Slashdot Mirror
CMU Cuts off Net Access for 71 Students Over MP3s
PresOdent writes "Carnegie Mellon University cut off network access to 71 students who allegedly put some copyrighted mp3s on their sites on the university's computer network. The university said it discovered the copyright violations last month, when it conducted surprise inspections of student computer files at the order of the Recording Industry Association of America. Read the article from the Chronicle of Higher Education for more info."
While they can't go in and confiscate the students' computers, they are within their rights to deny the students access to the network.
Who in their right mind shares illegal (I am assuming they were copyright infringing) mp3's without at least protecting them with a password???
CMU has historically been very skittish about copyright violations. When I was in school there, they dropped a number of Usenet groups because they alleged that the majority of the posts to them contained illegally copied material. They've also been more than willing to pull the accounts of students whose machines are used to attack other machines. None of that should really be surprising, though; it is, in point of fact, illegal to copy mp3s of copyrighted material and since CMU long ago abandoned any pretense of being a common carrier they would be opening themselves up for legal troubles if they didn't cut of access to copyrighted material once it were found. The only troubling thing here--and it is quite troubling--is that they conducted inspections "at the order of" the RIAA. That could mean either that the RIAA said "we've seen evidence that machines X, Y, and Z have illegal mp3s on them" and CMU looked and verified that, or it could mean the RIAA siad "lots of CMU students have mp3s, why don't you look and see which ones". The first is IMO acceptable and in accordance with how law enforcement would act to comply with search and seizure restrictions. It's probably required to comply with the law, though IANAL. The second is rather heavy-handed, especially for an institute of higher learning. I am not a lawyer. This is not legal advice.
-- rage, rage against the dying of the light
This isn't something new, really.
At the University of Maryland, College Park, they have been cracking down (or trying to) on the distribution of MP3s and pirated software for years. Unfortunatly, their detection has been rather limited, since all they really look for are student machines using significant bandwidth, which, in of itself, isn't proof of wrong doing.
What you'll find on these college campuses, however, is a staff of people who enforce these "Acceptable Use Policies," and these staffs are usually made up of beaurocrats, and not techies. You are usually tried, convicted, and sentenced on even the most circumstancial of evidence. Hell, I know someone who got kicked out of Resident housing over LEGAL MP3s.
And when the more serious network intrusions take place, they do it based on your IP address. It doesn't matter if your machine is owned, your IP hijacked, or the address simply spoofed.
Basicly, there's a new kind of fascist in town. While they may not be smart enough to catch you, they may accuse you anyway and run you through. Be careful.
Well...
I agree with you in principle. I am a CMU student who didn't lose network access. And I support the actions of Computing Services. If RIAA had to do it, the school's ass would be on the line.
What raised the ire of many of the students (and prompted the action of the Student Senate, and other groups [such as the Student Dormitory Council]) was the violation of Computing Services's own guidelines. By guessing passwords (even if they were easy ones), they were not observing their own privacy statements.
In addition, students with legal MP3s were shut off. Also, students did not receive advance notice, nor did they receive adequate explanations of the actions taken.
--
Max V.
There should be a moratorium on the use of the apostrophe.
Max V.
NeXTMail/MIME Mail welcome
Now their network access is obviously the school's, and subject to their terms. Admins can watch what goes into and out of a box, but is it really legal to "search" their computer? That sounds like definate search and seizure, which I thought couldn't be done without a warrant, definately not done just because a record company wanted you to.
-- Truth goes out the door when rumor comes innuendo. -- Groucho Marx
While I am annoyed with those who insist on using mp3 as a method of propogating warez music and giving the rest of us a bad name, who simply want open standards and convinient fair use of the music we have purchased, I must say I find the notion of universities becoming a collective police force for the RIAA more than a little disturbing. When I was in college we all shared cassette tape recordings of music we couldn't afford to buy. This story calls to mind images of University employees and RAs entering dorm rooms, spot checking tape collections for illegal tapes.
While what we did as students was not strictly legal, it was pretty damn harmless. I suspect the RIAA has made a great deal of money on each and every student who did this in college, as nearly all of us have no doubt moved on to buying CD's (and some of us going the extra step and ripping them into mp3 format for convinient access on our hard drives).
I don't approve of what the students did, especially if the files in question were in areas with public access, which being on a web page implies. If they were running warez sites for the world to steal from, then shame on them. But if they were simply exchanging files among themselves, for their own use, then shame on the university and the RIAA for swatting a fly with a sledgehammer.
I once considered making my mp3 collection available *to myself only*, via 128-bit encryption and password authentication, on my web page so I could listen to my music anywhere in the world, without lugging cdroms around. I opted out, as explaining that subtle but critical difference -- the difference between fair use and piracy -- is not something I wanted to do before a judge, especially with the extreme presumption of guilt when the phrase "made his mp3 collection available on a web page" is uttered. While these students probably weren't doing this, can anyone be certain based on the article as written?
