Because every country strives to be more like Syria.
"MPAA told Congress that they wanted SOPA and knew it would work because it was the same tactic used by governments in "China, Iran, the UAE, Armenia, Ethiopia, Saudi Arabia, Yemen, Bahrain, Burma, Syria, Turkmenistan, Uzbekistan, and Vietnam."
Funny how all the countries listed here have a strong central government (too say the least), and the MPAA wants to replicate this balance of power in a more liberal context (ie in the hand of an economic agent). United Corporation of America, anyone?
Let's let this proceed, then take anyone who supported it or voted for it and send them to the listed countries.
When do we treat this sort of nonsense as a threat, ala the Boston rapper. If I announced a business model of selling something for $0.99, but claiming its real value was $150K and then using the millions of dollars of "damages" to justify rooting through your computer, I'd have the police called on me. So why doesn't this extend to the real criminals in our society?
I doubt they'll get this, but they need to be kicked for even asking.
That's actually the fundamental problem in democracy - the assumption that everything is up for grabs if you win some popularity contest, and that there are no limits on how often you can ask. If I asked if I could do something horrible to you, you'd say no and move on. If I ask your government I just keep doing it until fatigue or human error on your part lets me win.
Are they also going to push for laws that mandate that all anti-virus software must ignore their rootkits?
And with secure boot in Windows 8, it will be harder for rootkits to remain undetected by hiding in the boot loader. Will the entertainment industry push for laws that force operating system vendors to provide back-doors for the official malware?
No way ... MS can buy Hollywood with pocket change. Also the moment they sign something like that - no more business with enterprises and national governments. The integrity of windows and office is imperative for them.
This was done without MS active involvement. Microsoft signing a piece of code in wild that can subvert their own secure boot ... is something else entirely.
The point is that any company can sign a rootkit (for the price of $99) to run on windows machines with our without SecureBoot. The best MS can do is to revoke certificates of rogue companies but by then the damage could be done.
In fact, as that Wikipedia article points out, it was exposed by a Microsoft employee:
The scandal erupted on October 31, 2005, when Microsoft researcher Mark Russinovich posted to his blog a detailed description and technical analysis of F4I's XCP software that he ascertained had been recently installed on his computer by a Sony BMG music CD. Russinovich compared the software to a rootkit due to its surreptitious installation and its efforts to hide its existence. He noted that the EULA does not mention the software, and he asserted emphatically that the software is illegitimate and that digital rights management had "gone too far".
No it won't be harder for the entertainment industry to create rootkits. You just buy a proper certificate and sign it like any other driver developer. Secure boot does nothing to protect the users from the entertainment industry.
And if we remember what happened the last time that happened when an entertainment company deployed a rootkit. They made it much easier for unskilled malware writers to hide their work. And IIRC it wasn't trivial to remove the rootkit Sony deployed.
That's hardly the point, which is that they can get Congress to bend over backwards for them. Since this piece of legislation is obviously absurd, they'll attempt for something pared down but clearly authoritarian with minimal (non-existent?) oversight.
At this point they're just flexing their muscle to see how much wiggle room they've got. A small part of me wishes votes on legislation were anonymous so our congress-critters would avoid the constraints of having to vote along party lines (and notably their campaign donors' wrath).
I would dare to say this could be a contributing factor to the state of politics and law. Essentially, laws and regulations are bought by the highest bidder.
I think many agree with me that neither religion or money should have influence on direction of politics.
For the anonymity on legislation; No.
Legislation, political- and judicial processes IMHO be 100% transparent.
I can see where you're coming from regarding anonymous voting on legislation, but I'd definitely disagree. It's much more important in my opinion that our representatives are transparent, or else how do we know whether we want them to continue representing us?
It's true that campaign donors have too much influence over the success of legislators, but maintaining a representative democracy is far too important to lose in order to deal with that issue.
I tried to be rational and then I got to the second paragraph of their own brief:
"The second and even more pernicious effect is that illegal theft of intellectual property is undermining both the means and the incentive for entrepreneurs to innovate, which will slow the development of new inventions and industries that can further expand the world economy and continue to raise the prosperity and quality of life for everyone. Unless current trends are reversed, there is a risk of stifling innovation, with adverse consequences for both developed and still developing countries."
They are not stupid. This isn't a mistake. It's Dark Arts. They're trying (quite successfully) to attach the word "theft" to copyright infringement, so that people discuss it in terms of moral intuitions about stealing. 'cause if it is called "stealing" then it must be evil, right?
1. Their intellectual property is not being stolen, it's impossible to "steal" a digital file. Their rights are being infringed.
2. The major thing retarding development of new inventions and industries are the wealthy luddites digging their feet in and trying to extract as much as possible from actual innovators.
Would it also then become illegal to program software that would defend against such software rooting your machine and erasing things that goes against its views of fairness?
It would automatically be illegal to break this spyware (i.e. to defend against it) the moment the spyware itself becomes legal. Since breaking DRM is forbidden by DMCA. DMCA/1201 should be really repealed, as well as any such new idiocy pushed by the DRM lobby.
Just about every Linux kernel version has had some root privilege escalation bug. So long as they can get some executable software on your system (perhaps not easy!) it's reasonable any such bug could be exploited, and voila, they can install a rootkit!
Of course not. But it's easy to maintain a list of public bugs for different kernel versions and also a list of 0day bugs that may have been found, and then exploit the appropriate privilege escalation bug depending on the kernel version.
For an industry as fucking inept as the MPAA and the rest of the copyright cartel, I'd be absolutely floored if they managed to break into a Linux machine.
This is not as unlikely as you may think. All it takes is the right bug in a virtio driver, and they can go from vm-root to host-user, and assuming some level of competence they can go from host-user to host-root. Of course, you're welcome not to use any virtio devices, and you're welcome not to use hardware virtualisation support, but the performance of your guest will not be much to write home about.
Of course it is possible that they find holes, but I consider the odds that they will find holes like that early enough that countermeasures won't already be deployed in a situation where people have come to expect destructive actions from their software on a regular basis to be quite unlikely.
Also OS level virtualization is not the only protection worth using in a scenario like this. Sandboxing at the syscall level (restricting allowed syscalls and arguments substantially) is also highly useful, and if we start seeing a threat from apps that people are expected to intentionally install knowing that they pose a risk, we will see a lot more aggressive security work.
> Of course it is possible that they find holes, but I consider the odds that they will find holes like that early enough that countermeasures won't already be deployed in a situation where people have come to expect destructive actions from their software on a regular basis to be quite unlikely.
How so? People will be expecting their software to contain rootkits, and so there will be tons of people immediately analyzing any new releases.
Given that already when I last bothered with pirated software in the early 90's, serious warez traders were mostly only interested in software weeks before its scheduled release (it was not uncommon for unfinished versions of games to leak), which involved not just getting hold of the releases through leaks or hacking, but breaking any protection, and this would make up the first serious challenge for the warez scene in many years, and this will draw not just the warez scene, but security researchers, as well as a lot of "regular" developers like me who are fed up with these kinds of attempts, they are facing pretty much an army that will be dissecting every release.
Sure, some will slip through for some users, but every single instance will result in new counter-measures, many of which you can expect will cover as-yet undiscovered flaws in addition to just fixing specific issues.
E.g. a logical protection against attempts at attacking faulty filesystem permissions settings is to blanket ban access to the filesystem and whitelist specific files, specific directories, and sanity check all access to them.
For every loss, we will win more robust application sandboxing capabilities, and more people will be motivated to consistently make use of them.
I understand what you're saying, but so far Nintendo 3DS doesn't have any way of playing pirated 3DS games. (DS games are playable on a 3DS now). XBOX360 has some cracks, but these are complicated. Too complex for most people to bother with. PS3 is also too complex for most people. (I think, I haven't really looked hard for this.) I think even PS2 isn't trivial, although I could be wrong and I welcome corrections.
It bothers me. I'm probably wrong, but it feels like we have a bunch of sub-optimal OSs that have security kludged in as an after-thought, built on legacy hampered hardware, with a lot of concentration on "preventing people playing illegal content" (but also strictly controlling what people do with their legal content). There's a kind of arms race with pirates and anti-pirates competing on DRM schemes, and it feels like if all that effort had gone into better directions that we'd have 24 cores at 3.5 GHz and better threading with decent nice architecture.
And I know it's just marketing, and that washing powder (Whiter than white!) has been doing it for years, but being told that my content (which was sold to me as best quality available last time) is now being called garbage and I'm told I need to upgrade. In the past I didn't need to upgrade. I could keep my record deck and buy a CD player and rip those CDs to digital for my streaming media player. But in the future this is not going to be allowed. I'm going to have to buy an extra licence for family use.
Remember when you couldn't watch DVDs on Linux? And then someone wrote DeCSS, which provided decryption of DVD for Linux users.
It'll be similar if this law passes. There's a binary blob for Windows and OSX. It's illegal to reverse engineer that blob. It's illegal to circumvent the need for that blob.
In a more modern version, VM just won't be able to support a hardware-assisted DRM conveniently preinstalled straight into your CPU or video card's firmware.
Hmm. This leads me to the idea. Why care for software rootkits when PCIe hardware may actively screw with the system? Considering MAFIAA already had success with enforcing HDCP on almost every modern video card out there...
I actually just read a book set in 2040 England where this basically happened, they'd created a system where if you tried to remove the hardware the CPU would be dissolved. The book was called "Pirate [something]" I can't remember the exact name but it had pirate in it...
The book is okay, I was kinda surprised at how good he was at keeping the tech believable... still he mostly failed as authors who know little about tech do
Actually, some games do that, as they interpret the existence of a VM or developer tools installed as an attempt to decrypt/reverse engineer the game's DRM. Which would be funny if it weren't so sad.
I'm sick and tired of being in such a lazy-ass, apathetic society that possesses zero regard to freedom.
Stallman may be a nut, but when you think long and hard about what he says, and think about SOPA, PIPA, and this lobby, in horror, your face twists in fear and you watch, helplessly, as your fellow citizens bend over backwards and let the government have their way.
I don't even know what to do anymore. Nobody will lobby against Hollywood; people already gobble up TMZ and are too obsessed with celebrity pseudo-culture and movies and pop music that they won't do it.
We need more activists. And without them, we are fucked.
Yes, he is a nut. In the sense of "no one will ever take him seriously, especially anyone involved in mainstream decision-making, who has ever read anything he has written," which is in this case the most relevant metric. Stallman is never going to be any help here, nor is anyone like him, because any "normal" person -- that is, one that other people won't ignore out of hand -- will ignore him out of hand. This includes politicians, to whom said "normal" people are the all-important majority.
"We need more activists" is bullshit. You think we need more activists? More of those outliers that get lampooned in every media outlet for railing against the status quo? Because that's what activists are to most people: Nuts and/or malcontents.
