Software To Stop Song Trading

Shippy writes "Palisade Systems is about to launch new software that can identify and block copyrighted songs as they are being traded online. However, the article fails to mention that it will also stop legal song downloads. The software blocks anything that's copyrighted, whether you already own the song in another format or not. Here's some snippets from the article: 'If installed in a university, for example, it could look inside students' emails, instant messages and peer-to-peer transfers...', and 'Jacobson said the identification process would not work on an encrypted network, such as is used in several newer file-swapping programs. However, the Palisade software could also act to block those applications from using the network altogether.' Great."

Encrypt everything

[Zorak Man]

Encrypt IM [sourceforge.net] encrypt file sharing [sourceforge.net] encrypt your email [keyserver.net]

rar

[giraphe]

So, what if you .rar the file?

Re:Hmm...

[darkewolf]

No, you are correct.

I write 'music'. I legally own the copyright, but for the most part I give it away free. Eventually going to press a CD or two but I'd prefer people listen to it, and that does mean filesharing is fine :)

Re:Stenography

[casuist99]

Perhaps you mean Steganography? [wikipedia.org]

Somehow I suspect it would not prevent file sharing via that sort of method, but there are simpler methods out there. If you're sending it to a friend, why not just PGP encrypt the file and send it to them? Then no one would know what you're sending, and it's a heck of a lot more secure than steganography (see recent posts on /., other sites).

Slashdot: News for trolls. Stuff that's biased.

[LostCluster]

it will also stop legal song downloads. The software blocks anything that's copyrighted, whether you already own the song in another format or not.

Uhm... no. That's not a legal download. That's a rationalization that some people have tried to claim, but it's not exactly one the courts have confirmed. You can format-shift your own copy of a song, but you can't take somebody else's copy of a song you happen to own a copy of in another format.

Unless you're the copyright holder, you don't really "own the song", you own a "copy of the song" that you're allowed to use. If all you've done is just buy the overpriced CD, you're still not allowed to distribute a copy of your copy under any conditions...

Re:Eck

[l810c]

From the article:
seeking audio "fingerprints" that could be compared with information in Audible Magic's database

I think they will get a database from the RIAA of copyrighted songs to compare against. I doubt garage bands will be in the database.

already illegal to use encryption in one media..

[zogger]

.. and that's the HAM bands. Encryption is verbotten. Of course, the government doesn't follow it's own laws, witness, it's "legal" to broadcast without their "speech license" if we are in a state of emergency.
*But*, we are *always* under several overlapping "states of emergency"(one of the main reasons we do not have constitutional government-side isue), YET they still bust microbroadcasters whenever they feel like it for not having their license or paying their fees. In short, liars.

See, their laws mean nothing, they are there for THEIR convenience and THEIR profit, to be used ON you when they see fit..whether it's their own little idea or some lobbying force bribes them into it.. so don't be surprised if encryption on the net is made illegal, or to sort of slide into it first, they might make you register, pay a fee, get yet again another government "license" permission, and make you hand over your private key first before you use it. They already have gone on record saying they want that, various alphabet goon agencies, and eventually they get what they want. All they need to do is drop the buzzword "terrorism" now.

Re:Will it look inside...

[Rikus]

> will your university continue to allow you to use SSH?

Don't be ridiculous. Banning SSH would basically be banning secure remote logins, which would be so outrageous that nobody would accept it. Besides, universities frequently give students SSH access to various machines for use with classes. Are they going to switch to telnet?!

Re:Slashdot: News for trolls. Stuff that's biased.

[Phanatic1a]

That's not a legal download.

Bullshit.

Don't make the mistake of assuming all nations operate under the same set of laws.

According to the Copyright Board of Canada, downloading copyright files from P2P networks is completely legal, provided that the copying is done for private and noncommercial use. You don't even need to own the song in another format.

So yes, over a rather large percentage of the earth's total land area, it is a legal download.

Re:Umm...

[Undefined Parameter]

Lost all of my rebellious nature? Nope. I'll fight tooth and nail to prevent my uni from even considering purchasing one of these things, if I get a chance.

(And, unfortunately, they probably will; the MPAA came down on our IT department, a few years ago, because someone -- not necessarily a student, as it was summer and there are a lot more summer camp-goers than students here, during the summer -- was allegedly trading a movie that hadn't been released, yet. My uni's response was to immediately fold, shutting down internet service, then blocking some ports and bringing it back up just in time for students to arrive, and finally buying a packet-shaper a couple of months later. This last step has been the worst, since not one person in our IT department knows how to use the thing, no less use it right. It is currently being used to block gnutella, kazaa, and the other 'usual suspects'... as well as every computer game known to man. I'm not only assumed to be guilty, I can't even be a gamer, anymore, because it's "not an academic use of the university's resources." Sorry for the rant.)

Now, if you can get me a shotgun, shells, a kevlar vest, leather gloves, a hairnet, rock-climbing shoes, and a couple of alibis, I'll not only make sure that the students rebellious nature is not lost, I'll prove it by taking care of the packet-shaper and any other intrusive or offensive hardware/software! ;-)

(Note to the FBI and Homeland Security: I'm joking.)

~UP

As long s there's a network connection...

[ruhk]

... this software cannot block file sharing.

If I decide to encode a song as a text file containing the bit-string of a song and slap that on a web server, what is this software going to do? Oh, sure, the size of that MP3 just jumped by a factor of sizeof(char), but its out there. Maybe it'll be smar t and read the first X bytes of any file it passes? What if the file is multiple parts? I can serve it on my web server. I can toss it up on NNTP.

In short, the only way this software can stop filesharing is to block the network connection entirely. This is perfectly obvious even to a dimwit like me.

Re:Umm...

