Slashdot Mirror
How To Frame a Printer For Copyright Infringement
An anonymous reader writes "Have you ever wondered what it takes to get 'caught' for copyright infringement on the Internet? Surprisingly, actual infringement is not required. The New York Times reports that researchers from the computer science department at the University of Washington have just released a study that examines how enforcement agencies monitor P2P networks and what it takes to receive a complaint today. Without downloading or sharing a single file, their study attracted more than 400 copyright infringement complaints. Even more disturbing is their discovery that illegal P2P participation can be easily spoofed; the researchers managed to frame innocent desktop machines and even several university printers, all of which received bogus complaints."
While entirely laughable, I'm glad this story is in the New York Times. Getting the Spanish Inquisition-esque ways of the these enforcement agencies out into the media is going to be one of the few ways to make it stop. Hopefully people (meaning the general public, and not just us here on /.) will soon realize just how ludicrous these methods are.
Maybe now my employer will have to take down that LaserJet IIIp and upgrade to a newer model.
PC LOAD LETTER
If you can read this, I forgot to post anonymously.
So, will we have a variant on the Chewbacca defense?
... if the toner cartridge won't fit, you must acquit."
:-P
"Why would a printer, an inanimate object with no reproductive organs, be downloading pornography? It doesn't fit
Seriously though, it's good to see some credible research demonstrating that the methods that are used to identify file-sharers are completely arbitrary and can't be demonstrated to be valid.
It would be nice to finally have enough evidence that Judges could basically say "Well, this methodology has been dis-credited, you need actual evidence."
Now, if you excuse me, I'm going to try to devise a way to make it look like our printer has been downloading Will Farrel movies and films with Natalie Portman.
Cheers
Lost at C:>. Found at C.
Time to exact my revenge on that stupid Lexmark E240 of the 5th floor.
Power corrupts. Absolute power...is even more fun.
Oh shut the fuck up Anonymous Coward.
Were the printers imprisoned?
Deleted
Yay.
....it might change things. Legislators in the US and EU, for example.
Clippy: Looks like you're making a letter. Would you like help?
Clippy: Looks like your letter is finished. Would you like me to print it?
Clippy: Looks like you're infringing on a copyright. Would you like me to call you a lawyer?
* Throws computer out window *
I appreciate them giving me a tracker and url for iron man. Haven't seen it yet.
(just kidding, I'll wait for it to be released on dvd first)
The truth about Led Zep should never be told on
This is completely ridiculous and I'm sure any judge would see a printer downloading copyrighted songs as completely silly.
So, anyone wanna help me get NetBSD on my Epson?
While I'm all for anything and everything that helps bring down the MAFIAA, sadly the case in this article is very weak. It only points out two things, both of which are already commonly known by almost everyone in IT.
1. IP addresses can be spoofed.
2. IP addresses assigned by DHCP will not always be assigned to the same MAC address.
Then there's a lot of hand-waving and implications that there's also all kind of other likely flaws in the methods used to find out who's participating in file-sharing.
The worst part of it though is how they throw in the whole thing of "we weren't actually downloading or sharing anything". No, they were just connecting to the tracker. And of course, everyone knows "pirates" commonly connect to torrent trackers to do nothing.
This bothers because if anyone were to point out how weak this case is in main-stream media, it could end up doing more harm than good.
We need some heavy ammo to shut them down, and I'm afraid this is not it.
There is no -1 Disagree mod. Slashdot.org/faq defines mod options. USE IT.
How many printers does it take to pretend to download a file?
..., "just looking"?
or...
How many peers on an "infringing" torrent might actually be,
Won't these (scientists) fall under a reasonable false-positives margin, considering it's not in a peer's nature to sit back and enjoy the smell of fresh pulp?
So they're trying to make it look like they are committing copyright infringement and they are investigated. Is this a surprise?
If I go outside every night wearing overalls covered in blood stains, dig holes in my front yard, and bury body sized bundles wrapped in garbage bags every night for a couple of weeks, I'll probably be investigated for murder. If I build a large enclosure in my backyard, and fill it with heating lamps which use a prodigious amount of electricity and generate a lot of heat, and I sit on my front porch smoking a leafy substance wrapped in paper, I'll probably be investigated for running a grow-op. If I show up at school carrying a fake, but real-looking machine gun, it will probably draw the attention of the authorities.