Of course, my real problem with this statement is exactly the same reason I'm not making it. You think we don't have enough activists? GO BE ONE. If you think they can do any good and you believe that "we are fucked" without them, stop posting on HN, get off your ass, and DO SOMETHING.
Otherwise get back on the bench with the rest of us, because all your whining about mass media and celebrity culture is just that. You can gripe all you want that people aren't doing anything, but as soon as you start telling people what they SHOULD be doing, either you'd better be doing it yourself or you'll have to excuse those of us -- everyone -- who will not take you seriously.
In the event that you actually are interested in backing up your hollow rhetoric: The only way to work this system is from the inside. So start campaigning, or start schmoozing, because while real change is essentially impossible, the only way to mitigate damage is by convincing the relevant politicians that it's in their best interests to do so.
Do you really think that Aaron Swartz, Larry Lessig and the masses of people protesting Capitol Hill last year when SOPA came around didn't make a difference?
They were activists.
Do you really think we'd have so much free/open source software today without the contribution of Eric S. Raymond, Stallman, et al.?
They're activists.
Do you really think that we'd be here today if Benjamin Franklin, Thomas Jefferson, James Madison, and George Washington never existed?
For what it's worth though, Ben Franklin was much more diplomatic and compromising than RMS. RMS would be more like a modern day Patrick Henry, Thomas Paine or Samuel Adams. Though all mentioned parties during the revolution played a key role in the independence of the United States. So I guess one could say it "takes people of all sorts."
The flow of human events isn't bound to individuals. Names merely get played up in the remembering, and the events downplayed. E.g., America was going to revolt regardless of whether T.J., et al had ever been born. Really amazing that a war is misremembered as activism....pass the K-Y.
Not actually true. The colonies could have received the things they wanted had they actually attempted to fight for them (and by 'things they wanted', I mean the things we wrote about England (and specifically a king with little political power at that time (it was all parliament's by that point)) not giving us).
The American Revolutionary War was started because of political activism. They saw a chance to start a new country in whatever manner they pleased, and leapt at the opportunity. Even just a little effort put to really trying to get a voice in parliament would have worked fine, but instead we went and write the bloody Declaration in an attempt to rally support of other nations not really pleased with England (I'm looking at you France), and filled it with rhetoric, half-truths, and blatant lies. Okay, maybe not blatant, but they're there.
Really amazing that a war is mistaught to most American students. Okay, it isn't that amazing, I mean, you're going to teach your country's history in the most favorable light possible, but, still...
I think you're misunderstanding me. It's my claim that any sufficiently profitable colony sufficiently far away from its mother country will inevitably cease to be a part of said mother country. The how is irrelevant.
The how isn't irrelevant, especially when the colony in question ceased being a party of the mother country because of opportunists who thought that it would be fun to start a new country built in whatever manner they pleased. Without our specific set of malcontents the Revolutionary War wouldn't have occurred and the US would have been given a voice in parliament.
That's how the history is written, yes. And how the history is written...is irrelevant. Where are all these profitable, distant colonies with voices in parliament today? Australia? Canada? Technically not sovereign, but they operate as separate nations. No country in the world fits the description of the U.S. you claim would have otherwise been inevitable, and you don't give this a second thought. The oldest truism is the ephemeral nature of Empire. You let your piecemeal study of history delude you.
We need Stallman because he's our extreme figure. He sets the bar for crazy-level. He makes you look like Jimmy McReasonable and your demands look sane.
Crazy doesn't help in the long run and often isn't helpful even in the short run. People exhibit something like an immune reaction to crazy ideas, and develop an allergy to the stimulus. Marxism has scared people away from social policy. Andrea Dworkin types have scared people away from feminism. (When I left liberal Oakland to go to U Chicago for college, I was shocked to hear people say, "I support equal rights but I'm not a feminist...")
The civil rights movement and the early neocon movement are two examples of movements that suppressed crazy elements, and were highly successful for it.
The best thing Stallman could do is improve his outward image from hippy to something less ... hippy. Appearances matter and his, together with what he says makes him, and therefore his message, unpalatable and unrelatable to most people.
We live in a shallow society and the best thing the pro-privacy movement can have are moderately attractive, presentable, glib spokespeople.
I don't see why Stallman doesn't wear something a bit more presentable, like a suit and tie and shave his beard. It looks a little repulsive to be honest.
He was actually a really attractive guy. [1] You can still see he's fairly attractive for a 60 year old under the disheveled hair and beard, and excess weight.
I'm kind of shocked by the extremist label. I don't think Richard Stallman is a nut at all. Eccentric, sure, but only for the unfortunate reality that it is rare for most people to stick with a principle over decades.
Sure, not everybody can be RMS and live the way he does. He's still correct about the importance of values he's staked out and made a lifelong effort to demonstrate and respect. And to the GP's point, when you have content producers arguing they need legalized malware to police every machine, it makes it all the more obvious how much we need voices insisting on user freedom.
> More of those outliers that get lampooned in every media outlet for railing against the status quo?
While I agree it's good for activists to consider how their messaging might be received by various audiences, the fact that media outlets -- and even everyday citizens or presumably otherwise intelligent commentators on HN -- tend to collapse people to caricatures may not be an indictment of activists.
> Otherwise get back on the bench with the rest of us, because all your whining about mass media and celebrity culture is just that.
You've managed to work up a good froth of whine yourself there for somebody complaining about whining -- apparently summoned up to promote the ethic of more quiet frustration.
Even if effective political action can't let its end be posts on a website, it starts with people talking to each other. Maybe even here.
Being right is no defense.
"you're a nut, that will never happen."
"you're a nut, that's not what's happening."
and finally "you're a nut. why does what's happening bother you so much?"
Since there are few corporations that have a corporate interest in "freedom," then the money and resources have to come from individuals.
I'd disagree. The majority of corporations have a financial interest in freedom. Getting them to commit resources to any lobbying effort is the challenge.
Basic economic theory says you're wrong. Corporations don't have incentives to be good outside if their bottom line long-term, the only reason they occasionally do good is due to social or regulatory pressure. For the most part, corporations are going to do what's good for their bottom line without carrying about the long-term effects.
This paper barely even mentions music or movies, and its proposals are for going after foreign entities who steal intellectual property, such as R&D, to develop counterfeit goods.
This is less about going after little Timmy for downloading a movie and more to do with a Chinese firm stealing biotechnology secrets from a U.S. company to produce its own products.
Then why would Hollywood propose that with its own money about an issue it don't care about? Surly it won't mention movie download because it doesn't want to stimulate you. But it will screw you.
What gives you the impression that Hollywood is behind it? The BoingBoing article completely misrepresents what is in the paper, so I would not be surprised if they got that part wrong, too. Have you read it? It proposes protecting American companies from foreign entities stealing our technology and using it to develop products.
Here are the members of The Commission of the Theft of American Intellectual Property, the commission that authored the paper:
Dennis C. Blair (co-chair), former Director of National Intelligence and Commander in Chief
of the U.S. Pacific Command
• Jon M. Huntsman, Jr. (co-chair), former Ambassador to China, Governor of the state of Utah,
and Deputy U.S. Trade Representative
• Craig R. Barrett, former Chairman and CEO of Intel Corporation
• Slade Gorton, former U.S. Senator from the state of Washington, Washington Attorney General,
and member of the 9-11 Commission
• William J. Lynn III, CEO of DRS Technologies and former Deputy Secretary of Defense
• Deborah Wince-Smith, President and CEO of the Council on Competitiveness
• Michael K. Young, President of the University of Washington and former Deputy Under Secretary
of State
At this point, does it even matter? This lobby still has the backing of the entertainment industry, and it doesn't matter if it's stolen IP, trying to create an exemption for installing rootkits on remote machines is the entertainment industry's dream.
I don't even care what the true intent of the lobby group is. Once in effect, the laws will hit little Timmys, perhaps with a little help of outspoken lawyers painting Timmy as evil as a Chinese spy.
The "three strikes" was intended for violent criminals, not little Timmy who smokes a joint with his friends. Guess how that turned out.
Did you read the paper or just the BoingBoing article? The part about the rootkit and active network defense referenced by the BoingBoing article come from chapter 13 of the paper, which deal with targeted cyber espionage attacks. If Timmy is the target of that section, then Timmy has bigger issues to deal with.
>and its proposals are for going after foreign entities who steal intellectual property
No it isn't. The proposals are for going after anyone who attacks American corporate/government systems, including Americans themselves. The report spends much time waxing philosophical on int'l contributions to IP 'theft' -- specifically China -- but nowhere does it restrict jurisdiction to foreign entities.
As laid out the commission seems to want broad application here that plausibly could allow use by consumer entertainment companies. The problem there is that while you don't think consumer entertainment seems important enough for companies to bother protecting, consumer entertainment companies do. So it while you'd only bother securing Important Research Co. with genius solutions like rootkit-as-a-feature, Big Music Corp. is going to do it to little Timmy's copy of a Biebz single.
People use Skype because there's no clear alternative (maybe work on Jitsi... It still needs a server for the good stuff). People use Facebook because there's no alternative (maybe work on RetroShare). People let their government tell them what to do because they think it's better than anarchy (maybe work on a political Kickstarter). Copyright enforcement against BitTorrent users has gone into high gear because BitTorrent is good at sharing but weak in anonymity. Fix that. Don't make tools to break laws, just make tools. Write software to empower individuals and make institutions unnecessary and you won't have to spend as much time cleaning up after institutions and the egos that run them when they get carried away.
Promoting open-source software as a way to counter spyware, and general activism, is better than nothing, but the best way to change the world is still to invent it IMHO. (Just don't throw yourself on the fire unnecessarily either... Bitcoin's author was wise to keep his identity out of it.)
I love to write software, but unfortunately, I don't think that will solve the problem at hand, which is the MPAA's DRM lobby. They have millions and millions of dollars' worth of support behind them.
What's a few hundred hackers to a huge industry? If we want to really make a difference, we need all the support we can get. Perhaps even start an organization to lobby against the MPAA/RIAA similar to what sinak has done, but with far greater support.
How many times will this happen? People must wake up.
We need more activists. And without them, we are fucked.
You can change the system from within as well. While it is impractical to go out and run for President and hope to win, one of the things I hope the current crop of young adults will see is that they have the power to become the system and change it. First build a resume in public service (city council, county supervisor, state representative) then use your training to help you and your fellow revolutionaries move into a position of power and change.
One of the saddest things is that the folks in power have convinced the youth of America that they are powerless and nothing can be done forcing them into acts of "activism" which allows them to be identified and eliminated.
Perhaps an example that doesn't resonate with you but has been doing what your compatriots have not, is the Tea Party. These folks have shown you that it isn't about dominating the world, its about setting a theme, recruiting to your cause, and then using the institutions that are in place to allow you to affect change, to work for you.
I didn't mind what you said until you brought in the horrible example of the tea party. Even ignoring its political message it was pretty much all astroturf, pumped up and hyped by established players. A few election cycles later it's pretty much gone.
