine for this, but I'm going to do it anyway." Is it really too much to expect people to take responsibility for their actions?
Right now, the legal choices are:
There is no "Disregard the law and do whatever you want" option. If they're willfully breaking the law, it shouldn't be a very big surprise when they get punished for it. And right now the penalty for copyright infringement is a big fine.
Maybe not
Yeah, but that's the risk people knowingly take when they decide to infringe the **AA's copyrights. They had to consciously think "I know I can get a huge fine for this, but I'm going to do it anyway." Is it really too much to expect people to take responsibility for their actions?
Except there have been cases where the person did not violate their copyrights. They don't prove someone did it before threatening or suing them, and those people who are innocent still have to fight to prove they're innocent. Then the RIAA holds up paying damages in court for years -- like the case where they tried to claim they shouldn't be liable for attorney's fees. I can't recall the specifics but they were found to be wrong and the defendant then sued them for costs and they called her claimed attorney's fees "outrageous" then refused to publish their own lawyer fees*. It was on Slashdot a few months ago.
* "Objection, your honor!"
"On what grounds?"
"...It's extremely damaging to my case!"
sales@mediadefender.com
info@mediadefender.com
jobs@mediadefender.com
president: try herrera@mediadefender.com, oh@mediadefender.com,
ceo: try randy@mediadefender.com (personal), saaf@mediadefender.com or rsaaf@mediadefender.com
controller: try: rr@mediadefender.com, rousselet@mediadefender.com
parent company: artistdirect (stock ticker: ARTD)
Investor relations: ir@artistdirect.com
Chairman: diamond@artistdirect.com
CEO: try villard@artistdirect.com, dv@artistdirect.com
Auditors: Gumbiner, Savett, Finkel, Fingleson & Rose, Inc
rgreene@gscpa.com (Ronald Greene) http://marketcenter.findlaw.com/scripts/display_profile.pl?id=173844
Have fun.
Please read the powerpoint presentation:
http://www.mediadefender.com/marketing/MP3_Music_Sponsorship_Presentation.ppt
You will note that these files are "sponsored". Media Defender gets a company to sponsor an MP3 then they put that MP3 on the popular file sharing networks. The MP3 album art is an advertisement for that sponsor instead of the actual art. The Kanye West song on here is sponsored by "Boost".
If you are downloading a Media Defender distributed and corporate-sponsored MP3, then is that corporation paying for my license through their advertising?
Well, we do have the informal notion of "pressing charges". Basically, in many cases the testimony of the victim is crucial to a prosecution winning the case. Hence if the victim refuses to testify, the case must be dropped, or the victim compelled to testify. Compelling a victim to testify is terrible form, so it is not uncommon for the case to be dropped, or formal charges never filed if the victim indicates that they are not willing to testify. Further, I am not certain, but there might be cases where victims rights would prevent the compelling of testimony.
However, there are Common Law countries, where private prosecution is possible. AIUI, generally, in those places any attorney that has been admitted to the bar of the court (i.e. is a barrister) can file criminal charges by following the exact same procedure the Prosecutor's Office follows. From that point forward, the case is treated no differently than any case brought by the Prosecutor's Office. The Office can terminate the prosecution or assign a new prosecutor (i.e. assume control of the case), just like with it's own cases.
Stylish sheet to fix many problems in Slashdot's D3: https://gist.github.com/801524
Actually, in this case, it sounds like the tracker in question was open, and so other people started using it to track infringing files without Revision3's knowledge or consent. MediaDefender notices this and adds fake content, as well as presumable connecting to non-fake content and requesting pieces to gather evidence against the uploaders.
Now when Revision3 made the change, MediaDefender thought that this tracker had become a private tracker (one of those password needed-trackers) when in fact it just stopped tracking files other than those Revision3 had intended it to track.
MediaDefender then begins DoSing the server, trying to take down this "private tracker". Even at this point MediaDefender was completely unaware that this was tracker intended for Legal content only, or that it was Revision3's tracker in particular. As far as MediaDefender knew, it was just another tracker that was tracking infringing content.
Stylish sheet to fix many problems in Slashdot's D3: https://gist.github.com/801524
I believe you have a couple of facts wrong. First, the tracker was not "open" per-se. MediaDefender utilized an exploit, or hack as they are sometimes called to illegally access another system and illegally plant data. I don't know where you got the part about other people also illegally accessing Rev3's systems but perhaps I missed it. To my knowledge it was not MD noticing illegal torrents - it was MD noticing the perfectly legal torrents that Rev3 hosts themselves.
It doesn't fscking matter if it was or was not "another tracker that was tracking infringing content". It doesn't matter that MD was "completely unaware that this tracker was intended for Legal content only." It is criminally illegal in the US to 1) hack into other people's systems 2) DOS other people's systems - (and here's the point you seem to miss in your apologia) regardless of any criminal activity on those systems. Full stop.
There is no wiggle room for MD here especially since they have admitted to the crimes. The only thing that could save them is the corporate cash defense - "we have a lot of money, and corporations run by a higher law so we're obviously not guilty." Unfortunately, that one seems to work all too well today.