No matter how one slices this story, one thing is clear. Even the limited privacy we enjoyed as students even a few short years ago appears to have been vastly more sacrosanct than whatever it is students have now (calling it privacy would be a farce of the worst kind, I'm afraid).
Shame on everyone. This is despicable.
The Future of Human Evolution: Autonomy
The university said it discovered the copyright violations last month, when it conducted surprise inspections of student computer files at the behest of the Recording Industry Association of America.
If I was the head of a univeristy I wouldn't listen to the RIAA, even if they threatened to sue, because they could only bring legal action upon the students. It would be like if I hacked slashdot and put up an mp3 ftp site. The RIAA couldn't prosecute Rob or Hemos. They would find an prosecute me. People are so afraid of the RIAA. If I were in their shoes I would only listen to law enforcement officials.
Standford revoked many people's access for running Linux last year.. but people easily go arround it by running port scan detectors. I think serious people will just move to that sort of system now, i.e. deny access to all on camopus computer execpt ones that lie in blocks wired to dorm rooms. This creas an interesting idea: I wonder how easy it would be to keep an updated list of RIAA and co. IP blocks? I know they can always get a short term dialup account, but that can not be as efficent as looking for people from their own systems. Any ideas?
It will take a little more work to make Piracy really safe for the windows users, but most of the time the people looking for piracy don't check out SMB shares anyway.
Speaking of making piracy safe, here is an interesting idea: use a daemon (using a random port selected at install time and automatic portscan detector) to create a network were each person's computer shares it's list of MP3s but only talked to their friends systems for everyday sorts of contact (well execpt for actually transmitting the MP3s). Sorta like an old BBS style network.. execpt with no global network map. This could go a long way to making it impossible to effectivly bust pirates. I mean they could always go after the one guy who was pirating a specifi thin (like a movie) but it would be uneconomical to just go take out the popular since every site would be equally popular and tere would be no way (short of DLing all the MP3s on the network) to KNOW that you had them all. just a though..
Jeff
The Christian religion has been and still is the principal enemy of moral progress in the world. -- Bertrand Russell
I once had a nightmare in which Carnegie Mellon University was free to usher in the beginning of a disrespectful new era of parasitism. There is absolutely nothing these foul-mouthed diabolic-types will not do to destroy their enemies. They will poke into the most secret family affairs and not rest until their truffle-searching instinct digs up some deplorable incident that is calculated to finish off their unfortunate victim. It is easy to see from the foregoing that I take seriously the view that just because you can do something does not mean it's okay to do it. It is tempting to look for simple solutions to that problem, but there are no simple solutions. I don't know when obscurantism became chic, but we can never return to the past. And if we are ever to move forward to the future, we have to indicate in a rough and approximate way the two snooty tendencies that I believe are the main driving force of modern Marxism.
I respect Carnegie Mellon University's criticisms, although it got into a snit the last time I pointed out that the truth of this is by no means limited to the field of general culture, but applies to politics as well. If there is one thing I have learned, it is this: you don't need to look far to see that Carnegie Mellon University continuously seeks adulation from its cronies. Apparently, some of Carnegie Mellon University's wishy-washy tirades are so self-contradictory, they're their own refutation. If a new Dark Age is about to descend upon us -- as many believe it will -- it will be the result of Carnegie Mellon University's writings.
After all, if we submit to Carnegie Mellon University's definition of "hexosemonophosphoric" and become unscrupulous, we have lost the war for self-preservation. Unsettling as that is, the more infuriating fact is that if Carnegie Mellon University is allowed to burn books, the implications can be widespread. I have just one word for Carnegie Mellon University: transubstantiatively. If saturnine ignoramuses can one day replace the search for truth with a situationist relativism based on acrimonious alcoholism, then the long descent into night is sure to follow. By now, we are all more than familiar with Carnegie Mellon University's unpleasant deeds. Let me explain. Outrage pounded in my temples when I first realized that Carnegie Mellon University wants to hijack the word "ultraphotomicrograph" and use it to destroy the values, methods, and goals of traditional humanistic study.
Carnegie Mellon University's stratagems have grown into an intemperate tapestry weaving together classical conspiracy theories of the 19th century and post-Marxian economics. It's my hunch that Carnegie Mellon University uses the term "theoanthropomorphism" with ostensible confidence that its meaning is universally understood. Notice the raucous tendency of Carnegie Mellon University's bons mots. This is kind of a touchy subject to some people. Speaking of abominable imbeciles, no one of any intelligence believes that anyone who resists Carnegie Mellon University deserves to be crushed. Human life is full of artificiality, perversion, and misery, much of which is caused by the worst types of immoral riffraff I've ever seen. And that's the honest truth.
