You stupid fucking asshole. I bet you support the GPL, huh? Communist.
What the hell was that for? I thought both the question and your response (right up until that line) were both very well thought out. What's the deal with this last bit?
Funny that there is an incredibly low rate of accidents.
So let's apply that attitude to your local town. Remove all laws and controls over the roads and let people go 100mph while drunk through a school zone at 8am.
This entire argument is completely nonsensical. Laws and regulations about who may use our public roads and how they use them were created for a reason, and they were created by us and out elected government for our own benefit. I don't guess it's possible for me to change your mind if you honestly believe otherwise, so I'm not going to try.
You think that most people with licenses are competent and safe?
I think it would be a safe bet to say that on today's roads, where drivers must be licensed, there are fewer "idiots" and dangerous drivers than there would be on roads where no such licensing requirements exist. Think about it.
I have two in my immediate family, and know several more.
Figures.
Isn't there a "You might be a redneck if..." joke that goes along those lines?
This has nothing to do with W3C
on
License to Surf
·
· Score: 2
This guy isn't related to the W3C at all, and he most certainly isn't speaking for them.
The W3C makes standards, they don't create organizations or rules mandating licensing. The "author" of this article mentioned W3C only in that the W3C has created in the past a mechanism for digital certificates and authenticating users over the web. The most obvious use for this would be for securely authenticating yourself with a private Intranet or bank. I guess he was working under the assumption that this could be expanded to include just about any Internet web site, which I suppose is possible.
In the article the guy mentions the W3C is looking at a micropayment system. Remember, they're just doing *standards* here. If there exists a mechanism to pay $0.10/month to eliminate banner ads, that would be desirable to some people, and the W3C's ability to standardize this process isn't just desirable, it's NECESSARY if we ever hope to keep things like this interoperable.
The World Wide Web Consortium is a very OPEN and HONEST standards body. They are not one of these stupid YRO evil corporations that are bashed on a daily basis. They solicit public opinions, responses, and generally make every effort to keep their standards in the best interests of the *Internet*, not evil, money-hungry, privacy invading corporations as you people seem to suspect.
What do you expect from a YRO article?
on
License to Surf
·
· Score: 1
YRO articles are dominated by YRO-typical posters and YRO-typical moderators. This pretty much guarantees any anti-government/corporation post will earn kudos and points while any pro-government/corporation post will rot or be demoted.
You also "own" the city hall, but that doesn't give you the right to walk up to it and spray paint "Anonymous Cowards RULEZ!!!"
If you want a system of roads where there are no driving regulations (thus no requirement for having a driver's license), you will quickly find out how stupid that idea is. The roads will be overwhelmed with people that can't get licenses, people that can't drive or have had their licenses removed/suspended because of things like DWI's, etc. Accident rates will skyrocket (esp. since speed limits will disappear).
Given the choice, I gladly choose the licensed route. At least I can be moderately sure that everyone else using that road has been deemed competant to do so in a safe and efficient manner.
Geesh people this is the real world, people disagree with one an other and it's ok.
Who said I was specifically talking about you? All I meant is that there is a tendency for packet kiddies to hop on Slashdot and defend their packet kiddie friends after they're caught/imprisoned. Don't take my comments so personally.
Are you really going to sit there and tell me that taking someone's life is less of a crime than costing the government or a corporation money?!?!?!??!?!?!?!?!?!?!?
As I'm quite sure you're aware, as you seem to be an educated fellow, laws like this aren't black and white. The judges in question took lots of facts into account when pronouncing sentences. In a black and white world, no I don't think it would be fair for an intrusion like this to warrant more prison time than a murderer, but there's more to this "killing" case than you're letting on, isn't there? The judges usually have reasons for pronouncing the sentences they do.
But to say that the punishment fits the crime here is ridiculous.
I guess that's where your opinion differs from mine, and I'm not going to pretend as though I can change your mind in this respect.
Remember that by attacking a government-owned system, he committed a FELONY, not just a silly hack against some no-name company. He compromised a network run by the United States government.
If you think the laws in this respect don't spell out penalties more to your liking, try writing your congressmen. Posting on Slashdot won't get anything done.
I wish everyone would stop insisting that this kid did nothing wrong here. He broke into a web site and caused people a lot of grief. He knew what he was doing, and he was aware of the consequences.
We still use these backbones today, albeit highly upgraded
This isn't true at all.. Do a traceroute to a dozen random Internet hosts around the world. Your packets never once pass through a government-owned router. The backbones are owned entirely by companies now. The government stepped out a long time ago.
Aside from that, the rest of your points are conceded.
Not quite. The victims of the intrusion MUST work under the assumption that the system has been backdoored ten different ways. The only thing they can do is wipe the system and rebuild it from scratch. The costs incurred by this are significantly more than the costs of applying a patch to fix a vulnerability.
It really bothers me when people try to put the blame on the victim because they failed to keep up to date with patches and fixes. Exploits are frequently released before patches/fixes are available, and for organizations that have a lot of systems to keep track of or are understaffed in this respect, upgrades can take a while to be propogated to affected systems. Just because the vulnerability was made known does NOT in any way mean the attack was OK.
Web hax0ring kids like this aren't doing it because they want to show the company that they're vulnerable to attack. If this were the case a simple e-mail would have sufficed (though it wouldn't have made the intrusion any more legal). They're doing it because they want to look 'l33t' in front of their haX0rZ 1RK friends, which is why they deface the web page (can you think of any more public way?).
I'm not going to pretend like I know precisely how the damages were assessed (though it's certainly possible that information has been made public), but it isn't as simple as just charging him for the man-hours. For every hour a worker spends rebuilding systems after an intrusion, that's an hour he can't spend working on the stuff he normally works on. Projects fall behind, work gets put on hold. Costs add up.
What *I* really don't understand is this: People are being convicted of these types of things all the time, and every time it happens we hear shouts of protest about how the penalty is much too harsh, etc. (mostly from Slashdot kiddies). Why, then, do people STILL DO IT? Do they think they're making a statement?
