Kevin is right. The article mentions copyright infringement and domain seizures but the core of the article is a discussion of a session between the ICANN board and ICANN's GAC which covered 12 recommendations by law enforcement authorities. You can read a summary of the 12 recommendations here: http://www.icann.org/en/resources/registrars/raa/raa-negotiations-progress-report-01mar12-en. pdf
None of them deal directly with domain seizures or copyright. The Computerworld article mentions one of them:
Some of the 12 recommendations relating to registrar agreements was inclusion of a clause that holds registrars responsible through negligence for registering domains engaging in criminal activity.
Sure, this is related to enforcing copyright but does not discuss it or how enforcement will happen. The other recommendations deal with the registrars authenticating domain buyers and increased accountability in this whole process. I believe the mention of copyright and domain seizures was a poor journalistic attempt to tie-in what was currently a very public controversy involving ICANN.
Not all that far-fetched. If someone, somewhere in the world, has the money upfront, and was able to not be too obvious about desiring to infringe or even criminal intent, they might be approved. Once approved, it is the contract between them and ICANN that determines whether they can be shutdown worldwide.
You're looking for a simple solution for resolution of conflicts for domain names. Sometimes it is not so simple. Take "Napolean Dynamite" for instance. Do we accept that a very popular movie title has precedence over the song title of the same name created much earlier by Elvis Costello? ICANN already has a domain name resolution process, one which has caused controversy because it seems to give more weight to the size of a company even over an existing trademark holder. ICANN's resolution process will still be the ultimate decider if a conflict occurs within a registry.
should be: "behind the scenes muscling from DOC NTIA"
I think the goal of the copyright mafia is to have language included in every contract that ICANN has with a gTLD registry that allows for the shutdown of a domain if a government or court deems it necessary. Such language could also include the possibility of an organization, company, or individual asking for a domain shutdown as part of a dispute process as exists now with the DMCA. Verisign, as the registry for the most important Internet domain, .com, has already asked for this. This battle won't be pointless when all gTLDs are subject to contracts with such clauses.
I think there is some real confusion on the part of RIAA, ASCAP etc. and in a lot of people's minds about gTLDs. There are two basic models of TLDs, sponsored and unrestricted. The grandfathered unrestricted TLDs are; .com, .net, .org. Since 2000, .biz and .info have been approved as new unrestricted gTLDs. Also, since 2000, there have been a handful of new sponsored gTLDs approved (e.g. .jobs, .mobi, .tel, .travel, .museum) in addition to the existing sponsored gTLDs .edu, .mil, and .gov. A sponsor is an organization or company that is ultimately responsible for running the registry and who can decide, pretty much on their own, what 2nd level domain names are approved and who can have them.
Maybe the RIAA et. al. is just using any opportunity to rant about piracy, but I sense that they do not understand that any new gTLD will be a sponsored one. There is no point in complaining to ICANN or the DOC, at this juncture, about needing restrictions on a gTLD to avoid piracy, economic ruin, and world chaos and destruction. Such restrictions will be up to the holder of the new gTLD. Surely they understand this as they are backing Far Further for the .music gTLD.
Then again, maybe I am misunderstanding their intentions and they are really being very smart and forward looking. Maybe what they are asking for is for ICANN, with some behind the muscling from DOC NTIA, to include in all the gTLD contracts clauses which are similar to this following, which was asked for back in an October 2011 by Verisign as a change to their contract with ICANN for .com.
(b) to comply with any applicable court orders, laws, government rules or requirements, requests of law enforcement or other governmental or quasi-governmental agency, or any dispute resolution process;
(c) to avoid any liability, civil or criminal, on the part of Verisign, as well as its affiliates, subsidiaries, officers, directors, and employees;
So, even when someone creates and run .pirate. The registry for that gTLD will be forced to operate under rules that allow an organization such as the RIAA to shut down a domain name just because they say it is infringing or is contributing to infringment. Yes, avoiding the tedious requirement of getting a court order to do the same.
Everyone must remember though, that the process of applying, evaluation, and approval of new gTLDs is going to be somewhat open (yes, big ? here) and that everyone is allowed input to this process.
Individuals cannot apply for a gTLD. You must be a company or organization. Let's suppose you represent the community of generic John Does. For each gTLD you must pay $185,000 for the application and evaluation. If approved, then you must run a registry for each gTLD. You cannot just sit on a gTLD and let it exist unused. You have 8 days left to register.
I don't disagree with your sentiment but let me point out that Apple has created a walled garden. Not all walled gardens will be ignored into oblivion.
This is only true is the same key is used for all the instances of encryption. Generally, this is not the case. Most protocols use a "session" key, which is a symmetric key used only for a particular session and then only for a limited period of time before a new session key is generated and used.