In fact, isn't it a crime to try to fool the police into thinking you're committing a crime? Usually it gets a disorderly conduct charge or something like that.
I'm not saying there are no problems with copyright enforcement, or the tactics of the RIAA, but being able to frame your printer is not a good example of that.
If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
Yes, anyone in IT understands these issues. But the fact remains that no one in IT is being listened to when they are calling this same information proof of infringement. This study is to show that their "proof" which is being used in these same cases is as worthless as all the IT people have said it was from the beginning, and that the checks the **AA investigators are using to confirm that they are not accusing the wrong people are as worthless as well in terms of verifying/screening false positives. This study shows for a FACT that false positives are occurring and occurring ALL THE TIME.
We were all warned a long time ago that MS products sucked, remember the Magic 8 Ball said, "Outlook not so good"
With this approach, it seems like it would be possible to frame every Internet user, or at least a significant number of them. What a monkey-wrench that would throw into the works! The modern version of 'I, Spartacus'.
How about we start framing security cameras and other IP-enabled devices. This brings new meaning to automated homes. "I swear officer, it was my toaster oven that was downloading those mp3s."
We need an UN declaration on Machine Rights. There are no punishment for smash, throw out windows, sued for file sharing without a fair judgement or even (is hard for me to write this, human cruelty have no limits) install windows in them.
How you think a singularity will decide to show up in such environment?
I hope that the printer gets a good lawyer and demands a trial by jury.
Hell, I hope that it even takes the stand in its own defense!
____________________
Clouds in the Sky,
Water in a bottle
I have not read about this - has anyone heard any anecdotes on this subject?
I'm curious if the 'industry monitoring groups' have ever sent a C/D letter to a clueful sysadmin? we know that most laymen will simply cave in when they receive the 'fact' that their IP address was somehow connected to 'bad traffic'; but I wonder if anyone who knows networking ever called their bluff and really had a court case where he asked for MORE info than simply IP addrs. it would seem that if you can defend yourself in IP networking theory that they really have no firm case on you, especially if you run an 'open wireless AP' and that, itself, could create enough doubt as to who the real 'infringer' really is. they might be able to say its your network but they can't prove its YOU. it could be spyware that somehow got installed on your system. spyware does do 'strange things' as well all know and its not outside the realm of possibility that some virus is connecting to trackers while sitting inside your network. is that really your fault? should you be called 'an infringer' for that?
so I'm really curious if there are any examples of a tech-strong defendant really calling their bluff and demaning fine-grained specific evidence while at court or at some plea bargaining procedure.
--
"It is now safe to switch off your computer."
1: Find a network printer assigned an IP address.
2: Set your NATting wireless router to mimic that printer's MAC address.
3: Insert your NATting router between the printer and the LAN and steal its IP address.
4: Connect to router and fileshare to your heart's content.
5: Watch printer be arrested for your piracy.
6: PROFIT!
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
...Chairman and CEO, Recording Industry Association of America.
Yes. There are many stories now by the people who have had to process them of the RIAA sending DMCA takedowns and subpoenas with IP addresses and timestamps where the logs show no DHCP or static IP addresses allocated for the times in question. Some IP addresses were in ranges never allocated.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
What's to prevent the RIAA from having fake "experts" volunteer to do this, only to offer easily-refuted arguments in court?
You know, the new comment system would be a lot more awesome if it wasn't so effective at concealing the fact that five other guys already said the same thing I did.
The opinions stated herein do not necessarily represent those of anybody at all. Deal with it.
Is a linux box with an ftp server, (Brother MFC), so of course it could be guilty of copyright infringement. Or rather, it could be the source of copyright materials that I assume I or my wife would be responsible for the infringement related there-to. Or something like that.
Awesome furniture, accessories and cabinetry in Santa Rosa, CA: http://humanity-home.com/
...when these printers are found guilty in court! Time to swap in the legal tray, before Bubba starts abusing the collator...
what logs are you referring to?
