Forgot your password?
typodupeerror
United States Your Rights Online

How The DMCA Is Enforced 552

Posted by timothy
from the brass-tacks dept.
Hank Scorpio writes "Bob Cringley's latest column talks about a company, BayTSP, that performs most of the enforcement of the DMCA on the Internet. This is the company that collects data about who is sharing music or movies online, and this is the company to go after when you get busted! They claim to "go to the same places any user could go, look at the same files anyone else could look at, and we only probe the ports on your computer that you have made public." Interesting."
This discussion has been archived. No new comments can be posted.

How The DMCA Is Enforced

Comments Filter:
  • by oval_pants (602266) on Thursday September 19, 2002 @04:08PM (#4292096)
    1.) Post company website link on Slashdot.
    Step 1 complete.

    Excellent
  • mirror (Score:2, Informative)

    by natefanaro (304646)
    here ya go, straight from google: http://216.239.51.100/search?q=cache:eTm4KN-KJxgC: www.baytsp.com/+&hl=en&ie=UTF-8
  • by Phosphor3k (542747) on Thursday September 19, 2002 @04:11PM (#4292126)
    and we only probe the ports on your computer that you have made public
    This is illegal, at least in Maryland. Article 27, Sections 45A and 146 of the Annotated Code of Maryland prohibit "illegal access and the unauthorized manipulation of data using computer resources". Thus, in order for this to be legal, I'd have to give them permission first.
    • by SirSlud (67381) on Thursday September 19, 2002 @04:15PM (#4292170) Homepage
      So it's illegal to probe the HTTP port on computers in Maryland with robots because you didn't get permission from the guy who admins the web site?

      Isn't a public port part and parcel with permission to access said port?
      • by DrSkwid (118965) on Thursday September 19, 2002 @05:23PM (#4292796) Homepage Journal

        In the UK it has to be shown that the person making the attempts to connect had knowledge that their attempt was unauthorised.

        Computer Misuse Act 1990 [hmso.gov.uk]

        1.--(1) A person is guilty of an offence if--

        (a) he causes a computer to perform any function with intent to secure access to any program or data held in any computer;

        (b) the access he intends to secure is unauthorised; and

        (c) he knows at the time when he causes the computer to perform the function that that is the case.

        (2) The intent a person has to have to commit an offence under this section need not be directed at--

        (a) any particular program or data;

        (b) a program or data of any particular kind; or

        (c) a program or data held in any particular computer.

        (3) A person guilty of an offence under this section shall be liable on summary conviction to imprisonment for a term not exceeding six months or to a fine not exceeding level 5 on the standard scale or to both.
      • Isn't a public port part and parcel with permission to access said port?

        I postulate that this post probably prevents precise pronunciation due to the poster's propensity to push the "p" key.
      • Isn't a public port part and parcel with permission to access said port?

        No no no no no no no no no no no no no!!!!!

        Just because a port is listening on a machine doesn't mean it's "public" anymore than me bending over in the shower in the locker room is an invitation for you to insert your junk into my anus.
  • by GigsVT (208848) on Thursday September 19, 2002 @04:13PM (#4292150) Journal
    "and when the abductors are caught and you look on their home computers, you inevitably find kiddy porn. So it is a precursor to this bad behavior, and just as the Internet makes it easy to distribute child pornography, it effectively encourages these criminals. We are working to end that."

    Hmmm, So we go after people for crimes they have yet to commit, is what he is arguing. Someone should make a movie about that.

    Ishikawa, the FBI thinks terrorists are sharing information by hiding it in images posted on eBay using a process called steganography.

    What a penis. I guess he doesn't keep up on research.

    If you look at Mark Ishikawa's business card, you'll notice that it lists no street address for his company, BayTSP, just [...] a post office box in Los Gatos, CA, but could really be anywhere in the Bay Area.

    Or it could be located here: BayTsp (BAYTSP-DOM) 3150 almaden Expressway #234 San Jose CA,95118 US

    Just publicly available information, Right Ishikawa?
    • Re:Where do I start? (Score:2, Informative)

      by LordNimon (85072)
      Here [mapquest.com] is a satellite picture. Now we really know where he works!

      (You'll need an AOL/Netscape "screen name" in order to view the image)

    • by wowbagger (69688) on Thursday September 19, 2002 @04:35PM (#4292391) Homepage Journal
      and when the abductors are caught and you look on their home computers, you inevitably find kiddy porn. So it is a precursor to this bad behavior....


      Logic error (as others have pointed out). Allow me to demonstrate:

      and when the abductors are caught and you look in their homes, you inevitably find air. So air is a precursor to this bad behavior....


      Correlation is not causation.

      However, that said I think people who ar turned on by kiddie porn have a problem, and people who DISTRIBUTE kiddie porn are criminals.

      But let us not go down the slippery slope of incorrectly reasoning to justify our actions, 'mkay?
      • However, that said I think people who ar turned on by kiddie porn have a problem, and people who DISTRIBUTE kiddie porn are criminals.

        You seem to be having trouble typing, both hands are on the keyboard, right? :)

    • by phorm (591458)
      Hmmm, So we go after people for crimes they have yet to commit, is what he is arguing. Someone should make a movie about that

      >Hmmm, So we go after people for crimes they have yet to commit
      Collecting Kiddy Porn is illegal in most states though, so there's still a crime.

      Can't somebody just embed a virus in an image that mails the personal info of these perverts to the FBI or something? - phorm
      • Re:Where do I start? (Score:2, Interesting)

        by umask077 (122989)
        > Can't somebody just embed a virus in an image that mails the personal info of these perverts to the FBI or something? - phorm

        In an image no. Viruses imbedded in images are pretty pictures. I think I can find a picture of ebola for you. Good news. The picture wont make you sick.

        In an mpeg file however is another story. You can force someone to automaticly load a website from an mpeg file. Easy way for the feds to log whos looking at the kiddie porn. This is not a virus but part of the mpeg standard so not illegal.

