Slashdot Mirror
How To Frame a Printer For Copyright Infringement
An anonymous reader writes "Have you ever wondered what it takes to get 'caught' for copyright infringement on the Internet? Surprisingly, actual infringement is not required. The New York Times reports that researchers from the computer science department at the University of Washington have just released a study that examines how enforcement agencies monitor P2P networks and what it takes to receive a complaint today. Without downloading or sharing a single file, their study attracted more than 400 copyright infringement complaints. Even more disturbing is their discovery that illegal P2P participation can be easily spoofed; the researchers managed to frame innocent desktop machines and even several university printers, all of which received bogus complaints."
While entirely laughable, I'm glad this story is in the New York Times. Getting the Spanish Inquisition-esque ways of the these enforcement agencies out into the media is going to be one of the few ways to make it stop. Hopefully people (meaning the general public, and not just us here on /.) will soon realize just how ludicrous these methods are.
Maybe now my employer will have to take down that LaserJet IIIp and upgrade to a newer model.
What the hell does that mean?
So, will we have a variant on the Chewbacca defense?
... if the toner cartridge won't fit, you must acquit."
:-P
"Why would a printer, an inanimate object with no reproductive organs, be downloading pornography? It doesn't fit
Seriously though, it's good to see some credible research demonstrating that the methods that are used to identify file-sharers are completely arbitrary and can't be demonstrated to be valid.
It would be nice to finally have enough evidence that Judges could basically say "Well, this methodology has been dis-credited, you need actual evidence."
Now, if you excuse me, I'm going to try to devise a way to make it look like our printer has been downloading Will Farrel movies and films with Natalie Portman.
Cheers
Lost at C:>. Found at C.
Time to exact my revenge on that stupid Lexmark E240 of the 5th floor.
Power corrupts. Absolute power...is even more fun.
Were the printers imprisoned?
Deleted
Yay.
....it might change things. Legislators in the US and EU, for example.
Clippy: Looks like you're making a letter. Would you like help?
Clippy: Looks like your letter is finished. Would you like me to print it?
Clippy: Looks like you're infringing on a copyright. Would you like me to call you a lawyer?
* Throws computer out window *
This is completely ridiculous and I'm sure any judge would see a printer downloading copyrighted songs as completely silly.
So, anyone wanna help me get NetBSD on my Epson?
While I'm all for anything and everything that helps bring down the MAFIAA, sadly the case in this article is very weak. It only points out two things, both of which are already commonly known by almost everyone in IT.
1. IP addresses can be spoofed.
2. IP addresses assigned by DHCP will not always be assigned to the same MAC address.
Then there's a lot of hand-waving and implications that there's also all kind of other likely flaws in the methods used to find out who's participating in file-sharing.
The worst part of it though is how they throw in the whole thing of "we weren't actually downloading or sharing anything". No, they were just connecting to the tracker. And of course, everyone knows "pirates" commonly connect to torrent trackers to do nothing.
This bothers because if anyone were to point out how weak this case is in main-stream media, it could end up doing more harm than good.
We need some heavy ammo to shut them down, and I'm afraid this is not it.
There is no -1 Disagree mod. Slashdot.org/faq defines mod options. USE IT.
You are welcome on my lawn.
Yes, anyone in IT understands these issues. But the fact remains that no one in IT is being listened to when they are calling this same information proof of infringement. This study is to show that their "proof" which is being used in these same cases is as worthless as all the IT people have said it was from the beginning, and that the checks the **AA investigators are using to confirm that they are not accusing the wrong people are as worthless as well in terms of verifying/screening false positives. This study shows for a FACT that false positives are occurring and occurring ALL THE TIME.
We were all warned a long time ago that MS products sucked, remember the Magic 8 Ball said, "Outlook not so good"
Please don't confuse an RIAA investigation with a police investigation. The RIAA are not the police (yet....)
We need an UN declaration on Machine Rights. There are no punishment for smash, throw out windows, sued for file sharing without a fair judgement or even (is hard for me to write this, human cruelty have no limits) install windows in them.
How you think a singularity will decide to show up in such environment?
I have not read about this - has anyone heard any anecdotes on this subject?
I'm curious if the 'industry monitoring groups' have ever sent a C/D letter to a clueful sysadmin? we know that most laymen will simply cave in when they receive the 'fact' that their IP address was somehow connected to 'bad traffic'; but I wonder if anyone who knows networking ever called their bluff and really had a court case where he asked for MORE info than simply IP addrs. it would seem that if you can defend yourself in IP networking theory that they really have no firm case on you, especially if you run an 'open wireless AP' and that, itself, could create enough doubt as to who the real 'infringer' really is. they might be able to say its your network but they can't prove its YOU. it could be spyware that somehow got installed on your system. spyware does do 'strange things' as well all know and its not outside the realm of possibility that some virus is connecting to trackers while sitting inside your network. is that really your fault? should you be called 'an infringer' for that?
so I'm really curious if there are any examples of a tech-strong defendant really calling their bluff and demaning fine-grained specific evidence while at court or at some plea bargaining procedure.
