MPAA College Toolkit Raises Privacy, Security Concerns

An anonymous reader writes "The Motion Picture Association of America last month sent letters to the presidents of 25 major universities (pdf), urging them to download and install a 'university toolkit' to help identify students who were downloading/sharing movie files. The Washington Post's Security Fix blog reports that any university that installs the software could be placing a virtual wiretap on their networks for the MPAA (and the rest of the world) to listen in on all of the school's traffic. From the story: 'The MPAA also claims that using the tool on a university network presents "no privacy issues — the content of traffic is never examined or displayed.' That statement, however, is misleading. Here's why: The toolkit sets up an Apache Web server on the user's machine. It also automatically configures all of the data and graphs gathered about activity on the local network to be displayed on a Web page, complete with ntop-generated graphics showing not only bandwidth usage generated by each user on the network, but also the Internet address of every Web site each user has visited. Unless a school using the tool has firewalls on the borders of its network designed to block unsolicited Internet traffic — and a great many universities do not — that Web server is going to be visible and accessible by anyone with a Web browser."

Which 25 universities?

I don't see the universities listed anywhere in the article. Which ones are they? We need to know so we can write them letters.

MPAA Chasing the Money?

This makes no sense. What are they going to accomplish by going after college kids, who really don't have that much disposable income? It seems counter-productive to me. You piss off a bunch of college kids, who can't afford to spend money on movies anyway, and who are going to earn money in the future, and will probably chose not to spend their money on movies, since the MPAA were being dicks. Not to mention the horrible invasion of privacy and security issues.

Re:MPAA Chasing the Money?

"This makes no sense. What are they going to accomplish by going after college kids, who really don't have that much disposable income? It seems counter-productive to me."

they're trying to scare them into not pirating. The MPAA is scared to death that it will simply be ingrained in our culture (as it has in some other society's cultures) that piracy is perfectly OK.

We'll see how this plays out. Back in the 80's I pirated lots of software, and I heard stories of other teenagers being caught for it. Now that I'm an adult, I'm no longe a pirate. The prosecution of software pirates in the 1980s didn't push me into a life of hoisting the Jolly Roger; on the contrary, once I got a job and learned more about how the real world works, I prefer to respect the copyright of others.

I agree with you that many of the college kids who are pirates today will continue to be as they enter adulthood, but that percentage may not be as high as we might think.

Re:MPAA Chasing the Money?

We'll see how this plays out. Back in the 80's I pirated lots of software, and I heard stories of other teenagers being caught for it. Now that I'm an adult, I'm no longe a pirate. The prosecution of software pirates in the 1980s didn't push me into a life of hoisting the Jolly Roger; on the contrary, once I got a job and learned more about how the real world works, I prefer to respect the copyright of others.

Piracy did wonders for Microsoft and likely photo, Maya, Lightwave, and many other programs. The cost of these programs puts them out of reach of kids, and kids are the ones who will pick up these essential skills fastest. So if you acclimatized children to your software you basically create future customers. A kid may find he loves 3d work and set his life on a course as a Maya guru. Anyone else will think it's insane spending $3,000 on a box and a CD. So it's int he best interest of people to ensure some version of their software is pirated or provide a non business free non-expiring demo but to also ensure businesses are prosecuted for use without paying. This way you get the benefit of more paying users.

The thing with piracy is once you get enough money (first job) it's less attractive to spend 2h filtering through torrents to download a season 30 min TV show then it is to spend $80 on the box set. So Piracy may set up the appetites the same way it does for software and convenience and economics convert them to customers.

Re:

Okay, lets get something straight: Just because you didn't plan to buy something doesn't mean you can get it by other means. It's not a justification. The "It doesn't matter because I wasn't going to buy it anyway" line is total bullshit.

Notice I'm not

Re:MPAA Chasing the Money?

