It's a good idea. Then management could update their risk models, and when they make decisions about their business processes to take the most profitable action..
That action can include due diligence for each takedown notice to avoid fake ones.
That is: if the penalties are costly enough to factor into management's calculations. If the penalties are too small, they're just a cost of doing business.
Personally, I think the courts should revise their point of view, and determine that notices sent without verifying ownership are inherently considered as sent in bad faith.
And there should be an expedited procedure for the recipient of a false notice to report the matter, and have the sender/responsible party pegged for perjury
MySpace can prove a label once published the guys music, so it MUST be under copyright to them
No.. that's not proven anything.. it's like saying you saw this comment of mine on slashdot.org, therefore it is proof that Rob Malda owns the copyright to the comment (although that's nonsense).
Moreover... just because a label published something, doesn't mean they had the right to publish it.
Ownership of exclusive rights to a work are not connected to its publication (other than that a license from a rightsholder is required to legally publish).
The keyword is legally. Sometimes various labels have illegally published things, or published things that weren't actually created (or owned) by the artist who purported to have created or owned the rights they "sold".
Isn't it Warner conducting tortious interference here w.r.t. the artist's business relationships interefered by preventing said artist from using MySpace, by falsely claiming to own the copyright?
Also.... claiming to own the copyright after they have been properly notified they don't should be even more actionable than simple infringement.
Nothing really obliges MySpace to believe the artist, until WMG rescinds their claim..
How does MySpace know the artist isn't just lying?
If WMG claimed to own the copyright, and MySpace allows the contents to be posted... MySpace might fear they will soon find themselves at the wrong end of a willful infringement action.
WMG may not own the copyright, but is it MySpace's job to throw away the DMCA safe harbor, and bet the bank on the artist's claim being correct?
Probably someone working for the company had the job of going through all the albums they had published, listing each song in it with sites such as MySpace, and submitting canned takedown notices if they saw anyone posting the song.
In that case, 'Evidence of ownership' isn't in their job description.
The process could just be flawwed in that they assume ownership of anything they have sold.
Or they made a mistake in failing to verify and flag that particular song as "not owned by us"
Citrix for presentation server & published apps? VMware for their PCOIP? Wyse? X.org?
It seems like in 7,599,985, they've successfully patented thin-client, VDI, and any remote application control/access/interactive media viewing from an embedded web app....
The invention allows a program to execute on a remote server or other computers to calculate the viewing transformations and send frame data to the client computer thus providing the user of the client computer with interactive features and allowing the user to have access to greater computing power than may be available at the user's client computer.
.. Other existing approaches to embedding interactive program objects in documents include the Object Linking and Embedding (OLE) facility in Microsoft Windows, by Microsoft Corp., and OpenDoc, by Apple Computer, Inc. At least one shortcoming of these approaches is that neither is capable of allowing a user to access embedded interactive program objects in distributed hypermedia documents over networks.
I say the problem is the infamous Eastern district of Texas, where this (and seemingly just about every other software patent lawsuit) apparently seems to have been filed.
Do they put something in the water over there that causes judges to be more willing to hear ridiculous patent suits and rule towards infringement?
Sure, but you can only dispose of a complete allocation in this way, such as a/20, not a small number of IPs such as a single/24. And you can only get lots of IPs with some good justification and some proof of your need for the IPs (including adequate utilization of a block allocated to you by an upstream provider).
I never said it was impossible, only that it gets expensive. Replacing your sups every 5 years with the shiny newest model isn't cheap either.
Think of how rapidly the tables would grow if masses of deaggregated/24s started appearing due to "IP sales". There are already some ASes that announce every/24... imagine how messy it would be for a much larger percentage of/24s to be individually announced.
And ye who want to be able to sell random/24s out of your IP space... really have no right to force all the providers in the world to give you those routing slots, they don't want to, and to an extent, policies and common practice reflects the desire to keep costs low.
If costs are high, ISP services and internet connectivity gets more expensive for all..
No, they'll just go underground. I expect to see the number of bloggers revealing their true identities decreasing substantially, and more using anonymous proxies and various means to post pseudononymously without fear of recourse.
Ok... but how well does it work really?
The WRT610N appears to cost $180.. so it's a tad more expensive.