I appreciate that the example can be distasteful. However, I have looked into the astro-turfing dismissal argument as well.
Generally, astro-turfing (the use of a PR engine to create the appearance of grass roots support) is designed to get a candidate elected (or issue passed) that favors the money financing the campaign. We have seen a number of these in California and there has consistently been a strong correlation between benefit and later funding source analysis.
However, some really earnest but ineffective people were elected under the guise of the 'tea party'. Much to the disgust of the Republican Party power infrastructure (the speaker of the house cannot count on all of his own party's votes for that reason). Generally, power interests that are trying to manipulate the system don't throw random people into the mix like that.
My conclusion after looking at the folks who were elected that way is that a large number of them, perhaps the majority of them, were elected by people fed up with the system and not an interested third party.
But lets set that aside for a moment. Lets say you and your friends can get elected to city government. If your city runs well, and you don't put up with the baloney that sometimes passes as politics these days, you can parley that into county government. And that into state government. Assuming that you are good enough to learn the skills you need to make that trip. It can take you 6 - 10 years to go from city supervisor to state representative. Once enough people around you know who you are, you can chose to focus on local elections or national ones.
The starting point though is that in order for this to work someone with the idea of doing public service to serve the public and not their own interests has to step forward. Waiting for someone else to step forward has never been a good idea, either seeking out people and supporting their efforts or putting your hat in yourself are the workable choices.
> the speaker of the house cannot count on all of his own party's votes for that reason
This is diverging from your original point so I won't push it too hard... But you don't think this has more to do with the larger trend in GOP members of congress over the last few decades? There has been a pattern of primary challenges against moderates for some time; it did not start with the 2010 election, it was only slightly re-branded and allowed to have a majority after a 4 year hiatus.
I'm not sure we need be this terrified. Gear-heads made similar claims about freedom as cars became more complicated and less user-serviceable. But you know what? While cars have their issues, and are indeed now more difficult to service, they have continued to get better- a lot better. The last totally user-serviceable cars were made in the 60's and early 70's. Many of the improvements come from improvements to manufacturing, but the sophisticated electronic control systems are integral.
Now, the internet is of course not an automobile. But my point is, batshit insane legislation aside, perhaps maintaining the maximum amount of freedom is not as valuable as we think? I'd hate to be stuck with late 60's cars.
Your analogy is completely flawed. Automakers aren't putting root exploits in vehicles that allow override by the government when it detects you're going to an "unauthorized" music dealer.
And are late 60's cars really that bad? There weren't any of the fallback mechanisms we take for granted, such as airbags, so people drove better. Styling is questionable, but many cars on the road look and drive like bloated, lifeless wagons. The cars were actually fun to drive...
Maybe I'm being romantic about 60's vehicles, but if you care to argue, please do so.
I probably wasn't clear enough, but I wasn't trying to compare cars to rootkits. I agree this rootkit thing is ridiculous. Rather, I was thinking about the general idea that ordinary Joes ought to be as worried about freedom as we are being.
Late 60's cars are not horrific or anything like that. But be realistic- the performance, longevity, emissions, driveability, and weight of engines have all come a very very long way, and in my personal experience a multitude of other characteristics have made leaps and bounds as well, such as suspension- though that is mostly just more sophisticated now, rather than more electronic.
We should absolutely be more worried about digital rights and freedoms, because freedoms with your car are already pretty well secured. You can loan it to a friend, you can sell it, you're allowed to take it apart and mess with it on your own property, you can publish manuals on how to take it apart and mess with it without fear of legal action, the manufacturers aren't going to add a camera to watch your every move, etc.
And there's no equivalent of manufacturers selling a car such that it is impossible for you to swap out parts unless Microsoft has signed them.
In this increasingly digital world, many people are going to be totally beholden to Microsoft, Apple, et al in terms of what software they are allowed to install on their devices. In certain cases they are already constrained by the ideology of one provider. This should frighten you. And it's even more frightening that we can already legally prevent people from altering the software on their own device to make it behave as they wish.
In sum, your car is never going to refuse to take you to an adult bookstore, that's why it is different.
"...there are increasing calls for creating a more permissive environment for active network defense that allows companies not only to stabilize a situation but to take further steps, including actively retrieving stolen information, altering it within the intruder’s networks, or even destroying the information within an unauthorized network."
this is actually way worse than the headline indicates. the crazy bastards want the legal authority to actively exploit other peoples computers and "take back" information from it. they want the ability to re-write the world.
it would be pretty frightening that digital media companies were unaware that you couldn't "retrieve stolen information" from computer systems, except no other company seems to know that this is actually impossible so it's just kind of de regueur.
I want to say that this will of course go nowhere because the legislatures support of far weaker measures (like CISPA) is lukewarm, but then again this is the group that brought us the DMCA. it would be especially ironic if the MPAA was more empowered to use computer hacking to protect popular music from theft, than technology and national defense companies trying to protect national defense information and private consumer information.
A problem now which is more frightening (I can secure my network from the media companies, not worried about that one bit) is the remarkable number of companies with known security problem that won't and don't disclose it. Going on the offensive should be illegal unless they can disclose damages which justify it and then their customers can sue.
I don't see this happening in a healthy world, defense will get much much better much more quickly if it was to be legal though, ultimately it would involve violence though.
> there are increasing calls for [...] that allows companies [...] actively retrieving stolen information
They are still living in the last century, and think that if somebody steals something from them they can take it back. They have yet to grasp what this 'digital media' is.
They grasp it alright, but they haven't figured out how to monetize it properly yet, especially compared to their established physical business model, which already has all the infrastructure in place, and they are trying to exploit to the very end.
DRM lobby must have started smoking some heavy stuff. It's not enough that they insist that breaking DRM is illegal, now they want to make spyware DRM to be legal. True intentions revealed. The next - they must be deploying the Watchbirds.
DRM by definition implies weakened security and privacy for the end user. DRM was never about security, it was always about satisfying their bottomless desire for control. DRM already has a history of using rootkits and etc. These lunatics just want to make it legal in order to create another protective legal wall around DRM (with current being DMCA).
This is not going to go where they think it will go.
Right now their enemies are just pirates wanting to watch Game Of Thrones for free. A business threat, certainly, but one they're generally handling well.
But start infecting people's computers, and a portion of them are going to fight back. Then the entertainment industry has enemies actively trying to destroy their systems.
A whole different level of conflict, and one which I am certain they are not prepared for.
Never go for an escalation you don't need and will hurt you more than it hurts them.
1) Anonymous/Lulzsec aren't necessarily a best-of-the-best of the 'hacker world.' Do they want to raise the ire of even more skilled people?
2) Anonymous/Lulzsec are/were in it mostly for the publicity, and 'cheap thrills.' I'm sure that they could have done a lot more damage had they been focused on being as malicious as possible.
Number 1 is a very good point and something those companies should keep in mind. Anonymous/Lulzsec are basically like children in terms of what they could do. Very skilled people could do substantially more disruption and damage.
If I ever find a rootkit on my system stemming from a company that thinks they can do stuff like this, and it is legal, it is to a demonstration that the law is not worthy of any respect any more, and that it is time for war. And given the resource discrepancy, the only way of fighting back against companies like this would be to cause vastly disproportionate amounts of damage. I'm sure getting rootkits into their networks wouldn't be all that hard.
If I ever find a rootkit on my system, that OS gets binned permanently, no questions asked. I have a zero tolerance policy for who's system my computer is: it's mine. Not the US's, not Law Enforcement's, not the MPAA's, not MS's. If it achieves sentience, fine, it can be it's own; until then, any OS which fails to understand this arrangement (that a secure OS means that only I and system services (Windows Update, various package managers and their delegates) install software...third parties are not allowed), will be binned. If I can't trust my machine to have my singular best interests at heart, I cannot work with it; multiple tethers, trojan rootkits, superseding accounts with permissions higher than my own...these run contrary to my designs, and make it difficult, in the very least, to know when a problem is being caused by them, or by me. Plus I despise being spied on; if I'm going to put on a show, I'm going to get paid for it (no freebies).
I am more and more disturbed with the way OSs are going in general. They are...slowly removing usefulness from themselves, making it hard for admins to work with them, and adding on crap, like Windows Store...which is not needed. It's starting to feel like the computers I work with are...owned by someone else...which means I will start caring for them a lot less. The least of things which currently bothers me are the cross-threading errors which seem to appear in Windows 7...why have these not been fixed?
This is a big part of the reason I moved entirely over to Linux and don't even have a token windows box anymore. When I absolutely need to run a windows app (Photoshop, or some MS Office crap that doesn't render properly in LibreOffice) I run (licensed) Windows 7 in a VM, where it is contained and constrained.
All the windows only applications I used to use for fun and hobbies (games, music apps) I've either found Linux replacements for (I basically buy the Humble Bundle whenever it looks good), or I simply do without. I would buy Linux applications for these functions if they were available AND the applications were sane, cross-platform developers sometimes try to treat your Linux box like its an MS box (wanting to put files all over the place etc) which is unacceptable.
We simply cannot trust MS or Apple. At least in the Linux community there is a strong culture of transparency, privacy, security, and freedom.
It's not down to the OS or OS vendor. Most rootkits are exploiting bugs, not intentional backdoors, and many of them are exploiting bugs that are not in the OS but in third party applications.
E.g. a common approach is to look for common third party applications that require admin/root privileges for some part of their functionality, and look for ways of tricking them into executing your code (via e.g. buffer overflows, or by finding ways of modifying the configuration with lower privileges).
So unless you never install third party software, you are potentially vulnerable even if the OS is flawless (and it isn't - no matter which OS you pick).
> Right now their enemies are just pirates wanting to watch Game Of Thrones for free. A business threat, certainly, but one they're generally handling well.
A reasonable point, but I think their argument about "we won't allow seeing GoT without a cable subscription" still is incredibly short sighted.
It lets them make money in a way they understand now. I would very happily pay them money straight up, but since I'm not in the US, it's not really about wanting access to free stuff - it's about access to stuff in the first place. They would lose money on setting up such a system in the short term, sure, but they are only delaying the inevitable - that such a system is what is required if they want to compete with bittorrent in the long term.
The problem is, it's the short-term that matters on quaterly reports and that moves you up the corporate label. Long-term changes take too long to benefit those who introduced them.
I want to watch Game of Thrones and pay for it. I also want it available within a day of it's original airing and without having to buy cable or a TV. Charge me for HBO. Just don't make me wait a year before I can buy the video. You can even make me buy the HD version when I only want to pay for standard definition.
Season 3 isn't out on itunes in Canada at all yet. The only way for me to watch Season 3 is to subscribe to the $100/month + $20/month cable package that carries HBO.
There's a way to trick your iTunes into thinking you're not in Canada. All you need is a second account and a gift card situated in the US. (I've seen people in the US use this trick in reverse to get BBC shows in America without pirating them.) Granted, it's retarded (and potentially still illegal) that people should have to do this in order to pay for content rather than pirate...but the option is there.
