Stop looking for nits to pick. He didn't mean "shut down" literally. Of course Harvard shut the site down, but the point he was trying to make was that they weren't *responsible* for it. He was trying to say that the guy had it coming, and had no one to blame but himself (thus not Vranesevich and not Harvard).
It's as if they weren't taking any of this seriously at all. It's no surprise he was digusted with the quality of questions. (I was too, but then again, I had nothing I wanted to ask at all.)
I don't know what depresses me more, the fact that so many people like this posted these questions in the first place, or that our MODERATORS (the people who are supposed to be good posters, unbiased and objective) chose to moderate up some of the dumber questions.
But then again the entire JP/Antionline/Attrition/Packetstorm thing is just stupid to begin with. I've never heard of any of these people until Slashdot started posting about it, and I suspect most of you hadn't either. I've never heard of an unbiased take on the entire situation. Everything that's posted is just one person's rant/attack on the other, (or one respected media outlet trying its best to cover a story with only these rants to use as sources) and I'm quite sick of it. This interview has done nothing in the minds of those that are already set in their ways of hate except to fuel that fire.
So what, you think they should just give up? Stop trying to find and prosecute these people entirely? Why stop there? You can't possibly catch all murderers, so should we just not try to investigate those either?
Just because it's difficult to catch people for a particular crime does NOT in any way mean it's desirable for us to just give up. If anything else, they should be spending resources on developing ways to make that process more efficient and more successful.
The problem with public offers is that anyone can see your ip, and easily contact your provider to get the account cut off. But there are an abundance of shell providers out there
Those shell providers keep logs. There's always a trail. The person looking for that trail just needs to have enough resources to see it to completion. This is the ONLY reason why packet kiddies are prosecuted so infrequently.
So long as there are public trading grounds for warez (as there will always have to be, due to its nature), companies/law enforcement will always be able to "crack down".
You're right. There isn't a way to catch everybody, but they can always try, and so long as they continue to nail person after person for breaking the law, they'll continue doing it, as I hope they would.
Would you honestly want them to just give up because they can't catch everyone? With that type of attitude, our entire criminal justice system would collapse.
And what "rights" are we losing as a result of the BSA cracking down on warez pups? I fail to see how you link this with your little "war on privacy, war on human rights" bit.
I hear a lot of Microsoft money changed hands (i.e. bribes to local gov't officials, "donations" to government offices) in order to do these raids.
Do you have anything to back up these 'bribes'? Could they instead have been payments Microsoft made to the local law enforcement for their assistance in the raid? This is a pretty common thing, as far as I know. Microsoft hasn't the right to do a raid, and law enforcement doesn't always have the time/money to spend on such a thing, so the companies offer to reimburse the law enforcement for their expenses or pay their officers overtime. This seems logical and has nothing to do with being 'bribed'...
The problem is, they're too clueless
Clueless or underfunded? Really, if they're that clueless, you should write them a letter and send your resumé. They should be DYING to get their hands on you, since you're clueful, unlike anybody they have on staff right now, right?
...just because he happened to be a foreigner
Umm.. It sounds to me like this is an issue with your local newspaper, and not with those responsible for the raid.
I knew people who could ship you Microsoft Office CDs in quantities of thousands,
Wow, you are l33t. Were you saying this to enhance your credibility in this thread, or just to show us how long your warezpenis is?
You failed in both respects.
And the raids didn't touch ANY of the big fish, just the small, end-of-the-line shops.
You have to start somewhere...
but this time they're turning away anybody who looked like a suit
Wow you're right, law enforcement really is stupid. Can you believe they're not smart enough to approach them on their own level? I mean geez, you think they'd figure out that they're not supposed to wear suits on a sting operation...
I assume "participating" in an irc channel means more than your presence there, otherwise they wont get far with this lawsuit.
Obviously..
, I dont think a log of the channel will be considered criminating unless you break down a door and actually find the software at someones house.