The kid deserves what he gets. He knew what he was doing was illegal, and he was no doubt aware of the penalties he'd bring down upon himself when he was caught. But, like most idiot adolescent packet kiddies, his head was too big for him to acknowledge the fact that he might be discovered. There's always a trail. Don't fuck with the people that have the resources to follow it.
I'm not a sysadmin but I know enough to be able to say that a hacked webserver should not affect a well built network to that extent.
When something like this happens, the admins don't just go "ho-hum, let me just fix the web page.." The system likely had been root compromised. This automatically means the system in question needs its OS rebuilt from scratch. As this guy had root-level access to this system for a time, and his intentions were obviously less-than-honorable, it's also quite likely other systems on this network were compromised in a similar fashion.
Intrusions like this cost people money. They have to shut down their network connectivity (to prevent access to other potentially compromised systems), rebuild the operating systems on the affected machines, restore the content, and then restore connectivity. This is not cheap.
Now, I'm not going to argue about the differences between prison sentences with other crimes. Instead of comparing it with violent crimes as you seem to want to do, compare it with real-life charges similar in scope. Specifically, compare it with breaking into a U.S. government building and damaging/destroying property. I believe you'll find a similarity in sentencing.
It always boggles me that there are so many people on Slashdot that go out of their way to defend kids like this when they clearly did a premeditated intrusion into a private system/network with the intent to cause damages/harm. He should be punished, just like all of the other l33t packet kiddies out there who do the same thing on a daily basis.
You know its illegal for your employer to tap your work phone
Telephone networks are given a 'common carrier' status and thus subject to numerous regulations and consumer protections. The Internet is 100% private, and all networks that make up the Internet are themselves run as separate individual entities. You can't really compare the two for this reason, and that's why I don't think packet sniffing is the same as wiretapping.
any rate, I had to sign multiple documents stating that I would not sniff the *data* in those packets and if I did, it would be grounds for expulsion from the university.
This is quite likely necessary to ensure that you're complying with the university's privacy policies.
While the laws themselves do not prohibit the university from sniffing its own networks, the university has likely made various contracts (perhaps even with the students themselves) guaranteeing a certain level of privacy. If nothing else, they probably just don't want people sniffing data, and make everyone (like you) go to lengths to see that it doesn't happen. That doesn't mean the university doesn't reserve the right to do it on their own.
Just because the data is using your network does not mean that you suddenly own that data and can do with it as you please.
The Internet is a cooperative effort. There are no regulations that require you to run a fully compliant IP stack in order to connect to it. There's no law that says your IP stack cannot do any logging, any recording or archiving of the data sent over it. If your Internet peers disagree with those policies, they can't take you to court (unless you're breaking a contract with them). The best they can do is stop doing business with you. This is how networks like this work (and, in fact, most private industries).
that responsible professors, deans, and graduate students WORK there.
Right -- for the University.
it stands to reason that they don't have the resources to mount a legal battle.
Surely there's a sufficient number of affected people to warrant something of the class-action variety. I'm really surprised I haven't heard any true legal points of view in these matters at all, what with the latest CMU thing making as much press as it did. I'm tempted to think that, as most of the press I've read about the incident has been written with an anti-CMU bias in mind, that they wouldn't *want* to report on something that affirms CMU's right to do what they did... *shrug*.
My lawyer (or yours), BTW, has not much better chance at knowing the outcome of a legal battle regarding the internet than your or I.
Computer networks have been around for quite a while. I don't think it would be very hard for someone to tell us with at least some degree of certainty whether or not an organization may legally sniff/record data sent to/from endpoints within their own network. Regarding the whole CMU bit, that could go either way, but I'm personally leaning towards CMU.
that internet traffic is just harmless data that doesn't affect people's lives
Umm.. it doesn't. The only thing marketers have done to affect my life in the *least* is how targeted those banner ads get. I've never received a postal ad from a source I couldn't backtrack. These YRO articles and their insistence that all governments and corporations are inherently evil, and how governments/corporations are breaking laws left and right, and how all of these laws we're seeing are all unconstitutional, etc., etc., are affecting my life a thousand times more than any Internet marketer could.
I would be in big financial trouble if it were legal to intercept snail mail and examine its contents.
This is illegal today and would never be legal no matter how you stretch the laws. It really bugs me when privacy activists make leaps like this. This would never happen. The law is not ambiguous in this respect and people trying to do this are prosecuted.
I would be in big financial trouble if someone could wiretap my telephone conversations...
Likewise.
What you don't realize is that for things like this, laws were explicitely drawn up to protect them. Telephone networks are explicitely protected against unauthorized wiretaps. It's a felony to mess with the postal service, by explicit law. There are explicit laws on the books regulating Interstate "general commodities" transport carriers (UPS, Federal Express), but here's the kicker: These companies have the right to open and inspect any package they're transporting. There are no such privacy laws on the books for Internet networks, to my knowledge. If there are, it would likely only apply to individual networks spanning state lines, which would make it apply only to the backbones.
These are privately owned data networks. How those networks are built, the hardware and software used to route it, etc., is not regulated and there are no laws that say what those networks can and cannot do and what hosts on that network can or cannot do. The only reason you can't put a sniffer on some random network is because that would be an *unauthorized* act, and if you were to commit such an act, it would be the organization that owns the network to prosecute you, not the government, and not any other party that happened to be sending data over that network that you intercepted.
Question: How does the university fight this without sniffing *everyone's* network data?
My initial thought is: they can't, unless they do this:
Packet sniffing of data is clearly illegal.
What makes you think this is illegal? A university's network is property of the university. Unlike a telephone network, such computer networks are not regulated by the government (via a "common carrier" status) and are not subject to wiretapping laws. So long as the university isn't violating provisions of a contract, they can sniff, analyize, publish/whatever the data they collect over their networks.
Does privacy factor in here? Perhaps, but remember that most universities explicitely say their networks are to be used for educational/"authorized" purposes only. Clearly distributing MP3's like this (or anything, really, that could be considered "private" or not for the eyes of the university) is a personal endeavor and thus wouldn't technically be permitted over their network. I suppose these rules could differ among universities, but I think this is a very standard requirement for use of university networks.
Now I'm not saying that I would necessarily agree with a university should they decide to take these steps, but legally, as far as I know, they are in the clear should they decide to do such a thing, and as far as I can tell, the only drawback to doing this would be the negative public image that might result.