        Also it was a while ago but there was a virus released that was imbedded in in a "kiddie porn" executable which sent personal information from the machine infected to, and dont quote me on this, scottland yard, it was to the brits im pretty sure at any rate. Because it infected the machine with a virus that collected data and sent it out it didnt make any friends with the cops it informed either and the virus scanners scan for it.

        I used to work for a large usenet provider. One day they decided to shut down the known kiddie porn newsgroups which I cant argue with. Beyond being deplorable if you know about it and dont do anything about it you lose your common carrier status protections. for the next few weeks we would get calls about how "I cant access one of the newsgroups I used to read". We'd eventually get out of them which newsgroup and which point they would happily give us there username and there address for verification. This was popular with the feds. Morons.

        Ok, all humor aside this Mike fellows a major dick IMHO. He doesnt agree with the law but he'll make a quick buck off it. Sounds like he and the law get along splendly. He gets lots of death threats? Thats the problem with todays kids, no follow through.

        If he doesnt agree with the law thats fine. But to say you dont agree with it and then act on its behalf makes your an immoral sellout.
  • huh? (Score:2, Informative)

    by Anonymous Coward
    how do they know which ports on my computer i've made public? what if i'm infected with a worm which uses the gnotella port to form a p2p network? what if i've been sub-7'd? what about all the people who've had net access denied just for running tools like nmap?

    it'd be fun to dig up their netblock from ARIN and create snort rules to look for sweeps on their part, then publish them.

    OrgName: BayTSP.Com
    OrgID: BAYTSP

    ASNumber: 14478
    ASName: BAYTSP
    ASHandle: AS14478
    Comment:
    RegDate: 1999-12-20
    Updated: 1999-12-20

    TechHandle: MI70-ARIN
    TechName: Ishikawa, Mark
    TechPhone: +1-408-399-0600
    TechEmail: marki@baytsp.com


    interestingly, their netblock isn't easily available, and their website is externally hosted at sonic.net. anyone got some better clues on where these guys are attacking from?

    PATCRP
    • Re:huh? (Score:2, Interesting)

      by EZmagz (538905)
      From the parent: what about all the people who've had net access denied just for running tools like nmap?

      I've gotten into trouble for this. The first thing I did when I hooked up with RoadRunner was nmap people on my subnet, just out of curiousity, to see what kind of computers people were running. My intention was never to break into someone's box, mind you. Just to see if people were running webservers, etc.

      Is this illegal? In some places. Is this unethical? Some would say "yes", although I say "no". Is this against RR's TOS? As I found out, undeniably yes. So I can't nmap people. I still get scanned hourly by Nimda, Code Red, SubSeven, and every other worm/virus under the sun, and it's always by the same people. Yet they haven't been threated to have their plug pulled...go figure.

      So if I get in trouble for seeing what's "publicly available" (e.g., if a webserver's running), why can this fucking company do it without fear of consequence? Because they have a lame m.o. to hide behind? Because it's their "job" to check up on me?

      All I can say is it's actually a GOOD THING in a sense that there's so many ignorant users out there today. If the internet was like how it was back in the BBS days (or even pre-AOL), everytime someone got scanned by these assholes retribution would be interesting, to say the least.

  • by Bonker (243350)
    BayTSP's website IP address is 209.204.138.224

    Assuming they have a class C netblock, this means you can block 209.204.138.* and eliminate most probing from them.

    Anyone else know of any other netblocks or IPs that belong to them?

    • by faster (21765) on Thursday September 19, 2002 @04:20PM (#4292228)
      this means you can block 209.204.138.* and eliminate most probing from them

      Um, no.

      Their web site is hosted by sonic.net. Blocking that only means their web server can't probe your systems.

      I'd bet they're using a variety of cable modems and DSL connections with dynamic IPs to do the probing.
    • Surely, they're smart enough to do most of their searching from other IP addresses, right?

      This may be their business address, but no self-respecting enforcement company is gonna do all their searching and spying from their business IP.

      In fact, I'd wager you'd have better luck blocking *all* of AOL, Verizon -- and any other big ISP you can name.

      I suspect they, too, tend to overthink their anonymous abilities and probably figure that they can blend in much easier if they get some big-name ISP account (maybe even off-shore) and hit you with what looks like just another script-kiddie attack from just-another big-name ISP IP block. They're probably right in doing it this way, but I bet they leave some pretty tell-tale signs that -- once folks figure it out -- will make them easier to block.

      Of course, I might be wrong. Maybe the anonymity sniffers are really closer to 'anonymous' than the people who think they're surfing anonymously.

      Maybe this outfit does indeed have some kickass, wicked spycraft that they're pulling.
    • Um that netblock belongs to Sonic.net and looking at their rdns, they appear to be ADSL-addresses.
  • by JDAustin (468180) on Thursday September 19, 2002 @04:13PM (#4292156)
    If you look at Mark Ishikawa's business card, you'll notice that it lists no street address for his company, BayTSP, just a post office box. This is for good reason, since Ishikawa is one of the few Silicon Valley CEOs who regularly receives death threats. Uninvited visitors are not welcome at BayTSP, which has a post office box in Los Gatos, CA, but could really be anywhere in the Bay Area.

    I certainly have no idea where the company lives, but I know why Ishikawa has so many enemies. It is because BayTSP acts as the primary enforcer for the Digital Millennium Copyright Act (DMCA), a law that is widely reviled in the technical community.

    The DMCA, which was put in effect in 2000, was an attempt by the U.S. Government to bring copyright law into the cyber age. But many people -- including, oddly, Mark Ishikawa -- think the DMCA goes too far by making it illegal for me to even tell you how to circumvent encryption or copy protection technologies. It makes the very passing of knowledge against the law whether or not that knowledge is ever used.

    "It's a very flawed piece of legislation," says Ishikawa, who predicts that the government will rewrite the copyright law again "in eight or nine years" to correct the mistakes in the DMCA. But until then, the DMCA is the law of the land, and Mark Ishikawa is the Internet's top cop.