I use Wikipedia nearly everyday mostly as a first step in researching technical stuff related to computers and the internet. One of my gripes about the quality of the articles that I usually read is that they have been "dumbed down" over the past few years. This is an intentional trend by Wikipedia to make all their articles more encyclopedic. However, by making those articles more accessible to the general public but less useful to me personally. The links and references in the articles are very useful though. I see a niche for on-line encyclopedia(s) that are narrow in scope but more detailed and more technical than Wikipedia for science and technical subjects. I cannot compare the Encyclopedia Britannica though as my set is the 1926 edition. (No, I am not THAT OLD!)
Degban's last set of listings on Chilling Effects is dated February 5, 2012. There are 80 DMCA takedown notices from them on that date. That is a rather sudden dropoff. Chilling Effects regularly receives a copy of DMCA complaints filed with Google and so the database has listings (none in the last month from Degban) up to March 5.
One example of a DMCA takedown notice that lists the copyright holder as Wasteland Inc. is for a TorrentHound listing for "Tony Hawk's American Wasteland" which is an Xbox 360 video game. The copyright holder is clearly not Wasteland Inc. nor any of the other Phoenix Group holdings.
Wasteland Inc. is run by Colin and Angie Rowntree. Colin posted a comment on Dave Gorman's website, which I am re-posting here"
Colin Rowntree said...
One of my colleagues sent me the link to this post as a heads up and I am pretty baffled by the entire thing. We do have Degban handle our DMCAs, but only for torrents and fileshare sites, and on those only videos with a duration of longer than 5 minutes. They do a very good job on this for a very very reasonable monthly fee, so all of this pretty much comes out of the blue at me.
Something seems to have gone terribly wrong somewhere as we don't touch the tubes (we have lots of affiliates uploading our clips to those) and certainly not photos on blogs or Flickr featuring artistic photography (yours is very nice, btw, Dave!).
I'm checking in with Ella at Degban to see what may have happened here and will report back on this asap. Dave: please do feel free to contact me about this mess. Happy to try to assist in any way possible. rowntree2007 @ gmail.com
Stand by for news on this,
Colin Rowntree
CEO, Wasteland, Inc
March 5, 2012 8:26 PM
I would tend to believe Mr. Rowntree about this issue. Wasteland would have no interest or advantage in sending bogus DMCA takedowns to any site that just had the word "wasteland", another keyword related to their films, or most likely a combination of keywords. The Tony Hawk video game points to an algorithm that has false positives that are not vetted. I imagine that Gorman's Flickr post reached a threshold where comments ended up including multiple, Degban selected, keywords. Considering that Wasteland's copyright interests should only be limited to actual video files containing entire films or portions thereof, Degban's algorithm is atrocious. They should suffer the penalties applicable for filing false DMCA takedown requests.
The following is from an article in the Adult Video News (AVN) that appeared yesterday:
Late Monday, AVN sent Degban, which is located in London, an email requesting further details on the alleged breach. This comment was waiting in the inbox this morning:
"On February 29th, our SMTP server was accessed by an outsider through a password phishing scam," the company said. "The intruder then used our SMTP server to report legitimate content as piracy, using our own Take-Down notice templates. This was done to reduce our credibility with hosting companies. Degban, however, employs digital signature for all emails, except for those that do not accept it. A part of the attack failed, as only those who processed the fake emails, without digital signature, were affected. Since the attack, we have changed all passwords, and implemented an extra layer of security to ensure our SMTP server is only accessible through trusted devices, much like Facebook does.
"As the attack rested solely on an human error, it does not seem to have been initiated by any known 'hacktivists,' but rather by a disgruntled file-locker owner or pirate. Our system is set up so that the STMP is actually separate from the Degban core; the service provided to our clients is run and developed by Degban. We have set up our system so that any security breach cannot penetrate to the core. Obviously, we regret that this particular event occurred, and where the protective layers were lacking, we have already implemented extra security.
"In terms of damages, only those whose files cannot be retrieved have been affected. We are still contacting hosts, attempting to get their content reinstated. Clients, employees and the rest of the public are unaffected on a technical level. For any clients that experienced downtime during their service, we will refund them the service fees for that time."
Well, it's conceivable that bogus DMCA notices were sent because of a hacker. After all, that is the excuse that Techdirt commenters use when they are caught with kiddie porn (/s). Why shouldn't we believe Degban at their word?