Correct.
A channel log where a guy says he will send a piece of software to another one is not proof that the transfer did in fact occur.
Also correct, but such a log would go a long way towards getting a search warrant to proceed with a real investigation, or at the very minimum it would attract the attention of real investigators, who can do a more thorough online look.
I assume transfers are done by DCC which establish a direct connection between clients anyway - so checking server logs wont do much good either.
There are no 'server logs' one could check, even if they wanted to. The only way monitoring like this could work is if law enforcement were willing to tap the network connection (at the ISP for instance). The resources required to do this seem a bit prohibitive for a relatively minor thing like software piracy.
So - that means we are left with "sting" operations, infiltrating the channels and bust people that seem active. The thing is - you only catch small fish like this.
I don't think this would be nearly as difficult as you think. Just hop on some warez channels, and under heavy monitoring/recordkeeping, download all of the warez you can from as many people as you can. If you get a legitimate copy of a piece of software this way, note who it is, contact his ISP, subpoena his user records, get a search warrant and search his house and/or arrest him. Most would confess in short order.
And as I pointed out earlier, even if a computer is left unprotected, attempting to access a computer without the consent of the owner is still an intrusion.
So is it then illegal to access public shares on a PC? You do not have the owner's explicit consent to do so, but by making the share public and/or advertising the share, the owner grants implicit permission for the general public to access it.
An 'MP3' share with a password of 'mp3' is, in my book, implicit permission. This is how quite a lot of public MP3 resources are set up. If 'mp3' doesn't work as the password, move on. The owner probably doesn't want you in there.
No. It is a violation of their own computing policy, because the policy applies to all members of the CMU community. It's also probably in violation of a couple of state laws -- the students would be in a good position to sue.
The point I was trying to make was that CMU's posted policy has NO legal weight in this matter at all. It is totally irrelevant, except insofar as it can be used (as it is by you) to say CMU is a "bad" organization for not following its own posted guidelines. The only thing legally binding is the contract the students agreed to upon receiving their education/Internet access which, almost certainly, stated that the students would agree to follow CMU's posted guidelines.
I won't get into an ethical/moral debate about CMU's actions. These are largely objective and opinionated. All I'm trying to say is that *legally, I can't see any way that they broke a law.
MP3 transer also isn't illegal if the recipient keeps it for under 24 hours. Its called fair use.
Then:
Just like software, under fair use you can have a 24 hour evaluation period of copywritten materials.
I said:
Fair use has NOTHING to do with "evaluation" of a copywritten work.
Your guaranteed '24 hour evaluation period' for all copyrighted works not only makes no sense, but is not factually supported by any legal documentation or the "fair use" link I provided. That's all I was trying to say.
It IS illegal to redistribute MP3 files, even if it's within whatever 24 hour window you think you have. It's also illegal to copy CD's to MP3 and then return the CD, keeping the MP3's. "Unauthorized duplication is prohibited." Sound familiar? None of this has anything to do with fair use.
Now, did I miss something here or were you just confused as to what I was trying to say? Your reply doesn't logically follow mine.
But how would they know that the password was mp3? By attempting to guess the password
Yep. Here, 'guess' is synonymous with 'try'.
i.e. breaking into the computer!
No. Since when is it considered 'breaking in' when you 'try' to turn the doorknob?
If you set up some sort of marketing thing and have a web site that's password protected with a password like "money4you", and then proceed to parade that password across your superbowl commercials, in print, magazines, before movies, and every place you can think of with announcements saying, "Come visit our web site, enter the password 'money4you' on the correct page and get $50 off your next purchase!", are each of those people "breaking in" to the web site? They have to try ("guess") the password in order to see if it lets them in.
If you read CMU's computing policy... impose very stringent conditions that were not met here.