    BayTSP is paid anywhere from $200 to $50,000 per month by owners of intellectual property -- primarily software companies, movie studios, and record companies -- to find who is illegally copying, distributing, or helping to distribute without permission their intellectual property. For example: Adobe Systems arranged to have Russian programmer Dmitry Sklyarov arrested at the 2001 DefCon security conference in Las Vegas for violating the DMCA by showing how to circumvent copy protection in Adobe's eBook software. The arrest was made on information supplied by BayTSP.

    Now I am not in any way a fan of the DMCA. The purpose of this column this week is not to examine the DMCA, but rather, to gain some understanding of how it is enforced. BayTSP is an interesting company, and coming to understand how it does what it does can be very useful as you will shortly see. So please don't write to me complaining about the DMCA. Write to your Congressional representatives.

    Mark Ishikawa came to the data security business from the Dark Side, having been busted years ago for breaking into the network at the Lawrence Livermore National Laboratory. Preferring employment to jail time, he became a security consultant for the Lab and a lot of other places. Eventually, Ishikawa started a large ISP and web hosting company that he sold at a profit. Now he runs BayTSP.

    BayTSP's business falls into two areas -- law enforcement and anti-piracy -- and it uses the same tools for both businesses. These tools are spider programs that scour the most traveled parts of the Internet looking for users who are offering to others files that are either illegal to even own or at least illegal to share. An example of the former is child pornography. BayTSP tracks for the FBI the global carriage of kiddy porn. When a big child pornography bust takes place, it is generally on the basis of evidence gathered by BayTSP.

    "There seems to be an increase in child abductions and murders in the U.S.," says Ishikawa, "and when the abductors are caught and you look on their home computers, you inevitably find kiddy porn. So it is a precursor to this bad behavior, and just as the Internet makes it easy to distribute child pornography, it effectively encourages these criminals. We are working to end that."

    BayTSP's spider programs use patented algorithms to scour public web sites looking for pictures, video, and music files. "Our algorithms are adaptive," claims Ishikawa. "You can cut a picture in half and we'll still find it, matching the cut-down version against a database of originals, effectively matching the electronic DNA of the target."

    One thing BayTSP's spider programs don't do is sit at the Internet peering points sniffing all packets as they go by. "That would be wiretapping, which is illegal," he says. "All we do is go to the same places any user could go, look at the same files anyone else could look at, and we only probe the ports on your computer that you have made public."

    Now we get to the part I find especially interesting, and where I think there is a lot of confusion among users. This has to do with how BayTSP finds out who is distributing kiddy porn or pirated music files. If you think your activities on the Internet are anonymous, you are wrong. When BayTSP finds an IP address that appears to be the source of child pornography or pirated music or video files, under the DMCA, it can subpoena ISP logs. These logs can directly connect even dynamic IP addresses to user accounts, making it clear very quickly who owns the offending account. Every ISP keeps these http logs, and even products for so-called anonymous surfing aren't effective in circumventing the technique.

    "We have 100 percent coverage of peer-to-peer file sharing," Ishikawa claims. "If you are illegally sharing copyrighted materials, we know who you are."

    Then why aren't there more arrests? In part, this is because the intellectual property holder who is paying BayTSP gets to set its own comfort threshold for exactly how much file sharing is too much, and how BayTSP should deal with offenders. "Adobe only wants to send out cease and desist orders, while some movie studios want to put people in jail," Ishikawa says. "There are people on the Net offering 50,000 to 60,000 files at a time for sharing. These people will get busted for sure."

    For lesser offenders, under the DMCA an intellectual property holder can make your ISP remove the offending content from its servers. So while you may not go to jail, you might find that your Gnutella songs are no longer available. Repeat offenders lose their accounts completely. One issue is how quickly ISPs remove the offending material. "Sony wants it gone in an hour, but Uunet takes two weeks," says Ishikawa.

    According to Ishikawa, we'll see major arrests in October of people who have been illegally (and flagrantly) sharing movies. With the evidence already gathered, the game is afoot, meaning this week is too late to stop sharing those movies and expect to get away with it. This might be a good time to get a lawyer.

    Not even Osama bin Laden can escape the gaze of BayTSP. According to Ishikawa, the FBI thinks terrorists are sharing information by hiding it in images posted on eBay using a process called steganography. Doesn't that sound a little too sophisticated for al-Qaida? Can that picture of a dented Ford F-150 pickup with a For Sale sign really be saying, "Bomb the infidel Cringely's house?" Maybe, maybe not.

    "The FBI has us looking for certain specific things," says Ishikawa, "but we haven't found anything yet."
  • by Tranvisor (250175) on Thursday September 19, 2002 @04:14PM (#4292165) Homepage
    "All we do is go to the same places any user could go, look at the same files anyone else could look at, and we only probe the ports on your computer that you have made public."

    What exactly do they mean by probe? By that do they mean they illegally try to gain access to my computer? Violate my privacy? So if I have a ftp server up and running do they start trying to guess the passwords and logins?

    Last time I checked port scans were being treated as illegal by certain large companies. Are they doing this to us as well?
    • Private Company doing work for Police.

      Some Judges really don't like this behavior on the part of the Police since it may/may not be unconstitutional from the Due Process angle.

      There is also starting to be a backlash against those Red Light Cameras for the same reason.

      I'll be this company also gets a cut when there is a procescution, like how the Camera makers get most of the fine.
      • This is an exceptionally good point. This is really no different than a neighborhood watch program hiring a cat burglar to break into peoples homes to look for drugs, then turning the information over to the police in an effort to keep the neighborhood clean.

        The police can not use evidence collected in a way that is illegal, and if the police can't search your hard drive for kiddie porn or copyright infringements without a warrant, he shouldn't be able to either. Any evidence collected this way should not legally be admissable in court.

        If you're one of the people who should be worried about being arrested next month, keep that in mind. :-)
  • by jweb (520801) <jweb68@hotmai[ ]om ['l.c' in gap]> on Thursday September 19, 2002 @04:17PM (#4292194)
    So let me get this straight.... a PRIVATE (non-govmt) company is basically doing the dirty work for the FBI and *AA's?