The article seems to state that all of these searches were done by checking the contents of ~/public_html files on University owned servers. While it may have been a bit surprising for the University, given the choice between slapping 71 students on the wrist or potentially having a very expensive lawsuit from the RIAA, well, it doesn't take a rocket scientist to figure out which is the better idea.
If you're a CMU student and want to rebel against it, just fill up your public_html with mp3's generated with dd if=/dev/zero of=bjork-its_too_quiet.mp3 or dd if=/dev/random of=foo_fighters-random_mumblings.mp3. Civil disobedience is mighty effective.
Remember though guys, music is copyrighted and if you're listening to something then you like it enough to buy it. Most of the professional musicians I know are scared of mp3 due to the massive piracy which currently occurs in that medium. I'm not an mp3 fan, but I'd like to see the format legitimized. Let's hope this kind of thing doesn't give the record industry excuses to charge me even more per disc.
They were LESS liable for the behaviour of their students BEFORE they started snooping. Now that they've set a precedent of editorial control over content on their network, they will have to keep monitoring for and removing copyright violations (or potential violations, or libel, or obscenity, or any other forbidden-speech-du-jour) from now on.
Which is exactly what the RIAA wants, methinks.
I am not a lawyer, and this is not legal advice. For Entertainment Purposes Only.
Yep, just flip the big red switch (make sure you've installed ext3 patches for convenience) and wish the RIAA good luck with examining your /pub/mp3 partition :)
Disclaimer: this is in no way an endorsement for illegally distributing copyrighted material!
(talk about covering MY ass)
"In short: just say NO TO DRUGS, and maybe you won't end up like the Hurd people." --Linus Torvalds
I think college students (me included, at one point) tend to forget that the super-fast network access is a priviledge of being at college and not a friggin' right! If most universities have a `privacy policy', I don't think they're going to have any qualms about looking at files stored on their own hard drives to check there's nothing illegal there. Even looking at `public' files on students own boxes wouldn't surprise me; it's their network after all.
I'm lucky and can have my Linux box on-line 24/7 from the comfort of my bedroom; nobody demanded my root password as a condition of providing this service so I think I'm fairly lucky. But I do know damned well the Computer Services people run probes on the contents of anonymous FTP servers and regularly look for other network `weaknesses' on students' boxes.
So I hardly think this is an invasion of anybody's privacy, only a few stupid students who didn't hide their illegal activities a bit better; playing the invasion-of-privacy card just doesn't work here. In fact they've only been cut off for the rest of the semester; pretty lenient all in all.
Matthew @ Bytemark Hosting
The state of our legal system is not such that they can afford to risk it. They DO face liability for allowing mp3 sites to run which they're made aware of. Furthermore, trading of copyrighted mp3s like that is still technically illegal, and the college does have a certain obligation to minimize it, especially when they can do so with so little effort.
Here's a link with more specific information on the crackdown, directly from the CMU computing services newsletter.
o rk
http://www.cmu. edu/computing/cursor/fall99cursor.html#anchornetw
It seems that shared directories on the local university LAN were searched.
---
"Go Metallica. Die RIAA." -- Linus Torvalds
I work for the networking department of my school, where I have a much faster computer than my own at home and a very fast link. So that's the computer I rip and encode my cds on so I can listen to music all day. Am I going to get fired because the filenames are publicly viewable?
I also often download mp3s -- the legal kind. Some of my favorite bands at least allow one or two mp3s to be freely distributed (often bootlegs). These files I'll even put in a publicly accessable directory. Will I get fired for that?
Sometimes I download my mp3s to my machine at home. This is over a modem line, so it's not always feasible, but I still sometimes do it. Is it illegal to distribute copyrighted material to oneself? I'm waiting for the day some power happy administrator with a sniffer is going to turn me in for breaking the backs of the poor exploited American musical artist through the horrible act of listening to and supporting their music.
So how many students at CMU were only distributing mp3s legitimately? How many of them simply only had their own mp3s, but weren't technologically competent enough to make them private? How far did the school go to locate these files, and in contrast how far did they go to prove that these files were indeed illegal? I'm afraid I didn't see any of these questions answered in the article. Are there any other sources of information?
logan
(eagerly awaiting RIAA to come to his school, though they probably have already)
"The distribution of programs and databases is controlled by copyright laws, licensing agreements and trade secrets. These must be observed."[1]
"The distribution of copyright protected materials is illegal and is in direct violation of the Computing Code of Ethics." "Users found to be distributing copyrighted music files will have their network connections revoked for not less than one full semester and may be subject to displinary action."[2]
1. http://www.cmu.edu/co mputing/documentation/unix/Policies.html
2. http://www.net.cmu.edu/docs/gui delines/reshall.html
--Siva (former CMU student)
Keyboard not found.