CMU's computing policy is nothing more than a POLICY for its *STUDENTS*. This carries absolutely NO legal weight WHATSOEVER except in that it can be used as justification for CMU to use disciplinary action should those policies be violated by a student. CMU cannot be legally held to these posted guidelines, but their students can (since their contracts with CMU regarding things like computing and network resources point specifically to these policies as guidelines the student must abide by).
What people seem to be objecting to is the *legal* ramifications of CMU's efforts. For that reason, you should be looking at the definitions as set forth in the laws themselves, not some stupid student policy set forth by the university. If you think CMU is evil because the university doesn't abide by the same rules they make their students abide by, fine, but that's another topic entirely.
Where did you hear this? Firstly, this has nothing to do with illegal distribution of MP3's. Even if you *were* legally entitled to a 24-hour "evaluation" period, that CERTAINLY would never give you the right to duplicate or re-distribute duplicated copies.
Additional ramifications of this assumption include (but are not limited to):
Video rentals. Why rent when you can buy, watch it, and return it within 24 hours FOR FREE?
Magazine sales. Buy a mag, read it, return it the next day. Consider that $2.99 a refundable deposit!
Fast reader? Why rent from the library when you can get a 24-hour rental from the book store?
Fair use has NOTHING to do with "evaluation" of a copywritten work. Fair use is meant to allow people limited reproduction rights for certain research and educational purposes and to grant certain exemptions for libraries.
And when the police come to your door and use the userid as "proof" that you authored the macrovirus I wrote (tee hee!) as sufficient cause to arrest you, I guess you'll have no problem with that, right?
I don't believe this was cause to arrest. I think they questioned him and he confessed to writing the virus.
Information like this wouldn't be classified as hard evidence for precisely the reasons you state, but it DOES help to point law enforcement in the right direction. If it ends up being forged, law enforcement loses nothing except a bit of time following a bad lead.
And when the police come to your door and use the userid as "proof" that you authored the macrovirus I wrote (tee hee!) as sufficient cause to arrest you, I guess you'll have no problem with that, right?
I don't believe this was cause to arrest. I think they questioned him and he confessed to writing the virus.
Information like this wouldn't be classified as hard evidence for precisely the reasons you state, but it DOES help to point law enforcement in the right direction. If it ends up being forged, law enforcement loses nothing except a bit of time following a bad lead.
It is respected. You CHOOSE to put your personal information online. If that information is used in ways you don't approve of, that's your own fault for not checking to be sure how it would have been used in the first place.
If you don't want your Internet activity tracked back to your computer like your telephone activity is tracked back to your telephone number, go somewhere else and use a public terminal like you'd use a public telephone.
I think the media has had more to do with this change in respect than anything else.
There will always be abuses. There have always been abuses. Fortunately, abuse occurs very infrequently, despite what the mass media would like us to think. There's no news like bad news.
I for one trust my local law enforcement implicitely. If they fuck up, I have faith that they will either learn from their mistakes or their own internal reviews will see to it that such a mistake doesn't happen again. I most certainly wouldn't *deny* my law enforcement technology on the basis that it *could* be abused. The system has always worked on compromise. The gains outweigh the drawbacks. If a cop abuses his status and does something wrong, take HIM to court. Don't hamper law enforcement entirely. If we got rid of every power law enforcement had that was theoretically capable of being abused, our law enforcement would have no power at all. Don't fight the technology. Fight those that would abuse it. Request checks and balances and means to make people accountable for their actions.
If 'mp3' or 'guest' doesn't work, it's not obvious in my opinion. Either of these passwords is very common in the world of MP3 trading, and if I were the one doing the searches, I would try 'mp3', then 'guest', then I'd stop.
Think about this for a minute. If all someone has to do to avoid being identified (through legal process) as an MP3 distributor is place a 'mp3' password on their share, that's like giving them free reign to break the law. It's common knowledge that 'mp3' opens MP3 shares. It doesn't make sense to award shares set up in this fashion any more degree of protection or privacy than other public (but non-passworded) shares.