[batura]

Uh, dude, they already have this right. This has been around in the user agreement at Universities for quite some time. When I went to the Dorms at UW, I believe I signed on to this with my living agreement, not to mention that you probably agree to this when you receive your computer account.

Legitimate sharing of copyrighted works

[Eythian]

iRATE [sf.net] is a program that downloads music that artists have put on the net. These downloads are also taylored to your own tastes, based on comparing what you like with other users. With this, there isn't a need for P2P music file sharing, and risking being sued by the RIAA, as copying this music is sanctioned by the artist. (Unsurprisingly, not much of this music is made by RIAA labels)

Re:MY Rights??

[brucmack]

Because trading copyrighted music online doesn't have to be illegal:

1) It could be paid for (iTunes or by tax on recordable media).
2) The copyright holder could wish for the file to be openly shared.
3) The copyrighted music has already been purchased on other media.

Re:What is needed..

[Ark42]

Unfortunately, you can get written up for such a thing. Its the only thing I was ever written up for while at college. Go outside and go for a run at 12:30am? Campus police come knocking on your door and cite us for "Unusual Behaviour". Were we loud? nope. Break anything? nope. Go anyplace offlimits somehow? nope. 'We *could have been* raping people or looking into windows if people didn't close their blinds though'. Sure it was completely rediculous, and I fough it, and won, and had it removed from my record, but that doesn't mean everybody else will.

Re:What is needed..

[syousef]

HTTPS is HTTP _over_ SSL. Typically its a single port that handles web requests on 443. You can block all other ports for SSL, and still allow port 443.

Re:Eck

[m3000]

Heh, some universities (cough*mine [ufl.edu]*cough) don't care if there are legal uses. We were the subject of this wonderful article [slashdot.org] from the beginning of the year about schools to avoid.

Basically all file sharing programs are blocked, along with all bittorrent (say goodbye to Linux ISO's and any other legitimate use) and most recently they've blocked off IRC. Yes, all of IRC. It still works on the campus wireless network, but you can't get any wireless signal in the dorms where these restrictions take place. As much as I love the dorm life, I'm getting an apartment next year.

So legal uses or not, if someone thinks it'll solve a problem, they don't care what else gets in the way.

Re:Ports

[Anonymous Coward]

depending on how the software works, you can rewrite the packets before they go over the monitored segment then then rewrite them back once you get to the other side. Thats kinda silly if you only use it for two computers. However for connecting two networks it makes more sense. a vpn would make more sense though.

however there is something magical about port 80 on some networks. Some networks have a transparant proxy in the middle so if you try to use something other than http on port 80, it will just choke on it. Put the same traffic on another port and it would work just fine.

Re:WiFi. The 3rd Internet

[Lehk228]

your university only allows 3 Megs a Day!?!? I'd be packing my bags and make sure to let the administration know why i was leaving.

Re:And, thusly...

[kmonsen]

And, it would be quite illegal as well, or? I thought that was one of your wonderfull new laws that med cracking codes illegal. So it would be enough to just encrypt it in a simple way, since it is illegal for them to try to decrypt the files.

Re:wouldn't it be simpler

[packeteer]

two examples of linux anti virus follow/;

http://www.centralcommand.com/linux_products.html [centralcommand.com]

http://www.drweb-online.com/en/index.asp [drweb-online.com]
(included in some distros such as mandrake 9.2)

No man is an encryption island

[0x0d0a]

Encryption only works if other people do it too.

I use GPG. Nobody else that I know does, and so I cannot encrypt email to them.

How many people really use WASTE?

As for AIM encryption, how many people are using gaim, have the encryption plugin compiled in (which frequently doesn't work with the latest version of gaim), and don't mind the occasional compatibility problems the encryption plugin causes with other AIM clients? I've come to the conclusion that the *only* instant-messaging protocol that I know of with effective and widespread encryption is Jabber, but few people use Jabber -- sure, it's great for talking to your techie friends, but not everyone in the world is a techie.

Re:Encrypt everything

[Anonymous Coward]

You brought up something interesting there.
How many "encrypted" file-sharing tools are there?

* Waste [sf.net]
* Mnet [sf.net]
* Freenet
* Entropy

From what I know most of these are either not very popular (Waste, Mnet) or not suited to distribute large files (Freenet, Entropy).

Am I misinformed?

Re:Encrypt everything

[Ezel]

MUTE [sourceforge.net]

Looks promising but not ready for primetime yet.

Re:MY Rights??

[Soluxx]

Why do you assume that someone downloads an MP3 of a song would actually buy the CD if they weren't able to get the MP3?

Who needs encrypted protocols?

[Tsu-na-mi]

Who needs encryption? Just move from Songname.mp3 to Songname.mp3.zip/rar/ace/lzh/whatever. The compression should remove any 'fingerprint'.

Makes for a few challenges but it would easily defeat the system by the sounds of it.

The trend among content-filtering firewalls is ..

[apankrat]

The trend among content-filtering firewalls is to filter SSL sessions by splitting them in two - one from the client to the firewall and another from the firewall to the server. If the session cannot be split, it's rejected.

Eventhough it's client-friendly man-in-the-middle attack, which defeats the whole purpose of SSL, there is a demand for this functionality.

--

The way it works is the client installs extra root CA certificate, and the firewall is given its own CA-enabled certificate derived from the former. Whenever it sees SSL connection coming from the client, it accepts its on behalf of the server, handshakes with the server, then replicates server's certificate signing with its own key and proceeds handshaking with the client. And the client accepts this forged peer's certificate, because it traces back to 'trusted' firewall CA. Pure magic.

Re:wouldn't it be simpler

[singularity]

Reverse SSH tunnelling [brandonhutchinson.com] is your friend.

I have not had problems checking mail from anywhere.