There is a reason. Notice that Dave Gormans's photo was removed on February 17th, 12 days before the supposed hack occurred. There are technical inconsistencies in this explanation as well. An email can contain a digital signature whether or not the receiver makes the effort to confirm it's authenticity. Surely Flickr, and Yahoo in general, would confirm digital signatures from such a prolific source of DMCA takedown notices. All in all, this explanation comes across as someone using technical terms as a way to snow the non-technical reader. I am calling bullshit on this one. What I would like to know how Degban explains using what looks like a very simplistic algorithm that matches some subset of keywords. I would also like to know if the program can automatically send out DMCA notices without any human intervention.
I don't think you should dismiss new technology, or a new mixture of old technologies, as something that is just redundant and unnecessary because a previous technology seems to get the job done. I sometimes listen to MP3 recordings on a conveniently portable player and earbuds when I'm traveling or outside. Ambient noise in those circumstances generally mask any potential difference in quality between MP3 recordings and analog or high quality digital recordings. At home, I have a decent stereo system and can tell the difference between standard audio cds and DVD Audio or SACD recordings. I stand by that despite claims that it is just the remixing during remastering that is responsible for a perceived improvement in quality. I would only play MP3 recordings at home to learn of new music. Those two formats have not become popular enough to be widely adopted so I would welcome any high quality digital recording format that would be accepted generally enough to enable both old and new music to be mastered, or remastered, in that format. I am pointing out that differences in features that alternate technologies offer can make both or several technologies attractive to even just a single person. It will probably pass, that in the future, a single very high quality audio format we be useful for everyone when flash devices become dense enough to store thousands of songs in the highest quality format and high, end-user, bandwidth to the internet makes downloading or streaming requirements inconsequential.
DMARC is different than PGP:
DMARC offers a subset of what PGP offers but PGP requires adoption by and key distribution to all the people you want to communicate with securely. DMARC is, essentially, use in sending email of the Sender Policy Framework (SPF) and Domain Keys Identified Mail (DKIM). A critical point for DKIM and SPF is that an end-user receiving mail (and in some cases sending mail if the Mail Transfer Agent supports this) does not have to do anything for this to work, not even updating their email client. They can rely on their Mail Delivery Agent (MDA) to filter out spam and phishing emails, whether it be Yahoo mail, Gmail, or their own ISPs mail server. This is useful even if it only applies to email sent or hosted by just the current set of companies who have adopted DMARC. Ease of widespread implementation is an important feature. PGP has been available since 1991. I have used it since 1996, but is use is not widespread because too many people don't think it's worth the bother. PGP differs from DMARC in offering confidentiality, end-to-end integrity, authentication of both sender and receiver, and non-repudiation. DMARC is limited to verifying the senders IP address and the domain of the sender. This allows for filtering of a good percentage of spam or phishing emails. So, DMARC and PGP are different technologies with only some overlap in purpose. Both are useful.
Maybe News Channel 5 corrected it, but the article says "abate the concern" rather than abet.
I suspect that the "inspection" is similar to what happens at checkpoints set up to catch drunk drivers. In California, at least, those drunk driving checkpoints have to be set up so that a driver can see them and choose an alternate route, one that does not go through the checkpoint and does not cause a long detour. I take advantage of that rule, not that I ever drive drunk. I would like to know if VIPR checkpoints would also have to be avoidable in California, and other states with similar DUI checkpoint rules, as this would render the search for terrorists more than pointless (or is it less than pointless?).
This is the second article referenced by Techdirt dealing with VIPR stops on highways. In both cases the source article does not give enough details to tell whether the cars are actually searched, people are actually searched, and if searches ever take place without the permission of the driver. The authorities are undoubtedly looking (hoping?) for probable cause to do such a search. This bothers me enough, but it is not the wholesale dumping of 4th amendment protections that actual random searches entails.
This has been true since about 2001 and is applicable to drives that are larger than 15GB. It's all about density. There are no longer multiple paths possible for read/write heads on hard drives. The critical question is whether all sectors are being overwritten. The only software that guarantees this does it by triggering the ATA secure erase command, a command embedded in all hard disk controllers which are always integrated within the hard disk.
The law was amended in 1994 to get rid of the expectation of privacy clause because it had been ruled that the police had no expectation of privacy while on duty. There are three states with similar laws making it illegal to record a conversation with the police; Illinois, Massachusetts, and Maryland. In all the cases, a sound recorder was used, surreptitiously, to record either an arrest or discussion with the police. No one has yet been convicted under the amended law of eavesdropping on the police. Previous charges were used to plea bargain down to a reduced charge. There are currently 3 cases that are ongoing: Michael Allison, Christopher Drew, and Tiawanda Moore, with Christopher Drew's case being the oldest, his arrest dating from December, 2009. The most disturbing case is the one dealing with Moore however.