Look. I'm not saying that because the password was easy to guess it's OK to break in. What I'm saying is that people do not use a password of 'mp3' in an effort to restrict access to the share. Most MP3 shares that I come across that have passwords use the password 'mp3'. They don't do this because they're dumb; they're doing it because they WANT the general public to be able to access the share, while at the same time they can keep out things like automated spiders.
For this reason (intent), these shares are not "private" resources. The owner of the share is either publishing the password in a README or he's using a known, public password specifically so the public can get access.
Regardless of how long it took to crack, its still cracking
Again, it boils down to the intent of the owner of the resource. A password of 'mp3' is "the way" things are done with MP3 shares online. When somebody has MP3 shares they don't want to be indexed by search engines or immediately obvious to the passer-by, he'll put a password of 'mp3' on it. That doesn't mean he's attempting to restrict access; he *wants* the share to be open to the general public. This crucial difference in intent means that, legally, the resource is no longer private. Hence it's not "cracking" to try to gain access by using a password of 'mp3'. It's the Way Things Are Done.
Another thing everyone is forgetting is you have no idea what MP3's are legal or illegal without knowing what CD's or Tapes that person owns.
It doesn't matter. To my knowledge, it's not the possession of the MP3's that's illegal; it's the illegal distribution.
MP3 transer also isn't illegal if the recipient keeps it for under 24 hours. Its called fair use.
Would you mind rephrasing that? Surely you don't mean that somebody can download a CD, rip it to MP3, and then pass that MP3 out to all of their friends (or post it on a public web page/share) so long as it all occurs within a 24-hour window...? Where the hell did you hear this? This is flat out wrong. Illegal distribution is illegal distribution. "Fair use" doesn't come into play here in the least. I suggest you consult a lawyer before you start spouting out legal terms without any idea as to how they apply to a given situation.
What if the door is locked and a key is under the mat? I think this situation is analogous to the password in a readme file.
If there was a sign up on the door that said, "Everyone welcome! Key is under the mat!", then surely it would be fine.
It all boils down to the intent of the resource provider. If he intended to restrict access, he would have done so by choosing a real password. A password of 'mp3' is a VERY common way of setting up MP3 shares for public use. Intent is a very crucial point here.
An knowingly obvious password is equivalent to no password. I'm not an MP3 trader, but I automatically know to try 'mp3' as a password when I come up to a 'protected' MP3 share. It's the way MP3 shares work. Those that use a password of 'mp3' for their shares are not working to restrict access, so any defense that maintains this is such an effort is fundamentally flawed and would not stand up legally.
But where do you draw the line as to what passwords consitute intent to make it public vs. private?
I'd draw the line where the password ceases to be obvious. I'm not a regular MP3 trader, but I automatically know that 'mp3' is usually the password to use when I come up to an MP3 share. Beyond that, it's a gray area, and one I, as an admin, would not be willing to venture.
No, but if you leave your door wide open and put a sign outside your door saying "Come on in!" and someone does and notices you breaking the law, you are still accountable.
Regardless of the fact that the students are paying for the service, they STILL HAVE TO ABIDE BY THE LAW as well as the school's acceptable use policy/terms & conditions. The school was completely justified in doing what they did.
You're right, but having a README.txt file on a public share saying "The password to my 'MP3' share is 'MP3'. Leech away!" doesn't help the students at all.
It's not the posession of MP3's that's the big deal: it's the distribution. By putting them on a public share, you are essentially giving them away to anybody that comes along and wants them.
THAT is illegal.
I own a few hundred MP3's myself, 99.5% of which I ripped from my own CD collection. If I wanted to listen to these MP3's from somebody else's house, I would set up a PASSWORD PROTECTED share ('mp3' doesn't count as a password) for my own PRIVATE use (again, 'mp3' would not qualify here).