My dislike for both of these units is... No power over Ethernet (IEEE 802.3af)..
And as far as I know, no port VLAN support or 802.1q tagged interfaces.. $200 is a lot to spend on a broadband router, and for that much, I kind of expect these basic features, they're pretty useful for reducing the number of annoying wall warts, when POE powered phones can be used:)
It's not a crime. It's a specious theory that the code the botnet authors utilize might somehow be viewed by the court as a technical measure that effectively controls access to or ability to copy a work, and that the researchers did circumvent those controls under 1201(a)(1)(A) of the DMCA.
The belief that the malware can be considered a "publication" is in doubt. The software is non-creative, non-beneficial.
But you have forgotten (j) Security Testing. -
(2) Permissible acts of security testing. - Notwithstanding the provisions of subsection (a)(1)(A), it is not a violation of that subsection for a person to engage in an act of security testing, if such act does not constitute infringement under this title or a violation of applicable law other than this section, including section 1030 of title 18 and those provisions of title 18 amended by the Computer Fraud and Abuse Act of 1986.
And also, S1204(b)
(b) Limitation for Nonprofit Library, Archives, Educational Institution, or Public Broadcasting Entity.â" Subsection (a) shall not apply to a nonprofit library, archives, educational institution, or public broadcasting entity (as defined under section 118 (g).[1]
Also, failure to register as required by S 407(a), has an effect: 1208 S 408(f)(4)... If you don't register the work within 3 months of publication, you lose the right to most infringement actions, except a 106A(a) infringement (infringement of author's right to attribution and integrity).
So by failing to register, the author loses a lot of rights.
I didn't even think it was possible to relate this subject to Nazis.. Mad props to you.
But these botnet studies (at least the well done ones) are in no way similar. Most security researchers actually are very careful with their methodology, and perform their studies in a way that assures they won't cause any harm (except maybe to the botnet operator by revealing their methods, in some cases).
Probably not. Certain types of research fall into a special exemption from the DMCA's anticircumvention provisions.
In this case, they were conducting security research, to assist in reducing piracy of malicious software.
Also, to pursue a DMCA action against the researchers, the botnet authors will have to identify themselves.
In the process, they will expose themselves to counterclaims to by the researchers who discovered their software illegally propagated itself to their computers, constituting "Gaining Access" without authorization, for the purposes of the US Computer Fraud and Abuse act.
In the vast majority of states they cannot, at least one party to the conversation has to consent. In some states, all parties must consent.
In those states they can... as long as they don't violate federal (or state) wiretap laws in the process.
It generally means they can record conversations they have in a public place, but they can't hook up recording gear to the phone box outside people's houses.
And they may be able to record conversations in a private place, using a very sensitive microphone, provided they avoid violating breaking + entering and trespass laws, they should be OK, although may be subject to civil prosecution.
On the other hand... if the journalist doesn't mind becoming a criminal themselves, they could choose to break any or all these laws.. once they publish the recording, it cannot easily be suppressed.
How this works in reality, is typically, to do the research, the researcher will get a sample of 'test machines' they own infected by visiting a drive-by-downloader's site in a specially controlled environment. Where they monitor all the botnet node's network activities, block any unexpected ones, and "de-fang" or "make benign" its activities (e.g. if it normally sends spam with a malware link, they may replace the link with a beacon link). The other possibility is they work with people whose machines are already infected.
In either case, the botnets are so large, that a few added nodes does not cause the botnet to do any more harm, and disinfecting those machines or disabling them would not significantly help anyone.
In either case, they own the equipment, and they don't approve of the malicious software's activities, they themselves act in a manner that doesn't increase the harm done by the botnet, they arrange matters in such a way that people who interact with "their nodes" are not harmed or any worse off because of their research activities. Breaking into software running on their computers is not like stealing from drug dealers... it's more like sneaking up behind a cat burglar sneaking out a window in your house, going towards your neighbor's house and cutting an enormous hole in their bag as they climb out your window.
Botnet infiltration is more like a researcher pretending to be a drug dealer.
The researcher gets drugs from the drug lord
Sends the drugs to the lab for analysis.