    Shouldn't investigating and collecting evidence for criminal cases (which is what their doing, the DMCA is the law of the land whether we like it or not) be the responsibility of a government law enforcement agency?
  • We should have a story about them every day!

    I wonder if they have any job openings. Evil is fun.

  • Made Public? (Score:2, Interesting)

    by ACNeal (595975)
    How do they know what I have made public before they probe them?

    The federal law says that they have to cause damage via unauthorized, or under-authorized access, or intend to cause damage to be guilty of federal computer fraud crimes.

    My question is, does intending to make me spend money defending myself constitute intending to cause damage?
    • My question is, does intending to make me spend money defending myself constitute intending to cause damage?

      Yes and no. (IANAL)

      If they don't have even the barest inklings of a case, and file a suit anyway that they know they're going to lose, then probably yes.

      If they do have even the slightest inkling that there's something untoward about you, and believe that you have probably committeed a tort against them (or a crime), then defending yourself is just part and parcel of how life works.
      • If they don't have even the barest inklings of a case, and file a suit anyway that they know they're going to lose, then probably yes.

        IANAL:
        Yes, that's an actionable cause. It's called Barratry [xrefer.com] in the past, now I think they use Harrisment by Process, or maybe "Corporate Attack Dog".

  • by futuresheep (531366) on Thursday September 19, 2002 @04:20PM (#4292231) Journal
    BayTsp (BAYTSP-DOM)
    3150 almaden Expressway #234
    San Jose
    CA,95118
    US

    Domain Name: BAYTSP.COM

    Administrative Contact, Technical Contact:
    Ishikawa, Mark M (MI70) marki@BAYTSP.COM
    Ishikawa,Mark
    PO Box 1314
    Los Gatos, CA 95031-1314
    US
    408-399-0600 408-979-7969

    Record expires on 11-Jun-2004.
    Record created on 11-Jun-1999.
    Database last updated on 19-Sep-2002 16:19:51 EDT.
    • Let's see ... what do we know about Mark from publicly available sources. He's 37. He has an unlisted phone number (no surprise). He has another business phone of 408-979-7900. He knows a little about sqlserver, but is hardly a guru. Used to be CEO of the now defunct valuserve ISP in the bay area. May or may not have taken glider lessons a few years ago.

      anyone else?
      • Re:Hi Mark (Score:5, Informative)

        by Anonymous Coward on Thursday September 19, 2002 @07:20PM (#4293607)
        Right, well, he frequently used to post on YNOT News - an adult webmaster information board. [ynotmasters.com]

        Doesn't mean he was one, of course. He definitely used to be 'chief operating officer' of Infonent.com, Inc. His current fax is (408)979-7969... and an example of his current work is here [216.239.51.100].

        Of course, he also gets mentioned in Sex Tracker [sextracker.com] press releases. He claims to be an 'anti-porn advocate' [dailyreviewonline.com], which is interesting, given the work he does protecting the valuable intellectual property of Cinnamonbunz, 'the largest collection of sexy, erotic models!' and Suze Randall the erotic photographer.

        I wondered if this [lycos.com]had anything to do with him (if it does, he's got some nerve 'I hope you don't mind me taking a graphic from your homepage!') particularly given the reference to driving [toyotaatlantic.com] and the Skyline Blvd. address again. He works for an erotic photographer [ainews.com], amongst others.

        Let's see what else; if that is him, he has a web page on AOL of all places [aol.com]
        . Plugging that new information into Google we also get maki177@aol.com as a potential address; if you search Google for maki177, you discover 'makiboy' is an alias apparently used by whichever Mark Ishikawa this one is, and taking this chain of improbability to its logical conclusion we discover makiboy@hotmail.com, NYC Jock/Ballet Sissy [sexboards.com], and, last but not least, In Search Of... Men Seeking Men. [vwh.net] The last includes the interesting blurb, "would like to hear from or meet other trim, athletic guys, 18 - 30s, who enjoy footed nylon or lycra tights. Shiny lycra is best, but nylon is okay too, as long as the tights are footed."

        Oh, and he lies to his ballet-loving pals about his age :-)

        Hey, makiboy, it's all publicly available information. Now you see why people don't go snooping - they might come to the wrong conclusion - if this is wrong?

        Answers on a postcard please to:

        "We lurve those tights!",
        19020 Skyline Blvd.
        Los Gatos, CA 95033

        The small print: Half of this information is speculative, uncertain, and totally devoid of context. Don't think of it as fact. But it's a similar style to the information he'll use to report you to the cops - therefore, I would consider it to be poetic justice of a sort.
    • As of July 9th, that space was available for rent:
      • For Rent

        3150 Almaden Expressway, Suite 234
        San Jose, CA
        Office, 4,537 square feet
        $1.95 FS
        6 privates, 2 conference room, kitchen, open area, divisible

        1,882-2,655 sq. ft., monument sign, PLUG N PLAY
        Avail. Now [borelli-inv.com]

    • by Anonymous Coward on Thursday September 19, 2002 @05:50PM (#4293011)
      The following is public information culled from
      public websites :

      Public information - Mark Ishikawa

      http://www.toyotaatlantic.com/Team.asp?ID=43 - toyota racing team same cell #
      Ishikawa, Mark M (MI70) marki@BAYTSP.COM
      Ishikawa,Mark PO Box 1314
      Los Gatos, CA 95031-1314
      US 408-399-0600 408-979-7969

      BaySpider BayTSP.com
      Contact: Mark Ishikawa (CEO)
      3150 Almaden Expressway #234
      San Jose, CA 95118 USA
      Phone: +1(408)979-7900
      Fax: +1(408)979-7969
      E-mail: sales@baytsp.com
      World Wide Web: http://www.baytsp.com/