.iso) but that copyrighted files were being downloaded or explicitly 'shared'. I should not have to produce logs showing that there was NOT downloading. that's just absurd. the burden of proof should be on the accuser to show, without any doubt, that I participated in an 'illegal share'.
'home users' (even clueful ones) often don't keep 'logs' of AP activity. or, they simply roll-over and over-write log data, like a circular buffered log would do.
I keep intrusion logs from my firewall but that doesn't log ALL activity, just break-in attempts. and if you run an open AP that is outside your firewall (as is prudent to do) then there is no NEED to keep a log on that - its 'open' afterall. and if they want to get into your private LAN they need to jump thru your firewall just like any other traffic from the WAN would.
I have no logs other than simple unix syslogs (on my unix boxes) and some firewall logs intermixed (remote syslog). I would hope that simply NOT having 'logged all data' would not be held against me (?). home network users should not be held to ISP level logging and accounting standards.
my defense would be to compel THEM to show definitive data and not just that torrent was running (I could be grabbing the latest linux
if its mandatory that home users keep detailed logs, then this is a huge jump over what expectations we have right now about 'home computer users'. I wonder if expecting home computer users to be experts (keeping detailed logs to SHOW their innocence) is reasonable in the eyes of the court?
finally, if you run a home NAT then simply saying IP of a.b.c.d is just not enough. and most users do run some kind of NAT device in their home networks. its really hard to see how a single IP could back-point (so to speak) at the device that is being NAT-mapped.
--
"It is now safe to switch off your computer."
Why on earth would a printer have its own public IP?
What if the developers of the popular torrent software were to code in something that randomly connected to trackers of high risk torrents? Not to actually download anything but just as a spoof to waste the time of the RIAA. If a whole mass of people were to do this, wouldn't it be some sort of deterrent to the RIAA, or would it just mean more letters and more people unknowing thinking they need to pay up?
{2} 'ere! How do you know its ip?
{1} It's barcoded on the side of its base.
{2} It's a fair cop, but technology's to blame.
etc., etc....
Apparently since a DDOS is a legal move in this game (if you'll recall the MediaDefender fiasco recently), maybe we could use this technique and flood P2P space with false positives.
I'll bet once every single judge in the USA gets a "Cease and Desist" letter they'll eventually see that the RIAA's tactics aren't valid.
Weaselmancer
rediculous.
This entire thread is the sort of pure comedy gold that you'll never get at digg.
Now if only they could get rid of the big green splotches all over the pages.
if they were printing say, graphics rendered via ascii art, they would basically turn into a sonically attractive drum section
maybe the laser printers were just jealous?
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
Make the RIAA and the MPAA the IP address they are sending a cease and desist letter to. I think if the judge presiding over the case starts getting identical cease-and-desist letters from the MPAA and RIAA he might question the validity of their claims.
Calvin:Do you believe in the devil? Hobbes:I'm not sure man needs the help.
At a previous job, I had to spend some time processing the DMCA notices. They were obviously auto-generated, and it was pretty common for them to just not make sense. IP address but no timestamp (very handy for dynamic address ranges), indecipherable protocol in the url (really. When even Google's no help, you need to at least provide a -hint-.), etc. When I'd respond with simple questions, it would take them weeks to respond. Meanwhile, they expected people to jump on their requests within hours.
--
did the laserjet printers enjoy the movies? did they think robert downey jr. aced the role? did they find the non-religious artifact theme an acceptable deviation from indiana jones canon?
come on new york times. i expect the important questions to be asked!
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
I used to work as a sysadmin in academia and we used to get such false infringement notices on a regular basis. Here is a typical story. Some professor, let's call him Smith, puts some tar and zip files on this webpage or on his ftp site, which naturally has a URL like ftp:somehost.edu/pub/users/smith/bundle.zip
Eventually we get emails some trade association: "We are asking you in good faith to remove the material that infringes on out IP rights. The site in question is such and such and it contains a copy of a Nintendo game "Mr. Smith's Day Out"" or some other non-sense like that. I found those amusing.
This is funny as hell. The fact they pinned it on a printer is telling of the ineptitude of the copyright leaching industry. But I am not sure if the general public or our public representitives understand whats going on.
