Sorry, but the reasoning in your post made me wince. For one, the term "bad guys" is simply a us-vs-them generalisation that holds no water. I haven't met a single person in my life who is incapable of a good deed, or a bad deed. So, the question really should be, "Is the act of breaking a law always bad?".
For two, even if the answer to this is no, it makes no mention of how many laws are unjust, and which ones specifically are. If a significant portion of laws are just, then we should certainly be very concerned whether something is illegal or not, in general. Unless we know whether a specific law is unjust, then we would be sensible treating the laws as they are in the majority (which I think most people would say is "just").
Which side are you on?
Oh god. You voted for Bush, didn't you?
Most people? I don't think most people would say the laws are just. Everyone is under suspicion and surveillance because there's so many laws that we are all treated as suspects. So I suspect the majority believe most of the laws are unjust and that there's too many laws and too much government. I don't see or meet people who think we need more intrusive bigger government and I don't meet people who say they want more laws to police people.
I don't know enough about kiddie porn to know if most "consumers" are using a small set of existing data, or if it's more new one-off stuff. If there's really a small core set that lots of people have, well, I guess the database would be useful. If it doesn't work that way, I'd question the usefulness of such a database. I guess it'd be a quick way to catch a few people.
It's not really useful either way, it's just how the police typically operate when pursuing these cases. Personally I wouldn't waste the time and money chasing after the consumers. The producers, and anyone who profits from the production are the ones I'd take out.
Raiding people and destroying their lives because they possess some information you don't like or don't want them to have in my opinion is a violation. It's not justified why it is necessary that police have this sort of authority to police our bits on our machines. This is like having the authority to police our minds and arrest us for having inappropriate thoughts.
Ever found, on the 'net or on someone's PC, or on someone's phone, or on someone's digital camera? Pretty easy.
Just take the md5 hash, and add it to the database. I'd be amazed if that's not already happening, and somewhat surprised if western police services weren't sharing/merging their databases internationally.
I guess you _could_ pay someone to flick through 80,000 photographs to see whether any of them contain illegal images, but a quick md5 hash check might give you enough positives for a conviction for just a couple of minutes effort.
The point is it doesn't accomplish anything. The people who actually harm children in the pictures aren't necessarily the ones who possess the pictures. This means one or two pedophiles could incriminate 100 or 1000 different machines with 400-3000 different users. The point being that chasing after files is a bad policy and it's a thought crime policy. Possession is a victimless crime. And it doesn't matter to me what they possess, as long as they didn't produce it.
If they were trying to curb violence there would be a war on violence rather than a war on drugs. There are plenty of murderers who get away with it, there is plenty of violence in society. But when you see most cops do you see them investigating homicides?
Reducing crime levels should not be the goal. The goal should be to make communities feel safer.
Mass arrests of petty criminals does not make the community feel safer. Arrests of violent criminals makes the community feel safer.
Rather than chasing after meaningless numbers which only mean something to politicians and police chiefs, they should actually communicate with the community they are policing to ask them what they need.
So when you read "reducing crime levels", ask yourself which crimes? Crimes that matter or just a vague abstract "crime" statistic that only matters to the police?
DDOS does not count as being broken into. Show me some evidence the servers were broken into because I think you are spreading a myth or urban legend which isn't true.
CIA servers were DDOS'd. There is no definitive proof that the kid they arrested did it. The kid could have been framed.
Don't worry about it. You're being paranoid. Even if they could detect that you have some illegal music, they really don't care unless you're actively trading it. Look at how companies handle pirated software, for example. Microsoft can tell if your WIndows isn't "genuine" and yet the worst thing they do is cripple your copy and give you a rather polite message about making it genuine. That's the worst I would ever expect from a "honeypot." At worst they're going to say "Hey, we think this song is not genuine, would you like to buy a fresh copy to ensure you're legit?" They're not going to call the FBI on your ass for having an illegal copy of Twisted Sister on your hard drive. It just isn't going to happen.
The legality of the file is not a property of the file itself, and cannot be determined from the file's content. If I buy an MP3 on Amazon, I can legally use it. If I put it on bittorrent and you download it, you have the same file as I do, but the RIAA says you're not allowed to use it.