I'm not setting up umpteen different itunes accounts to try to give you my money. The whole point of paying for something is that I provide the money in exchange for the product. Why should I jump through hoops in addition to that?
There are easier options if I care. But to be honest, right now I don't.
It is interesting, I don't think it will actually help them much. If you have Foxtel already you can likely get the whole of showtime for around the same price your paying on itunes for Game of Thrones. (While the season is going and there are day 4 eps a month.)
Not sure they are going to convince people that don't have Foxtel that they should pay $60+ a month for the service purely on the back of Game of Thrones.
Especially since the only part of the market they can hope to capture with this move is "people who already pay for game of thrones legally over itunes". I would think that most of those people also know how to torrent but choose not to and foxtel just pissed them off, I doubt they happily switch services.
I just checked. You can't buy Game of Thrones season 3 via iTunes in the USA, but it looks like you could buy it in Australia. I tried buying an episode from the Australian iTunes store, but no luck.
The movie and music publishing businesses are tiny compared to the telecom industry. It amazes me that they are able to get such proposals taken seriously.
This is beyond wacky in light of serious security threats from both organized crime and foreign governments. The same machines they want to root to check on your music and movies are used for serious work in industry and government.
Frankly, this might be the sort of kick in the ass people need to start writing more secure software. Who wants their software to be known as the MPAA's attack vector?
On the other hand, I suspect that the MPAA would be in for a world of hurt if they did this. They would not only be dealing with file sharing, but also a coordinated campaign by blackhats to take down their systems, boycotts organized by the EFF and the like, lawsuits from companies whose employees brought rootkit infected machines on the corporate network, etc.
This has little to do with the entertainment industry. This is dealing with intellectual property such as research and development.
They are trying to protect U.S. companies from having their R&D stolen and used by foreign companies, calling for sanctions via the FTC and by amending the espionage act to go after those who steal trade secrets, for example. The whole paper is on protecting the innovations developed in this country from being copied by foreign entities without repercussions, and when viewed in this light, the proposals are not that crazy.
I recommend reading the paper directly, as the BoingBoing link completely misrepresents it.
Thank you for pointing this out. I was looking for which specific entertainment firms to blame, and found "The National Bureau of Asian Research" instead.
Rootkits are a thing. They're neither good nor bad. That value is supplied subjectively within different contexts, no?
Would I want the RIAA/MPAA to install rootkits in media files that are distributed to customers? Absolutely not.
Would I want the ability to install rootkits in engineering schematics and documentation that are never intended to be distributed outside of my organization and are only activated in cases where data theft has occurred? Absolutely.
I would also want the ability to shoot anybody I dislike at will, but make it so no one else would have this ability. But fortunately for our civilization, it is not rules by what I like. That's why if you suspect somebody stole a car from you, you can not just make it blow up - you have to call the police. If you suspect somebody stole a software from you, should you be allowed to blow up their computer? In the same vein, definitely not. In the light of abundant copyright abuse we are witnessing now, I am astonished to see anybody even considers this idea to be sane.
Based on your comment, I can see that you have not read the paper. The section with rootkits is about thwarting active, targeted cyber espionage. Organizations should have the right to protect files on their own networks by any reasonable means. They are not proposing a mechanism by which organizations would be allowed to distribute rootkits.
I certainly have the right to disable my car remotely if it is stolen. I also have the right to lock the doors and take pictures of the assailant who stole it and send them to the police.
Is it kidnapping when doors lock in robbers during bank robberies? I believe that it would be covered under citizen's arrest common law and statutes. Generally, a private citizen has the right to make a warrantless arrest during or after the commission of a felony or during the commission of a misdemeanor.
I doubt you have the right to cut off the engine while the car is being driven. Also in the example cases you mentioned you have the right to do something with property that is legally yours. The problem comes in the fact that someone else's computer is not your property so no you should not be allowed to install rootkits and take control of their computer. The best example of what your talking about is DRM which is already legal.
Sending pictures to the police is not the same as disabling the whole system on the suspicion of illegal access. Especially that copyright trolls' opinion of which information belongs to them may be very different from anyone else's, to which we have seen a lot of evidence. So I wouldn't want to have my comp locked up because some media company decided it absolutely needs to install rootkit on my machine to watch some legit movie I paid for and later that rootkit thinks I've downloaded some files to which they hold copyright. I appreciate that they would like this power very much - as they probably would like the power to conduct searches without a warrant or imprison and fine people on mere suspicion, without tiresome process of trial. That would indeed make punishing criminals and fighting crime much easier. The only thing that prevents it is that people have rights, and I'd very much like to keep them, even if it inconveniences some companies a little. I'm not living for their convenience and at their pleasure, so they'd have to find some other ways to protect their interests.
Sure, I agree entirely. However, is that what's being advocated here, by parties concerned by such a thing? If so, the headline is incredibly misleading.
A major problem with this is liability the first time this causes major damage to systems because the rootkit had a bug or because someone in your organization legally redistributed the data outside your organization, with approval, but without realizing the consequences.
Especially as it is unlikely this would affect serious criminals: If tech like this becomes common, then nobody sane would open stolen files without ensuring it was done in a self-contained environment and with software that ought to be unable to execute any of this crap. It will be trivial to stop for all but people who are unaware.
You are arguing a different point, but I do agree with you. I am not arguing that the ideas are necessarily effective. I am just pointing out that the BoingBoing article is wrong about many points.
The proposals that allow select private companies to deploy destructive software which would land other people in jail very quickly is that crazy. Notion that it is somehow OK to kidnap my property because somebody thinks I owe them some money is that crazy. We have courts and due process for that. We can see how they are abused by copyright trolls (see Prenda Law case, for example, but there are many more). I can't even describe how much more abuse will be invited if cyber-criminal tactics would be made legal for them. It is that crazy and more, and no amount of moral panic about supposed foreign spies who steal all our R&D can justify any of it.
"Informed deliberations over whether corporations and individuals should be legally able to conduct threat-based deterrence operations against network intrusion, without doing undue harm to an attacker or to innocent third parties, ought to be undertaken."
"he Department of Homeland Security, the Department of Defense, and law enforcement agencies should have the legal authority to use threat-based deterrence systems that operate at network speed against unauthorized intrusions into national security and critical infrastructure networks."
Apart from the proposal that starts "In the future..." and ends "The Commission is not ready to endorse this recommendation", that's as crazy as it gets.
-------------
edit: after reading the boingboing article I see it's about 20 words and two out of context paragraphs.
The first paragraph specifically states that "such measures do not violate existing laws on the use of the Internet." It is simply recommending this as a measure to protect corporate IP, not as something that should be changed.
The second paragraph is immediately followed by noting that such actions are currently illegal, and then recommending deliberation on whether it should be made legal.
I'm not a lawyer but I suspect locking somebody's computer up does violate the laws, as it is an unauthorized access to a computer system and a property damage.
>>> that's as crazy as it gets.
Not really. If you read recommendations on page 81, it does not explicitly endorses, but consistently hints at the law as inadequate in areas where it prohibits discussed offensive techniques. See "second" and "finally" parts where it does not explicitly says the mentioned tactics should be allowed but again strongly hints the changes in the law should be made, and implies allowing such methods are those changes.
Maybe we have a different understanding of how this would work. My understanding is that the malware would not be deployed to remote computers. Rather, the malware would be embedded in files that were never meant to be distributed outside of your network. You are either in possession of those files or not, and whether someone believes that you have them or that you owe them money is not really relevant.
The issue of IP theft is not simply moral panic. There are national security implications, as we saw in the Chinese attacks on defense contractors.
(Not that I believe that embedded rootkits would have been helpful or anything)
Does it say anywhere how deployment would be restricted? Even if it's the case, it's both dangerous (I could easily imagine this getting deployed by accident because a contractor set it wrong) and one hell of a slippery slope.
It is perfectly legal for the entertainment industry to deploy rootkits.
What you decide to put on your computer is up to you. If someone wants to put something in the software, the agreement is between you and them. So long as they disclose what they are doing, it's not like anyone reads the those agreement contracts on the internet.
A company that deploys rootkits, then survives class actions and angry consumers? Not likely.
When I read those excerpts from this report, I assumed it was written by some extremist lobbying group that doesn't have any real power. Then I read this statement from Congressman Mike Rogers (Chair of CHPSCI, House Permanent Select Committee on Intelligence):
“It is already clear to me that this report is going to make a very important contribution to the discussion about the grave danger that IP theft poses to our economic well-being. In particular, all should carefully read what the report has to say about Chinese economic espionage. I heartily agree that Congress and the Administration need to act quickly to help American companies defend the hard work and innovation that is the life-blood of our economy. That must begin with getting cyber information sharing legislation signed into law."
The cognitive dissonance involved in playing up the "Chinese economic espionage" threat while simultaneously supporting a move to legally make everyone's computers less secure is astounding.
When put in context, this is hardly surprising. His wife was recently the CEO and vice chairman of Aegis, LLC, and is now a high-powered lobbyist for Manatt [1].
Straight from her biography:
...she focused on business development and new-market-entry relationship building for Aegis LLC and the worldwide Aegis Group, drawing on her established global network of relationships with key stakeholders in U.S. federal civilian, defense and intelligence agencies, foreign governments and leading private sector companies to pursue and secure new business opportunities in Latin and South America, the Caribbean, the Middle East and Africa, and to land U.S. defense and intelligence contracts. [Ibid] (emphasis mine).
She presumably still has equity in Aegis Group.
Playing up the Chinese espionage threat plays well with her key stakeholder relationships, and making everyone less secure certainly opens up new market opportunities and brings more visibility to defense services.
Rogers' agenda is just to influence the legislative process to line his own pockets. Business as usual in Washington.
I do trust pirates more. I get the media I want in whatever format that I want it. I get it on time, several minutes after it airs. There is no DRM on it so I can use it with my home theater setup without any complications even when my internet goes offline. All I want is a site that lets me pay a reasonable amount of money for a television show or movie and download it in whatever format I want with no DRM. I want to give the creators and the actors money, but I refuse to do it in a way that harms me, or my access to the material I bought for doing so. That is not going to happen anytime soon, so for now I continue to trust the pirates more.
>> But start infecting people's computers, and a portion of them are going to fight back. <<
I already fought back. I don't watch movies, nor TV. No cable, no Netflix, no movie theaters, no nothing. Fsck 'em.
You want to do the same? Stop watching their lowest common denominator tripe and read a book or make something up for yourself. When they have no money they'll go away. And what will we have lost? Wasted hours sitting in front of their junk.
I am much better entertained reading and writing on reddit and here. I don't open TV any more. Rarely go to movies. I probably only watch 5 or 10 Hollywood productions per year any more.