This makes no sense. What are they going to accomplish by going after college kids, who really don't have that much disposable income? It seems counter-productive to me. You piss off a bunch of college kids, who can't afford to spend money on movies anyway, and who are going to earn money in the future, and will probably chose not to spend their money on movies, since the MPAA were being dicks. Not to mention the horrible invasion of privacy and security issues.

They're not chasing the money. They're chasing the people who can be made examples of.

They're not trying to find people who can pay the settlements -- they're looking for people they can establish the legal precedent and scare the crap out of people. In their mind, if they can stop it in the places where it happens most, and instill in people a great fear, then people will dutifully line up and buy tickets. This is all about the low-hanging fruit and those that can't easily defend themselves.

The MPAA doesn't give a flying fuck about privacy and security, at least not yours -- they care about their products, their revenue stream, and their business model.

You'll notice that just a few days ago we say a story of how an *AA sponsored bill is working its way through Congress which would require all universities to buy subscriptions for every student to Napster or risk losing federal support. In other words, they want to get paid for every single university student on the rationale that since they're all pirating, then the *AA's should get paid. Of course, they'll eventually want to extend to high schools, and then eventually to the rest of us.

What they're looking for is laws to reinforce their monopoly, government agencies to police their copyrights, and federally assured revenue streams. They don't give a rats ass about customers or the risk of how they might be perceived. They're incapable/unwilling to look at the bigger picture. I can understand their point to an extent -- they simply cannot fathom how to 'monetize' all of these digital things, and they're fighting back the only way they know how.

In their collective minds, if you can't afford to pay to see/hear/hum their products, you should simply do without. And, since they haven't been able to stop it, they're perfectly willing to shit in everyones shoes to get it stopped. If they can get government to do the heavy work, all the better for them.

Cheers

Re:

the disturbing part and the best example to date that the united states is now a fascist state(merger of large corporations and the government), is that they want the state and your tax money to pay for the police doing their dirty work.

Re:MPAA Chasing the Money?

Not fascism [wikipedia.org]. That's not the right term.

Properly, you're describing an oligopoly [wikipedia.org] (or maybe an oligarchy [wikipedia.org]).

The US hasn't gotten anywhere near fascism yet, and not even where the ideology would take them. Just because companies are tied closely to lawmakers, that doesn't make you fascists. People like to bandy that term about, but it's not applicable in this context.

Cheers

Re:

They're not chasing the money. They're chasing the people who can be made examples of.

They're not trying to find people who can pay the settlements -- they're looking for people they can establish the legal precedent and scare the crap out of people. In th

Re:MPAA Chasing the Money?

You're not thinking like a MPAA/RIAA executive. MPAA/RIAA executives don't think logically with a long-term outlook. They think in terms of control and monetization over the short term. Will Action A have repercussions 5 years from now? Who cares? I (hypothetical RIAA/MPAA executive) will have made enough money to retire by then anyway.

Illegal downloads take music/movies out of their control. They won't admit this, but this issue is more important to them than the money. They don't care if the film downloaded was one that was otherwise sitting in the vault, available only on a dozen VHS copies left over from a network broadcast ten years ago. It's their property and if they want it to sit in the vault gathering dust, we the public should kiss their feet thanking them for that decision.

As far as the money is concerned, they think that these actions will make pirating movies less attractive which will drive more people to buy/rent movies and/or watch movies in the theater. No, don't argue back that pirated copies versus legal copies that would have been bought isn't a 1:1 ratio. Stuff like "ratios" sounds ominously like math to these executives. The only math they care about is the rate at which money is flowing into their pockets.

And speaking of "rate at which money is flowing", they feel entitled to constantly increasing profits year after year. After all, they've given us such quality works as Boy Band #34 and Third Sequel Of Generic Action Movie - Now With More Explosions. Why aren't we, the public, rushing out to the stores and shoving money into their pockets for this stuff? After all, Boy Band #7 did really well and they were basically the same guys as #34. Also, Generic Action Movie did pretty well in the box office. Why shouldn't the third sequel pull in even more money? (After all, the studio executives made sure the director added more explosions since they [the execs] knew that is what the public wanted.) Any appeals to logic about how spending money is tighter, how people have more options (online entertainment, video games, etc), or how quality is declining fall on deaf ears. After all, they got profit in the past and that means they should get bigger profit now. The only explanation has to be those dirty, rotten Internet pirates.