That doesn't mean it makes any sense from a technical or scientific point of view. The only reason that is the law is because special interests have decided to go with delusional impossible ideas to protect their profit engine.
Because kiddie porn is the gold standard. If you have even a file in you recycle bin on your computer, that you deleted, it can be forensically undeleted and you could be slammed for possession of child pornography. They use md5s to search for child pornography.
Most people cannot determine whether 100% of their porn and jpgs,gifs, are legal, how can anyone actually know whether 100% of their bits are legal? It's not humanly possible and the question is stupid because the burden shouldn't be on the user in the first place.
One file may be legal for one person, and illegal for another. For example, if you rip your CD yourself, the resulting MP3 is legal. Copy the same MP3 onto a friend's computer, and it's illegal. I don't think such a software is even possible to write. Every pirated / illegal MP3 file would have to be already watermarked as such in order for the software to function. What if the "common" version of the file floating around on Napster was just a basic 128Kbps rip with a common MP3 encoder, and you used the same encoder to rip the same song from the original CD yourself? In theory, it is very possible that the resulting MP3 is bit-for-bit the same as the one millions of other people pirated from Napster, even though you own the original CD and ripped the file yourself.
So just digitally sign everything you personally rip. I don't see how that could be so difficult. The computer you use to rip it could do it automagically.
Now of course if most stuff ripped isnt signed on purpose thats a different story. Maybe those Mp3s aren't legal?
True the md5 idea alone wouldn't solve everything but the guy asked if it could be possible to sort his files, and thats easy. Judging legality isn't easy even with lawyers and courtrooms.
It's only a matter of time before Facebook offers a music service which requires you to allow them to scan your harddrive and share it with your Facebook "friends".
It would be much easier if the RIAA just created a goddamn bounty rather than pose as an Anonymous Reader and try to coax us into developing it for free.
Through an Md5 database hosted on the RIAA website or funded by the RIAA. Every legal file could be known. And then every illegal file would be among those not in the official database.
If you don't think so, then you shouldn't be concerned with whether or not it's illegal or not and should be more concerned with how users can protect themselves from corporate political aggression.
Or if you want me to build it for you, pay up. But don't expect the open source community or free software community to build it for free.
(I don't know for a fact that Anonymous reader works for the RIAA but this seems to be just the kind of software they'd want to have.)
That being said, just to show how easy the software would be to design. All you'd have to do is use a sort algorithm. Then simply divide and conquer. Each mp3 file can be represented by md5. The software could create an internal md5 database. This md5 database could be sorted via a stamping or digital signature algorithm which will create a while or for loop which checks each file for it's status of being (legal) or (illegal). Starting with the files which are legal, these files should be identified first by the algorithm because these files would be easiest to identify. Then when the status is unclear, these files should be sorted by user defined criteria and checked either automatically via comparing with some sort of official database of legal md5s, or manually listened to by the user in which case they should all become one big playlist from which the user can listen and decide whether to wipe it or not.
If you want me to build the software, reply with the price you are willing to pay for its development.
4. Throw billions of dollars in bounties and in grants to develop the technology and start the arms race.
I see this as the most likely option. it's easier to just put out a bounty and let someone else do the work than to train their own "cyber soldiers"
The problem isn't lack of skill, it's lack of funding. If the bounties are high enough then hackers and IT professionals will be falling all over each other trying to get contracts.
While this is true, more often than not that brainpower is bogged down by red tape and regulations. While some of these do serve a purpose most just clog up the works and prevent things from getting done in any decent amount of time.
That really depends on the agency doesn't it? Or do they all have the same problem of red tape?
And if the gov gets rid of internet anonymity they are attacking civilians, just as the hackers are attacking civilians when they release their personal information out to be abused and exploited.
If the goal is to secure the information, and if most civilians don't know how to be anonymous anyway, this will have no impact on hackers who will still be anonymous, only even more anonymous than before because new tools will be invented. And the government will trigger an arms race just as other governments across the world have done when trying to crack down on internet anonymity.