      BayTSP.com Intellectual property protection: About BayTSP: Contact Us
      15466 Los Gatos Blvd. Suite 109-368 Front Desk Fax Toll Free 1.877.9BAYTSP
      Information Career Opportunities Investment Opportunities Sales Information Your
      Thoughts spiderbites@baytsp.com

      Phone # listing for Ihsikawa in CA
      Results:
      MARK M ISHIKAWA
      LOS GATOS CA 95030
      (408) 399-4361
      Results:
      MARK M ISHIKAWA
      LOS GATOS CA 95030
      (408) 399-4391
      Results:
      MARK M ISHIKAWA
      LOS GATOS CA 95030
      (408) 399-4571

      http://www.clerkrecordersearch.org/

      16346860 07/08/2002 1 RELEASE LIEN ISHIKAWA, MARK M (E) COUNTY OF SANTA CLARA TAX COLLECTOR (R)
      16147701 03/08/2002 1 CERT AMOUNT DUE ISHIKAWA, MARK M (R) STATE OF CALIFORNIA FRANCHISE TAX BOARD (E)
      16088662 02/01/2002 1 CERT AMT DUE ISHIKAWA, MARK M (R) COUNTY OF SANTA CLARA TAX COLLECTOR (E)
      16088661 02/01/2002 1 CERT AMT DUE ISHIKAWA, MARK M (R) COUNTY OF SANTA CLARA TAX COLLECTOR (E)
      15957939 11/13/2001 8 DEED OF TRUST & ASSIGN RENT ISHIKAWA, MARK M (R)
      HOUSEHOLD FINANCE CORP CA (E)
      14624059 01/28/1999 1 RELEASE LIEN ISHIKAWA, MARK M (E) FRANCHISE TAX BOARD (R)
      14595929 01/13/1999 1 REQUEST FOR NOTICE DEFAULT ISHIKAWA, MARK M (R)
      BARRETT, JOHN C (R)
      14595928 01/13/1999 1 RELS TAX LIEN ISHIKAWA, MARK M (E) UNITED STATES (R)
      14595927 01/13/1999 1 RELS TAX LIEN ISHIKAWA, MARK M (E) UNITED STATES (R)
      14595926 01/13/1999 4 DEED OF TRUST & ASSIGN RENT ISHIKAWA, MARK M (R)
      BARRETT, JOHN C (E)

      A possible alternate email address for
      Mr Ishikawa.
      Mark Ishikawa
      Los Gatos, US
      marki@valuserve.com

      Now I am not saying The above are all the same
      Mark Ishikawa, but at least some mark ishikawa lives in santa clara county and seems to not pay his taxes.....

      Oh where, oh where has my privacy gone???

  • by AtariDatacenter (31657) on Thursday September 19, 2002 @04:20PM (#4292232)
    > ...we only probe the ports on your computer that you have made public...

    A number of people have pointed this out. However, if this was a valid legal/ethical statement, then that would be the perfect justification for any electronic crime. A hacker says, "I wasn't doing anything illegal! I was only probing the ports that they made public!"

    I like the argument in a way. It says, "Hey, I didn't go beyond my authorization to do this. Their site already had the authorization wide open for me to do this!" On the other hand, it can be used to justify anything.
    • 'However, if this was a valid legal/ethical statement, then that would be the perfect justification for any electronic crime. A hacker says, "I wasn't doing anything illegal! I was only probing the ports that they made public!"'

      The differenc being that when one leaves a port opened unintentionally they are not explicetely or implicitely inviting in unwanted "guests".

      By using Napster, Gnutella or a slew of other P2P apps which open ports on your computer for sharing files, you are explicitely inviting guests, wheher wanted (other P2P file sharers) or unwanted (BayTSP spiders, FBI). You have knowingly opened ports on your system and allowed files to be shared. Even if you don't understand how P2P applications and networks actually work you aren't shielded from the responsibilities of having the files available to be illegally copied.
    • by KFury (19522) on Thursday September 19, 2002 @07:04PM (#4293503) Homepage
      The problem, unlike what you probably expected after my trolling subject, is that just because someone left a port open and had DCMA-relevant content behind it, doesn't mean they broke the law.

      If my mom flips a switch on OS X to allow personal web sharing, and doesn't understand that this means someone can traverse her iTunes library, then just because some guy can exploit that security breach doesn't mean that she violated the DCMA any more than someone who forgot their purse on a bench, and someone photocopied the book they found inside.
  • What a numbnut (Score:2, Insightful)

    by Anonymous Coward

    "Mark Ishikawa came to the data security business from the Dark Side"

    Came from the Dark Side? Sold out to it more like

    "So it is a precursor to this bad behavior"

    So, by this logic, is owning a computer.
  • Thought we had a right to be considered innocent till proven guilty and a right to not be subjected to unreasonable search and seizures? Guess the DMCA somehow retracted important parts of the Constitution.

    They read sites to check for possible coded messages. They scan computers for useful info and turn it over to corporations for suits and to law enforcement for arrest. Would have thought for sure to get those kinds of searches you'd need a warrant.

    Oddly enough, on a related note, many of the tickets from the cameras at intersections have been thrown out because the systems were overseen/administered by private companies. Wouldn't this same tactic work against most legal actions based on info from BayTSP?
    • Thought we had a right to be considered innocent till proven guilty and a right to not be subjected to unreasonable search and seizures?

      IANAL, but I'm guessing it's some kind of open door principle - e.g., that the police can arrest you if they can see a dead body in your house through an open door. If you're file sharing, you are by definition inviting people to examine the files you're sharing, and so don't have much right to say "but I didn't mean for BayTSP to see what files I was sharing, only everyone else on the planet."

      Anybody who is a lawyer, please feel free to correct if I'm mistaken.