Keyboard not found.
Press F1 to continue.
>Where from that article did you get that the students' computers were being searched? The article clearly states that CMU "randomly checked
>the public portions of 250 students' computer accounts". In no case, however, were system admins "illegally" searching through private
>computers.
And, if you had read the previous comments, you would have realized that the article was wrong.
All of the CMU students here (including myself) have pointed this out.
ALL of the searched computers were private - I'm not sure where the article writers got
the idea that 'student accounts' were checked.
The "illegality" issue is that Computing Services attempted to break people's passwords.
This is a violation of the CMU Computing Ethics code, if nothing else.
Just because Your Favorite Artist sucks, doesn't mean it's RIAA's fault.
--
NetInfo connection failed for server 127.0.0.1/local
is what i'd like to know. I know i own almost every album that my mp3's come off of. The only reason I spent so much time dl'ing them is that i do like to see if i'll like a song or a CD before i go and spend my money. I know there are lots of people out there who will just rack up the GB's with mp3's of songs they have no intention of buying, but i understood the current US law to say that if you have a legal recording you can copy it in as many different ways, as long as it's for your own use. So what if they put thm in shared directories, "oh hey, let's go to so-and-so's room to study, i'll share out my stuff so we can listen to it from over there". dunno, sounds like a big stink about nothing....
this is just a placeholder till i send back my real sig from the future.
Greetings, I am a student at CMU right now and give you all the lowdown on what happened. Basically the CMU admin did a search to see which computers where ebign heavily downloaded from and such. They then did a sweep of the network checking a computers here and there. The looked at all directories not password protected, but also.. and here's why some students are upset. They guesses a few passwords as well. Now, they didn't go trying to hack into machines or anything, but they did try passwords such as "mp3" or "cmu" for directories labeled "warez" or "mp3" and such. Personally I don't really have a problem with this, it is illegal after all, I guess its just strange because its seemed so natural to go download things like mp3's that we've forgotten it's actually akin to theft. Thanks, Adam Steele Physics/CS Sophmore
As someone who works for CMU and knew about (but did not participate in) the crackdown, here's some more info on what happened:
...", and it appeared to be an invitation to share, it was checked.
Several staff members went through Network Neighborhood by hand. Any machines that had open folders with names that appeared to contain copyright violations were checked. Passwords that are "obviously" intended for sharing (like "mp3") were checked. If there was a README that said anything like "My password is
A few students had only legal material, and when they pointed this out, their network access was quickly restored. Most of the students were only angry that they'd been caught.
This is a grey area, but the people who did the scan tried to make sure that they only went after people who were attempting to distribute music to people they might not know, which, if not illegal, is certainly a violation of CMU ethics.
As far as the passwords used, would you seriously argue that an ftp site wasn't open if the username and password were "ftp", and a README popped up before login telling you about this password? Passwords like "mp3" are the common way of saying "share and enjoy" around here, so it was considered public.
Common ./'er reaction to this story: "What about the students' right to privacy?! They were violated...."
./ and email from all over the world? Will they have a tough time attracting new freshmen because of their get-tough stance on MP3's? Maybe....but if they have the moral conviction to stand by their policies then it really doesn't matter.
I guess people always like to play the "P" card because they have a vague understanding of their Constitutional rights against illegal search and seizure.....by the governent on their private property.
Now, when one private entity--a corporation or university--owns a resource such as a network, you can kiss privacy goodbye. Court cases, like it or not, have clearly established that employers have the right to go through your corporate email at any time for any reason or no reason if they so choose--it's their network resources and they can do with them as they see fit. Now if the Feds show up in the company lobby and wanna go through the mail server logs that's a different story altogether.....that's where I say the Constitution kicks in.
The same rationale could be applied to these kids at CMU--a private institution. The university owns and operates the network, and grants the university community priveleges to use it, not rights. The university is responsible to ensure that its network resources are used in an ethical and legal manner, so it is perfectly within its rights to go through any area of the network and look at anything it wants to with no notice, except for private student PCs. Password protected or not, the files resided on a private network.
Reality is that the letter of the law and political correctness usually differ greatly. Public policy follows opinions in a democracy, and when opinions collide we end up in court. Does CMU have a PR battle ahead over this to win the hearts and minds of "violated" students and armchair rights activists chiming in on
I'm no fan of RIAA and their lawyers and scare tactics either....but they are doing what I'd expect them to do by aggressively protecting the cash flow of their artists.