I am starting to think we should step back and let the MPAA and other legalized mafioso have thier way for a while. Let's have DVD's with 10 minutes of forces comericials. Let the MPAA and MPA sue your IP enabled toaster. Let's see as content gets so locked down people won't buy a movie, ring tone, or networked device out of fear and disgust as "content owners" sue anything that answers a ping request.
It will be painfull for a while but after a critical mass the public revolt will come with such a ferocity the execs at the MPA and MPAA will have to leave in getaway planes to far away lands never to return like exhiled dictators. Politicians everywhere will be demanding the heads of the very same people they currently take bribes from hoping we don't lynch them in the process. Share prices will plummet, theaters will be vacent, and share holders will want blood.
Once it's all done no one will ever want to have draconian copyright measures enshrined in law ever again.
how do we know the printer wasn't framed by another printer?
And thus... a potential new Slashdot meme dies an early death downmodded to oblivion.
Anonymous...we hardly new ye.
lol.
She was like chocolate when she drank... semi-sweet at first and then increasingly bitter.
Well, this study showed that false positives can occur and can be made to occur, but it doesn't say anything about how often they do occur. I know the folks who process these complaints at my school, and the false positive rate is a little less than 3%.
If it's so easily spoofed, then it wouldn't be hard to set up a little distributed system that creates so much "noise" that actual infringement would be difficult or impossible to track. Not that I would condone such a system...
"Do you deny that your client, LaserJet 4250dn 23JU6450, did knowingly and habitually engage in illegal file downloading and sharing?"
"The defense would like to point out that while their client is a network device, it is also just a printer. As such it is entirely incapable both of downloading and sharing copyrighted material of its volition, but in fact has no volition to speak of?"
"Your honor, the prosecution intends to prove beyond a reasonable doubt that the defendent meets all of the criteria of a peer to peer file sharer under the Digital Millennium Copyright Act. The defendent not only had the ability to receive and make illegal copies of files, but used a hacker language called Post-Script to communicate copyrighted material to other illegal file traders."
XeoMage
A much easier way to frame someone for infringement. You will need; -the IP address of the target -a copy of what an infringement letter looks like (find them on the Internet) -software to alter or create a fake infringement letter Using the target's IP address, look up their ISP's snailmail address. Fake up your Infringement letter. Mail it to the ISP. Do this 3 to 5 times and your target will get booted from their ISP. ISP's do not check the validity of these letters.
So, anyone wanna help me get NetBSD on my Epson?
I was poking around a Ricoh/Savin copier/printer recently and a process listing sure looked BSD'ish!
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
It's not like the printers can get up and hop in their car and head to the movie theater. How else are they going to see ironman? Won't somebody think of the printers?!
--- Someone is proudly sporting their badge above ----
did you ever get final resolution? IS there such a thing as final resolution?
alternately, how long could you keep deferring things (ahem) by questioning them? even that could be a useful thing to know (and share).
--
"It is now safe to switch off your computer."
I think the way the **AAs would counter the argument would be the analogy: suppose there is a raid on the local whorehouse, and you are there, and you claim that you weren't actually doing anything illegal, but just "hanging around" or "doing research" or "visiting a friend." The odds are infinitely against that being the case, and while we acknowledge that there is a CHANCE you were actually innocent, if you hang out there you should not be surprised if you get swept up in the dragnet.
And they might also counter the "but there are legitimate uses for p2p" argument with the same scenario. Maybe the madame of the whorehouse also occasionally sells a jar of her homemade chicken soup to someone, but we know 99% of the visitors to that house are seeking to satisfy a different kind of appetite.
(Don't think all of this is farfetched -- after all, most prostitution busts do not rely on any actual proof that money was exchanged or that services were rendered -- the actual passing of bills or manipulation of body parts is rarely observed, but merely inferred. If you are driving at 3 am in a known prostitution area, and you are caught with a known prostitute in your car, you WILL be busted, and the judge will laugh off any "innocent" defense.)
"Every great cause begins as a movement, becomes a business, and eventually degenerates into a racket." -- Eric Hoffer
Then everyone can use it on campuses.
Esp here at U FL where the incompetent IT department (also known as the fourth Reich) is only too happy to sell out it's own students.