"The ACLU of Illinois is also challenging the law. But in January, U.S. District Court Judge Suzanne B. Conlon ruled against the organization. Conlon wrote that the First Amendment does not protect citizens who record the police. The ACLU has appealed and expects to participate in oral arguments before the U.S. Court of Appeals for the 7th Circuit sometime in the fall."
"n a hearing last December, Cook County Assistant State Attorney Jeff Allen invoked homeland security, arguing that Drew's recording could have picked up police discussing anti-terrorism tactics. Drew's case was suspended after he was diagnosed with lung cancer earlier this year."
The IP address is indeed evidence, but how the plaintiff acquires it is important. There are two general ways in which the IP address can be shown as invalid evidence in the course of proving infringement by a particular person. The IP address can be spoofed in certain situations or someone else has used your IP address to infringe and you shouldn't be liable for that use.
Spoofing IP:
The easiest way to spoof the IP in a P2P context can occur when the plaintiff uses the indirect detection method and simply queries the tracker as to what IPs are acting as peers. There is an option which allows specifying your IP address separately from the source IP address in the packet used to talk to the tracker. This allows someone to introduce any arbitrary IP address into the list of peer IPs kept by the tracker. Effectively, this means someone can frame you. Not all P2P software running on trackers is configured to allow this option. In fact, the, often cited, 2008 study done at the University of Washington indicated that only 5% of the BitTorrent trackers allowed this option. However, because of the existence of this option, plaintiffs should be restricted to using a direct method of detection for acquiring IPs to include in their lawsuits. The direct method monitors IPs address belonging to peers that are part of a swarm. This means that the IP address in question is actively involved in downloading/uploading the infringing content. It is still possible to spoof an IP address in this scenario but this is now much harder and not possible in the most typical situation. This typical situation is where you gain access to the internet with an account from an ISP. Here, you can spoof the source IP in any packet you send, but you will not be receiving packets with that IP address in the destination. Additionally, ISPs filter outgoing packets with source IPs not in the ISP's range.
Another possibility for spoofing is when the owner of the tracker falsely injects an IP address to act as a peer. This reinforces the idea that only direct detection method should be allowed. One where the plaintiff has to monitor the ongoing traffic involved in a swarm. Also, it should go without saying that the plaintiff should not control the tracker and, for other reasons, should not be the initial seed, or act as a seed, period.
My understanding is that courts aren't requiring the method of collecting IPs be detailed by the plaintiff. They should, even at the initial stage of filing a lawsuit.
Others using your IP address to infringe:
There are many different situations where multiple computers can use the same IP or multiple people can use the same computer. How can one tell who the infringing party is? The plaintiff should be required to collect information in addition to a source IP address that can help to identify the actual infringer. Information in the HTTP header can be used to fingerprint the computer involved. In my mind, this is still not conclusive evidence, but should be enough to initiate a lawsuit.
The crux of the problem is that these are civil suits, not criminal complaints. There has been no forensics done on the computer associated with the alleged IP address. It would be too expensive for the plaintiff to acquire enough convincing evidence to convict if they are going after hundreds or thousands of infringers. On the other hand it is also too expensive for a defendant to defend themselves and any option to settle rather than fight because of the expense leads to extortion.
The problem with your analogy is that it assumes that everyone knows that P2P protocols are only used to download files illegally. There are a lot of cases where files are offered for legal distribution using P2P protocols. If legal downloading exists and the copyright owners themselves make the file available for downloading it's not just a question of whether it is entrapment or not. There is a real question as to whether downloading is illegal at all in this scenario. This is quite different from your bait car scenario.
It is not clear at all from your first link that CEG is setting up honeypots. Their statement about operations is ambiguous. They could just be participating in a swarm and not setting up a tracker or acting as the initial seed. Do you have any other information that clearly shows they are setting up honeypots like GuardaLey?
Re: I wish I could commit crimes, just give money back when caught and have idiots defend me
Google not only had to pay back the money they received from the ads they had to pay the estimated gross revenue made by the Canadian pharmacies from sales to customers in the US. I don't know how those two numbers compare but it is certainly a penalty.
The solution for fake drugs and pharmacies that hide their illegal activity should not be on Google as their is a simple solution already in place. You can call a number to confirm the legitimacy of a pharmacy either in Canada or the U.S.. That should be a required step for anyone to buy drugs on-line. Even if you don't have a prescription you would be crazy not to make sure your source was reliable.