Fuck'em. They don't deserve our attention. I prefer a free culture of exchange to a centralized culture of consumption.
I kind of hope this happens, just to increase the demand for real security. In the short term it would make things worse, but in the long run we'd end up with market pressure to give individuals control over their own resources (both protection from corporate control and from incompetent implementation).
Sandbox everything, in effect. I already have a dozen or so different VM's for different types of projects mostly because it's easier to reproduce environments that way, but if there was even a remote chance of something like this, I'd sandbox every untrusted app.
I use only legitimate means to consume entertainment right now, but shit like this really makes me wonder why I should let them use my money to take away my freedoms.
What qualities do people look for when buying movies and music?
1. The content they want.
2. Quality (i.e. resolution, bitrate, etc.)
3. Reliability (it actually plays)
4. Low annoyance (no ads, warnings, etc.)
5. Safety (guaranteed freedom from malware, etc.)
The movie and music industries haven't done a perfect job of delivering #1-4. Region coding means the content users want is frequently only available through pirate channels. Lower quality releases (DVD vs Bluray) are also often all that is available in some regions. Bluray is not reliable if users don't keep their hardware/software up to date. Nearly all DVD's and bluray discs on the market are utterly infested with annoying advertisements and warning screens.
#5 was the one thing that legally purchased media had an undeniable edge in over pirated media. If users lose trust in the safety of legally purchased media they will be driven to piracy in unprecedented numbers.
It is tempting to give RIAA and MPAA the rope to hang themselves with, sit back, and laugh. However, let's not forget that every piece of code they write and every root-kit they successfully deploy will soon be taken advantage of by black-hats, quite probably in ways that will cause damage to systems completely unrelated to media playback of any sort. The only way I can see to let the MPAA/RIAA proceed is to require them to post a significant bond (in the billions) to pay for damages their rootkits will cause. Managing how damages are going to be awarded is going to be a legal nightmare though, since this will not affect only U.S. systems and citizens. If the U.S. permits this, I sincerely hope other nations hold the U.S. government responsible for damages, so the U.S. had better make sure Hollywood is ready to foot the bill.
#5 Safety (guaranteed freedom from malware, etc.)... was the one thing that legally purchased media had an undeniable edge in over pirated media.
Disagreed. Sony rootkit was on the legally purchased media. DRM on streaming services can do all kind of stuff without users consent. DRM built into hardware with cameras can do even weirder stuff (just note the crazy DRM idea patented by Microsoft regarding detecting the people in the room). Since DRM is a black box, you never know what it can do. There is completely no reason to trust that it will respect your privacy and rights. Therefore DRMed media has no edge over pirated media at all.
Safety requires transparency (for the user), as well as trust in the used technology. DRM by its very definition is non trustworthy and non transparent, it's the antithesis of that. It's totally opaque precisely because it attempts to hide something from the user. Because ironically, DRM proponents don't trust the user! User is treated as potential criminal by default. How can users in situation when they aren't trusted, trust the DRM vendor in return? They can not, and they should not! Trust can be only mutual. I.e. DRM always implies something shady and risky. DRM proponents should be treated as potential criminals by default in return. And what do such criminals usually hide in their code? Malware.
I think that was the OP's point really. But you're right in that it has already happened with DRM - rootkits are just the natural next step in this direction.
"It has already happened" means it was discovered. Since DRM is by definition obscured, we don't know what wasn't found. Insecurity and malicious code is to be expected from it. Their attempt to legalize it only reveals their original intentions.
Yeah, but it's relatively restricted right now, to the point that the vast majority of consumers have no idea it exists. If this is enshrined in law as a bona fide policy, it will become much more widespread - perhaps to the point that Joe Public notices.
I think OP was talking about average-Joe's understanding of safety. The "if I buy original version, it won't have viruses on it that break my computer". This is true so far, DRMs or not, and people trust legal media. But the moment this trust gets broken, there will be little reason to go to shop instead of Pirate Bay.
Actually, there's been at least one instance of legally purchased media installing spyware, the Sony rootkit scandal that's already come up in this discussion:
Yeah, and there are lots and lots of instances of illegaly gotten media installing spyware. You don't need a perfect track record to be the safest option.
My point was that such trust is misplaced and baseless. Since the distributors of the original DRMed media don't trust the average person (thus the DRM), there is no reason to trust them in return (and even are reasons not to trust). Though most people just don't realize it.
> It is tempting to give RIAA and MPAA the rope to hang themselves with, sit back, and laugh. However, let's not forget that every piece of code they write and every root-kit they successfully deploy will soon be taken advantage of by black-hats
Wouldn't it be the opposite? Like a free pentest? Malware they come up with would be widely available (included in the price of any movie) for dissection.
BTW Next release of Qubes[1] will need an "entertainment" AppVM.
> However, let's not forget that every piece of code they write and every root-kit they successfully deploy will soon be taken advantage of by black-hats, quite probably in ways that will cause damage to systems completely unrelated to media playback of any sort.
It will be stupidly easy to execute; if the malware shuts down computer when it detects illegal download, the only thing an attacker needs to do is to trick the computer/user into downloading illegal content. And that's it. Though this simple trick doesn't let them steal data or take control of the computer, there are many uses an attacker can find for just killing the machine. Blackmailing, social engineering, or just disturbing some crucial business operations. I can even imagine 4chan folks trolling people like this for fun.
4chan yes, but remember most black hats are operating for profit. They don't want to shut down your computer. They want to root it so they can use it in their botnet, or maybe log your passwords and credit cards.
You're right, though there is some profit in shutting down computers. Even right now there's a proliferation of ransomware[0] [1] that locks out machines. I've removed several of those from computers in last two years and even once been paid to do this.
Moreover, if computer-locking DRM malware becomes commonplace, a market for cheaper-than-police unlocking will emerge, with incentives favouring hacking the DRM to then earn money on fixing it.
I believe that the content industry is relying on a sufficient number of people still finding it easier to buy a DVD/Bluray rather than pirate. For technical people, pirating is already sometimes more convenient for reasons that you stated.
There is also a
7. Ethics
Some people do not find pirating ethical under any circumstances, and will inconvenience themselves to avoid it.
Some people also think using animal products isn't ethical and inconvenience themselves to avoid it. But you probably don't want to build a mass market business on that.
For the record, I don't pirate music anymore. Spotify has made pirating too inconvenient.
Seriously? Theft, Assault, Civil Liability etc.. I think there's a significant overlap between Ethics and Law. Our systems of laws are based on the work of philosophers studying ethics, of course there's a huge overlap
There's also offshore tax havens, political action committees, and patent trolls. Some unethical things are legal.
There's also underage sexting, media piracy, cryptocurrencies, and marijuana. Some things aren't globally agreed upon as ethical or unethical, but the law still attempts to address them.
people create laws to enforce ethics, but ethics and laws and law often don't overlap because law gets tinkered with less than ethical people and one man's justice is another man's horror.
Aw, come on, don't sound like a troll. Don't argue for the sake of arguing. THere is a big overlap between ethics and laws. Just because some items don't overlap doesn't warrant such a statement.
> Some people also think using animal products isn't ethical and inconvenience themselves to avoid it. But you probably don't want to build a mass market business on that.
Vegan products are mass market commodity goods like any grocery. Just because vegan goods consist of a smaller slice of all grocery and food sales doesn't mean you'd be a fool to make a business out of it.
Point. But I don't think the MPAA and RIAA are after the market of "people who find it more unethical to pirate than they find it inconvenient to consume legally"
But people don't listen to music to benefit the artists (even when they purchase a CD or whatever) -- they do it for themselves.
Artists make the vast majority of their money on tour, which is more or less unrelated to the choice of distribution channel, except that a more prolific channel results in more people attending a show.
That point is brought up often, but don't forget that while touring might work for your average indie rockband, it's not as easy for obscure ambient, experimental musicians. Music that is primarily intended for home listening is a lot harder to sell as live performance.
Again, I don't intend to offend the users of those services - just saying that Spotify, rdio and co. alone won't work for many artists.
Absolutely, and many smaller artists and indie labels chose not to offer their catalogue on those platforms.
I didn't intend to offend the users of streaming services. I subscribed to rdio myself, only as a tastemaker though - I still buy a lot of lossless music.
Gabe Newell of Valve Software has famously said that piracy is a distribution problem, and I fully believe he's right.
> “The easiest way to stop piracy is not by putting antipiracy technology to work,” Newell said. “It’s by giving those people a service that’s better than what they’re receiving from the pirates.”
Steam single-handedly killed even the temptation to pirate games for me, because it's ridiculously convenient to just fire up Steam, click a button, and have the game delivered to my desktop at multi-megabit speeds without any obnoxious DRM getting in the way of me being able to play. Pandora, Spotify, and most recently Google All Access make music piracy a complete non-issue for me, because I don't want to have to spend time chasing down a song or even futzing with iTunes - I just punch something into search and it's playing. Netflix and Hulu provide so much content that I can't watch all of it - while they don't always have the most recent content, they have a lot of it.
Provide me a service that is a. affordable (Steam Sales and $8/month for movies or music are excellent models here, content folks) b. convenient (click button, enjoy content), and c. reliable (no explanation necessary) and I won't have any incentive to pirate content.
I'm convinced that the people who can afford stuff but pirate it anyway do so because of distribution problems in getting that content legally. The people who pirate stuff who can't afford it, or wouldn't buy it if they can are arguably even a net benefit - they aren't lost sales, but they increase the reach and visibility of the product. In either case, it's not really worth worrying about them (though the studios sure do love to gripe about them as if they're all lost sales), which leaves us with one very easy solution - have the best distribution channel available, and people will pay for it. At that point, piracy is about as solved as it'll get from an economic standpoint.
If "they" are both the planters of the rootkit (taking over the computer) and the ones claiming to be wronged, looking for recompense, doesn't this create an unreconcilable conflict of interest as well as a worthless chain of custody for evidence of any wrongdoing? What would stop them from simply taking over computers, planting evidence and profitting (extorting) hugely?
I would think that once my computer spends any length of time not under my direct and exclusive control, I would no longer be solely liable for any actions that may have been taken with it. There would be huge doubt, no?
There is no way this will ever pass, this is the most ridiculous sounding proposed legislation I have ever heard. You think SOPA is bad if something like this were to ever be passed theoretically of course, you can bet the world would be a sad, dark place to live in.
There are consequences to this kind of thing and many things to consider. I mean imagine if hackers somehow managed to find a security exploit in the malware the entertainment companies are forcefully installing on peoples computers? Ransomware one minute, botnet the next.
"...you can bet the world would be a sad, dark place to live in."
I suspect $world = USA here. The chances of anything as daft as this happening in Europe are small. Some European countries already have taxes on blank media/contributions to copyright organisations. Australia and Canada had court action against Sony last time this was tried.
UK politicians do persist in trying to pass legislation allowing monitoring all communications in UK, but we all know how effective that will be.