Does the university now attempt break-ins to individual machines upon the mere suspicion of illegal mp3 use?
I'm not going to get dragged into another of these arguments, but it's sufficient to say that "breaking in" to a computer is illegal, whereas attempting to access a public MP3 share (even if it's given a password of, say, 'mp3') is quite legal. Consult a lawyer if you feel otherwise. If CMU were truly breaking in, don't you think somebody would have filed a lawsuit or something against them by now? The fact that no legal action has even been attempted should attest to the fact that no laws were actually broken.
What about newgroups where illegal mp3s abound?
It's easier to send a few blanket letters to places that are the source of potentially dozens or hundreds of illegal MP3 redistributors than to go after individual newsgroup posters.
Of course, I don't think this is necessarily difficult to do either. Just look at a newsgroup posting that contains an illegally distributed MP3, contact the ISP and get information about the user in question. Most ISP's are pretty helpful in this respect, though a subpoena is usually required to actually release the information, which means the RIAA (or whomever) would already have to start legal procedures.
It's just a matter of how far you want to go and the resources you have at your disposale to go there.
What about the RIAA's threat to prosecute even the mp3 search engines that don't host any files at all?
Threats are just threats. I don't think they have a case at all in this instance.
RIAA is placing an impossible burden on the university and threatening them with lawsuits if those universities don't somehow magically make this mp3 problem disappear. Once again, this is wrong.
"Once again," I'm not disagreeing. I dislike their tactics. If I were in their place, I'd have rephrased the letters a little bit so as to indicate that I was *requesting* the assistance of the university to help track down these MP3 distributors. Lacking a response, I would probably do a more detailed investigation of the machines allegedly serving the MP3's and only then would I approach the university with a more formal/legal tone and this list.
Of course this only works if the machines in question are accessible to the public Internet. If you have a hundred kids trading MP3's on a firewalled university network, there's not much you *can* do except contact the university and have them investigate for you. It would be quite impossible to perform your own investigation in this case without the assistance of the university.
Nobody ever accused the RIAA of caring about their public image. They're representing the artists and producers they have under their wing. If you really want to make your voice known, write some letters not only to the RIAA, but to the people they represent. Let them know that you feel the RIAA's actions (or their methods) put them in an unfavorable light.
You'd be hard-pressed to find a campus dorm machine hosting *legal* MP3 files. From the university's standpoint, they can probably make the assumption that ever single public MP3 share on a campus computer contains illegal MP3 files and never be wrong. That's basically what I meant.. I know there's legal MP3's floating out there, but those aren't the ones that tend to be popular for redistributing.
Re:And what's wrong with that?
on
Copyright!
·
· Score: 1
I think they would come up with a solution more appropriate for the students to use. If they want to instigate a policy of no-MP3-files, students needing legitimate storage of MP3 files can talk to the university and arrange something more appropriate.
No offense, but I think if some student is going to be doing any digital audio editing, the university will have suitable facilities for that sort of thing that won't require them to place MP3's on their allocated network drives. If they're doing such a thing on their own, for non-university-related reasons, then they need to secure some hard drive space on their PC at home.
Re:Your rights, period.
on
Copyright!
·
· Score: 1
I write my congressman: I get a form letter back, my letter gets listed on a statistical analysis of letters that came in that day, the man never sees it.
I've written perhaps 3 letters to my congressmen over the past few years, and each of them prompted a personalized response. Two of them were signed by The Man himself, and the 3rd was signed by an aide, as The Man was apparently overly busy/ill.
Perhaps you should write your congressmen again and let them know you'd appreciate a more personalized response. If nothing else, vote someone else into office next time.
Re:God this section of Slashdot gets old quick...
on
Copyright!
·
· Score: 3
Limiting this not only annoys consumers, but it binds their hands, so to speak
So what's to stop somebody then from making a digital copy of some company's latest work and redistributing it to a list of free subscribers, completely bypassing their need to pay for what you've created.
I won't disagree that copyright laws need some changes, but I do disagree in the extent of those changes. A lot of people here seem to want them abolished in the case of digital works because of the "ease" of duplication. If unlimited digital reproduction were ever legalized, it would have disastrous consequences for producers of all digital works.
Everyone would start (through free and public channels) redistributing everything everyone ever released in digital form (CD's, movies, books, etc.), and the authors would never receive a dime for their efforts. For that reason, authors would cease producing and the industry would shrivel up and disappear.
Either way, discussion forums like this are a great way for people to bring into the open and discuss/debate the relevant issues in the case
No offense, but I think 99.9% of the people posting to YRO articles are of a like bias. Nearly every post I read in the YRO is overwhelmingly in agreement with the author's take/bias on the issue at hand.
True open discussion would require a more balanced number of participants. As it stands now, YRO pieces seem like they're more a place for privacy activists to get together and preach to each other than a place for true discussion.
At least that's how I see it.
I consider myself a reasonably educated, moderate-to-liberal guy, and while I tend to be right down the middle with a lot of relatively controversial articles, with every SINGLE YRO piece I am consistently on the opposite end of the spectrum from nearly every other poster I see here.
Now I guess an explanation for this could be that I am usually pretty main stream except when it comes to topics such as what are brought up under YRO pieces, at which point I become violently skewed to one extreme, or that there is a serious lack of "the other head of the coin" in YRO posts.
Re:Look at the bright side? (Slightly Off-topic)
on
Copyright!
·
· Score: 1
With no tax revenue, the government will be forced to stop controlling everything and get back to providing services that are needed.
Umm.. how do you propose the government do this without any tax revenue?
And what's wrong with that?
on
Copyright!
·
· Score: 1
What's wrong with just going through periodically and deleting all MP3 files? If the student is stupid enough to name their thesis with a.mp3 extension (for whatever twisted reason), they deserve to get the file deleted..
Of course "scare tactics" work. The act/treaties themselves specifically make an effort to protect ISP's and providers from the liability of illegal data they're indirectly providing by way of their customer's/users' web sites, so the RIAA doesn't have that much of a case against the universities. The RIAA would first have to provide the university with details such as the IP address doing the illegal redistribution. At that point, the university becomes legally obligated to do something about it (investigate if nothing else). If they fail to remove the offending resource after enough information is provided by the RIAA, the RIAA has grounds to sue. That's the extent of the issue here.