A difference from your analogy is that Google was not just getting paid for ads by on-line pharmacies that may have been doing illegal things but that any and all Canadian, or foreign, on-line pharmacy could not legally do business in the U.S.. Google was warned about this as early as 2003 and kept doing it. http://www.theregister.co.uk/2011/05/21/google_was_repeatedly_warned_over_illegal_drug_ads/
I am not saying I agree with U.S. law which bans ordering legitimate drugs from Canada, even with a prescription. I don't! Google was clearly aware and taking a risk in continuing to accept ads. Were they being altruistic in enabling U.S. citizens to easily find cheaper alternatives to buying expensive prescription drugs in the U.S. or were they being greedy, gambling that the U.S. would not initiate a case while they were making lots of money from Adwords from Canadian pharmacies?
"Since 2010, after Google became aware of the investigation, it has required that all Canadian online pharmacy advertisers be certified by the Canadian International Pharmacy Association and has specified that they can advertise only to Canadian customers."
"Until early 2010, Google required that all online pharmacies be verified by PharmacyChecker.com, which says it checks the credentials of online pharmacies. But many of the rogue pharmacies that advertised on Google during that period never applied to PharmacyChecker.com, according to Gabriel Levitt, vice president of the verification site."
My impression from this is that Google is being penalized for allowing such ads before February 2010 and that they were rather lax about checking. What surprises me the most is that Google doesn't appear to be fighting this judgement, in particular the high amount, very hard. $500 million is not chump change even for them. Instead, they seem to be trying to minimize publicity about it
Please don't read into my comment any support for the administration's pursuit of this case. I am just pointing out that Google was not exercising due diligence in accepting ads before February 2010.
On the post: ICANN Confirms That It's Going To Make It Easier For Governments To Seize Domains Around The Globe
Re: Re: Vague, and wrong
http://www.icann.org/en/resources/registrars/raa/raa-negotiations-progress-report-01mar12-en. pdf
None of them deal directly with domain seizures or copyright. The Computerworld article mentions one of them:
Some of the 12 recommendations relating to registrar agreements was inclusion of a clause that holds registrars responsible through negligence for registering domains engaging in criminal activity.
Sure, this is related to enforcing copyright but does not discuss it or how enforcement will happen. The other recommendations deal with the registrars authenticating domain buyers and increased accountability in this whole process. I believe the mention of copyright and domain seizures was a poor journalistic attempt to tie-in what was currently a very public controversy involving ICANN.
On the post: Fear-Induced Foolishness: Entertainment Industry Thinks Controls On New TLDs Will Actually Impact Piracy
Re: What now?
grammar note: analogue instead of analog.
On the post: Fear-Induced Foolishness: Entertainment Industry Thinks Controls On New TLDs Will Actually Impact Piracy
Re: Re: Re: Re: Re:
On the post: Fear-Induced Foolishness: Entertainment Industry Thinks Controls On New TLDs Will Actually Impact Piracy
correction and summary
I think the goal of the copyright mafia is to have language included in every contract that ICANN has with a gTLD registry that allows for the shutdown of a domain if a government or court deems it necessary. Such language could also include the possibility of an organization, company, or individual asking for a domain shutdown as part of a dispute process as exists now with the DMCA. Verisign, as the registry for the most important Internet domain, .com, has already asked for this. This battle won't be pointless when all gTLDs are subject to contracts with such clauses.
On the post: Fear-Induced Foolishness: Entertainment Industry Thinks Controls On New TLDs Will Actually Impact Piracy
confusion over gTLDs
Maybe the RIAA et. al. is just using any opportunity to rant about piracy, but I sense that they do not understand that any new gTLD will be a sponsored one. There is no point in complaining to ICANN or the DOC, at this juncture, about needing restrictions on a gTLD to avoid piracy, economic ruin, and world chaos and destruction. Such restrictions will be up to the holder of the new gTLD. Surely they understand this as they are backing Far Further for the .music gTLD.
Then again, maybe I am misunderstanding their intentions and they are really being very smart and forward looking. Maybe what they are asking for is for ICANN, with some behind the muscling from DOC NTIA, to include in all the gTLD contracts clauses which are similar to this following, which was asked for back in an October 2011 by Verisign as a change to their contract with ICANN for .com.
(b) to comply with any applicable court orders, laws, government rules or requirements, requests of law enforcement or other governmental or quasi-governmental agency, or any dispute resolution process;
(c) to avoid any liability, civil or criminal, on the part of Verisign, as well as its affiliates, subsidiaries, officers, directors, and employees;
So, even when someone creates and run .pirate. The registry for that gTLD will be forced to operate under rules that allow an organization such as the RIAA to shut down a domain name just because they say it is infringing or is contributing to infringment. Yes, avoiding the tedious requirement of getting a court order to do the same.
Everyone must remember though, that the process of applying, evaluation, and approval of new gTLDs is going to be somewhat open (yes, big ? here) and that everyone is allowed input to this process.