268 comments
[ 1.9 ms ] story [ 178 ms ] thread"MPAA told Congress that they wanted SOPA and knew it would work because it was the same tactic used by governments in "China, Iran, the UAE, Armenia, Ethiopia, Saudi Arabia, Yemen, Bahrain, Burma, Syria, Turkmenistan, Uzbekistan, and Vietnam."
When do we treat this sort of nonsense as a threat, ala the Boston rapper. If I announced a business model of selling something for $0.99, but claiming its real value was $150K and then using the millions of dollars of "damages" to justify rooting through your computer, I'd have the police called on me. So why doesn't this extend to the real criminals in our society?
I doubt they'll get this, but they need to be kicked for even asking.
That's actually the fundamental problem in democracy - the assumption that everything is up for grabs if you win some popularity contest, and that there are no limits on how often you can ask. If I asked if I could do something horrible to you, you'd say no and move on. If I ask your government I just keep doing it until fatigue or human error on your part lets me win.
Lobbyists are a rootkit against democracy.
And with secure boot in Windows 8, it will be harder for rootkits to remain undetected by hiding in the boot loader. Will the entertainment industry push for laws that force operating system vendors to provide back-doors for the official malware?
http://en.wikipedia.org/w/index.php?title=Sony_BMG_copy_prot...
The scandal erupted on October 31, 2005, when Microsoft researcher Mark Russinovich posted to his blog a detailed description and technical analysis of F4I's XCP software that he ascertained had been recently installed on his computer by a Sony BMG music CD. Russinovich compared the software to a rootkit due to its surreptitious installation and its efforts to hide its existence. He noted that the EULA does not mention the software, and he asserted emphatically that the software is illegitimate and that digital rights management had "gone too far".
And if we remember what happened the last time that happened when an entertainment company deployed a rootkit. They made it much easier for unskilled malware writers to hide their work. And IIRC it wasn't trivial to remove the rootkit Sony deployed.
Now it seems that more companies want to learn a lesson the hard way.
At this point they're just flexing their muscle to see how much wiggle room they've got. A small part of me wishes votes on legislation were anonymous so our congress-critters would avoid the constraints of having to vote along party lines (and notably their campaign donors' wrath).
I would dare to say this could be a contributing factor to the state of politics and law. Essentially, laws and regulations are bought by the highest bidder.
I think many agree with me that neither religion or money should have influence on direction of politics.
For the anonymity on legislation; No. Legislation, political- and judicial processes IMHO be 100% transparent.
It's true that campaign donors have too much influence over the success of legislators, but maintaining a representative democracy is far too important to lose in order to deal with that issue.
"The second and even more pernicious effect is that illegal theft of intellectual property is undermining both the means and the incentive for entrepreneurs to innovate, which will slow the development of new inventions and industries that can further expand the world economy and continue to raise the prosperity and quality of life for everyone. Unless current trends are reversed, there is a risk of stifling innovation, with adverse consequences for both developed and still developing countries."
Source: http://ipcommission.org/report/IP_Commission_Report_052213.p...
On another note, thanks for linking to the source material.
"It is difficult to get a man to understand something, when his salary depends upon his not understanding it!"
Say what?
Such bizarre phrases make me seriously doubt the intelligence and education of the people who wrote this.
2. The major thing retarding development of new inventions and industries are the wealthy luddites digging their feet in and trying to extract as much as possible from actual innovators.
I'd like see them try to root my Gentoo box.
Also OS level virtualization is not the only protection worth using in a scenario like this. Sandboxing at the syscall level (restricting allowed syscalls and arguments substantially) is also highly useful, and if we start seeing a threat from apps that people are expected to intentionally install knowing that they pose a risk, we will see a lot more aggressive security work.
That's incredibly optimistic.
Given that already when I last bothered with pirated software in the early 90's, serious warez traders were mostly only interested in software weeks before its scheduled release (it was not uncommon for unfinished versions of games to leak), which involved not just getting hold of the releases through leaks or hacking, but breaking any protection, and this would make up the first serious challenge for the warez scene in many years, and this will draw not just the warez scene, but security researchers, as well as a lot of "regular" developers like me who are fed up with these kinds of attempts, they are facing pretty much an army that will be dissecting every release.
Sure, some will slip through for some users, but every single instance will result in new counter-measures, many of which you can expect will cover as-yet undiscovered flaws in addition to just fixing specific issues.
E.g. a logical protection against attempts at attacking faulty filesystem permissions settings is to blanket ban access to the filesystem and whitelist specific files, specific directories, and sanity check all access to them.
For every loss, we will win more robust application sandboxing capabilities, and more people will be motivated to consistently make use of them.
It bothers me. I'm probably wrong, but it feels like we have a bunch of sub-optimal OSs that have security kludged in as an after-thought, built on legacy hampered hardware, with a lot of concentration on "preventing people playing illegal content" (but also strictly controlling what people do with their legal content). There's a kind of arms race with pirates and anti-pirates competing on DRM schemes, and it feels like if all that effort had gone into better directions that we'd have 24 cores at 3.5 GHz and better threading with decent nice architecture.
And I know it's just marketing, and that washing powder (Whiter than white!) has been doing it for years, but being told that my content (which was sold to me as best quality available last time) is now being called garbage and I'm told I need to upgrade. In the past I didn't need to upgrade. I could keep my record deck and buy a CD player and rip those CDs to digital for my streaming media player. But in the future this is not going to be allowed. I'm going to have to buy an extra licence for family use.
It'll be similar if this law passes. There's a binary blob for Windows and OSX. It's illegal to reverse engineer that blob. It's illegal to circumvent the need for that blob.
Hmm. This leads me to the idea. Why care for software rootkits when PCIe hardware may actively screw with the system? Considering MAFIAA already had success with enforcing HDCP on almost every modern video card out there...
Your description sounds good. This book doesn't sound that good but it is future England, has to do with computers has pirate in the title.
The book is okay, I was kinda surprised at how good he was at keeping the tech believable... still he mostly failed as authors who know little about tech do
Stallman may be a nut, but when you think long and hard about what he says, and think about SOPA, PIPA, and this lobby, in horror, your face twists in fear and you watch, helplessly, as your fellow citizens bend over backwards and let the government have their way.
I don't even know what to do anymore. Nobody will lobby against Hollywood; people already gobble up TMZ and are too obsessed with celebrity pseudo-culture and movies and pop music that they won't do it.
We need more activists. And without them, we are fucked.
Yes, he is a nut. In the sense of "no one will ever take him seriously, especially anyone involved in mainstream decision-making, who has ever read anything he has written," which is in this case the most relevant metric. Stallman is never going to be any help here, nor is anyone like him, because any "normal" person -- that is, one that other people won't ignore out of hand -- will ignore him out of hand. This includes politicians, to whom said "normal" people are the all-important majority.
"We need more activists" is bullshit. You think we need more activists? More of those outliers that get lampooned in every media outlet for railing against the status quo? Because that's what activists are to most people: Nuts and/or malcontents.
Of course, my real problem with this statement is exactly the same reason I'm not making it. You think we don't have enough activists? GO BE ONE. If you think they can do any good and you believe that "we are fucked" without them, stop posting on HN, get off your ass, and DO SOMETHING.
Otherwise get back on the bench with the rest of us, because all your whining about mass media and celebrity culture is just that. You can gripe all you want that people aren't doing anything, but as soon as you start telling people what they SHOULD be doing, either you'd better be doing it yourself or you'll have to excuse those of us -- everyone -- who will not take you seriously.
In the event that you actually are interested in backing up your hollow rhetoric: The only way to work this system is from the inside. So start campaigning, or start schmoozing, because while real change is essentially impossible, the only way to mitigate damage is by convincing the relevant politicians that it's in their best interests to do so.
They were activists.
Do you really think we'd have so much free/open source software today without the contribution of Eric S. Raymond, Stallman, et al.?
They're activists.
Do you really think that we'd be here today if Benjamin Franklin, Thomas Jefferson, James Madison, and George Washington never existed?
They were -- yep, you guessed it -- activists.
The American Revolutionary War was started because of political activism. They saw a chance to start a new country in whatever manner they pleased, and leapt at the opportunity. Even just a little effort put to really trying to get a voice in parliament would have worked fine, but instead we went and write the bloody Declaration in an attempt to rally support of other nations not really pleased with England (I'm looking at you France), and filled it with rhetoric, half-truths, and blatant lies. Okay, maybe not blatant, but they're there.
Really amazing that a war is mistaught to most American students. Okay, it isn't that amazing, I mean, you're going to teach your country's history in the most favorable light possible, but, still...
Your claim is wrong.
That's how the history is written, yes. And how the history is written...is irrelevant. Where are all these profitable, distant colonies with voices in parliament today? Australia? Canada? Technically not sovereign, but they operate as separate nations. No country in the world fits the description of the U.S. you claim would have otherwise been inevitable, and you don't give this a second thought. The oldest truism is the ephemeral nature of Empire. You let your piecemeal study of history delude you.
The civil rights movement and the early neocon movement are two examples of movements that suppressed crazy elements, and were highly successful for it.
We live in a shallow society and the best thing the pro-privacy movement can have are moderately attractive, presentable, glib spokespeople.
[1] http://en.wikinoticia.com/Technology/linux/33921-the-young-r...
How might I be exaggerating?
> Yes, he is a nut.
Eccentric is what he is. Must be fun living in a black and white world.
EDIT: ok, that foot eating thing is weird.
If advancing a rational cause is nutty, being a nut sounds like a good plan.
Stallman is absolutely part of the answer.
Sure, not everybody can be RMS and live the way he does. He's still correct about the importance of values he's staked out and made a lifelong effort to demonstrate and respect. And to the GP's point, when you have content producers arguing they need legalized malware to police every machine, it makes it all the more obvious how much we need voices insisting on user freedom.
> More of those outliers that get lampooned in every media outlet for railing against the status quo?
While I agree it's good for activists to consider how their messaging might be received by various audiences, the fact that media outlets -- and even everyday citizens or presumably otherwise intelligent commentators on HN -- tend to collapse people to caricatures may not be an indictment of activists.
> Otherwise get back on the bench with the rest of us, because all your whining about mass media and celebrity culture is just that.
You've managed to work up a good froth of whine yourself there for somebody complaining about whining -- apparently summoned up to promote the ethic of more quiet frustration.
Even if effective political action can't let its end be posts on a website, it starts with people talking to each other. Maybe even here.
I'd disagree. The majority of corporations have a financial interest in freedom. Getting them to commit resources to any lobbying effort is the challenge.
This is less about going after little Timmy for downloading a movie and more to do with a Chinese firm stealing biotechnology secrets from a U.S. company to produce its own products.