Only Windows Networking (SMB) shares were subjected to the network sweep. As a result, any Linux, *BSD, or other shares were left untouched. In fact, by clicking on a person's URL in a Slashdot post (a NetBSD server) I was able to find a cache of MP3's and Warez that were completely ignored by Lerchey and crew.
Use Linux, or any non-SMB FTP server for that matter, and you can leech to your heart's content.
For more information, click here.
There seems to be a few misconceptions about why people are upset about privacy violations. I'm a CMU student (not one of those involved), and I really think that the journalistic slant is ridiculous. People, you simply have no idea what is going on from that article.
The article said that people were putting up MP3s on Web sites. Uh, no. The university network administrations conducted a sweep of *Windows shared drives* looking for MP3s. Plenty of people have shared drives. Sharing a partition of your drive so that you can use it around campus (like listening to your MP3s in a computer cluster) is not equivalent to posting them to a Web site. Furthermore, the university deliberately broke into some of the computers they examined. Some of the shares were unpassworded. I supposed I can at least understand the university being upset about this, if the shares were obviously intended for public access. However, if CMU found what they deemed to be "dubious" computers, containing *passworded* shares with a name like "MP3", "MUSIC", they started running a password guesser on the computer until they got in.
Now, I can at least see accessing public shares. If they weren't designated as "for public use", that's one thing. But guessing passwords is unforgivable. Quite frankly, if I started trying to "guess" root passwords to the network administrators' computers, I'd be kicked off the network. Evidently, the fact that our computers happened to be connected to the network gives the network admins an idea that they have a right to break into our computers. They broke into some of our *privately owned* computers, into *passworded* segments of our computer that were obviously *not* public. This is blatently illegal, and the fact that CMU would do something like this at the urging of the RIAA disgusts me.
The news article was flat out wrong, and heavily biased toward the RIAA. I'm not impressed.
This sets a chilling prescedent. If I can say that some sort of content on a computer connected to my network is "dubious", then I would evidently have some sort of legal right to break in to private computers. This is, in my mind, not acceptable. If I have a share named "warez", can the university then legally break into my computer? What about one called "software"? What about one called "private project for MIT" (i.e. research not being done for CMU)?
Quite frankly, I hope the CMU network admins get sued under every computer trespassing law available. If CMU can do it (a traditionally level-headed place), *anyone* can legally examine your private computer.
The funny part is, what they did is not technically illegal. I remeber several years agi a very prominent 'warez' site run out of MIT that had GIGS of things to download. When they pressed it in court, it was thrown out. Pirating is illegal, but happening to leave your cassette tapes out where people can copy them ISN'T.. ;-P
-- I'm the root of all that's evil, but you can call me cookie..
What the Chronicle article fails to mention, or made factual mistakes with:
1) These files were NOT on student websites. They were on students' own machines shared via Microsoft Networking.
2) Many of the computers found "in violation" had their shares passworded. However, CMU tried to guess passwords when it ran into them. So if they could guess it, they considered it public access.
3) The uproar is not so much about the school trying to reduce mp3 sharing over their network, but the manner in which they did it. The CMU Computing Code of Ethics clearly states, "Every member of Carnegie Mellon has two basic rights: privacy and a fair share of resources. It is unethical for any other person to violate these rights...On shared computing systems, all user files and directories are considered to be private and confidential. Only files which a user has explicitly made public (e.g., by placing in a "public" directory) should be considered open for general access. Accessing and using files in another person's directory when not expressly permitted to do so by the owner is a violation of that person's privacy" The Code further states "Loopholes in computer systems or knowledge of a special password should not be used to alter computer systems, obtain extra resources or take resources from another person". Clearly what CMU has done, by going into folders not marked as public and guessing passwords has violated their own Code of Ethics. That has gotten a lot of people pretty upset. They followed the rules but lost access anyway.
4. The students affected could reduce the time they lost network access by a few weeks by going to a stupid "education" seminar to hear why copyright infringement is bad, and then write some paper along those lines. I think those that did that get their access back on Nov 14, or something like that.
5. Computing Services sent out an email to the student body giving their side of the event. You can find the text here.
I forgot to mention:
If you had a folder shared and they couldn't guess the password, if you said anywhere that you would give out the password upon request they killed your connectivity. Even if there was no copyright-infringing material there, but merely if it *seemed* that way! They simply assumed that there was if you said you would give out passwords like that. Of course no one would give passwords to Computing Services, so they couldn't check. For all the details check the Computing Services email message linked in my above post.
..they cracked down on people letting others borrow their CD's. Using the Universities hallways to traffic in copyright material, for shame.
+&x
Thought i'd mention that CMU has been doing this from time to time.