Of course, all of this isn't meant to excuse downloading something without the copyright owner's permission. I still think that you shouldn't do that. At the same time, however, I don't think that the MPAA/RIAA are living in the real world with some of the actions they have taken (and some of the things they have tried to get done). At best, they've lost whatever moral high ground they would have had. At worst, they've become so criminal that people committing massive copyright infringement actually have a degree of moral high ground over them.

In addition,

Harvard

This is why they don't sue anyone at Harvard, they know in the long run that would create lawyers who dislike them.

Re:MPAA Chasing the Money?

These are kids who should know better, and are committing lots of infringement (and worse than that, think it's OK).

You must DEFINITELY be new here!

Re:MPAA Chasing the Money?

Scarcity is a necessary economic principle even for intellectual items, and without it, you won't see anyone interested in producing intellectual works.

This of course is where we all disagree. I happen to believe - strongly - that you're wrong about this. Already we're seeing smart people (e.g. Madonna) distancing themselves from the labels and signing contracts with concert bookers instead. There will always be people interested in producing intellectual works, and there will always be people who will find a way to profit from it. With or without IP.

Re:MPAA Chasing the Money?

He was right, but it is irrelevant. In digital "objects" scarcity is artificial. This assanine idea that noone will produce is "economic thinking" coupled with poor judgement. TRUE economic thinking would show the supply/demand curve shift, and the price adjust accordingly and there will still be a huge supply of artists because the cost of entry has become so insanely low. So the little popstar boyband or rockstar lifestyle of 16 cars, 5 hookers, and all the drugs you can shoot, snort, or smoke dies. Oh boo freaking hoo. You mean artists might only make enough to make a middle class lifestyle off of their work? Oh the agony, the horror, the defeat... Soldiers, policemen, firefighters, etc all risk their damned lives on a day to day basis and don't get megamillions, why should some coke snorting junkie that can't take care of her kids get more?

So I agree with you, but the GP is absolutely correct about scarcity. The "industry" crews want to enforce artifical scarcity to drive prices up, the real world wants normal scarcity that deals with the fact that not everyone likes all types of music, nor will everyone become a musician. The this market WILL sort itself out when unburdened from so much silly regulation. The problem is, after the market balances, it will be closer to perfect competition rather than the monopolistic competition we have today, and the fat bastards in big offices and their greasy lawyers don't like that.

Remember kids...the RIAA has struck a deal so they get paid royalties for music they don't own the copyright to. They have been beating the drums of war and lobbying like crazy to make sure THEY are the only method of distribution. If you think this has much to do with the consumer you are deluded...this has everything to do with making sure no one can compete with them.

Re:

In theory I agree with you, but college students really don't care about such minor things such as copyright infringement, just like they don't care about breaking the law by puffing some weed. The MPAA isn't going to be teaching any lessons to college stu

Open letter to the MAFIAA

Dear MPAA and RIAA:

You've noticed that the number of students who think downloading movies and music via the internet is OK. Well, here's some news for you:

Vox populi, vox Dei.

Re:Open letter to the MAFIAA

leges sine moribus vanae

Re:Open letter to the MAFIAA

Quidquid latine dictum sit, altum sonatur.

Utinam coniurati te in foro interficiant.

and worse than that, think it's OK

but it is ok comrade.

Re:

uhm.. people's consuming habits change over time, and their reletive economic situation influences that greatly. the way i see it: worst case scenario (to the corporate interests)- they never buy a movie or cd in their life and just "steal" them all. so w

Re:MPAA Chasing the Money?