Slashdot Mirror
Stop looking for nits to pick. He didn't mean "shut down" literally. Of course Harvard shut the site down, but the point he was trying to make was that they weren't *responsible* for it. He was trying to say that the guy had it coming, and had no one to blame but himself (thus not Vranesevich and not Harvard).
It's as if they weren't taking any of this seriously at all. It's no surprise he was digusted with the quality of questions. (I was too, but then again, I had nothing I wanted to ask at all.)
I don't know what depresses me more, the fact that so many people like this posted these questions in the first place, or that our MODERATORS (the people who are supposed to be good posters, unbiased and objective) chose to moderate up some of the dumber questions.
But then again the entire JP/Antionline/Attrition/Packetstorm thing is just stupid to begin with. I've never heard of any of these people until Slashdot started posting about it, and I suspect most of you hadn't either. I've never heard of an unbiased take on the entire situation. Everything that's posted is just one person's rant/attack on the other, (or one respected media outlet trying its best to cover a story with only these rants to use as sources) and I'm quite sick of it. This interview has done nothing in the minds of those that are already set in their ways of hate except to fuel that fire.
So what, you think they should just give up? Stop trying to find and prosecute these people entirely? Why stop there? You can't possibly catch all murderers, so should we just not try to investigate those either?
Just because it's difficult to catch people for a particular crime does NOT in any way mean it's desirable for us to just give up. If anything else, they should be spending resources on developing ways to make that process more efficient and more successful.
The problem with public offers is that anyone can see your ip, and easily contact your provider to get the account cut off. But there are an abundance of shell providers out there
Those shell providers keep logs. There's always a trail. The person looking for that trail just needs to have enough resources to see it to completion. This is the ONLY reason why packet kiddies are prosecuted so infrequently.
So long as there are public trading grounds for warez (as there will always have to be, due to its nature), companies/law enforcement will always be able to "crack down".
You're right. There isn't a way to catch everybody, but they can always try, and so long as they continue to nail person after person for breaking the law, they'll continue doing it, as I hope they would.
Would you honestly want them to just give up because they can't catch everyone? With that type of attitude, our entire criminal justice system would collapse.
And what "rights" are we losing as a result of the BSA cracking down on warez pups? I fail to see how you link this with your little "war on privacy, war on human rights" bit.
I hear a lot of Microsoft money changed hands (i.e. bribes to local gov't officials, "donations" to government offices) in order to do these raids.
...just because he happened to be a foreigner
Do you have anything to back up these 'bribes'? Could they instead have been payments Microsoft made to the local law enforcement for their assistance in the raid? This is a pretty common thing, as far as I know. Microsoft hasn't the right to do a raid, and law enforcement doesn't always have the time/money to spend on such a thing, so the companies offer to reimburse the law enforcement for their expenses or pay their officers overtime. This seems logical and has nothing to do with being 'bribed'...
The problem is, they're too clueless
Clueless or underfunded? Really, if they're that clueless, you should write them a letter and send your resumé. They should be DYING to get their hands on you, since you're clueful, unlike anybody they have on staff right now, right?
Umm.. It sounds to me like this is an issue with your local newspaper, and not with those responsible for the raid.
I knew people who could ship you Microsoft Office CDs in quantities of thousands,
Wow, you are l33t. Were you saying this to enhance your credibility in this thread, or just to show us how long your warezpenis is?
You failed in both respects.
And the raids didn't touch ANY of the big fish, just the small, end-of-the-line shops.
You have to start somewhere...
but this time they're turning away anybody who looked like a suit
Wow you're right, law enforcement really is stupid. Can you believe they're not smart enough to approach them on their own level? I mean geez, you think they'd figure out that they're not supposed to wear suits on a sting operation...
I assume "participating" in an irc channel means more than your presence there, otherwise they wont get far with this lawsuit.
Obviously..
, I dont think a log of the channel will be considered criminating unless you break down a door and actually find the software at someones house.
Correct.