On the post: Fear-Induced Foolishness: Entertainment Industry Thinks Controls On New TLDs Will Actually Impact Piracy
Re: They can have .music, I am getting .mp3
On the post: Fear-Induced Foolishness: Entertainment Industry Thinks Controls On New TLDs Will Actually Impact Piracy
Re: Walled garden
On the post: A Terrifying Look Into The NSA's Ability To Capture And Analyze Pretty Much Every Communication
Re: Re: DOS
On the post: Encyclopaedia Britannica Stops Publishing Dead Tree Version; If You're Unfamiliar, You Can Read About It On Wikipedia
On the post: UPDATED: The True Damage Of An Illegitimate DMCA Takedown Goes Much Further Than Simple 'Inconvenience'
Does Degban have any integrity?
One example of a DMCA takedown notice that lists the copyright holder as Wasteland Inc. is for a TorrentHound listing for "Tony Hawk's American Wasteland" which is an Xbox 360 video game. The copyright holder is clearly not Wasteland Inc. nor any of the other Phoenix Group holdings.
Wasteland Inc. is run by Colin and Angie Rowntree. Colin posted a comment on Dave Gorman's website, which I am re-posting here"
Colin Rowntree said...
One of my colleagues sent me the link to this post as a heads up and I am pretty baffled by the entire thing. We do have Degban handle our DMCAs, but only for torrents and fileshare sites, and on those only videos with a duration of longer than 5 minutes. They do a very good job on this for a very very reasonable monthly fee, so all of this pretty much comes out of the blue at me.
Something seems to have gone terribly wrong somewhere as we don't touch the tubes (we have lots of affiliates uploading our clips to those) and certainly not photos on blogs or Flickr featuring artistic photography (yours is very nice, btw, Dave!).
I'm checking in with Ella at Degban to see what may have happened here and will report back on this asap. Dave: please do feel free to contact me about this mess. Happy to try to assist in any way possible. rowntree2007 @ gmail.com
Stand by for news on this,
Colin Rowntree
CEO, Wasteland, Inc
March 5, 2012 8:26 PM
I would tend to believe Mr. Rowntree about this issue. Wasteland would have no interest or advantage in sending bogus DMCA takedowns to any site that just had the word "wasteland", another keyword related to their films, or most likely a combination of keywords. The Tony Hawk video game points to an algorithm that has false positives that are not vetted. I imagine that Gorman's Flickr post reached a threshold where comments ended up including multiple, Degban selected, keywords. Considering that Wasteland's copyright interests should only be limited to actual video files containing entire films or portions thereof, Degban's algorithm is atrocious. They should suffer the penalties applicable for filing false DMCA takedown requests.
The following is from an article in the Adult Video News (AVN) that appeared yesterday:
http://business.avn.com/articles/technology/UPDATE-Degban-Claims-Hack-Led-to-DMCA-Take down-Notices-468012.html
Late Monday, AVN sent Degban, which is located in London, an email requesting further details on the alleged breach. This comment was waiting in the inbox this morning:
"On February 29th, our SMTP server was accessed by an outsider through a password phishing scam," the company said. "The intruder then used our SMTP server to report legitimate content as piracy, using our own Take-Down notice templates. This was done to reduce our credibility with hosting companies. Degban, however, employs digital signature for all emails, except for those that do not accept it. A part of the attack failed, as only those who processed the fake emails, without digital signature, were affected. Since the attack, we have changed all passwords, and implemented an extra layer of security to ensure our SMTP server is only accessible through trusted devices, much like Facebook does.
"As the attack rested solely on an human error, it does not seem to have been initiated by any known 'hacktivists,' but rather by a disgruntled file-locker owner or pirate. Our system is set up so that the STMP is actually separate from the Degban core; the service provided to our clients is run and developed by Degban. We have set up our system so that any security breach cannot penetrate to the core. Obviously, we regret that this particular event occurred, and where the protective layers were lacking, we have already implemented extra security.
"In terms of damages, only those whose files cannot be retrieved have been affected. We are still contacting hosts, attempting to get their content reinstated. Clients, employees and the rest of the public are unaffected on a technical level. For any clients that experienced downtime during their service, we will refund them the service fees for that time."
Well, it's conceivable that bogus DMCA notices were sent because of a hacker. After all, that is the excuse that Techdirt commenters use when they are caught with kiddie porn (/s). Why shouldn't we believe Degban at their word?
There is a reason. Notice that Dave Gormans's photo was removed on February 17th, 12 days before the supposed hack occurred. There are technical inconsistencies in this explanation as well. An email can contain a digital signature whether or not the receiver makes the effort to confirm it's authenticity. Surely Flickr, and Yahoo in general, would confirm digital signatures from such a prolific source of DMCA takedown notices. All in all, this explanation comes across as someone using technical terms as a way to snow the non-technical reader. I am calling bullshit on this one. What I would like to know how Degban explains using what looks like a very simplistic algorithm that matches some subset of keywords. I would also like to know if the program can automatically send out DMCA notices without any human intervention.