    • If you post something -- anything -- on a publicly accessible server, it's public, fair game, and not private. No one needs to probe you PC to get at it. Put copies of Sony's finest CD's on a file-sharing network that you can get to via a URL? That's just as l public as opening a store called "I Sell Stolen CD's".
  • by Java Pimp (98454) <java_pimp@NOspam.yahoo.com> on Thursday September 19, 2002 @04:22PM (#4292250) Homepage
    "Our algorithms are adaptive," claims Ishikawa. "You can cut a picture in half and we'll still find it, matching the cut-down version against a database of originals, effectively matching the electronic DNA of the target."

    Shouldn't they be getting in trouble themselves for either 1, downloading kiddie pr0n, or 2, compairing the images to a database collection of kiddie pr0n the've collected over the years?

    I know, they are doing it for the greater good and are not redistributing kiddie pr0n but it still sounds funny...
  • by -=OmegaMan=- (151970) on Thursday September 19, 2002 @04:24PM (#4292273)
    The big boy is MediaForce [mediaforce.com] lead by the ever-pleasant Mark "The Tool" Weaver. Their complaint level dwarfs BayTSP's. Their complaint accuracy level, though, leaves much to be desired.
  • "The FBI has us looking for certain specific things," says Ishikawa, "but we haven't found anything yet."

    Bet ya, they're looking for Jimmy Hoffa.
  • To think that for once I am actually HAPPY about a site being slashdotted!

  • how to block baytsp (Score:5, Informative)

    by reflector (62643) on Thursday September 19, 2002 @04:31PM (#4292345)
    run shareaza (gnutella) and install the shareaza security update, get the magnet: link here:
    http://bitzi.com/lookup/ZYNHYUHEI3VQHUJTTT5 UOZZMUZ 7ADXKA.B3GVXM74XKME5FPIREMVW3YKTW42JSN6FYQO2HI

    or, if you want to do this yourself, here's the info:
    209.204.130.0 netmask 255.255.132.0 (baytsp)
    209.122.130.0 netmask 255.255.255.0 (baytsp)

    the first block (209.204)seems to be the one they're using, my security manager shows 58 hits
    there with none on the second block.

    • Would it be possible to redirect bayTSP to a different directory rather than blocking them? It seems to me that by blocking, you are just initiating a battle of blocking/moving to different ip address space and/or advanced techniques of getting past the block. If you can fool bayTSP with a trojan directory, it will return no copyright infringement here rather than blocked from access. This could slow down the implementation of counter-measures that are sure to happen.
      • the way shareaza is currently implemented, there are
        2 security options, accept connexion or deny connexion.

        they don't necessarily know that they are being blocked,
        however. on gnutella, many clients don't have the option
        of letting you browse a host's files like you can on kazaa.
        even the clients that do let you do this (like shareaza),
        it's configurable, so the user might simply have allow
        host browsing turned off.

  • When BayTSP finds an IP address that appears to be the source of child pornography or pirated music or video files, under the DMCA, it can subpoena ISP logs. These logs can directly connect even dynamic IP addresses to user accounts, making it clear very quickly who owns the offending account. Every ISP keeps these http logs, and even products for so-called anonymous surfing aren't effective in circumventing the technique.

    "We have 100 percent coverage of peer-to-peer file sharing," Ishikawa claims. "If you are illegally sharing copyrighted materials, we know who you are."


    I still don't understand how ISPs log P2P file sharing... that's usually not taking place over port 80. Do they log every packet? Probably not (although if so, it'd be fun to generate a lot of bogus packets with your extra bandwidth).
    • Presumably homeslice at BayTSP is able to get IP addresses and times from monitoring his Kazaa traffic. He then presents this data to Earthlink with a subpoena. Meanwhile Earthlink logs every subscriber with their dynamic IP and time, so they can match IP addresses to actual people. If there's any justice in the world, Earthlink tells homeslice "screw you" when he comes with the subpoena.
  • "Our algorithms are adaptive," claims Ishikawa. "You can cut a picture in half and we'll still find it, matching the cut-down version against a database of originals, effectively matching the electronic DNA of the target."

    It sounds like Ishikawa is trying to circumvent encryption by piecing a message back together into its original form against the wishes of the orginal owner and storing originals without persmission from the owner.

    And what is this guy doing with this massive database of kiddie pr0n? Protecting the public? Yea, that's the ticket. Not buying any used keyboards from this guy. Yeech!

  • by vrmlguy (120854) <samwyse.gmail@com> on Thursday September 19, 2002 @04:54PM (#4292542) Homepage Journal
    There's already a hue and cry over the words, "we only probe the ports on your computer that you have made public". Note that he doesn't say how the ports are scanned. BayTSP could easily be using a windoze macro-bot to run, say WinMX, looking for all files containing the letter "a", then capturing the results. Repeat for other letters and digits. Then repeat for IRC clients, etc.
  • "The FBI has us looking for certain specific things,"[terrorist steganography] says Ishikawa, "but we haven't found anything yet."

    Gosh, maybe that's because they aren't there?

    This one landlady we had when I was a kid told my Mom, "every time I bring groceries home, I turn the bags upside down over the sink and shake them to get the roaches out, and we've never had roaches!"

    My Mom said "have you ever found a roach in a grocery bag?"

    And the landlady said "No."

    Deep wisdom there.
  • Only a few years ago (Score:5, Interesting)

    by killmenow (184444) on Thursday September 19, 2002 @05:03PM (#4292610)
    Gee, only a few years ago, it looks like Mr. Ishikawa was hosting some porn sites and contributing to the spam problem...

    Received: from out2.ibm.net [165.87.194.229] by in7.ibm.net id 935310503.141204-1 ; Sun, 22 Aug 1999 08:28:23 +0000
    Received: from slip202-135-81-145.bg.th.ibm.net (slip202-135-81-145.bg.th.ibm.net [202.135.81.145]) by out2.ibm.net (8.8.5/8.6.9) with SMTP id IAA12758; Sun, 22 Aug 1999 08:28:16 GMT
    Message-Id: <199908220828.IAA12758@out2.ibm.net>
    From: (victim)
    To: "marki@SBUSINESS.NET" <marki@SBUSINESS.NET>
    Date: Sun, 22 Aug 99 15:28:12 +0700
    Subject: You provide connectivity to criminal marketing fraud

    TO: Mark Ishikawa, Coordinator, SuperBusiness

    Dear Mark,

    According to traceroute below, you provide connectivity to web1000.com, which operates a system of pornographic internet marketing frauds criminalized under the recent Virginia statute on UCE. They even advertise their webhosting service on the same webpage with the pornography. (I have record copies with me for future use.)