A channel log where a guy says he will send a piece of software to another one is not proof that the transfer did in fact occur.
Also correct, but such a log would go a long way towards getting a search warrant to proceed with a real investigation, or at the very minimum it would attract the attention of real investigators, who can do a more thorough online look.
I assume transfers are done by DCC which establish a direct connection between clients anyway - so checking server logs wont do much good either.
There are no 'server logs' one could check, even if they wanted to. The only way monitoring like this could work is if law enforcement were willing to tap the network connection (at the ISP for instance). The resources required to do this seem a bit prohibitive for a relatively minor thing like software piracy.
So - that means we are left with "sting" operations, infiltrating the channels and bust people that seem active. The thing is - you only catch small fish like this.
I don't think this would be nearly as difficult as you think. Just hop on some warez channels, and under heavy monitoring/recordkeeping, download all of the warez you can from as many people as you can. If you get a legitimate copy of a piece of software this way, note who it is, contact his ISP, subpoena his user records, get a search warrant and search his house and/or arrest him. Most would confess in short order.
Rinse and repeat.
And as I pointed out earlier, even if a computer is left unprotected, attempting to access a computer without the consent of the owner is still an intrusion.
So is it then illegal to access public shares on a PC? You do not have the owner's explicit consent to do so, but by making the share public and/or advertising the share, the owner grants implicit permission for the general public to access it.
An 'MP3' share with a password of 'mp3' is, in my book, implicit permission. This is how quite a lot of public MP3 resources are set up. If 'mp3' doesn't work as the password, move on. The owner probably doesn't want you in there.
No. It is a violation of their own computing policy, because the policy applies to all members of the CMU community. It's also probably in violation of a couple of state laws -- the students would be in a good position to sue.
The point I was trying to make was that CMU's posted policy has NO legal weight in this matter at all. It is totally irrelevant, except insofar as it can be used (as it is by you) to say CMU is a "bad" organization for not following its own posted guidelines. The only thing legally binding is the contract the students agreed to upon receiving their education/Internet access which, almost certainly, stated that the students would agree to follow CMU's posted guidelines.
I won't get into an ethical/moral debate about CMU's actions. These are largely objective and opinionated. All I'm trying to say is that *legally, I can't see any way that they broke a law.
You said:
MP3 transer also isn't illegal if the recipient keeps it for under 24 hours. Its called fair use.
Then:
Just like software, under fair use you can have a 24 hour evaluation period of copywritten materials.
I said:
Fair use has NOTHING to do with "evaluation" of a copywritten work.
Your guaranteed '24 hour evaluation period' for all copyrighted works not only makes no sense, but is not factually supported by any legal documentation or the "fair use" link I provided. That's all I was trying to say.
It IS illegal to redistribute MP3 files, even if it's within whatever 24 hour window you think you have. It's also illegal to copy CD's to MP3 and then return the CD, keeping the MP3's. "Unauthorized duplication is prohibited." Sound familiar? None of this has anything to do with fair use.
Now, did I miss something here or were you just confused as to what I was trying to say? Your reply doesn't logically follow mine.
But how would they know that the password was mp3? By attempting to guess the password
... impose very stringent conditions that were not met here.
Yep. Here, 'guess' is synonymous with 'try'.
i.e. breaking into the computer!
No. Since when is it considered 'breaking in' when you 'try' to turn the doorknob?
If you set up some sort of marketing thing and have a web site that's password protected with a password like "money4you", and then proceed to parade that password across your superbowl commercials, in print, magazines, before movies, and every place you can think of with announcements saying, "Come visit our web site, enter the password 'money4you' on the correct page and get $50 off your next purchase!", are each of those people "breaking in" to the web site? They have to try ("guess") the password in order to see if it lets them in.