On the post: Neil Young: Piracy Is The New Radio (But The Quality Sucks)
Re: Re: Newness
DMARC is different than PGP:
DMARC offers a subset of what PGP offers but PGP requires adoption by and key distribution to all the people you want to communicate with securely. DMARC is, essentially, use in sending email of the Sender Policy Framework (SPF) and Domain Keys Identified Mail (DKIM). A critical point for DKIM and SPF is that an end-user receiving mail (and in some cases sending mail if the Mail Transfer Agent supports this) does not have to do anything for this to work, not even updating their email client. They can rely on their Mail Delivery Agent (MDA) to filter out spam and phishing emails, whether it be Yahoo mail, Gmail, or their own ISPs mail server. This is useful even if it only applies to email sent or hosted by just the current set of companies who have adopted DMARC. Ease of widespread implementation is an important feature. PGP has been available since 1991. I have used it since 1996, but is use is not widespread because too many people don't think it's worth the bother. PGP differs from DMARC in offering confidentiality, end-to-end integrity, authentication of both sender and receiver, and non-repudiation. DMARC is limited to verifying the senders IP address and the domain of the sender. This allows for filtering of a good percentage of spam or phishing emails. So, DMARC and PGP are different technologies with only some overlap in purpose. Both are useful.
On the post: TSA Decides Terrorists Must Be Driving; Partners With Tenn. Law Enforcement To Randomly Search Vehicles
abate vs abet
I suspect that the "inspection" is similar to what happens at checkpoints set up to catch drunk drivers. In California, at least, those drunk driving checkpoints have to be set up so that a driver can see them and choose an alternate route, one that does not go through the checkpoint and does not cause a long detour. I take advantage of that rule, not that I ever drive drunk. I would like to know if VIPR checkpoints would also have to be avoidable in California, and other states with similar DUI checkpoint rules, as this would render the search for terrorists more than pointless (or is it less than pointless?).
This is the second article referenced by Techdirt dealing with VIPR stops on highways. In both cases the source article does not give enough details to tell whether the cars are actually searched, people are actually searched, and if searches ever take place without the permission of the driver. The authorities are undoubtedly looking (hoping?) for probable cause to do such a search. This bothers me enough, but it is not the wholesale dumping of 4th amendment protections that actual random searches entails.
On the post: Is Destroying A Hard Drive On A Work Issued Computer The Equivalent Of Hacking Or Fraud?
Re: Regarding writing random bits to erase data
http://csrc.nist.gov/publications/nistpubs/800-88/NISTSP800-88_rev1.pdf
This has been true since about 2001 and is applicable to drives that are larger than 15GB. It's all about density. There are no longer multiple paths possible for read/write heads on hard drives. The critical question is whether all sectors are being overwritten. The only software that guarantees this does it by triggering the ATA secure erase command, a command embedded in all hard disk controllers which are always integrated within the hard disk.
On the post: Man Facing 75 Years In Jail For Recording The Police; Illinois Assistant AG Says No Right To Record Police
more details
This is a nice article summarizing the cases and putting things into perspective:
http://www.huffingtonpost.com/2011/06/08/chicago-district-attorney-recording-bad-cops_ n_872921.html
From this article:
"The ACLU of Illinois is also challenging the law. But in January, U.S. District Court Judge Suzanne B. Conlon ruled against the organization. Conlon wrote that the First Amendment does not protect citizens who record the police. The ACLU has appealed and expects to participate in oral arguments before the U.S. Court of Appeals for the 7th Circuit sometime in the fall."
"n a hearing last December, Cook County Assistant State Attorney Jeff Allen invoked homeland security, arguing that Drew's recording could have picked up police discussing anti-terrorism tactics. Drew's case was suspended after he was diagnosed with lung cancer earlier this year."