Let's get real here: Universities know that their students are trading MP3's and warez illegally on their dorm ethernets. Some turn a blind eye to it, others devote some meager resources to fighting it. None consider it a top priority to investigate, because it would entail devoting a lot of resources.
These letters from the RIAA are in no way a summons or a subpoena. It's just a "warning" from the RIAA that states they're going to attempt to hold the universities accountable for their student's actions unless the servers in question are put to a stop. As best as I can tell, that's all the university is obligated to try and do (if that) from these letters.
Yes, all it is is a scare tactic. Since when is this worthy of a Slashdot article? These things happen all the time, and are perfectly legal. Paraphrased, their letter reads, "We will take you to court (ask a judge whether we are right or wrong and if you should be helping us) if you fail to help us remove MP3 redistributors from your network."
that the school immediately terminate all web pages with illegal MP3 files (illegal is of course a judicial decision; the letter presumes that all MP3s are illegal);
So in order to classify something as illegal, you have to have a judge order it so in your specific case? "Why yes, judge, I killed him, but it wasn't illegal!" Come on, every one of those kids knows what they're doing breaks copyright law. Every public web site/share that contains MP3 files of known artists/songs (at least) means that user is re-distributing MP3's illegally. You don't need a court case to see that. If I had a bunch of MP3's of my own private works or items not copyrighted by others, and the university came to me and told me to shut it down, all I should have to do is let the university know this fact and everything should be fine. And before you start going off about "guilty until proven innocent" remember this is a university we're talking about, not the government.
Better hope your IP address doesn't appear too many times in those web server logs.
Yah because I'm sure the RIAA is going to go to ever IP address that has ever downloaded an MP3 and track each and every person down via their ISP.
"Umm yah, hi, this is the RIAA. We have a list of 132 IP's from your ISP over the course of 18 months. We'd like you to go into your dialup logs and give us the names and addresses of the users that had these IP's at that time."
Let's be realistic here and avoid the biased slurs when reporting "news" to us.
ISPs and colleges are not supposed to do the grunt work themselves - that results in the kind of overbroad crackdowns that we've seen. This was the subject of specific negotiations during the process of creating this law.
Correct. But if the ISP's are *willing* to do so after a simple letter like this, then the RIAA has accomplished something. Granted, it's pretty evil of the RIAA, but it's all very legal.
Most major universities have a legal staff of their own that can see these letters for what they're worth. (In other words, they're not as clueless as you seem to think every corporation/non-human legal entity is.) This legal staff will no doubt become familiar with the laws in question and be able to report *factually* to the university as to what is required on their part. (Note: Factually does not include Slashdot articles or comments by 99.5% of its users.) Reasons a university might be willing to take the initiative on their own:
PR. If a university steps up and proudly weeds out a bunch of evil MP3/warez-trading kids from their university network, they get a reputation for it. People start to see that university as one that doesn't tolerate these types of people and one that puts scholastic achievement ahead of a waste of university network resources. Universities that choose not to comply with the conditions might be viewed as a "warez kiddie university", a haven for kiddies that like to trade MP3's and warez.
To avoid legal hassles. Granted, their liability is limited without specific instances of copyright violation, many small universities may not have the funds/resources with which to object to the RIAA's pleas. A handful of students can probably be much more efficiently investigated than a larger university might be able to do.
Because they don't know any better. Some universities may just not have competant legal staff (or may not have legal folks at all), nor would they be willing to spend money on any (see previous).
Because they honestly weren't aware of the problem on their networks, and generally make a huge effort to keep their students honest and legal.
The BSA is now raiding homes of people accused of copying software.
They wouldn't be allowed to do so without a search warrant, and a search warrant would require convincing a judge that it's needed. They couldn't just do this on a whim, so I hardly see how this could be construed as an "abuse" of BSA's copyright "enforcement" abilities.
all it is is a government-sanctioned monopoly transferring money from your pocket to others
OH MY GOD! PEOPLE ARE MAKING MONEY OFF OF THEIR IDEAS AND/OR HARD WORK! LET'S KILL THEM!
If you have concerns about current copyright terms, write your congressman. Don't post some foolish Slashdot note, and PLEASE try to collect your facts before you do so. I shudder to think how many letters my congressmen get that are from just plain uneducated people that have no clue about the things they are vehemently opposed to (or in favor of).
copyright-holders like the RIAA are building copyright protection into the very infrastructure of computing.
I fail to see how this is a bad thing. If you don't want there to be such a thing as copyright and/or trademarks, just come out and say it. At least then we can be sure what it is you're fighting against. I too feel that copyright terms are a bit lengthy, but I don't think we should abolish copyrights entirely.
but as more and more people experience the power of copyright to affect what they can and cannot publish online
I'm sorry, but I cannot subscribe to your interpretation of this whole MP3 fiasco. The kids were KNOWINGLY breaking the law by redistributing MP3's illegally. I mean come on, realistically, how many of these people think they're acting legally by ripping their CD's and putting them up for download?
we should demand that the social contract envisioned in the Constitution be fulfilled by forcing copyright holders to give back to society, whether they want to or not.
If they were trying to make a statement against excessive copyright, even then I fail to see how redistributing MP3's of modern works would help that cause. If anything, it seems as though you're against excessive copyright terms. I think the new Metallica CD will still fall under whatever "new" copyright laws that come about, so it seems unfair to say that this latest MP3 thing has anything to do with limiting copyright terms. The bottom line is that these people are breaking the law, and in most all cases, they knew it. If you are successful in changing copyright law more to your liking, I seriously doubt trading MP3's like this will ever be legal.
Makes sense. You live there; isn't there a way to get this changed?
I shouldn't reply to an ad hominem attack, but I forgot to mention that I'm NOT one of those "big fish" I mentioned.
Fair enough.
I see quite a lot of comments like yours, but they're usually coming from some 15-year-old arrogant IRC kiddie that thinks he's automatically a genius because he can download scripts and exploits online and people at school can think he is a cool hacker. That's where the animosity came from. My apologies.