I know several people who go there/have gone there, and have heard about their unofficial yearly student file check for illegal material. last year, there were quite a few software piracy busts. of course, this begs the question: "Is this a privacy violation?"
I have a question...is it illegal to simply make MP3s of CDs I OWN and keep and don't distribute?
If not, can I be arrested by hanging my CDs on my front porch if somebody then takes them and copies them? Um, shouldn't it be THEM that get in trouble?
This is going a bit far. Really, I think RIAA and software companies use the "warez"-scare just to inflate their prices ("our product is so expensive because bad people are copying and not paying for it").
It's 10 PM. Do you know if you're un-American?
I'm sick of the posts that go something like "CMU was violating their rights" or "the RIAA put them up to it." Get over it, folks.
Network access in your dorm isn't a right---it's a privelidge. At virtually every university with dorm network access, in order to gain access you must sign a "contract" or at least agree to some sort of AUP. Pirating software (music included) is definate breaching of that AUP/contract. You pay the price. Period. It's a shame those kids didn't get reported to the RIAA or law enforcement. The problem is that large private universities want to avoid bad press in any way possible; "there certainly aren't any illegal activities going on at OUR campus... look over THERE!" say school officials.
I digress. There are RULES. The rules are there for a reason. You may disagree with the reason, but you still have to follow them or you pay the price. If you don't like the rules, talk to the people who make them. If you talk in large enough numbers, things change. That's how America works. Last I checked, CMU was in America.
(And don't even get started with the "well, people are going to pirate mp3's anyway, why should the school stop them?" because it's NOT the university's decision whether it's illegal or not; it's the federal government. Universities stop underage drinking on campus, stopping pirating is the same thing.)
-Chris
His point is completely valid. I'm not defending .MP3 pirates, if they were truly running a public site they knew what they were doing was wrong. HOWEVER, I could easily see someone making the read-only password for their own .MP3 directory "MP3" so they could remember it more easily. The fact that a password isn't a good one does not make it legal to break in.
I agree totally and I would suspect that the courts would see it this way too, but I would like to hear from someone with some legal credentials.
So what can these people do about it? Can they sue or prosecute CMU for hacking into their systems? How dose one go about prosecuting these sorts of hacking attempts?
Also, is there anything we can do to encurage the victimised students to prosecute CMU? Or are there web sites to report hacking attempts to the athorities that will at least make life difficult for the people at CMU while they are investigated?
One last question.. Can someone post more information or links regarding the specifics of these hack attempts? Like maybe the names of the hackers, i.e. CMU IT personel who ran the passxword cracking program.
Jeff
The Christian religion has been and still is the principal enemy of moral progress in the world. -- Bertrand Russell
You're nothing but a lame pirate. There's nothing rebellious or cool about what you are doing... there are 12-year old kids who do the same thing. Grow up.
So someone who has a different value system than you is automatically a 'lame pirate' who needs to 'grow up'? It seems you might want to examine the logic behind his position before you flame it.
I rarely purchase music, now that I can listen to streaming mp3 sites, and radio stations all over the world I have no need to download MP3s or Pay for music in any fashion. Am I now a 'lame pirate' as well? Considering that most artists make their money from concerts, not from radio play or CD sales it's almost meaningless to the artist whether they sell CDs or not as long as they get a good concert turn out. Korn even posted Mp3s of their own songs on their website and were forced by their record label to remove them. How is this protecting Korns IP? The Recording industry is bloated and corrupt. The artists would do better releasing a couple of songs for free on Mp3 and then doing a tour.
Kintanon
Check out JoshJitsu.info for Brazilian Ji
The user agrees that Microsoft Corporation, TM, retains full use and ownership of all intelectual property enableled by Windows,TM, software, TM. Because of this property right overrides all others, we have made sure that nothing on your personal computer can be concealed from us, or anyone else. The term "Privacy", which sounds like piracy, as used by the popular press is a fiction and will not be found anywhere else in this user agreement.
There you have it surrender your creativity and consume! Microsoft and the RIAA, which sued the Girls Scouts of America for singing a copyrighted song around the capmfire, are birds of a feather.
Friends don't help friends install M$ junk.
I sure get a kick out of how people get all defensive when the obvious fact that they are stealing is pointed out to them.
First of all, if you listen only to net "radio" stations that have a right and license to broadcast all of the music they use, then great, no problem. However, if your are listening to streaming broadcasts of illegally distributed MP3 files, then you are just as guilty as the person broadcasting (at least for a moral, if not legal perspective).
Some of the other arguments are even more laughable though. The idea that only food, cars, etc can be stolen, is pretty funny. I mean, why should taking food count as stealing. It's way overpriced (just like software and music supposedly are), and people need food a lot more than they need music and software.