The result is that ordinary people will have their lives disrupted and for no real benefit securitywise. Ordinary people will have less security, less privacy, less anonymity, and hackers will develop better tools to get beyond the censors. It wouldn't solve a damn thing and in fact the solution would be worse than the problem, just like with the War on Drugs.
The government does not need to and I advocate should not destroy net anonymity or freedom.
The best course of action for the government would be to allow only one military style agency, perhaps the NSA? or something else? Monitor the entire internet at the packet level. Any activity on the internet should remain free. Any backdoors in software, or in compilers, should remain hidden. Anyones secrets legal or illegal should remain secret. I don't care if my neighbor is downloading child porn. I don't care if my neighbor is Googling how to kill his wife. I don't care if he's trying to learn how to make a bomb. No individual crime is bad enough that we should give up our collective liberty.
However if someone is out to destroy the USA, by attacking the government, or it's troops, the government has the right to use whatever means necessary to protect itself. This does not require that civilians lose liberty. Civilians can be watched and keep their liberty, just so long as we don't treat this as a law enforcement thing.
Treating it as law enforcement is what causes us to lose liberty because then everyone wants to pass new laws. Treating it as war on the other hand, means that the threat is so bad that this is beyond the law and only the laws of war apply and knowing the USA, those laws don't really apply either. If we are going to deal with cyberwar correctly, then Obama or someone else has to set a line in the sand and decide just when it's an act of war. Civil liberties and internet anonymity should not be on the table. If these hackers truly believe in internet freedom enough to go to war against the US government, they should be prepared to die for internet freedom and we should not allow government or any hackers to reduce our collective freedom.
If they are just doing this to give the government cover for a censorship agenda, and if the government tries to pass a censorship bill, then the government and these hackers are both betraying the liberty this country is supposed to be fighting to defend.
Slashdot Mirror
Sorry, but the reasoning in your post made me wince. For one, the term "bad guys" is simply a us-vs-them generalisation that holds no water. I haven't met a single person in my life who is incapable of a good deed, or a bad deed. So, the question really should be, "Is the act of breaking a law always bad?".
For two, even if the answer to this is no, it makes no mention of how many laws are unjust, and which ones specifically are. If a significant portion of laws are just, then we should certainly be very concerned whether something is illegal or not, in general. Unless we know whether a specific law is unjust, then we would be sensible treating the laws as they are in the majority (which I think most people would say is "just").
Oh god. You voted for Bush, didn't you?
Most people? I don't think most people would say the laws are just.
Everyone is under suspicion and surveillance because there's so many laws that we are all treated as suspects. So I suspect the majority believe most of the laws are unjust and that there's too many laws and too much government. I don't see or meet people who think we need more intrusive bigger government and I don't meet people who say they want more laws to police people.
I don't know enough about kiddie porn to know if most "consumers" are using a small set of existing data, or if it's more new one-off stuff. If there's really a small core set that lots of people have, well, I guess the database would be useful. If it doesn't work that way, I'd question the usefulness of such a database. I guess it'd be a quick way to catch a few people.
It's not really useful either way, it's just how the police typically operate when pursuing these cases. Personally I wouldn't waste the time and money chasing after the consumers. The producers, and anyone who profits from the production are the ones I'd take out.
Raiding people and destroying their lives because they possess some information you don't like or don't want them to have in my opinion is a violation. It's not justified why it is necessary that police have this sort of authority to police our bits on our machines. This is like having the authority to police our minds and arrest us for having inappropriate thoughts.
ever created
Ever created, almost certainly not.
Ever found, on the 'net or on someone's PC, or on someone's phone, or on someone's digital camera? Pretty easy.
Just take the md5 hash, and add it to the database. I'd be amazed if that's not already happening, and somewhat surprised if western police services weren't sharing/merging their databases internationally.
I guess you _could_ pay someone to flick through 80,000 photographs to see whether any of them contain illegal images, but a quick md5 hash check might give you enough positives for a conviction for just a couple of minutes effort.