Article discusses both the Moore and Drew cases.
http://www.nytimes.com/2011/01/23/us/23cnceavesdropping.html?pagewanted=all
Article and video about Drew's case:
http://www.copblock.org/1927/is-illinois-taking-an-artist-to-trial-to-silence-an-outspoken-cr itic-or-you/
On the post: US Copyright Group, Hurt Locker Producers Sue Dead Man & Others Unlikely To Have Infringed
Re:
Spoofing IP:
The easiest way to spoof the IP in a P2P context can occur when the plaintiff uses the indirect detection method and simply queries the tracker as to what IPs are acting as peers. There is an option which allows specifying your IP address separately from the source IP address in the packet used to talk to the tracker. This allows someone to introduce any arbitrary IP address into the list of peer IPs kept by the tracker. Effectively, this means someone can frame you. Not all P2P software running on trackers is configured to allow this option. In fact, the, often cited, 2008 study done at the University of Washington indicated that only 5% of the BitTorrent trackers allowed this option. However, because of the existence of this option, plaintiffs should be restricted to using a direct method of detection for acquiring IPs to include in their lawsuits. The direct method monitors IPs address belonging to peers that are part of a swarm. This means that the IP address in question is actively involved in downloading/uploading the infringing content. It is still possible to spoof an IP address in this scenario but this is now much harder and not possible in the most typical situation. This typical situation is where you gain access to the internet with an account from an ISP. Here, you can spoof the source IP in any packet you send, but you will not be receiving packets with that IP address in the destination. Additionally, ISPs filter outgoing packets with source IPs not in the ISP's range.
Another possibility for spoofing is when the owner of the tracker falsely injects an IP address to act as a peer. This reinforces the idea that only direct detection method should be allowed. One where the plaintiff has to monitor the ongoing traffic involved in a swarm. Also, it should go without saying that the plaintiff should not control the tracker and, for other reasons, should not be the initial seed, or act as a seed, period.
My understanding is that courts aren't requiring the method of collecting IPs be detailed by the plaintiff. They should, even at the initial stage of filing a lawsuit.
Others using your IP address to infringe:
There are many different situations where multiple computers can use the same IP or multiple people can use the same computer. How can one tell who the infringing party is? The plaintiff should be required to collect information in addition to a source IP address that can help to identify the actual infringer. Information in the HTTP header can be used to fingerprint the computer involved. In my mind, this is still not conclusive evidence, but should be enough to initiate a lawsuit.
The crux of the problem is that these are civil suits, not criminal complaints. There has been no forensics done on the computer associated with the alleged IP address. It would be too expensive for the plaintiff to acquire enough convincing evidence to convict if they are going after hundreds or thousands of infringers. On the other hand it is also too expensive for a defendant to defend themselves and any option to settle rather than fight because of the expense leads to extortion.
On the post: US Copyright Group Lawsuits Based On Highly Questionable Evidence
Re: Re: Re:
On the post: US Copyright Group Lawsuits Based On Highly Questionable Evidence
Re: Re: Re:
On the post: Justice Department: To Protect Pharma Profits, We'll Just Take Money From Google
Re: I wish I could commit crimes, just give money back when caught and have idiots defend me
The solution for fake drugs and pharmacies that hide their illegal activity should not be on Google as their is a simple solution already in place. You can call a number to confirm the legitimacy of a pharmacy either in Canada or the U.S.. That should be a required step for anyone to buy drugs on-line. Even if you don't have a prescription you would be crazy not to make sure your source was reliable.
On the post: Justice Department: To Protect Pharma Profits, We'll Just Take Money From Google
Re: Re:
http://www.theregister.co.uk/2011/05/21/google_was_repeatedly_warned_over_illegal_drug_ads/
I am not saying I agree with U.S. law which bans ordering legitimate drugs from Canada, even with a prescription. I don't! Google was clearly aware and taking a risk in continuing to accept ads. Were they being altruistic in enabling U.S. citizens to easily find cheaper alternatives to buying expensive prescription drugs in the U.S. or were they being greedy, gambling that the U.S. would not initiate a case while they were making lots of money from Adwords from Canadian pharmacies?
On the post: Justice Department: To Protect Pharma Profits, We'll Just Take Money From Google
This is not my understanding from reading the NYT article.
http://bits.blogs.nytimes.com/2011/08/24/google-reaches-500-million-settlement-with-gove rnment/
"Since 2010, after Google became aware of the investigation, it has required that all Canadian online pharmacy advertisers be certified by the Canadian International Pharmacy Association and has specified that they can advertise only to Canadian customers."
and from an earlier NYT article:
http://www.nytimes.com/2011/05/14/technology/14google.html
"Until early 2010, Google required that all online pharmacies be verified by PharmacyChecker.com, which says it checks the credentials of online pharmacies. But many of the rogue pharmacies that advertised on Google during that period never applied to PharmacyChecker.com, according to Gabriel Levitt, vice president of the verification site."
My impression from this is that Google is being penalized for allowing such ads before February 2010 and that they were rather lax about checking. What surprises me the most is that Google doesn't appear to be fighting this judgement, in particular the high amount, very hard. $500 million is not chump change even for them. Instead, they seem to be trying to minimize publicity about it
Please don't read into my comment any support for the administration's pursuit of this case. I am just pointing out that Google was not exercising due diligence in accepting ads before February 2010.
Next >>