Here are the members of The Commission of the Theft of American Intellectual Property, the commission that authored the paper:
Dennis C. Blair (co-chair), former Director of National Intelligence and Commander in Chief of the U.S. Pacific Command • Jon M. Huntsman, Jr. (co-chair), former Ambassador to China, Governor of the state of Utah, and Deputy U.S. Trade Representative
• Craig R. Barrett, former Chairman and CEO of Intel Corporation
• Slade Gorton, former U.S. Senator from the state of Washington, Washington Attorney General, and member of the 9-11 Commission
• William J. Lynn III, CEO of DRS Technologies and former Deputy Secretary of Defense
• Deborah Wince-Smith, President and CEO of the Council on Competitiveness
• Michael K. Young, President of the University of Washington and former Deputy Under Secretary of State
Which of those is from the MPAA?
The "three strikes" was intended for violent criminals, not little Timmy who smokes a joint with his friends. Guess how that turned out.
No it isn't. The proposals are for going after anyone who attacks American corporate/government systems, including Americans themselves. The report spends much time waxing philosophical on int'l contributions to IP 'theft' -- specifically China -- but nowhere does it restrict jurisdiction to foreign entities.
As laid out the commission seems to want broad application here that plausibly could allow use by consumer entertainment companies. The problem there is that while you don't think consumer entertainment seems important enough for companies to bother protecting, consumer entertainment companies do. So it while you'd only bother securing Important Research Co. with genius solutions like rootkit-as-a-feature, Big Music Corp. is going to do it to little Timmy's copy of a Biebz single.
Code.
People use Skype because there's no clear alternative (maybe work on Jitsi... It still needs a server for the good stuff). People use Facebook because there's no alternative (maybe work on RetroShare). People let their government tell them what to do because they think it's better than anarchy (maybe work on a political Kickstarter). Copyright enforcement against BitTorrent users has gone into high gear because BitTorrent is good at sharing but weak in anonymity. Fix that. Don't make tools to break laws, just make tools. Write software to empower individuals and make institutions unnecessary and you won't have to spend as much time cleaning up after institutions and the egos that run them when they get carried away.
Promoting open-source software as a way to counter spyware, and general activism, is better than nothing, but the best way to change the world is still to invent it IMHO. (Just don't throw yourself on the fire unnecessarily either... Bitcoin's author was wise to keep his identity out of it.)
What's a few hundred hackers to a huge industry? If we want to really make a difference, we need all the support we can get. Perhaps even start an organization to lobby against the MPAA/RIAA similar to what sinak has done, but with far greater support.
How many times will this happen? People must wake up.
You can change the system from within as well. While it is impractical to go out and run for President and hope to win, one of the things I hope the current crop of young adults will see is that they have the power to become the system and change it. First build a resume in public service (city council, county supervisor, state representative) then use your training to help you and your fellow revolutionaries move into a position of power and change.
One of the saddest things is that the folks in power have convinced the youth of America that they are powerless and nothing can be done forcing them into acts of "activism" which allows them to be identified and eliminated.
Perhaps an example that doesn't resonate with you but has been doing what your compatriots have not, is the Tea Party. These folks have shown you that it isn't about dominating the world, its about setting a theme, recruiting to your cause, and then using the institutions that are in place to allow you to affect change, to work for you.
Generally, astro-turfing (the use of a PR engine to create the appearance of grass roots support) is designed to get a candidate elected (or issue passed) that favors the money financing the campaign. We have seen a number of these in California and there has consistently been a strong correlation between benefit and later funding source analysis.
However, some really earnest but ineffective people were elected under the guise of the 'tea party'. Much to the disgust of the Republican Party power infrastructure (the speaker of the house cannot count on all of his own party's votes for that reason). Generally, power interests that are trying to manipulate the system don't throw random people into the mix like that.
My conclusion after looking at the folks who were elected that way is that a large number of them, perhaps the majority of them, were elected by people fed up with the system and not an interested third party.
But lets set that aside for a moment. Lets say you and your friends can get elected to city government. If your city runs well, and you don't put up with the baloney that sometimes passes as politics these days, you can parley that into county government. And that into state government. Assuming that you are good enough to learn the skills you need to make that trip. It can take you 6 - 10 years to go from city supervisor to state representative. Once enough people around you know who you are, you can chose to focus on local elections or national ones.
The starting point though is that in order for this to work someone with the idea of doing public service to serve the public and not their own interests has to step forward. Waiting for someone else to step forward has never been a good idea, either seeking out people and supporting their efforts or putting your hat in yourself are the workable choices.
This is diverging from your original point so I won't push it too hard... But you don't think this has more to do with the larger trend in GOP members of congress over the last few decades? There has been a pattern of primary challenges against moderates for some time; it did not start with the 2010 election, it was only slightly re-branded and allowed to have a majority after a 4 year hiatus.
Now, the internet is of course not an automobile. But my point is, batshit insane legislation aside, perhaps maintaining the maximum amount of freedom is not as valuable as we think? I'd hate to be stuck with late 60's cars.
And are late 60's cars really that bad? There weren't any of the fallback mechanisms we take for granted, such as airbags, so people drove better. Styling is questionable, but many cars on the road look and drive like bloated, lifeless wagons. The cars were actually fun to drive...
Maybe I'm being romantic about 60's vehicles, but if you care to argue, please do so.
Late 60's cars are not horrific or anything like that. But be realistic- the performance, longevity, emissions, driveability, and weight of engines have all come a very very long way, and in my personal experience a multitude of other characteristics have made leaps and bounds as well, such as suspension- though that is mostly just more sophisticated now, rather than more electronic.
I love old sports cars, and I love their soul. But if we are talking engineering, ground yourself- take a gander at this article: http://grassrootsmotorsports.com/articles/soccer-moms-reveng...
And there's no equivalent of manufacturers selling a car such that it is impossible for you to swap out parts unless Microsoft has signed them.
In this increasingly digital world, many people are going to be totally beholden to Microsoft, Apple, et al in terms of what software they are allowed to install on their devices. In certain cases they are already constrained by the ideology of one provider. This should frighten you. And it's even more frightening that we can already legally prevent people from altering the software on their own device to make it behave as they wish.
In sum, your car is never going to refuse to take you to an adult bookstore, that's why it is different.
this is actually way worse than the headline indicates. the crazy bastards want the legal authority to actively exploit other peoples computers and "take back" information from it. they want the ability to re-write the world.
it would be pretty frightening that digital media companies were unaware that you couldn't "retrieve stolen information" from computer systems, except no other company seems to know that this is actually impossible so it's just kind of de regueur.
I want to say that this will of course go nowhere because the legislatures support of far weaker measures (like CISPA) is lukewarm, but then again this is the group that brought us the DMCA. it would be especially ironic if the MPAA was more empowered to use computer hacking to protect popular music from theft, than technology and national defense companies trying to protect national defense information and private consumer information.
http://en.wikipedia.org/wiki/Intrusion_Countermeasures_Elect...
A problem now which is more frightening (I can secure my network from the media companies, not worried about that one bit) is the remarkable number of companies with known security problem that won't and don't disclose it. Going on the offensive should be illegal unless they can disclose damages which justify it and then their customers can sue.
I don't see this happening in a healthy world, defense will get much much better much more quickly if it was to be legal though, ultimately it would involve violence though.
> there are increasing calls for [...] that allows companies [...] actively retrieving stolen information
They are still living in the last century, and think that if somebody steals something from them they can take it back. They have yet to grasp what this 'digital media' is.
Right now their enemies are just pirates wanting to watch Game Of Thrones for free. A business threat, certainly, but one they're generally handling well.
But start infecting people's computers, and a portion of them are going to fight back. Then the entertainment industry has enemies actively trying to destroy their systems.
A whole different level of conflict, and one which I am certain they are not prepared for.
Never go for an escalation you don't need and will hurt you more than it hurts them.
so to be fair this is actually where we are today, if you remember the efforts of anonymous and sony, etc...
1) Anonymous/Lulzsec aren't necessarily a best-of-the-best of the 'hacker world.' Do they want to raise the ire of even more skilled people?
2) Anonymous/Lulzsec are/were in it mostly for the publicity, and 'cheap thrills.' I'm sure that they could have done a lot more damage had they been focused on being as malicious as possible.
You mean... for the lulz?
https://en.wikipedia.org/wiki/Sony_root_kit
I am more and more disturbed with the way OSs are going in general. They are...slowly removing usefulness from themselves, making it hard for admins to work with them, and adding on crap, like Windows Store...which is not needed. It's starting to feel like the computers I work with are...owned by someone else...which means I will start caring for them a lot less. The least of things which currently bothers me are the cross-threading errors which seem to appear in Windows 7...why have these not been fixed?
All the windows only applications I used to use for fun and hobbies (games, music apps) I've either found Linux replacements for (I basically buy the Humble Bundle whenever it looks good), or I simply do without. I would buy Linux applications for these functions if they were available AND the applications were sane, cross-platform developers sometimes try to treat your Linux box like its an MS box (wanting to put files all over the place etc) which is unacceptable.
We simply cannot trust MS or Apple. At least in the Linux community there is a strong culture of transparency, privacy, security, and freedom.
E.g. a common approach is to look for common third party applications that require admin/root privileges for some part of their functionality, and look for ways of tricking them into executing your code (via e.g. buffer overflows, or by finding ways of modifying the configuration with lower privileges).
So unless you never install third party software, you are potentially vulnerable even if the OS is flawless (and it isn't - no matter which OS you pick).
A reasonable point, but I think their argument about "we won't allow seeing GoT without a cable subscription" still is incredibly short sighted.
It lets them make money in a way they understand now. I would very happily pay them money straight up, but since I'm not in the US, it's not really about wanting access to free stuff - it's about access to stuff in the first place. They would lose money on setting up such a system in the short term, sure, but they are only delaying the inevitable - that such a system is what is required if they want to compete with bittorrent in the long term.
I've not bothered to pirate it, yet.
There are easier options if I care. But to be honest, right now I don't.
Not sure they are going to convince people that don't have Foxtel that they should pay $60+ a month for the service purely on the back of Game of Thrones.
This is beyond wacky in light of serious security threats from both organized crime and foreign governments. The same machines they want to root to check on your music and movies are used for serious work in industry and government.
On the other hand, I suspect that the MPAA would be in for a world of hurt if they did this. They would not only be dealing with file sharing, but also a coordinated campaign by blackhats to take down their systems, boycotts organized by the EFF and the like, lawsuits from companies whose employees brought rootkit infected machines on the corporate network, etc.
I'm pretty sure something like this would get the greys and whites involved too.
I know Anonymous is one of the prime offenders in this area, but I wouldn't be surprised if many on Reddit organized and attacked the MPAA's systems.
The_Avengers_2_Earths_Mightiest_Heroes.mp4.exe
They are trying to protect U.S. companies from having their R&D stolen and used by foreign companies, calling for sanctions via the FTC and by amending the espionage act to go after those who steal trade secrets, for example. The whole paper is on protecting the innovations developed in this country from being copied by foreign entities without repercussions, and when viewed in this light, the proposals are not that crazy.