When our name is on the back of your car, we're behind you all the way!
Make every tracker for illegal data only hold garbage data which no human could read. No infomation is stored as to what is being tracked (ie: Iron Man). A link on, say, The Pirate Bay, then links to that tracker with a human-readable string of what content is actually tracked. Other sites can also link to that tracker with the same or different human-readable strings.
Now when anyone uses that tracker and gets caught, they can just claim the didn't know they were downloading illegal data, since the name was bogus.
Want it court? Just use the study's technique to have take-down notices sent to every Federal court house. That should wake some one up.
Why do the printers have a out side IP any ways???
Sounds like they have poor network setup and any one can get in just NATing part of there net work is a way to cut down to file sharing and cut on work for the IT guys when the RIAA wants to know who is useing what IP just say IP X is for dorm 2 and there are 500 users in there.
Why are they not NATed?
How much junk print jobs do they get?
Do people try to print messages to the display useing PCL.
Some prints can have a HD in them so you may be able to use one to down load stuff and say to the RIAA how can a print download music?
"You saved 1968." - Ms. Valerie Pringle to the crew of Apollo 8
Some like this can get you off in criminal court and there new laws that are pending that may make Copyright Infringement a criminal thing.
I've just read the nytimes article, but I think I know how this works.
;)
A bittorrent tracker just keeps a list of clients that have said they're interested in the file, and gives ip's to new clients. The researchers probably connected a client to see how many was connected (get the list of ip's), and not actually downloading or uploading. I will guess that this is the exact same thing that *AA does, and don't check if any of those ip's the tracker gives actually do trade data.
Further on, you can manually set your ip address in most torrent clients, which gets reported to the tracker. Putting 2 and 2 together, you set the ip to some victim's ip, connect, and when *AA vacuums the tracker for ip's, the tracker gives out the fake ip address. No need for advanced mumbo jumbo, just tell the tracker that's your ip, and it'll believe you and tell all its friends.
The bittorrent protocol specification can be found here, btw. Look under "Tracker Request Parmenters", at the "ip" field.
Now, do anyone know the IP address of some judge/lawyer's home networks?
It's The Golden Rule: "He who has the gold makes the rules."
Flooding peer to peer networks with software agents that appear to be downloading copyrighted content but which actually never accept a bit of the content might constitute a clever denial of service attack on these enforcement agencies. Of course, it's just a thought I had -- one that might not really work.
Thats why you tell the *aa to take a hike when you get the letter.
---- Booth was a patriot ----
Alternately, the workstations belonging to: student conduct, university legal affairs, or even our DMCA copyright officer all seem interesting targets to get this *AA blackmail scam exposed for what it really is.
An interested party could figure out a judge's address. And when you've got that then you'd know who their potential local providers are. And once you know those you know the range of possible IP addresses. And once you've got that - brute force. Ping everyone. Any return ping gets a spoofed false positive. Or if you're of the 'nuke it from orbit' mindset, false positive the whole subnet.
Piece of cake. If someone were so inclined, that is. Not that I'd advocate anyone ever doing this, of course. Oh heavens, no.
Weaselmancer
rediculous.
* Throws computer out window * Hmm.... that reminds me of a certain video clip taken from a (not-so) famous sketch. I wonder...
"You hear that, Clippy? You're gonna pay!
He's a filesharer. He's a fiiiiiiiiiiiiiiile sharer!!
AAAAAGH! *crashes on window*
You were thinking that 3% was a low number? 3% of "tens of thousands" is hundreds of people. Not to mention, how are you measuring false positives? How do you know the people you're assuming are guilty actually are?
Apparently IP spoofing still works.
There. I just saved you 7 pages of walled text.
Ave Molech Setting
The article states that the researchers were able to get 400 DMCA letters just by monitoring the P2P networks. So what happens if many, many more users all simultaneously start monitoring the networks. Not downloading. Just monitoring. I'm curious what the RIAA/MPAA would do. If we could get 10,000 people involved, will they send out 4,000,000 letters? What if every P2P client started including the monitoring software and one million users started doing this? At some point the RIAA/MPAA just won't be able to handle the load and the people actually downloading will just be a small signal in the overwhelming noise.