The cops/investigators (who could be employees of the company I suppose) doing this would naturally be doing so with the permission of the software company, so it ceases to be illegal, as I see it.
No more illegal than it is for cops to buy drugs to catch drug dealers. I'm sure you've seen that sort of thing on Cops before. I don't see how this is that different.
Slashdot Mirror
In this context, element is defined to mean "A fundamental, essential, or irreducible constituent of a composite entity," not a chemical element.
Maybe you shouldn't skip English class so frequently.
You stupid fucking asshole. I bet you support the GPL, huh? Communist.
What the hell was that for? I thought both the question and your response (right up until that line) were both very well thought out. What's the deal with this last bit?
Funny that there is an incredibly low rate of accidents.
So let's apply that attitude to your local town. Remove all laws and controls over the roads and let people go 100mph while drunk through a school zone at 8am.
This entire argument is completely nonsensical. Laws and regulations about who may use our public roads and how they use them were created for a reason, and they were created by us and out elected government for our own benefit. I don't guess it's possible for me to change your mind if you honestly believe otherwise, so I'm not going to try.
You think that most people with licenses are competent and safe?
I think it would be a safe bet to say that on today's roads, where drivers must be licensed, there are fewer "idiots" and dangerous drivers than there would be on roads where no such licensing requirements exist. Think about it.
I have two in my immediate family, and know several more.
Figures.
Isn't there a "You might be a redneck if..." joke that goes along those lines?
This guy isn't related to the W3C at all, and he most certainly isn't speaking for them.
The W3C makes standards, they don't create organizations or rules mandating licensing. The "author" of this article mentioned W3C only in that the W3C has created in the past a mechanism for digital certificates and authenticating users over the web. The most obvious use for this would be for securely authenticating yourself with a private Intranet or bank. I guess he was working under the assumption that this could be expanded to include just about any Internet web site, which I suppose is possible.
In the article the guy mentions the W3C is looking at a micropayment system. Remember, they're just doing *standards* here. If there exists a mechanism to pay $0.10/month to eliminate banner ads, that would be desirable to some people, and the W3C's ability to standardize this process isn't just desirable, it's NECESSARY if we ever hope to keep things like this interoperable.
The World Wide Web Consortium is a very OPEN and HONEST standards body. They are not one of these stupid YRO evil corporations that are bashed on a daily basis. They solicit public opinions, responses, and generally make every effort to keep their standards in the best interests of the *Internet*, not evil, money-hungry, privacy invading corporations as you people seem to suspect.
YRO articles are dominated by YRO-typical posters and YRO-typical moderators. This pretty much guarantees any anti-government/corporation post will earn kudos and points while any pro-government/corporation post will rot or be demoted.
You also "own" the city hall, but that doesn't give you the right to walk up to it and spray paint "Anonymous Cowards RULEZ!!!"
If you want a system of roads where there are no driving regulations (thus no requirement for having a driver's license), you will quickly find out how stupid that idea is. The roads will be overwhelmed with people that can't get licenses, people that can't drive or have had their licenses removed/suspended because of things like DWI's, etc. Accident rates will skyrocket (esp. since speed limits will disappear).
Given the choice, I gladly choose the licensed route. At least I can be moderately sure that everyone else using that road has been deemed competant to do so in a safe and efficient manner.
Geesh people this is the real world, people disagree with one an other and it's ok.
Who said I was specifically talking about you? All I meant is that there is a tendency for packet kiddies to hop on Slashdot and defend their packet kiddie friends after they're caught/imprisoned. Don't take my comments so personally.
Are you really going to sit there and tell me that taking someone's life is less of a crime than costing the government or a corporation money?!?!?!??!?!?!?!?!?!?!?
As I'm quite sure you're aware, as you seem to be an educated fellow, laws like this aren't black and white. The judges in question took lots of facts into account when pronouncing sentences. In a black and white world, no I don't think it would be fair for an intrusion like this to warrant more prison time than a murderer, but there's more to this "killing" case than you're letting on, isn't there? The judges usually have reasons for pronouncing the sentences they do.
But to say that the punishment fits the crime here is ridiculous.
I guess that's where your opinion differs from mine, and I'm not going to pretend as though I can change your mind in this respect.
Remember that by attacking a government-owned system, he committed a FELONY, not just a silly hack against some no-name company. He compromised a network run by the United States government.
If you think the laws in this respect don't spell out penalties more to your liking, try writing your congressmen. Posting on Slashdot won't get anything done.
I wish everyone would stop insisting that this kid did nothing wrong here. He broke into a web site and caused people a lot of grief. He knew what he was doing, and he was aware of the consequences.
We still use these backbones today, albeit highly upgraded
This isn't true at all.. Do a traceroute to a dozen random Internet hosts around the world. Your packets never once pass through a government-owned router. The backbones are owned entirely by companies now. The government stepped out a long time ago.
Aside from that, the rest of your points are conceded.
He just replaced a web page.
Not quite. The victims of the intrusion MUST work under the assumption that the system has been backdoored ten different ways. The only thing they can do is wipe the system and rebuild it from scratch. The costs incurred by this are significantly more than the costs of applying a patch to fix a vulnerability.
It really bothers me when people try to put the blame on the victim because they failed to keep up to date with patches and fixes. Exploits are frequently released before patches/fixes are available, and for organizations that have a lot of systems to keep track of or are understaffed in this respect, upgrades can take a while to be propogated to affected systems. Just because the vulnerability was made known does NOT in any way mean the attack was OK.
Web hax0ring kids like this aren't doing it because they want to show the company that they're vulnerable to attack. If this were the case a simple e-mail would have sufficed (though it wouldn't have made the intrusion any more legal). They're doing it because they want to look 'l33t' in front of their haX0rZ 1RK friends, which is why they deface the web page (can you think of any more public way?).
I'm not going to pretend like I know precisely how the damages were assessed (though it's certainly possible that information has been made public), but it isn't as simple as just charging him for the man-hours. For every hour a worker spends rebuilding systems after an intrusion, that's an hour he can't spend working on the stuff he normally works on. Projects fall behind, work gets put on hold. Costs add up.