Covertly replaces the active ingredient in the drugs with a safe placebo.
e.g. Bag of coke gets replaced with a bag of sugar. Anything in pill form gets replaced with sugar pill disguised as the original. (Basically, deletes the dangerous ingredient)
Adds a tracer ingredient, like an edible RFID tag, and an edible GPS-based tracking device.
Passes along the drug down the line...
Or sells it, just in the manner directed to do by the drug lord.
But the researcher doesn't do it... let's say the "drug dealer" is a robot the drug lord was spreading around and deployed on the researcher's computer... the researcher hacked the program to do something other than what the drug lord expected.
Many SPs will only use the particular manufacturer of network gear whose name starts with a 'C'.
Because, for one thing, they're not trained in the management and unique characteristics of the MicroTik or Juni products, and so few people use them, getting help is harder, consultants are more expensive, and the support organizations behind those platforms are less trusted.
Software forwarding is just fine for end users, but not for SPs who are transit providers.
Anyways, suffice to say, they have reasons that taking larger tables incurs additional expenses
They have two options: (1) use all their money to buy better equipment, raise prices on their customers, or (2) Filter.
Number (2) filter is better for the health and efficiency of their networks.
They save money from avoiding premature upgrades they may now be able to use for other things, like IPv6 migrations:)
What's innovative here is they seem to be letting partners develop software packages to run on it... an iPhone-style "App store" for home router software addons, anyone (?)
Does this mean the warranty isn't void if you flash it with custom firmware?
Are they providing cool things like serial ports for debugging, and an external JTAG header, so you can easily fix it if your custom patched firmware breaks or something (?)
How about a fully vlan-able switch, POE capabilities, and enough RAM to run some minor computing loads ?:)
It's a good idea. Then management could update their risk models, and when they make decisions about their business processes to take the most profitable action..
That action can include due diligence for each takedown notice to avoid fake ones.
That is: if the penalties are costly enough to factor into management's calculations. If the penalties are too small, they're just a cost of doing business.
Personally, I think the courts should revise their point of view, and determine that notices sent without verifying ownership are inherently considered as sent in bad faith.
And there should be an expedited procedure for the recipient of a false notice to report the matter, and have the sender/responsible party pegged for perjury
MySpace can prove a label once published the guys music, so it MUST be under copyright to them
No.. that's not proven anything.. it's like saying you saw this comment of mine on slashdot.org, therefore it is proof that Rob Malda owns the copyright to the comment (although that's nonsense).
Moreover... just because a label published something, doesn't mean they had the right to publish it.
Ownership of exclusive rights to a work are not connected to its publication (other than that a license from a rightsholder is required to legally publish).
The keyword is legally. Sometimes various labels have illegally published things, or published things that weren't actually created (or owned) by the artist who purported to have created or owned the rights they "sold".
Isn't it Warner conducting tortious interference here w.r.t. the artist's business relationships interefered by preventing said artist from using MySpace, by falsely claiming to own the copyright?
Also.... claiming to own the copyright after they have been properly notified they don't should be even more actionable than simple infringement.
Nothing really obliges MySpace to believe the artist, until WMG rescinds their claim.. How does MySpace know the artist isn't just lying?
If WMG claimed to own the copyright, and MySpace allows the contents to be posted... MySpace might fear they will soon find themselves at the wrong end of a willful infringement action.
WMG may not own the copyright, but is it MySpace's job to throw away the DMCA safe harbor, and bet the bank on the artist's claim being correct?
By thinking you own it.
Probably someone working for the company had the job of going through all the albums they had published, listing each song in it with sites such as MySpace, and submitting canned takedown notices if they saw anyone posting the song.
In that case, 'Evidence of ownership' isn't in their job description.
The process could just be flawwed in that they assume ownership of anything they have sold.
Or they made a mistake in failing to verify and flag that particular song as "not owned by us"
Slander of title, perhaps.
Fraud implies intent.. I think this is just a case of horrendous negligence.
Never ascribe to malice that which is adequately explained by incompetence."
They might respond skillfully, but not as skillfully as the guy who's BS'ing the essay.
In other words, the applicant who responds more skillfully may actually be the person who won't succeed as a student...
It's just as silly to think a response to an essay question indicates level of potential.
The applicant can say whatever they think the admissions people want to hear, and get a team of people to help them make the best essay possible.