If you read CMU's computing policy
CMU's computing policy is nothing more than a POLICY for its *STUDENTS*. This carries absolutely NO legal weight WHATSOEVER except in that it can be used as justification for CMU to use disciplinary action should those policies be violated by a student. CMU cannot be legally held to these posted guidelines, but their students can (since their contracts with CMU regarding things like computing and network resources point specifically to these policies as guidelines the student must abide by).
What people seem to be objecting to is the *legal* ramifications of CMU's efforts. For that reason, you should be looking at the definitions as set forth in the laws themselves, not some stupid student policy set forth by the university. If you think CMU is evil because the university doesn't abide by the same rules they make their students abide by, fine, but that's another topic entirely.
Where did you hear this? Firstly, this has nothing to do with illegal distribution of MP3's. Even if you *were* legally entitled to a 24-hour "evaluation" period, that CERTAINLY would never give you the right to duplicate or re-distribute duplicated copies.
Additional ramifications of this assumption include (but are not limited to):
Video rentals. Why rent when you can buy, watch it, and return it within 24 hours FOR FREE?
Magazine sales. Buy a mag, read it, return it the next day. Consider that $2.99 a refundable deposit!
Fast reader? Why rent from the library when you can get a 24-hour rental from the book store?
Fair use has NOTHING to do with "evaluation" of a copywritten work. Fair use is meant to allow people limited reproduction rights for certain research and educational purposes and to grant certain exemptions for libraries.
An excellent web site that explains copyright and "fair use": http://fairuse.stanford.edu/
And when the police come to your door and use the userid as "proof" that you authored the macrovirus I wrote (tee hee!) as sufficient cause to arrest you, I guess you'll have no problem with that, right?
I don't believe this was cause to arrest. I think they questioned him and he confessed to writing the virus.
Information like this wouldn't be classified as hard evidence for precisely the reasons you state, but it DOES help to point law enforcement in the right direction. If it ends up being forged, law enforcement loses nothing except a bit of time following a bad lead.
And when the police come to your door and use the userid as "proof" that you authored the macrovirus I wrote (tee hee!) as sufficient cause to arrest you, I guess you'll have no problem with that, right?
I don't believe this was cause to arrest. I think they questioned him and he confessed to writing the virus.
Information like this wouldn't be classified as hard evidence for precisely the reasons you state, but it DOES help to point law enforcement in the right direction. If it ends up being forged, law enforcement loses nothing except a bit of time following a bad lead.
It is respected. You CHOOSE to put your personal information online. If that information is used in ways you don't approve of, that's your own fault for not checking to be sure how it would have been used in the first place.
If you don't want your Internet activity tracked back to your computer like your telephone activity is tracked back to your telephone number, go somewhere else and use a public terminal like you'd use a public telephone.
I think the media has had more to do with this change in respect than anything else.
There will always be abuses. There have always been abuses. Fortunately, abuse occurs very infrequently, despite what the mass media would like us to think. There's no news like bad news.
I for one trust my local law enforcement implicitely. If they fuck up, I have faith that they will either learn from their mistakes or their own internal reviews will see to it that such a mistake doesn't happen again. I most certainly wouldn't *deny* my law enforcement technology on the basis that it *could* be abused. The system has always worked on compromise. The gains outweigh the drawbacks. If a cop abuses his status and does something wrong, take HIM to court. Don't hamper law enforcement entirely. If we got rid of every power law enforcement had that was theoretically capable of being abused, our law enforcement would have no power at all. Don't fight the technology. Fight those that would abuse it. Request checks and balances and means to make people accountable for their actions.
Where do you stop?
When it ceases to be obvious.
If 'mp3' or 'guest' doesn't work, it's not obvious in my opinion. Either of these passwords is very common in the world of MP3 trading, and if I were the one doing the searches, I would try 'mp3', then 'guest', then I'd stop.
Think about this for a minute. If all someone has to do to avoid being identified (through legal process) as an MP3 distributor is place a 'mp3' password on their share, that's like giving them free reign to break the law. It's common knowledge that 'mp3' opens MP3 shares. It doesn't make sense to award shares set up in this fashion any more degree of protection or privacy than other public (but non-passworded) shares.