--
"It is now safe to switch off your computer."
1: Find a network printer assigned an IP address.
2: Set your NATting wireless router to mimic that printer's MAC address.
3: Insert your NATting router between the printer and the LAN and steal its IP address.
4: Connect to router and fileshare to your heart's content.
5: Watch printer be arrested for your piracy.
6: PROFIT!
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
The opinions stated herein do not necessarily represent those of anybody at all. Deal with it.
If I go outside every night wearing overalls covered in blood stains, dig holes in my front yard, and bury body sized bundles wrapped in garbage bags every night for a couple of weeks, I'll probably be investigated for murder.
You would be investigated, but if the only evidence presented at the case was the odd behavior you would be found not-guilty. The MPAA/RIAA use the odd behavior as not only the probable cause to investigate but also as the evidence to prosecute.
what logs are you referring to?
.iso) but that copyrighted files were being downloaded or explicitly 'shared'. I should not have to produce logs showing that there was NOT downloading. that's just absurd. the burden of proof should be on the accuser to show, without any doubt, that I participated in an 'illegal share'.
'home users' (even clueful ones) often don't keep 'logs' of AP activity. or, they simply roll-over and over-write log data, like a circular buffered log would do.
I keep intrusion logs from my firewall but that doesn't log ALL activity, just break-in attempts. and if you run an open AP that is outside your firewall (as is prudent to do) then there is no NEED to keep a log on that - its 'open' afterall. and if they want to get into your private LAN they need to jump thru your firewall just like any other traffic from the WAN would.
I have no logs other than simple unix syslogs (on my unix boxes) and some firewall logs intermixed (remote syslog). I would hope that simply NOT having 'logged all data' would not be held against me (?). home network users should not be held to ISP level logging and accounting standards.
my defense would be to compel THEM to show definitive data and not just that torrent was running (I could be grabbing the latest linux
if its mandatory that home users keep detailed logs, then this is a huge jump over what expectations we have right now about 'home computer users'. I wonder if expecting home computer users to be experts (keeping detailed logs to SHOW their innocence) is reasonable in the eyes of the court?
finally, if you run a home NAT then simply saying IP of a.b.c.d is just not enough. and most users do run some kind of NAT device in their home networks. its really hard to see how a single IP could back-point (so to speak) at the device that is being NAT-mapped.
--
"It is now safe to switch off your computer."
As much as the "copyright police" may like to pretend that they're law enforcement (complete with little .jpg images of copper badges--lol), they are not the police. Copyright infringement is a civil charge. As such, the content industries should not get any special treatment when it comes to these cases. If it can be shown that the content industry's methods of obtaining evidence is fundamentally flawed, it calls into question if the DMCA takedown notices and C&D letters are truly filed with good faith as to the validity of their contents. Without those, none of their lawsuits could go forth because they would not be able to request ISPs to release account records.
If I as an individual can't sue random individuals on spurious grounds and demand legal-ransom (err.. "settlement"), why should the industries be able to?
-Grym
A better analogy (and a bit of a 'social experiment' I actually did once out of boredom):
It's not illegal to destroy your own property when you're done with it. Say, to tear up old, out-of-date travel guide books about Spain. It's your property, you can do what you want with it. It's not even illegal to do so on public property. I could do that and throw out the pieces in a public park, for instance.
However, if you try to do that in a public library, some old(er) ladies will have a fit...
When I was in college, I took several old travel guides to the library and started shredding out pages in the main reading area. Several people noticed and, I assume, told the staff. They approached me quickly and freaked out, telling me to stop. I said, "It's OK. They're my books. No harm to your books at all." And they responded by demanding that I leave, which I quickly did.
The point? Even if you're not committing any sort of crime, the appearance of doing so is likely to get you under close scrutiny. In the RIAA's case in this instance, they gave out Take Down Notices. In the situation given, they are ridiculous because no downloads had occurred. However, without actually filing suit against the authors of the study, this is just analogous to 'higher scrutiny'.
If I had been actually destroying the public library's books, I would have not only been a bad citizen, but also in violation of some misdemeanor vandalism charges most likely. If the authors of the study had been actually illegally downloading copyrighted materials (over against not downloading anything, downloading materials under fair use, etc etc), they would have been making themselves liable for civil suit(s), and the RIAA would likely have gone after them with a lawsuit.