Why congress?
Is it not up to the states to decide what rights are transferred when something is being sold at the store?
Contracts and the purchase/sale of goods are generally distinctly state issues...
Citrix for presentation server & published apps? VMware for their PCOIP? Wyse? X.org?
It seems like in 7,599,985, they've successfully patented thin-client, VDI, and any remote application control/access/interactive media viewing from an embedded web app....
The invention allows a program to execute on a remote server or other computers to calculate the viewing transformations and send frame data to the client computer thus providing the user of the client computer with interactive features and allowing the user to have access to greater computing power than may be available at the user's client computer.
I say the problem is the infamous Eastern district of Texas, where this (and seemingly just about every other software patent lawsuit) apparently seems to have been filed.
Do they put something in the water over there that causes judges to be more willing to hear ridiculous patent suits and rule towards infringement?
So if Youtube rewrites their site in XML, instead of HTML, they won't be infringing?
Sure, but you can only dispose of a complete allocation in this way, such as a /20, not a small number of IPs such as a single /24. And you can only get lots of IPs with some good justification and some proof of your need for the IPs (including adequate utilization of a block allocated to you by an upstream provider).
Yes, and the prices of that gear are high, eg
7600 - >$30,000
ASR-1000 - >$50,000
ASR-9000 - >$80,000
CRS-1 - >$500,000
I never said it was impossible, only that it gets expensive. Replacing your sups every 5 years with the shiny newest model isn't cheap either.
Think of how rapidly the tables would grow if masses of deaggregated /24s started appearing due to "IP sales". There are already some ASes that announce every /24... imagine how messy it would be for a much larger percentage of /24s to be individually announced.
And ye who want to be able to sell random /24s out of your IP space... really have no right to force all the providers in the world to give you those routing slots, they don't want to, and to an extent, policies and common practice reflects the desire to keep costs low.
If costs are high, ISP services and internet connectivity gets more expensive for all..
No, they'll just go underground. I expect to see the number of bloggers revealing their true identities decreasing substantially, and more using anonymous proxies and various means to post pseudononymously without fear of recourse.
An explanation of how 802.11n gets 600 megabits is here
Ok... but how well does it work really? The WRT610N appears to cost $180.. so it's a tad more expensive.
My dislike for both of these units is... No power over Ethernet (IEEE 802.3af)..
And as far as I know, no port VLAN support or 802.1q tagged interfaces.. $200 is a lot to spend on a broadband router, and for that much, I kind of expect these basic features, they're pretty useful for reducing the number of annoying wall warts, when POE powered phones can be used :)
It's not a crime. It's a specious theory that the code the botnet authors utilize might somehow be viewed by the court as a technical measure that effectively controls access to or ability to copy a work, and that the researchers did circumvent those controls under 1201(a)(1)(A) of the DMCA.
The belief that the malware can be considered a "publication" is in doubt. The software is non-creative, non-beneficial.
But you have forgotten (j) Security Testing. - (2) Permissible acts of security testing. - Notwithstanding the provisions of subsection (a)(1)(A), it is not a violation of that subsection for a person to engage in an act of security testing, if such act does not constitute infringement under this title or a violation of applicable law other than this section, including section 1030 of title 18 and those provisions of title 18 amended by the Computer Fraud and Abuse Act of 1986.
And also, S1204(b) (b) Limitation for Nonprofit Library, Archives, Educational Institution, or Public Broadcasting Entity.â" Subsection (a) shall not apply to a nonprofit library, archives, educational institution, or public broadcasting entity (as defined under section 118 (g).[1]
Also, failure to register as required by S 407(a), has an effect: 1208 S 408(f)(4)... If you don't register the work within 3 months of publication, you lose the right to most infringement actions, except a 106A(a) infringement (infringement of author's right to attribution and integrity).
So by failing to register, the author loses a lot of rights.
Oh hot damn... Godwinn'ed...
I didn't even think it was possible to relate this subject to Nazis.. Mad props to you.
But these botnet studies (at least the well done ones) are in no way similar. Most security researchers actually are very careful with their methodology, and perform their studies in a way that assures they won't cause any harm (except maybe to the botnet operator by revealing their methods, in some cases).