I recommend reading the paper directly, as the BoingBoing link completely misrepresents it.
http://ipcommission.org/report/IP_Commission_Report_052213.p...
Would I want the RIAA/MPAA to install rootkits in media files that are distributed to customers? Absolutely not.
Would I want the ability to install rootkits in engineering schematics and documentation that are never intended to be distributed outside of my organization and are only activated in cases where data theft has occurred? Absolutely.
I certainly have the right to disable my car remotely if it is stolen. I also have the right to lock the doors and take pictures of the assailant who stole it and send them to the police.
Wouldn't locking the doors effectively be kidnapping?
Especially as it is unlikely this would affect serious criminals: If tech like this becomes common, then nobody sane would open stolen files without ensuring it was done in a self-contained environment and with software that ought to be unable to execute any of this crap. It will be trivial to stop for all but people who are unaware.
"Informed deliberations over whether corporations and individuals should be legally able to conduct threat-based deterrence operations against network intrusion, without doing undue harm to an attacker or to innocent third parties, ought to be undertaken."
"he Department of Homeland Security, the Department of Defense, and law enforcement agencies should have the legal authority to use threat-based deterrence systems that operate at network speed against unauthorized intrusions into national security and critical infrastructure networks."
Apart from the proposal that starts "In the future..." and ends "The Commission is not ready to endorse this recommendation", that's as crazy as it gets.
-------------
edit: after reading the boingboing article I see it's about 20 words and two out of context paragraphs.
The first paragraph specifically states that "such measures do not violate existing laws on the use of the Internet." It is simply recommending this as a measure to protect corporate IP, not as something that should be changed.
The second paragraph is immediately followed by noting that such actions are currently illegal, and then recommending deliberation on whether it should be made legal.
>>> that's as crazy as it gets.
Not really. If you read recommendations on page 81, it does not explicitly endorses, but consistently hints at the law as inadequate in areas where it prohibits discussed offensive techniques. See "second" and "finally" parts where it does not explicitly says the mentioned tactics should be allowed but again strongly hints the changes in the law should be made, and implies allowing such methods are those changes.
The issue of IP theft is not simply moral panic. There are national security implications, as we saw in the Chinese attacks on defense contractors.
(Not that I believe that embedded rootkits would have been helpful or anything)
What you decide to put on your computer is up to you. If someone wants to put something in the software, the agreement is between you and them. So long as they disclose what they are doing, it's not like anyone reads the those agreement contracts on the internet.
A company that deploys rootkits, then survives class actions and angry consumers? Not likely.
“It is already clear to me that this report is going to make a very important contribution to the discussion about the grave danger that IP theft poses to our economic well-being. In particular, all should carefully read what the report has to say about Chinese economic espionage. I heartily agree that Congress and the Administration need to act quickly to help American companies defend the hard work and innovation that is the life-blood of our economy. That must begin with getting cyber information sharing legislation signed into law."
https://intelligence.house.gov/press-release/chairman-rogers...
The report and Congressman's statement came out on the same day.
Straight from her biography: ...she focused on business development and new-market-entry relationship building for Aegis LLC and the worldwide Aegis Group, drawing on her established global network of relationships with key stakeholders in U.S. federal civilian, defense and intelligence agencies, foreign governments and leading private sector companies to pursue and secure new business opportunities in Latin and South America, the Caribbean, the Middle East and Africa, and to land U.S. defense and intelligence contracts. [Ibid] (emphasis mine).
She presumably still has equity in Aegis Group.
Playing up the Chinese espionage threat plays well with her key stakeholder relationships, and making everyone less secure certainly opens up new market opportunities and brings more visibility to defense services.
Rogers' agenda is just to influence the legislative process to line his own pockets. Business as usual in Washington.
[1]: http://www.manatt.com/KristiRogers.aspx
I already fought back. I don't watch movies, nor TV. No cable, no Netflix, no movie theaters, no nothing. Fsck 'em.
You want to do the same? Stop watching their lowest common denominator tripe and read a book or make something up for yourself. When they have no money they'll go away. And what will we have lost? Wasted hours sitting in front of their junk.
Fuck'em. They don't deserve our attention. I prefer a free culture of exchange to a centralized culture of consumption.
1. The content they want.
2. Quality (i.e. resolution, bitrate, etc.)
3. Reliability (it actually plays)
4. Low annoyance (no ads, warnings, etc.)
5. Safety (guaranteed freedom from malware, etc.)
The movie and music industries haven't done a perfect job of delivering #1-4. Region coding means the content users want is frequently only available through pirate channels. Lower quality releases (DVD vs Bluray) are also often all that is available in some regions. Bluray is not reliable if users don't keep their hardware/software up to date. Nearly all DVD's and bluray discs on the market are utterly infested with annoying advertisements and warning screens.
#5 was the one thing that legally purchased media had an undeniable edge in over pirated media. If users lose trust in the safety of legally purchased media they will be driven to piracy in unprecedented numbers.
It is tempting to give RIAA and MPAA the rope to hang themselves with, sit back, and laugh. However, let's not forget that every piece of code they write and every root-kit they successfully deploy will soon be taken advantage of by black-hats, quite probably in ways that will cause damage to systems completely unrelated to media playback of any sort. The only way I can see to let the MPAA/RIAA proceed is to require them to post a significant bond (in the billions) to pay for damages their rootkits will cause. Managing how damages are going to be awarded is going to be a legal nightmare though, since this will not affect only U.S. systems and citizens. If the U.S. permits this, I sincerely hope other nations hold the U.S. government responsible for damages, so the U.S. had better make sure Hollywood is ready to foot the bill.
Disagreed. Sony rootkit was on the legally purchased media. DRM on streaming services can do all kind of stuff without users consent. DRM built into hardware with cameras can do even weirder stuff (just note the crazy DRM idea patented by Microsoft regarding detecting the people in the room). Since DRM is a black box, you never know what it can do. There is completely no reason to trust that it will respect your privacy and rights. Therefore DRMed media has no edge over pirated media at all.
Safety requires transparency (for the user), as well as trust in the used technology. DRM by its very definition is non trustworthy and non transparent, it's the antithesis of that. It's totally opaque precisely because it attempts to hide something from the user. Because ironically, DRM proponents don't trust the user! User is treated as potential criminal by default. How can users in situation when they aren't trusted, trust the DRM vendor in return? They can not, and they should not! Trust can be only mutual. I.e. DRM always implies something shady and risky. DRM proponents should be treated as potential criminals by default in return. And what do such criminals usually hide in their code? Malware.
So this is different - in degree if not in kind.
http://en.wikipedia.org/wiki/Sony_BMG_copy_protection_rootki...
Wouldn't it be the opposite? Like a free pentest? Malware they come up with would be widely available (included in the price of any movie) for dissection.
BTW Next release of Qubes[1] will need an "entertainment" AppVM.
[1] http://qubes-os.org/trac/wiki/QubesArchitecture
It will be stupidly easy to execute; if the malware shuts down computer when it detects illegal download, the only thing an attacker needs to do is to trick the computer/user into downloading illegal content. And that's it. Though this simple trick doesn't let them steal data or take control of the computer, there are many uses an attacker can find for just killing the machine. Blackmailing, social engineering, or just disturbing some crucial business operations. I can even imagine 4chan folks trolling people like this for fun.
Moreover, if computer-locking DRM malware becomes commonplace, a market for cheaper-than-police unlocking will emerge, with incentives favouring hacking the DRM to then earn money on fixing it.
[0] - http://en.wikipedia.org/wiki/Ransomware_(malware)
[1] - http://en.wikipedia.org/wiki/Rogue_security_software
6. Convenience.
I believe that the content industry is relying on a sufficient number of people still finding it easier to buy a DVD/Bluray rather than pirate. For technical people, pirating is already sometimes more convenient for reasons that you stated.
There is also a
7. Ethics
Some people do not find pirating ethical under any circumstances, and will inconvenience themselves to avoid it.
For the record, I don't pirate music anymore. Spotify has made pirating too inconvenient.
There's also underage sexting, media piracy, cryptocurrencies, and marijuana. Some things aren't globally agreed upon as ethical or unethical, but the law still attempts to address them.
Identifying the overlap is difficult.
Vegan products are mass market commodity goods like any grocery. Just because vegan goods consist of a smaller slice of all grocery and food sales doesn't mean you'd be a fool to make a business out of it.
Artists make the vast majority of their money on tour, which is more or less unrelated to the choice of distribution channel, except that a more prolific channel results in more people attending a show.
Again, I don't intend to offend the users of those services - just saying that Spotify, rdio and co. alone won't work for many artists.
They could decide that they on want to steam on another platform if that is a better deal for them.
I didn't intend to offend the users of streaming services. I subscribed to rdio myself, only as a tastemaker though - I still buy a lot of lossless music.
> “The easiest way to stop piracy is not by putting antipiracy technology to work,” Newell said. “It’s by giving those people a service that’s better than what they’re receiving from the pirates.”
Steam single-handedly killed even the temptation to pirate games for me, because it's ridiculously convenient to just fire up Steam, click a button, and have the game delivered to my desktop at multi-megabit speeds without any obnoxious DRM getting in the way of me being able to play. Pandora, Spotify, and most recently Google All Access make music piracy a complete non-issue for me, because I don't want to have to spend time chasing down a song or even futzing with iTunes - I just punch something into search and it's playing. Netflix and Hulu provide so much content that I can't watch all of it - while they don't always have the most recent content, they have a lot of it.
Provide me a service that is a. affordable (Steam Sales and $8/month for movies or music are excellent models here, content folks) b. convenient (click button, enjoy content), and c. reliable (no explanation necessary) and I won't have any incentive to pirate content.
I'm convinced that the people who can afford stuff but pirate it anyway do so because of distribution problems in getting that content legally. The people who pirate stuff who can't afford it, or wouldn't buy it if they can are arguably even a net benefit - they aren't lost sales, but they increase the reach and visibility of the product. In either case, it's not really worth worrying about them (though the studios sure do love to gripe about them as if they're all lost sales), which leaves us with one very easy solution - have the best distribution channel available, and people will pay for it. At that point, piracy is about as solved as it'll get from an economic standpoint.
I would think that once my computer spends any length of time not under my direct and exclusive control, I would no longer be solely liable for any actions that may have been taken with it. There would be huge doubt, no?
Here they are asking to authorize vigilantism.
There are consequences to this kind of thing and many things to consider. I mean imagine if hackers somehow managed to find a security exploit in the malware the entertainment companies are forcefully installing on peoples computers? Ransomware one minute, botnet the next.
I suspect $world = USA here. The chances of anything as daft as this happening in Europe are small. Some European countries already have taxes on blank media/contributions to copyright organisations. Australia and Canada had court action against Sony last time this was tried.
UK politicians do persist in trying to pass legislation allowing monitoring all communications in UK, but we all know how effective that will be.