Sometimes it's not about the money. Sometimes, it's about right and wrong. These are kids who should know better, and are committing lots of infringement (and worse than that, think it's OK). It's a self-reinforcing behavior to see lots of people around you pirating, but if instead you see people suffering the consequences for their illegal downloading, that activity will be deterred.

I agree, Right and wrong must be considered. So you have a very minor wrong of college kids viewing content without paying for it, and a very major wrong of sacrificing peoples privacy and introducing a new potential source of security compromises. It's very clear this initiative must be rejected on the ground you specified.

There is also a bit of thorn here. People who consume more will often consider it more important. There is a very strong correlation with "Frequent Copyright infringer" and "good customer". So the MPAA wants to reduce one without reducing the other. The RIAA completely botched it and didn't see the correlation. Their sales may hurt as people try to find alternatives. MPAA is slightly more fortunate that since movies are larger infringement is less casual and high quality products mroe difficult to produce (for music the difference between a $1500 recording and a $5 million recording isn't always obvious. But the difference between a $1500 movies and a $5 movie sis blatant).

Re:MPAA Chasing the Money?

Sometimes, it's about right and wrong

Couldn't agree more. The problem is that you seem confused about who is right. Your comment indicates a certain lack of awareness of the real societal issues (check out some of Ray Beckerman's [blogspot.com] writings if you want to get a handle on them.) Perhaps you work for a media company. Regardless, there's a lot more going on here that meets the eye.

I would also recommend reading the relevant portions of the Constitution, the history of copyright and its true purpose, current copyright law (what I was able to understand of it as a non-lawyer is depressingly unbalanced), and most important of all discover what the Founders (Jefferson in particular) believed is the proper role of copyright in our society. Once you understand that, you will see just how damaged we have been by the recent divergence in purpose, from promoting "the progress of science and useful arts, by securing for limited times to authors and inventors the exclusive right to their respective writings and discoveries" to "securing endless revenue streams for companies that have effectively stolen rights to the works whose authors they claim to represent." The power of Copyright has been conscripted by some particularly evil individuals, with the willing complicity of certain members of Congress. I presume you're an American: given our traditions of freedom and respect for individual rights I am amazed that you could take the position you have. Bankrupting college kids is not a solution: if you think it is you are in error, and are part of the problem.

The problem here is not copyright infringement: it's media companies setting themselves up as private police forces, with unchecked surveillance and enforcement capabilities, and no due process. That goes very much against the grain of, well, pretty much every civilized nation on the planet. These are powers that should be reserved for legitimate government, not the private sector. And don't even start with "they'll have their day in court" or "if they're innocent they have nothing to worry about." Would that were true, but of the thousands of people sued by the RIAA, how many people have actually fought back? How many had the resources to even try to fight back? A tiny fraction: the rest settled out-of-court regardless of actual guilt, the RIAA having served as judge, jury and executioner, using "evidence" (and I use the term loosely) that is largely manufactured out of thin air. Furthermore, the RIAA (and the MPAA) is much like the Internal Revenue Service ... it's composed of a bunch of bad dudes, not the kind of people you want having any power over you whatsoever. The facts are thus: the media companies and their "trade organizations" have behaved very irresponsibly all down the line, and have hurt a lot of people. They absolutely should not be granted one iota more power. If anything they need to have their wings clipped. Period. END OF STATEMENT.

Furthermore, you seem to have forgotten that this is supposed to be a nation by, of and for The People. If we, as a nation, have decided that extended copyright and strict enforcement is not something we need or want then nobody, certainly not a bunch of mere copyright holders who themselves have created nothing have any moral high ground here whatsoever. It's a blind, unfounded assumption on your part that we need to get tough on copyright infringement, indeed that we need such extreme laws in the first place. I would argue that we never have, and do not now.