The big difference is that the RIAA seems to be blanketing everyone who is mistreating the books in any way, shape, or form, rather than looking for people who are actually destroying actual library books. It's the throw-it-all-against-the-wall-and-see-what-sticks approach to filing suit. And it's about the least responsible way to do it (if not the least effective).
What? Conspire to subvert the legal system, and come close to perjury? I say, bring it on and let the jail terms fly.
Presumably, the EFF would vet their people, but I should think intentionally doing what you suggest might get you some kind of sanctions.
Then again, your cynicism might not be completely unfounded. Which, is a depressing thought.
Cheers
Lost at C:>. Found at C.
{2} 'ere! How do you know its ip?
{1} It's barcoded on the side of its base.
{2} It's a fair cop, but technology's to blame.
etc., etc....
Apparently since a DDOS is a legal move in this game (if you'll recall the MediaDefender fiasco recently), maybe we could use this technique and flood P2P space with false positives.
I'll bet once every single judge in the USA gets a "Cease and Desist" letter they'll eventually see that the RIAA's tactics aren't valid.
Weaselmancer
rediculous.
At a previous job, I had to spend some time processing the DMCA notices. They were obviously auto-generated, and it was pretty common for them to just not make sense. IP address but no timestamp (very handy for dynamic address ranges), indecipherable protocol in the url (really. When even Google's no help, you need to at least provide a -hint-.), etc. When I'd respond with simple questions, it would take them weeks to respond. Meanwhile, they expected people to jump on their requests within hours.
--
Networked printer needs paper, badly.
Your ad here. Ask me how!
I used to work as a sysadmin in academia and we used to get such false infringement notices on a regular basis. Here is a typical story. Some professor, let's call him Smith, puts some tar and zip files on this webpage or on his ftp site, which naturally has a URL like ftp:somehost.edu/pub/users/smith/bundle.zip
Eventually we get emails some trade association: "We are asking you in good faith to remove the material that infringes on out IP rights. The site in question is such and such and it contains a copy of a Nintendo game "Mr. Smith's Day Out"" or some other non-sense like that. I found those amusing.
A much easier way to frame someone for infringement. You will need; -the IP address of the target -a copy of what an infringement letter looks like (find them on the Internet) -software to alter or create a fake infringement letter Using the target's IP address, look up their ISP's snailmail address. Fake up your Infringement letter. Mail it to the ISP. Do this 3 to 5 times and your target will get booted from their ISP. ISP's do not check the validity of these letters.
When our name is on the back of your car, we're behind you all the way!
"You saved 1968." - Ms. Valerie Pringle to the crew of Apollo 8
British Nuclear Fuels Limited used to do that all the time, during lawsuits over dangerous levels of contamination in the environment.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
but if the only evidence presented at the case was the odd behavior you would be found not-guilty
Unless you're black or hispanic and live in Texas.
I was taught to respect my elders. The trouble is, it's getting harder and harder to find some.
An interested party could figure out a judge's address. And when you've got that then you'd know who their potential local providers are. And once you know those you know the range of possible IP addresses. And once you've got that - brute force. Ping everyone. Any return ping gets a spoofed false positive. Or if you're of the 'nuke it from orbit' mindset, false positive the whole subnet.
Piece of cake. If someone were so inclined, that is. Not that I'd advocate anyone ever doing this, of course. Oh heavens, no.
Weaselmancer
rediculous.
Apparently IP spoofing still works.
There. I just saved you 7 pages of walled text.
Ave Molech Setting
If I go outside every night wearing overalls covered in blood stains, dig holes in my front yard, and bury body sized bundles wrapped in garbage bags every night for a couple of weeks, I'll probably be investigated for murder.
Hm, good point-- I better start using the back yard.
Comment of the year
How difficult would it be to coordinate a spoofing system like this that is gradually directed at every used IP across the internet? If it's shown that the *entire* internet is somehow participating in acts of copyright infringement from every IP address across the board, maybe someone might actually begin questioning the current system used to identify those illegally download copyrighted material.
Think of it... the most respected and powerful people in every community simultaneously getting bogus cease and desist letters. (Lawyers, judges, politicians, etc...) I'd be inclined to think *something* just might happen after that.
8==8 Bones 8==8
They don't need "fake" experts they just need "real" experts that emphasis points that they want heard and minimize points they don't. In an adversarial legal system each side does this; it's up to the jury to decide which expert is full of it.
Your point makes me wonder if in this day and age we don't need non-biased experts in the same way we need non-biased jurors. I would propose that each court district should have and online listing of which experts are needed, and volunteering to fill that need would fulfill one's jury service obligations.
We are all just people.