The point is it doesn't accomplish anything. The people who actually harm children in the pictures aren't necessarily the ones who possess the pictures. This means one or two pedophiles could incriminate 100 or 1000 different machines with 400-3000 different users. The point being that chasing after files is a bad policy and it's a thought crime policy. Possession is a victimless crime. And it doesn't matter to me what they possess, as long as they didn't produce it.
A car cannot be copied and isn't made from 1s and 0s.
If they were trying to curb violence there would be a war on violence rather than a war on drugs. There are plenty of murderers who get away with it, there is plenty of violence in society. But when you see most cops do you see them investigating homicides?
Reducing crime levels should not be the goal. The goal should be to make communities feel safer.
Mass arrests of petty criminals does not make the community feel safer. Arrests of violent criminals makes the community feel safer.
Rather than chasing after meaningless numbers which only mean something to politicians and police chiefs, they should actually communicate with the community they are policing to ask them what they need.
So when you read "reducing crime levels", ask yourself which crimes? Crimes that matter or just a vague abstract "crime" statistic that only matters to the police?
Very good question.
DDOS does not count as being broken into. Show me some evidence the servers were broken into because I think you are spreading a myth or urban legend which isn't true.
CIA servers were DDOS'd. There is no definitive proof that the kid they arrested did it. The kid could have been framed.
Don't worry about it. You're being paranoid. Even if they could detect that you have some illegal music, they really don't care unless you're actively trading it. Look at how companies handle pirated software, for example. Microsoft can tell if your WIndows isn't "genuine" and yet the worst thing they do is cripple your copy and give you a rather polite message about making it genuine. That's the worst I would ever expect from a "honeypot." At worst they're going to say "Hey, we think this song is not genuine, would you like to buy a fresh copy to ensure you're legit?" They're not going to call the FBI on your ass for having an illegal copy of Twisted Sister on your hard drive. It just isn't going to happen.
Google might not but Sony definitely world.
Your imagination is scary enough to inspire people to write software tools to protect against that scenario.
The legality of the file is not a property of the file itself, and cannot be determined from the file's content. If I buy an MP3 on Amazon, I can legally use it. If I put it on bittorrent and you download it, you have the same file as I do, but the RIAA says you're not allowed to use it.
This idea is explored in more details in the following blog post What Colour are your bits?
That doesn't mean it makes any sense from a technical or scientific point of view. The only reason that is the law is because special interests have decided to go with delusional impossible ideas to protect their profit engine.
Because kiddie porn is the gold standard. If you have even a file in you recycle bin on your computer, that you deleted, it can be forensically undeleted and you could be slammed for possession of child pornography. They use md5s to search for child pornography.
Most people cannot determine whether 100% of their porn and jpgs,gifs, are legal, how can anyone actually know whether 100% of their bits are legal? It's not humanly possible and the question is stupid because the burden shouldn't be on the user in the first place.
One file may be legal for one person, and illegal for another. For example, if you rip your CD yourself, the resulting MP3 is legal. Copy the same MP3 onto a friend's computer, and it's illegal. I don't think such a software is even possible to write. Every pirated / illegal MP3 file would have to be already watermarked as such in order for the software to function. What if the "common" version of the file floating around on Napster was just a basic 128Kbps rip with a common MP3 encoder, and you used the same encoder to rip the same song from the original CD yourself? In theory, it is very possible that the resulting MP3 is bit-for-bit the same as the one millions of other people pirated from Napster, even though you own the original CD and ripped the file yourself.
So just digitally sign everything you personally rip. I don't see how that could be so difficult. The computer you use to rip it could do it automagically.
Now of course if most stuff ripped isnt signed on purpose thats a different story. Maybe those Mp3s aren't legal?
True the md5 idea alone wouldn't solve everything but the guy asked if it could be possible to sort his files, and thats easy. Judging legality isn't easy even with lawyers and courtrooms.
It's only a matter of time before Facebook offers a music service which requires you to allow them to scan your harddrive and share it with your Facebook "friends".
It would be much easier if the RIAA just created a goddamn bounty rather than pose as an Anonymous Reader and try to coax us into developing it for free.
Why do you think they spend millions on DRM but can't spend that kind of money to secure gamers personal informarion?