    You are now on notice that you are a witting accomplice to web1000's criminal actions.

    Please shut off connectivity to this fraud. If you continue to provide connectivity, the Virginia Attorney General can have your California corporate registration revoked for operating contrary to your charter (which is to conduct only legal businesses).

    Kind regards,

    (victim's signature block)

    C:\>tracerte 216.49.10.14
    0 bang1br1-tok1.ba.th.ibm.net (152.158.213.46) 187 ms 157 ms 187 ms
    1 bang1br1-tok1.ba.th.ibm.net (152.158.213.46) 156 ms 157 ms 218 ms
    2 sydn1br1.nz.ibm.net (152.158.248.2) 375 ms 313 ms 312 ms
    3 lang1sr1-2-0-1.ca.us.ibm.net (165.87.224.14) 594 ms 500 ms 468 ms
    4 lang1br2-ge-6-0-0-0.ca.us.ibm.net (165.87.32.181) 594 ms 468 ms 469 ms
    5 sfra1br1-so-0-1-2-0.ca.us.ibm.net (165.87.232.41) 531 ms 500 ms 875 ms
    6 sfra1sr2-5-0-0.ca.us.ibm.net (165.87.13.13) 531 ms 500 ms 500 ms
    7 165.87.160.225 (165.87.160.225) 500 ms 500 ms 500 ms
    8 12.123.12.222 (12.123.12.222) 500 ms 593 ms 500 ms
    9 ar3-a3120s1.sffca.ip.att.net (12.127.1.149) 500 ms 562 ms 563 ms
    10 12.127.196.94 (12.127.196.94) 593 ms 531 ms 532 ms
    11 216.49.0.117 (216.49.0.117) 524 ms 532 ms 531 ms
    12 www.webjump.com (216.49.10.14) 523 ms 532 ms 500 ms

    C:\>whois -h whois.geektools.com 216.49.10.14
    SuperBusiness NET, Inc. (NETBLK-SBN)
    150 Almaden Blvd, Suite 500
    San Jose, CA 95113
    US

    Netname: SBN
    Netblock: 216.49.0.0 - 216.49.63.255
    Maintainer: SBIZ

    Coordinator:
    Ishikawa, Mark (MI70-ARIN) marki@SBUSINESS.NET
    +1 (408) 278-4400 (FAX) +1 408 346-0661

    Maybe he got burned and that's why he's so anti-pr0n now.

    See here [copacommission.org] for some of his congressional testimony.
  • We need to have some sort of click-thu, shrink wrap (whatever), sort of EULA that prevents people like this from looking at our data. Kind of like the old BBS days when you had to "swear" that you weren't law enforcement or something similar.
  • by SquadBoy (167263) on Thursday September 19, 2002 @05:05PM (#4292625) Homepage Journal
    I can see at least one good thing coming of it. That would be the increased use of strong crypto. And it has the addedd advantage of pissing off guys like this. Since those of you who know what I'm talking about and agree with me already agree with me I'm not going to go on and on. For anyone who does not know what I'm talking about but hates the DMCA I'm simply going to post a few URLs and you can educate yourselves.

    http://freenet.sourceforge.net/
    http://www.rubb erhose.org/
    http://www.gnupg.org/
    http://www.goo gle.com/search?hl=en&lr=&ie=UTF-8&oe =UTF-8&safe=off&q=crypto&btnG=Google+Searc h
    Also research on the SSL enabled IM clients and servers out there could lead to SSL enabled P2P. Good stuff.
  • by Wraithlyn (133796) on Thursday September 19, 2002 @05:09PM (#4292648)
    I see a lot of arguments on here about how he shouldn't be able to find out what stuff you're sharing by probing your ports.

    This is so stupid.

    You're illegally sharing files (I'm not here to debate whether it's right or wrong.. merely that it IS illegal), making them available to be downloaded by complete strangers anywhere in the world. And then you complain that it's possible for someone to find out that you're sharing them!? Get a grip people.. what did you expect was going to happen? Whining about "port probing"... what do you think the file sharing software does when it queries your computer? They probably just reverse engineered the query protocols.

    There will be some high profile arrests, and it will probably cut down on some of the most flagrant sharers. People will still share files, and if the environment becomes more hostile to them, it will simply drive file sharing underground, to private FTP sites and the like, where it has always been, and always will be.

    --
    They said FUD was bad, so I started spreading DUF.
  • But many people -- including, oddly, Mark Ishikawa -- think the DMCA goes too far by making it illegal for me to even tell you how to circumvent encryption or copy protection technologies. It makes the very passing of knowledge against the law whether or not that knowledge is ever used. "It's a very flawed piece of legislation," says Ishikawa, who predicts that the government will rewrite the copyright law again "in eight or nine years" to correct the mistakes in the DMCA. But until then, the DMCA is the law of the land, and Mark Ishikawa is the Internet's top cop. If this law is as bad a piece of legislation, why not fix it next week? Eight or nine years is way too late! Already there are laws on the horizon that make this one look positively liberal! If Congress can propose these laws, why can't they fix bad laws they've already passed first? Oh wait..I know the answer already! MONEY!
  • HuuuuuuuuuuHHHHH? (Score:3, Interesting)

    by GeneralEmergency (240687) on Thursday September 19, 2002 @05:25PM (#4292811) Journal
    .



    BayTSP tracks for the FBI the global carriage of kiddy porn. When a big child pornography bust takes place, it is generally on the basis of evidence gathered by BayTSP.



    HUH? What, EXACTLY, is the legal basis for BayTSP to search for and to hold Kiddie Porn? How is it that they are exempt from these laws?