Probably not. Certain types of research fall into a special exemption from the DMCA's anticircumvention provisions.
In this case, they were conducting security research, to assist in reducing piracy of malicious software.
Also, to pursue a DMCA action against the researchers, the botnet authors will have to identify themselves.
In the process, they will expose themselves to counterclaims to by the researchers who discovered their software illegally propagated itself to their computers, constituting "Gaining Access" without authorization, for the purposes of the US Computer Fraud and Abuse act.
In the vast majority of states they cannot, at least one party to the conversation has to consent. In some states, all parties must consent.
In those states they can... as long as they don't violate federal (or state) wiretap laws in the process.
It generally means they can record conversations they have in a public place, but they can't hook up recording gear to the phone box outside people's houses.
And they may be able to record conversations in a private place, using a very sensitive microphone, provided they avoid violating breaking + entering and trespass laws, they should be OK, although may be subject to civil prosecution.
On the other hand... if the journalist doesn't mind becoming a criminal themselves, they could choose to break any or all these laws.. once they publish the recording, it cannot easily be suppressed.
Greater knowledge? It's intangible, but still a benefit.
There's also a possibility of notoriety or fame.
And maybe a line in the resume, for the paper... which could translate into money or more opportunities at a later date.
Without the details of their research methodology at hand, you have no basis for claiming they might have committed a crime.
Maybe if/when they publish their paper, you can reasonably assess that, not until then.
How this works in reality, is typically, to do the research, the researcher will get a sample of 'test machines' they own infected by visiting a drive-by-downloader's site in a specially controlled environment. Where they monitor all the botnet node's network activities, block any unexpected ones, and "de-fang" or "make benign" its activities (e.g. if it normally sends spam with a malware link, they may replace the link with a beacon link). The other possibility is they work with people whose machines are already infected.
In either case, the botnets are so large, that a few added nodes does not cause the botnet to do any more harm, and disinfecting those machines or disabling them would not significantly help anyone.
In either case, they own the equipment, and they don't approve of the malicious software's activities, they themselves act in a manner that doesn't increase the harm done by the botnet, they arrange matters in such a way that people who interact with "their nodes" are not harmed or any worse off because of their research activities. Breaking into software running on their computers is not like stealing from drug dealers... it's more like sneaking up behind a cat burglar sneaking out a window in your house, going towards your neighbor's house and cutting an enormous hole in their bag as they climb out your window.
Botnet infiltration is more like a researcher pretending to be a drug dealer.
The researcher gets drugs from the drug lord
Sends the drugs to the lab for analysis.
Covertly replaces the active ingredient in the drugs with a safe placebo.
e.g. Bag of coke gets replaced with a bag of sugar. Anything in pill form gets replaced with sugar pill disguised as the original. (Basically, deletes the dangerous ingredient)
Adds a tracer ingredient, like an edible RFID tag, and an edible GPS-based tracking device.
Passes along the drug down the line...
Or sells it, just in the manner directed to do by the drug lord.
But the researcher doesn't do it... let's say the "drug dealer" is a robot the drug lord was spreading around and deployed on the researcher's computer... the researcher hacked the program to do something other than what the drug lord expected.
Many SPs will only use the particular manufacturer of network gear whose name starts with a 'C'. Because, for one thing, they're not trained in the management and unique characteristics of the MicroTik or Juni products, and so few people use them, getting help is harder, consultants are more expensive, and the support organizations behind those platforms are less trusted.
Software forwarding is just fine for end users, but not for SPs who are transit providers.
Anyways, suffice to say, they have reasons that taking larger tables incurs additional expenses
They have two options: (1) use all their money to buy better equipment, raise prices on their customers, or (2) Filter.
Number (2) filter is better for the health and efficiency of their networks.
They save money from avoiding premature upgrades they may now be able to use for other things, like IPv6 migrations :)
What's innovative here is they seem to be letting partners develop software packages to run on it... an iPhone-style "App store" for home router software addons, anyone (?)
Does this mean the warranty isn't void if you flash it with custom firmware?
Are they providing cool things like serial ports for debugging, and an external JTAG header, so you can easily fix it if your custom patched firmware breaks or something (?)
How about a fully vlan-able switch, POE capabilities, and enough RAM to run some minor computing loads ? :)