Or how 'bout the "I wouldn't buy it anyway, because I don't have the money" argument. This is just as funny. There are lots of things I can't afford, but that doesn't mean I can just take them if I want them. I would love to be able to talk to the people I know in England any time I feel like it, but I can't afford to. Since there's no way I would actually pay for all that phone time, it's OK for me to just steal it, right?
People get it through your head! Just because the reproduction cost of something is basically free does not mean you can justify stealing it.
see above, if i can guess it, so can the hackers and the RIAA... but i believe this is tresspassing, and akin to picking a lot and saying 'it was a crappy lock', which is clearly illegal... CMU went too far here...
Just because somebody puts a password of 'mp3' on their share does *not* mean it's classified as private/password-protected. This is a very typical and normal way of setting up MP3 shares on anonymous FTP sites or Windows shares and, in my opinion, is essentially the same as "public access."
Don't think of it as a crappy lock, think of it as a code-word required for entry that's general knowledge. If the students really were protecting their files, they'd have used a real password. Their intent was to set it up for public access, which tips the scales against them. I believe there is a legal definition for 'password protected', and the intent of the owner to restrict access is a requirement. This is not the case here.
like some other schools, this email should have been sent out before the event, so that the kids would not have publicly shared the stuff!
At my previous university, in order to get campus ethernet, you had to agree to terms and conditions that required, in part, compliance with copyright laws. This should have been adequate warning. Just because some of your l33t hax0r mp3 friends are doing it and not getting caught doesn't mean you won't get caught either. You will have a hard time finding any of those students that didn't know what they were doing was illegal.
Not to sound evil here, but the university can do whatever the hell they like with their network connections. They don't *have* to have any proof of wrong-doing to nuke a connection. If they were in fact overzealous in their efforts, they were no doubt trying to send a "message" to the rest of the student body that these things won't be tolerated. The students in question will probably have their connections restored in short order.
hosted the servers on their own machines
And made the data freely available and therefore not requiring a warrant to collect any proof.
... which are run off the CMU network.
"You want to kiss the sky? Better learn how to kneel." - U2
"It was like trying to herd cats..." - Robert A. Heinlein
Sig:
Barbeque is a noun. Not a verb.
You expect your university to cover for you when you do illegal things? There's no reason CMU would *not* want to accomodate the RIAA here. If I were running a university, and I was told a bunch of my students were breaking the law, I would naturally try to help locate and bring them to justice. I wouldn't go off and say "OK, we'll look into it," and then snicker quietly as I let my students continue breaking copyright law.
Universities tend to turn a blind eye to this sort of thing, much to the charign of developers and other copyright holders, but I would *certainly* expect a university to follow up and do something about a legitimate and explicit complaint.
The only troubling thing here--and it is quite troubling--is that they conducted inspections "at the order of" the RIAA.
I believe the article explicitely said, "...at the behest of..." This is hardly the same thing. From the article, it appears that the RIAA sent a blanket letter to several dozen universities about the ongoing problems of illegal MP3 distribution. CMU, upon receiving this, decided to stop turning a blind eye to it and start enforcing their school policies against violating copyright laws.
We don't know the contents of those letters, but it surely wasn't anything specific. It probably outlined the RIAA's concern over MP3's and how common it was to find these things distributed from university ethernet hosts. CMU took the next logical step.
If I were a university, I would be more concerned with my image of harboring a bunch of l33t MP3/warez-trading kids in my dorms than being overzealous in my *internal* conflict/legal resolution methods.
From the much vaunted Code of Ethics (in addition to the public/private clause floating around):
On rare occasions, computing staff may access others' files, but only when strictly necessary for the maintenance of a system or in active pursuit of serious security or abuse incidents.
This was indeed a rare occasion and, at least to CMU, this was a serious abuse incident. People are quick to point out that CMU broke the rules, but being skeptical, I read the whole privacy statement and found this line. This line right here, which students (I'm assuming) agreed to as part of agreeing to policy, gives them the right to access those files as part of their 'sweep'.
I don't think it's a great thing, what CMU did, but I think people are directing attention away from the real issue which is that people were breaking the law and got caught. Yes, it's rather fascist and if the government did this to me (and who's to say they haven't already), I'd be in an uproar, but this is a private institution that runs a private network. If you break the law on it, damned if they won't bust your ass for it. People need to read all of the terms when they sign up, not just the parts that they think will let them get away with what they want on their own personal machines.
Guess what people. These students abused the system and the system called them on it by their own rules. There are 179 kids right now who aren't in trouble and are laughing at the other 71.
p.s. (because I've seen this a couple of times)
Borrowing CDs is not copyright infringement anymore than borrowing a book is. Copying a CD and giving it away (which is very akin to making an MP3 and distributing it) is copyright infringement, just like xeroxing a book and giving it away ain't legal, either.