Look. I'm not saying that because the password was easy to guess it's OK to break in. What I'm saying is that people do not use a password of 'mp3' in an effort to restrict access to the share. Most MP3 shares that I come across that have passwords use the password 'mp3'. They don't do this because they're dumb; they're doing it because they WANT the general public to be able to access the share, while at the same time they can keep out things like automated spiders.
For this reason (intent), these shares are not "private" resources. The owner of the share is either publishing the password in a README or he's using a known, public password specifically so the public can get access.
Regardless of how long it took to crack, its still cracking
Again, it boils down to the intent of the owner of the resource. A password of 'mp3' is "the way" things are done with MP3 shares online. When somebody has MP3 shares they don't want to be indexed by search engines or immediately obvious to the passer-by, he'll put a password of 'mp3' on it. That doesn't mean he's attempting to restrict access; he *wants* the share to be open to the general public. This crucial difference in intent means that, legally, the resource is no longer private. Hence it's not "cracking" to try to gain access by using a password of 'mp3'. It's the Way Things Are Done.
Another thing everyone is forgetting is you have no idea what MP3's are legal or illegal without knowing what CD's or Tapes that person owns.
It doesn't matter. To my knowledge, it's not the possession of the MP3's that's illegal; it's the illegal distribution.
MP3 transer also isn't illegal if the recipient keeps it for under 24 hours. Its called fair use.
Would you mind rephrasing that? Surely you don't mean that somebody can download a CD, rip it to MP3, and then pass that MP3 out to all of their friends (or post it on a public web page/share) so long as it all occurs within a 24-hour window...? Where the hell did you hear this? This is flat out wrong. Illegal distribution is illegal distribution. "Fair use" doesn't come into play here in the least. I suggest you consult a lawyer before you start spouting out legal terms without any idea as to how they apply to a given situation.
What if the door is locked and a key is under the mat? I think this situation is analogous to the password in a readme file.
If there was a sign up on the door that said, "Everyone welcome! Key is under the mat!", then surely it would be fine.
It all boils down to the intent of the resource provider. If he intended to restrict access, he would have done so by choosing a real password. A password of 'mp3' is a VERY common way of setting up MP3 shares for public use. Intent is a very crucial point here.
An knowingly obvious password is equivalent to no password. I'm not an MP3 trader, but I automatically know to try 'mp3' as a password when I come up to a 'protected' MP3 share. It's the way MP3 shares work. Those that use a password of 'mp3' for their shares are not working to restrict access, so any defense that maintains this is such an effort is fundamentally flawed and would not stand up legally.
But where do you draw the line as to what passwords consitute intent to make it public vs. private?
I'd draw the line where the password ceases to be obvious. I'm not a regular MP3 trader, but I automatically know that 'mp3' is usually the password to use when I come up to an MP3 share. Beyond that, it's a gray area, and one I, as an admin, would not be willing to venture.
No, but if you leave your door wide open and put a sign outside your door saying "Come on in!" and someone does and notices you breaking the law, you are still accountable.
Regardless of the fact that the students are paying for the service, they STILL HAVE TO ABIDE BY THE LAW as well as the school's acceptable use policy/terms & conditions. The school was completely justified in doing what they did.
You're right, but having a README.txt file on a public share saying "The password to my 'MP3' share is 'MP3'. Leech away!" doesn't help the students at all.
It's not the posession of MP3's that's the big deal: it's the distribution. By putting them on a public share, you are essentially giving them away to anybody that comes along and wants them.
THAT is illegal.
I own a few hundred MP3's myself, 99.5% of which I ripped from my own CD collection. If I wanted to listen to these MP3's from somebody else's house, I would set up a PASSWORD PROTECTED share ('mp3' doesn't count as a password) for my own PRIVATE use (again, 'mp3' would not qualify here).