Through an Md5 database hosted on the RIAA website or funded by the RIAA. Every legal file could be known. And then every illegal file would be among those not in the official database.
And are all laws just?
If you don't think so, then you shouldn't be concerned with whether or not it's illegal or not and should be more concerned with how users can protect themselves from corporate political aggression.
Which side are you on?
And my response is, build it yourself.
Or if you want me to build it for you, pay up. But don't expect the open source community or free software community to build it for free.
(I don't know for a fact that Anonymous reader works for the RIAA but this seems to be just the kind of software they'd want to have.)
That being said, just to show how easy the software would be to design. All you'd have to do is use a sort algorithm. Then simply divide and conquer.
Each mp3 file can be represented by md5. The software could create an internal md5 database. This md5 database could be sorted via a stamping or digital signature algorithm which will create a while or for loop which checks each file for it's status of being (legal) or (illegal). Starting with the files which are legal, these files should be identified first by the algorithm because these files would be easiest to identify. Then when the status is unclear, these files should be sorted by user defined criteria and checked either automatically via comparing with some sort of official database of legal md5s, or manually listened to by the user in which case they should all become one big playlist from which the user can listen and decide whether to wipe it or not.
If you want me to build the software, reply with the price you are willing to pay for its development.
But of course they can't because the hacker probably didn't have enough experience.
4. Throw billions of dollars in bounties and in grants to develop the technology and start the arms race.
I see this as the most likely option. it's easier to just put out a bounty and let someone else do the work than to train their own "cyber soldiers"
The problem isn't lack of skill, it's lack of funding. If the bounties are high enough then hackers and IT professionals will be falling all over each other trying to get contracts.
they have more brainpower
While this is true, more often than not that brainpower is bogged down by red tape and regulations. While some of these do serve a purpose most just clog up the works and prevent things from getting done in any decent amount of time.
That really depends on the agency doesn't it? Or do they all have the same problem of red tape?
My best guess is the feds took the opportunity to check dropbox.
And if the gov gets rid of internet anonymity they are attacking civilians, just as the hackers are attacking civilians when they release their personal information out to be abused and exploited.
If the goal is to secure the information, and if most civilians don't know how to be anonymous anyway, this will have no impact on hackers who will still be anonymous, only even more anonymous than before because new tools will be invented. And the government will trigger an arms race just as other governments across the world have done when trying to crack down on internet anonymity.
The result is that ordinary people will have their lives disrupted and for no real benefit securitywise. Ordinary people will have less security, less privacy, less anonymity, and hackers will develop better tools to get beyond the censors. It wouldn't solve a damn thing and in fact the solution would be worse than the problem, just like with the War on Drugs.
The government does not need to and I advocate should not destroy net anonymity or freedom.
The best course of action for the government would be to allow only one military style agency, perhaps the NSA? or something else? Monitor the entire internet at the packet level. Any activity on the internet should remain free. Any backdoors in software, or in compilers, should remain hidden. Anyones secrets legal or illegal should remain secret. I don't care if my neighbor is downloading child porn. I don't care if my neighbor is Googling how to kill his wife. I don't care if he's trying to learn how to make a bomb. No individual crime is bad enough that we should give up our collective liberty.
However if someone is out to destroy the USA, by attacking the government, or it's troops, the government has the right to use whatever means necessary to protect itself. This does not require that civilians lose liberty. Civilians can be watched and keep their liberty, just so long as we don't treat this as a law enforcement thing.
Treating it as law enforcement is what causes us to lose liberty because then everyone wants to pass new laws. Treating it as war on the other hand, means that the threat is so bad that this is beyond the law and only the laws of war apply and knowing the USA, those laws don't really apply either. If we are going to deal with cyberwar correctly, then Obama or someone else has to set a line in the sand and decide just when it's an act of war. Civil liberties and internet anonymity should not be on the table. If these hackers truly believe in internet freedom enough to go to war against the US government, they should be prepared to die for internet freedom and we should not allow government or any hackers to reduce our collective freedom.
If they are just doing this to give the government cover for a censorship agenda, and if the government tries to pass a censorship bill, then the government and these hackers are both betraying the liberty this country is supposed to be fighting to defend.