Just thought I'd get that off my chest.
Yea sure. You try explaining how state law doesn't apply to you.
1:The officer won't care - I'd be willing to bet you won't be ticketed, you'll be arrested too. (I'd bet you're one of those morons who doesn't have insurance either, eh?)
2:The judge won't care how many URLS you throw at him, he'll throw several different law books back at you and your lawyer (and remember, "The lawyer who represents himself has a fool for a client").
3:The big guy named bubba you share your cell with won't care - he'll just thank you nightly for not paying your stupid car tabs.
Get real - you're violating state law in all 50 states. Just because you can find a frigging URL that says otherwise means nothing.
Ooooh, look who didn't do his research and is spouting off without any knowledge whatsoever. The URLs that Soldier listed are the URLs that lead to researched and proven legal precedent for lving in the US without any kind of state/federal registration. He's perfectly within EVERY law in EVERY state because the state laws don't apply to him in these specific cases because he has placed himself under the jurisdiction of a higher law which over rules those (more or less). There is no law which states you must specifically have a US drivers license to drive a car in the US.
Kintanon
Check out JoshJitsu.info for Brazilian Ji
Of course I know, I am in the frickin' business. So you are saying that the record companies that shell out thousands of dollars to record, market, distribute the cd, do not deserve any money for their efforts to bring you music that can be played anywhere these days? What about the record companies that are owned by the artists? Do you even know how much work is put into making a cd to market? Do you know how expensive recording studios can run, per hour? SOMEONE has to pay for all that stuff. It's a frickin' business.
Oh? And why do they have to do that?
If the entire idea is to draw people to concerts so that the band can make money then the band just has to record a couple of the live concert versions and send them out for free. Voila, song is done. They make money from the concerts.
Recording studios are outdated. So is most of the recording industry.
Kintanon
Check out JoshJitsu.info for Brazilian Ji
Send all you scathing remarks to Paul Fowler, the CMU drone quoted in the article.
A few thousant emails should give him something to think about.
fowler@andrew.cmu.edu
First of all, if you listen only to net "radio" stations that have a right and license to broadcast all of the music they use, then great, no problem. However, if your are listening to streaming broadcasts of illegally distributed MP3 files, then you are just as guilty as the person broadcasting (at least for a moral, if not legal perspective).
As far as I know all of the mp3s I listen to are legal as either I own them or the person who is streaming them owns them. Last time I checked letting someone else listen to your music for free wasn't illegal, and if it is I'd better throw away my speakers and get some headphones because my girlfriend has been illegaly listening to my music for months now....
Kintanon
Check out JoshJitsu.info for Brazilian Ji
Guessing passwords to enter a password protected
area is not illegally breaking into a computer system and stealing private data? Tell that to Randal Schwartz, "just another Perl hacker and convicted felon".
Rahul.net on Randal, Friends of Randal Schwartz, Randal's Homepage, Tim O'Reilly on the prosecution of Randal.
I'd say, sue CMU and see what comes from it.
© Copyright 1999 Kristian Köhntopp
Some bands (and musicians) aren't touring type bands. They work in the studio. And how many bands have you seen that play as well live as they do in the studio? If the recording studio is out of date, so is the software industry. By my last check, I can record 24-bit digital music. Can your cd player play that? Can mp3 encode it? Granted, the gear isn't nearly the price it used to be, so it has naturally changed. Selling music is a business. Giving it away is, something else..
If the only reason the band sounds good is because their music has been 'edited' in the studio then they don't need to be making music.
And if no one can listen to 24-bit digital music then what is the purpose of producing it? Selling music should NOT be a business, anymore than playing Baseball or Basketball should be. These are things people should be doing for fun, not for money. If people want to give the artists money then that's great. But having an 'entertainment industry' is just rediculous.
Kintanon
Check out JoshJitsu.info for Brazilian Ji
Where did you hear this? Firstly, this has nothing to do with illegal distribution of MP3's. Even if you *were* legally entitled to a 24-hour "evaluation" period, that CERTAINLY would never give you the right to duplicate or re-distribute duplicated copies.
Additional ramifications of this assumption include (but are not limited to):
Video rentals. Why rent when you can buy, watch it, and return it within 24 hours FOR FREE?
Magazine sales. Buy a mag, read it, return it the next day. Consider that $2.99 a refundable deposit!
Fast reader? Why rent from the library when you can get a 24-hour rental from the book store?
Fair use has NOTHING to do with "evaluation" of a copywritten work. Fair use is meant to allow people limited reproduction rights for certain research and educational purposes and to grant certain exemptions for libraries.
An excellent web site that explains copyright and "fair use": http://fairuse.stanford.edu/