What *I* really don't understand is this: People are being convicted of these types of things all the time, and every time it happens we hear shouts of protest about how the penalty is much too harsh, etc. (mostly from Slashdot kiddies). Why, then, do people STILL DO IT? Do they think they're making a statement?
The kid deserves what he gets. He knew what he was doing was illegal, and he was no doubt aware of the penalties he'd bring down upon himself when he was caught. But, like most idiot adolescent packet kiddies, his head was too big for him to acknowledge the fact that he might be discovered. There's always a trail. Don't fuck with the people that have the resources to follow it.
I'm not a sysadmin but I know enough to be able to say that a hacked webserver should not affect a well built network to that extent.
When something like this happens, the admins don't just go "ho-hum, let me just fix the web page.." The system likely had been root compromised. This automatically means the system in question needs its OS rebuilt from scratch. As this guy had root-level access to this system for a time, and his intentions were obviously less-than-honorable, it's also quite likely other systems on this network were compromised in a similar fashion.
Intrusions like this cost people money. They have to shut down their network connectivity (to prevent access to other potentially compromised systems), rebuild the operating systems on the affected machines, restore the content, and then restore connectivity. This is not cheap.
Now, I'm not going to argue about the differences between prison sentences with other crimes. Instead of comparing it with violent crimes as you seem to want to do, compare it with real-life charges similar in scope. Specifically, compare it with breaking into a U.S. government building and damaging/destroying property. I believe you'll find a similarity in sentencing.
It always boggles me that there are so many people on Slashdot that go out of their way to defend kids like this when they clearly did a premeditated intrusion into a private system/network with the intent to cause damages/harm. He should be punished, just like all of the other l33t packet kiddies out there who do the same thing on a daily basis.
You know its illegal for your employer to tap your work phone
Telephone networks are given a 'common carrier' status and thus subject to numerous regulations and consumer protections. The Internet is 100% private, and all networks that make up the Internet are themselves run as separate individual entities. You can't really compare the two for this reason, and that's why I don't think packet sniffing is the same as wiretapping.
any rate, I had to sign multiple documents stating that I would not sniff the *data* in those packets and if I did, it would be grounds for expulsion from the university.
This is quite likely necessary to ensure that you're complying with the university's privacy policies.
While the laws themselves do not prohibit the university from sniffing its own networks, the university has likely made various contracts (perhaps even with the students themselves) guaranteeing a certain level of privacy. If nothing else, they probably just don't want people sniffing data, and make everyone (like you) go to lengths to see that it doesn't happen. That doesn't mean the university doesn't reserve the right to do it on their own.
Just because the data is using your network does not mean that you suddenly own that data and can do with it as you please.
The Internet is a cooperative effort. There are no regulations that require you to run a fully compliant IP stack in order to connect to it. There's no law that says your IP stack cannot do any logging, any recording or archiving of the data sent over it. If your Internet peers disagree with those policies, they can't take you to court (unless you're breaking a contract with them). The best they can do is stop doing business with you. This is how networks like this work (and, in fact, most private industries).
that responsible professors, deans, and graduate students WORK there.
Right -- for the University.
it stands to reason that they don't have the resources to mount a legal battle.
Surely there's a sufficient number of affected people to warrant something of the class-action variety. I'm really surprised I haven't heard any true legal points of view in these matters at all, what with the latest CMU thing making as much press as it did. I'm tempted to think that, as most of the press I've read about the incident has been written with an anti-CMU bias in mind, that they wouldn't *want* to report on something that affirms CMU's right to do what they did... *shrug*.
My lawyer (or yours), BTW, has not much better chance at knowing the outcome of a legal battle regarding the internet than your or I.
Computer networks have been around for quite a while. I don't think it would be very hard for someone to tell us with at least some degree of certainty whether or not an organization may legally sniff/record data sent to/from endpoints within their own network. Regarding the whole CMU bit, that could go either way, but I'm personally leaning towards CMU.
that internet traffic is just harmless data that doesn't affect people's lives
Umm.. it doesn't. The only thing marketers have done to affect my life in the *least* is how targeted those banner ads get. I've never received a postal ad from a source I couldn't backtrack. These YRO articles and their insistence that all governments and corporations are inherently evil, and how governments/corporations are breaking laws left and right, and how all of these laws we're seeing are all unconstitutional, etc., etc., are affecting my life a thousand times more than any Internet marketer could.
I would be in big financial trouble if it were legal to intercept snail mail and examine its contents.
This is illegal today and would never be legal no matter how you stretch the laws. It really bugs me when privacy activists make leaps like this. This would never happen. The law is not ambiguous in this respect and people trying to do this are prosecuted.
I would be in big financial trouble if someone could wiretap my telephone conversations...
Likewise.
What you don't realize is that for things like this, laws were explicitely drawn up to protect them. Telephone networks are explicitely protected against unauthorized wiretaps. It's a felony to mess with the postal service, by explicit law. There are explicit laws on the books regulating Interstate "general commodities" transport carriers (UPS, Federal Express), but here's the kicker: These companies have the right to open and inspect any package they're transporting. There are no such privacy laws on the books for Internet networks, to my knowledge. If there are, it would likely only apply to individual networks spanning state lines, which would make it apply only to the backbones.
These are privately owned data networks. How those networks are built, the hardware and software used to route it, etc., is not regulated and there are no laws that say what those networks can and cannot do and what hosts on that network can or cannot do. The only reason you can't put a sniffer on some random network is because that would be an *unauthorized* act, and if you were to commit such an act, it would be the organization that owns the network to prosecute you, not the government, and not any other party that happened to be sending data over that network that you intercepted.
Question: How does the university fight this without sniffing *everyone's* network data?
My initial thought is: they can't, unless they do this:
Packet sniffing of data is clearly illegal.
What makes you think this is illegal? A university's network is property of the university. Unlike a telephone network, such computer networks are not regulated by the government (via a "common carrier" status) and are not subject to wiretapping laws. So long as the university isn't violating provisions of a contract, they can sniff, analyize, publish/whatever the data they collect over their networks.