    Only sworn law enforcement officers should be permitted to perform this evidence search and digital duplication(collection). Contractor personnel are not subject to that very necessary body of laws that deal with "Abuse Under Color of Authority".

  • The DMCA, which was put in effect in 2000, was an attempt by the U.S. Government to bring copyright law into the cyber age. But many people -- including, oddly, Mark Ishikawa -- think the DMCA goes too far by making it illegal for me to even tell you how to circumvent encryption or copy protection technologies. It makes the very passing of knowledge against the law whether or not that knowledge is ever used.

    "It's a very flawed piece of legislation," says Ishikawa, who predicts that the government will rewrite the copyright law again "in eight or nine years" to correct the mistakes in the DMCA. But until then, the DMCA is the law of the land, and Mark Ishikawa is the Internet's top cop.

    Mark Ishikawa feels that the DMCA is flawed wrt the conveyance of encryption information. Yet his company helped put Dimitry behind bars for many months, keeping him from his family and threatening to put him away for the rest of his life.

    If he didn't do it because he believes in the legislation, then Ishikawa's motivation for helping Skylarov arrested must have been purely money. Ishikawa took half of a year of a man's life for simple cash.

    I was going to feel bad that this copyright-enforcer was recieving death threats, until I realized what he had done to a foreign family soley in the interest of money. Where is the heroism? Where is the spine? "Oh, that part will be fixed later, I'm sure." Nothing happens on it's own, buddy. You of all people are in the best position for a little... nonviolent protest.

    Of course he won't do that: money and success are demanding mistresses. We just shouldn't feel bad for this person, whatever reprocussions his actions bring down upon him.

    -C

  • An analogy (Score:4, Interesting)

    by RobinH (124750) on Thursday September 19, 2002 @05:28PM (#4292852) Homepage
    we only probe the ports on your computer that you have made public

    Isn't that like saying, "we only searched houses of people who left their front door open"?

    Where I'm from, leaving your front door open is a public invitation for neighbours and friends to knock and come in, but police and investigators still don't have the right to come in and search my house without an invitation or a warrant. Also, if someone came in and stole my TV while I was busy in the kitchen, they would still be a criminal. Of course, if they just listened to a few of my CDs and left, that probably wouldn't bother me too much.
  • by GroundBounce (20126) on Thursday September 19, 2002 @05:33PM (#4292883)
    In the past, whenever a story about the DMCA came up, by far one of the most common responses was:

    "Why not go after the violators instead of taking away everyone's fair use rights?"

    This is a reasonable response. Clearly the DMCA is bad because it takes away both fair use and certain forms of free speech that have never previously been banned. On the other hand, widely distributing copies of copyrighted material without the owner's permission is also not right in most people's minds (I realize that there are those who disagree with this).

    So, we have an entity who is trying to go after the offenders (and primarily just the big ones), and many people here are criticizing it as some kind of evil activity. This seems pretty hypocritical.

    In the past, the coexistence of copyright and fair use has worked because of the balance that existed between the allowing of petty violations (things like making a tape of a record for a friend) and the enforcement of big time content pirates.

    The popularizing of the internet has allowed the many petty violations to become far-ranging, and hence the balance has been upset to some degree. As a result, the content providers' response has been to enact the DMCA, which has been bad all around because it attempts to eliminate fair use and petty violations but does little to stop big time piracy.

    This company (BayTSP) is attempting to restore the balance by helping to ferret out larger pirates on the internet. If this works, it could actually provide justification for softening the overreaching DMCA by restoring the balance of petty and big time copyright infringement that existed under traditional copyright law.

    • by JordoCrouse (178999) on Thursday September 19, 2002 @06:13PM (#4293164) Homepage Journal
      So, we have an entity who is trying to go after the offenders (and primarily just the big ones), and many people here are criticizing it as some kind of evil activity. This seems pretty hypocritical.

      This guy is obviously not just in the business of going after people who illegally distribute music or movies. That has nothing to do with the DCMA, its a copyright crime, and if he can make a buck off of it, thats great.

      The problem with this guy is that he is going after people like Dmitry Sklyarov and others who are breaking the DCMA, and by doing so he is contributing to the indocrination of that law, which is bad for all. Basically, he's back for more cash - taking advantage of an unjust law while it lasts.

      As a result, the content providers' response has been to enact the DMCA, which has been bad all around because it attempts to eliminate fair use and petty violations but does little to stop big time piracy.

      The DMCA is *not* about priacy. It is about breaking security. Napster and its friends are not about encryption or security, they are about copyrighted materials. Two very different things. Like I said, if this guy wants to go after copyright pirates, he can do it, with my blessing even. I'm pissed about him going after people that do nothing more than talk about security concepts for any number of reasons: academic knowlege, improvement of security, etc..

      Everyone seems to forget that copyright piracy was on the books long ago. The DCMA is the new evil that threatens to put any one of us in jail for describing how to watch our own DVDs on our own laptops.
  • by KFury (19522) on Thursday September 19, 2002 @07:10PM (#4293544) Homepage
    The next time an IE glitch is found that renders your machine open to full directory access and, after a reasonable amount of time, you still haven't applied the patch (if Microsoft actually released one), then are you guilty of DCMA violations?

    Of course not, but what if people intentionally didn't apply the patch, and others created handy software to exploit the hole, so by tacit agreement you share in this 'non-intentional' way. Now don't you think they'd go after everyone?

    Because that's basically the same as leaving ftp access open...
  • by StArSkY (128453) on Thursday September 19, 2002 @10:04PM (#4294506) Homepage
    If they inadvertantly do this to an Australian citizen, then they are breaking our privacy laws, and can be extradited and prosecuted in Australia.

    Sentences include jail time. They may think what they are doing is nice and legal, and it may be for people in America, but how are they to know if I am in America or Australia? I bet they don't check the IP ranges and where they reside before running port scans.

    Tut Tut you evil crackers of doom

Cobol programmers are down in the dumps.

Working...