First, lets post pictures of common *.iaa (note not capitalized out of lack of respect) leaders. Everywhere. This way they can't go out in public, without fear. Ask people to just politely ask them why they hate us why music & DVD's cost so much every time someone sees them. Ask why it costs more to buy a movie on DVD than it is to see it in a theater? Ask them why BlueRay is 3x the cost. Ask Politely but Furiously my friends.
Make them fear the public eye. Just like we can't connect to the interwebs w/o fear of legal action.
Grab your Megaphones and Come w/ me!
How much is your data worth? Back it up now.
Email the judges with some web bug link/image then capture their IP addresses and get them RIAA'd... sounds like a plan.
How difficult would it be to coordinate a spoofing system like this that is gradually directed at every used IP across the internet? If it's shown that the *entire* internet is somehow participating in acts of copyright infringement from every IP address across the board, maybe someone might actually begin questioning the current system used to identify those illegally download copyrighted material.
Think of it... the most respected and powerful people in every community simultaneously getting bogus cease and desist letters. (Lawyers, judges, politicians, etc...) I'd be inclined to think *something* just might happen after that.
8==8 Bones 8==8
It should be very obvious to them that the laser printers are the prime suspects in copyright infringement cases. You definitely need a laser printer to print out the files the printer downloads, doesn't surprise me a tiny bit.
It's the second time on this page!
Catching someone suspected of copyright infringement isn't all that hard. The KEYKatcher Keylogger can do it rather easily. Forensics experts use it all the time to catch employees participating in illegal activity among which is copyright infringement. Both the home and corporate versions are available on my web site. Trade secrets and company information being leaked is not an uncommon problem but with this hardware available to the public, a forensics expert need not be engaged. http://officialsafetyandsecurity.com/keykatcher
When I lived in Hollywood, I got to fantasizing about getting one of those big Barrett rifles.
Damn helicopters.
The cost of that cleanup, of course, will be borne by taxpayers, not industry.
Torquemada do not beg him for mercy!
Torquemada do not ask him for forgiveness!
Let's face it, you can't Torquemada anything!
this will probably spur a new law to force more rigorous guidelines for network identification.. in other words.. "re-engineer the internet and remove that pesky 'privacy' thing"
VLC FOR MAC IS DYING! IF YOU DEVELOP, PLEASE SAVE IT!!
it is not public neither is the one on the computer. put your actuall ip gets listed in torrent programs. they spoofed
How many myspace sites, imageboards, or third party copies of official news organization articles actually have authorization for the media present there?
Under the berne convention even a picture photocopied by a third grader's art teacher is a copyright infringement. The only real difference between the RIAA/MPAA content and the rest is
Notice I didn't even touch on how huge a hotbed of libel, trademark infringement, unauthorized commercial exploitation.. and the rest of the amazingly wide array of litigious offenses that this despicable "internet" is.
VLC FOR MAC IS DYING! IF YOU DEVELOP, PLEASE SAVE IT!!
That analogy doesn't map well enough. It should be that they raid a whorehouse, flip through the guestbook and get the name and address of all past clients. They then raid your house and arrest your dog.
It's not about you being in the whorehouse, its the fact that anybody could write down your address and give up your dog's name which calls into question the reliability of using the guestbook to arrest people for prostitution.
"how can they call it a MINE if everything here is THEIRS?!?!" -Straight Jacket
A patent lawyer says: Proof in a copyright suit is not a matter of "caught." Proof is the matter of proving access AND copying in a copyright suit. That infringement complaints snagged the innocent does not surprise me. This kind of info (spoofing) would have the tendency to derail a copyright infringement suit. File sharing is an enormous issue that deserves treatment elsewhere. My philosophy is to recommend to my clients that they studiously avoid file sharing, esp. of musical and film works. They are risking hugely otherwise. Read more about copyright laws and practice at http://www.copyright.gov/
The only "evidence" was his odd behavior.
So, how hard would it be to load a stripped linux kernel into the firmware of a laser printer, and push an ssh proxy?
I mean, if the printers are gonna get blamed anyways...
This work is licensed under a Creative Commons Attribution 3.0 Unported License.