Does privacy factor in here? Perhaps, but remember that most universities explicitely say their networks are to be used for educational/"authorized" purposes only. Clearly distributing MP3's like this (or anything, really, that could be considered "private" or not for the eyes of the university) is a personal endeavor and thus wouldn't technically be permitted over their network. I suppose these rules could differ among universities, but I think this is a very standard requirement for use of university networks.
Now I'm not saying that I would necessarily agree with a university should they decide to take these steps, but legally, as far as I know, they are in the clear should they decide to do such a thing, and as far as I can tell, the only drawback to doing this would be the negative public image that might result.
Does the university now attempt break-ins to
individual machines upon the mere suspicion of
illegal mp3 use?
I'm not going to get dragged into another of these arguments, but it's sufficient to say that "breaking in" to a computer is illegal, whereas attempting to access a public MP3 share (even if it's given a password of, say, 'mp3') is quite legal. Consult a lawyer if you feel otherwise. If CMU were truly breaking in, don't you think somebody would have filed a lawsuit or something against them by now? The fact that no legal action has even been attempted should attest to the fact that no laws were actually broken.
What about newgroups where illegal mp3s abound?
It's easier to send a few blanket letters to places that are the source of potentially dozens or hundreds of illegal MP3 redistributors than to go after individual newsgroup posters.
Of course, I don't think this is necessarily difficult to do either. Just look at a newsgroup posting that contains an illegally distributed MP3, contact the ISP and get information about the user in question. Most ISP's are pretty helpful in this respect, though a subpoena is usually required to actually release the information, which means the RIAA (or whomever) would already have to start legal procedures.
It's just a matter of how far you want to go and the resources you have at your disposale to go there.
What about the RIAA's threat to prosecute even the mp3 search engines that don't host any files at all?
Threats are just threats. I don't think they have a case at all in this instance.
RIAA is placing an impossible burden on the university and threatening them with lawsuits if those universities don't somehow magically make this mp3 problem disappear. Once again, this is wrong.
"Once again," I'm not disagreeing. I dislike their tactics. If I were in their place, I'd have rephrased the letters a little bit so as to indicate that I was *requesting* the assistance of the university to help track down these MP3 distributors. Lacking a response, I would probably do a more detailed investigation of the machines allegedly serving the MP3's and only then would I approach the university with a more formal/legal tone and this list.
Of course this only works if the machines in question are accessible to the public Internet. If you have a hundred kids trading MP3's on a firewalled university network, there's not much you *can* do except contact the university and have them investigate for you. It would be quite impossible to perform your own investigation in this case without the assistance of the university.
Nobody ever accused the RIAA of caring about their public image. They're representing the artists and producers they have under their wing. If you really want to make your voice known, write some letters not only to the RIAA, but to the people they represent. Let them know that you feel the RIAA's actions (or their methods) put them in an unfavorable light.
Come on, EVERY mp3 site hosts illegal files
You'd be hard-pressed to find a campus dorm machine hosting *legal* MP3 files. From the university's standpoint, they can probably make the assumption that ever single public MP3 share on a campus computer contains illegal MP3 files and never be wrong. That's basically what I meant.. I know there's legal MP3's floating out there, but those aren't the ones that tend to be popular for redistributing.
I think they would come up with a solution more appropriate for the students to use. If they want to instigate a policy of no-MP3-files, students needing legitimate storage of MP3 files can talk to the university and arrange something more appropriate.
No offense, but I think if some student is going to be doing any digital audio editing, the university will have suitable facilities for that sort of thing that won't require them to place MP3's on their allocated network drives. If they're doing such a thing on their own, for non-university-related reasons, then they need to secure some hard drive space on their PC at home.
I write my congressman: I get a form letter back, my letter gets listed on a statistical analysis of letters that came in that day, the man never sees it.
I've written perhaps 3 letters to my congressmen over the past few years, and each of them prompted a personalized response. Two of them were signed by The Man himself, and the 3rd was signed by an aide, as The Man was apparently overly busy/ill.
Perhaps you should write your congressmen again and let them know you'd appreciate a more personalized response. If nothing else, vote someone else into office next time.
Limiting this not only annoys consumers, but it binds their hands, so to speak
So what's to stop somebody then from making a digital copy of some company's latest work and redistributing it to a list of free subscribers, completely bypassing their need to pay for what you've created.
I won't disagree that copyright laws need some changes, but I do disagree in the extent of those changes. A lot of people here seem to want them abolished in the case of digital works because of the "ease" of duplication. If unlimited digital reproduction were ever legalized, it would have disastrous consequences for producers of all digital works.
Everyone would start (through free and public channels) redistributing everything everyone ever released in digital form (CD's, movies, books, etc.), and the authors would never receive a dime for their efforts. For that reason, authors would cease producing and the industry would shrivel up and disappear.
Either way, discussion forums like this are a great way for people to bring into the open and discuss/debate the relevant issues in the case
No offense, but I think 99.9% of the people posting to YRO articles are of a like bias. Nearly every post I read in the YRO is overwhelmingly in agreement with the author's take/bias on the issue at hand.
True open discussion would require a more balanced number of participants. As it stands now, YRO pieces seem like they're more a place for privacy activists to get together and preach to each other than a place for true discussion.
At least that's how I see it.
I consider myself a reasonably educated, moderate-to-liberal guy, and while I tend to be right down the middle with a lot of relatively controversial articles, with every SINGLE YRO piece I am consistently on the opposite end of the spectrum from nearly every other poster I see here.
Now I guess an explanation for this could be that I am usually pretty main stream except when it comes to topics such as what are brought up under YRO pieces, at which point I become violently skewed to one extreme, or that there is a serious lack of "the other head of the coin" in YRO posts.
With no tax revenue, the government will be forced to stop controlling everything and get back to providing services that are needed.
Umm.. how do you propose the government do this without any tax revenue?
What's wrong with just going through periodically and deleting all MP3 files? If the student is stupid enough to name their thesis with a .mp3 extension (for whatever twisted reason), they deserve to get the file deleted..
Let's get real here: Universities know that their students are trading MP3's and warez illegally on their dorm ethernets. Some turn a blind eye to it, others devote some meager resources to fighting it. None consider it a top priority to investigate, because it would entail devoting a lot of resources.
These letters from the RIAA are in no way a summons or a subpoena. It's just a "warning" from the RIAA that states they're going to attempt to hold the universities accountable for their student's actions unless the servers in question are put to a stop. As best as I can tell, that's all the university is obligated to try and do (if that) from these letters.
Yes, all it is is a scare tactic. Since when is this worthy of a Slashdot article? These things happen all the time, and are perfectly legal. Paraphrased, their letter reads, "We will take you to court (ask a judge whether we are right or wrong and if you should be helping us) if you fail to help us remove MP3 redistributors from your network."
that the school immediately terminate all web pages with illegal MP3 files (illegal is of course a judicial decision; the letter presumes that all MP3s are illegal);
So in order to classify something as illegal, you have to have a judge order it so in your specific case? "Why yes, judge, I killed him, but it wasn't illegal!" Come on, every one of those kids knows what they're doing breaks copyright law. Every public web site/share that contains MP3 files of known artists/songs (at least) means that user is re-distributing MP3's illegally. You don't need a court case to see that. If I had a bunch of MP3's of my own private works or items not copyrighted by others, and the university came to me and told me to shut it down, all I should have to do is let the university know this fact and everything should be fine. And before you start going off about "guilty until proven innocent" remember this is a university we're talking about, not the government.
Better hope your IP address doesn't appear too many times in those web server logs.
Yah because I'm sure the RIAA is going to go to ever IP address that has ever downloaded an MP3 and track each and every person down via their ISP.
"Umm yah, hi, this is the RIAA. We have a list of 132 IP's from your ISP over the course of 18 months. We'd like you to go into your dialup logs and give us the names and addresses of the users that had these IP's at that time."
Let's be realistic here and avoid the biased slurs when reporting "news" to us.
ISPs and colleges are not supposed to do the grunt work themselves - that results in the kind of overbroad crackdowns that we've seen. This was the subject of specific negotiations during the process of creating this law.
Correct. But if the ISP's are *willing* to do so after a simple letter like this, then the RIAA has accomplished something. Granted, it's pretty evil of the RIAA, but it's all very legal.
Most major universities have a legal staff of their own that can see these letters for what they're worth. (In other words, they're not as clueless as you seem to think every corporation/non-human legal entity is.) This legal staff will no doubt become familiar with the laws in question and be able to report *factually* to the university as to what is required on their part. (Note: Factually does not include Slashdot articles or comments by 99.5% of its users.) Reasons a university might be willing to take the initiative on their own:
- PR. If a university steps up and proudly weeds out a bunch of evil MP3/warez-trading kids from their university network, they get a reputation for it. People start to see that university as one that doesn't tolerate these types of people and one that puts scholastic achievement ahead of a waste of university network resources. Universities that choose not to comply with the conditions might be viewed as a "warez kiddie university", a haven for kiddies that like to trade MP3's and warez.
- To avoid legal hassles. Granted, their liability is limited without specific instances of copyright violation, many small universities may not have the funds/resources with which to object to the RIAA's pleas. A handful of students can probably be much more efficiently investigated than a larger university might be able to do.
- Because they don't know any better. Some universities may just not have competant legal staff (or may not have legal folks at all), nor would they be willing to spend money on any (see previous).
- Because they honestly weren't aware of the problem on their networks, and generally make a huge effort to keep their students honest and legal.
The BSA is now raiding homes of people accused of copying software.They wouldn't be allowed to do so without a search warrant, and a search warrant would require convincing a judge that it's needed. They couldn't just do this on a whim, so I hardly see how this could be construed as an "abuse" of BSA's copyright "enforcement" abilities.
all it is is a government-sanctioned monopoly transferring money from your pocket to others
OH MY GOD! PEOPLE ARE MAKING MONEY OFF OF THEIR IDEAS AND/OR HARD WORK! LET'S KILL THEM!
If you have concerns about current copyright terms, write your congressman. Don't post some foolish Slashdot note, and PLEASE try to collect your facts before you do so. I shudder to think how many letters my congressmen get that are from just plain uneducated people that have no clue about the things they are vehemently opposed to (or in favor of).
copyright-holders like the RIAA are building copyright protection into the very infrastructure of computing.
I fail to see how this is a bad thing. If you don't want there to be such a thing as copyright and/or trademarks, just come out and say it. At least then we can be sure what it is you're fighting against. I too feel that copyright terms are a bit lengthy, but I don't think we should abolish copyrights entirely.
but as more and more people experience the power of copyright to affect what they can and cannot publish online
I'm sorry, but I cannot subscribe to your interpretation of this whole MP3 fiasco. The kids were KNOWINGLY breaking the law by redistributing MP3's illegally. I mean come on, realistically, how many of these people think they're acting legally by ripping their CD's and putting them up for download?
we should demand that the social contract envisioned in the Constitution be fulfilled by forcing copyright holders to give back to society, whether they want to or not.
If they were trying to make a statement against excessive copyright, even then I fail to see how redistributing MP3's of modern works would help that cause. If anything, it seems as though you're against excessive copyright terms. I think the new Metallica CD will still fall under whatever "new" copyright laws that come about, so it seems unfair to say that this latest MP3 thing has anything to do with limiting copyright terms. The bottom line is that these people are breaking the law, and in most all cases, they knew it. If you are successful in changing copyright law more to your liking, I seriously doubt trading MP3's like this will ever be legal.
All right - this isn't in the US.
Ah, OK. I was working under that assumption.
Both, actually - clueless AND underfunded.
Makes sense. You live there; isn't there a way to get this changed?
I shouldn't reply to an ad hominem attack, but I forgot to mention that I'm NOT one of those "big fish" I mentioned.
Fair enough.
I see quite a lot of comments like yours, but they're usually coming from some 15-year-old arrogant IRC kiddie that thinks he's automatically a genius because he can download scripts and exploits online and people at school can think he is a cool hacker. That's where the animosity came from. My apologies.
The cops/investigators (who could be employees of the company I suppose) doing this would naturally be doing so with the permission of the software company, so it ceases to be illegal, as I see it.
No more illegal than it is for cops to buy drugs to catch drug dealers. I'm sure you've seen that sort of thing on Cops before. I don't see how this is that different.