What we have here is a classic example of unenlightened capitalism, the kind of no-holds-barred screw-everyone-but-ourselves school of business management that does nothing but enrich a few at the expense of everyone else, causing a fair amount of collateral damage in the process. Worse yet, our entertainment industry (which at the present time is composed largely of foreign-owned corpor

Re:

The problem here is not copyright infringement: it's media companies setting themselves up as private police forces, with unchecked surveillance and enforcement capabilities, and no due process. That goes very much against the grain of, well, pretty much e

Re:MPAA Chasing the Money?

Scarcity is a necessary economic principle even for intellectual items, and without it, you won't see anyone interested in producing intellectual works.

1. I am producing lots of intellectual works and never got paid for them. I just happen to like to create them.
2. If the only reason to limit access to a resource of plenty is creating the ability for a few to profiteer from it, then I would call this theft. That's like putting soldiers around a well to allow a person to sell more bottled water.
3. The intrinsic value of information lies in the fact that it is connected to other pieces of information, and the value of information increases if it can be connected to more information. Limiting the ability to interconnect information is thus degrading the value of said information.
4. There is always the famous quote (sometimes attributed to Isaac Newton or Robert Hooke, but both were also just quoting, thus pirating valuable intellectual property!): "If I have seen a little further it is by standing on the shoulders of Giants." There is no work of Art or invention or other intellectual work that stands all for itself. It is always the result of a huge body of knowledge and art it builds on. Limiting access to this body of knowledge is limiting the ability to create new intellectual works.
5. Thus, while the argument that a creator should be able to somehow get rewarded for his creation, has something for itself, it's not the sole reason for the creation itself. There are many others, and limiting access to creative works is in fact reducing the ability or the joy of new creation. Encouraging creative works thus has to take other things in consideration, and access to already created works is one of the most basic things.
6. Most economies were growing fastest at the moment, when limits of access to the body of knowledge were lifted, when duplication of works was getting cheaper, when monastry libraries were opened to the public, when access to universities was facilitated, when the number of people learning a music instrument by playing music works was increasing, in fact when creative works were turned from a scarce resource to a nearly unlimited source.

Re:

Right or wrong, the distribution model these companies are using is dead in the water. Attacking their consumer base, even if that consumer base is acting badly, is only going to hasten their demise. From the very beginning they have refused to adapt, de

Any university that installs that has a problem.

Any university that installs that has a problem. University networks are constantly "played with" by students, so the IT department has to be on the ball. Any dumb enough to install this probably have had many student hacks already...

Xubuntu

Nice. For those of you that didn't read TFA, the toolkit is basically Xubuntu, with some tools like Snort preinstalled.

Re:Xubuntu

An MPAA tool that runs on Linux... I can see a few Slashdot heads exploding from that conflict this very minute.

Re:Xubuntu

Hmm. All of the MPAA tools I can think of ran on liquor and steak (Jack Valenti)

Re:Xubuntu

I hope they are making the sources available, so as to comply with the license of the software they are distributing...

Re:Xubuntu

http://universitytoolkit.com/ [universitytoolkit.com]

They don't appear to have a link to the source. Quick! Someone send them a DMCA takedown! ;)

Never examined?

Hang on, that's an interesting quote:

...the content of traffic is never examined or displayed...

Given that the aim of the toolkit is supposedly to

...help identify students who were downloading/sharing movie files...

then how do they manage it without examining traffic? If the toolkit monitors BitTorrent (and other) ports then that would tell you who is using P2P, but not who is sharing movies. Maybe all that traffic is from students internally torrenting various Linux distros or their garage bands' MP3s.

Thank goodness I never lived in University halls.

Re:Never examined?

then how do they manage it without examining traffic?

Easy, they do what they do best. Lie.

Re:

> Given that the aim of the toolkit is supposedly to
> > ...help identify students who were downloading/sharing movie files...
> then how do they manage it without examining traffic?

We're talking about the wonderful corporations who brought us fi

Media failure

It just amazes me that no other large news organization has a reporter devoted to covering this stuff full time, as Krebs does. Hell, Krebs isn't even part of the paper; he's attached to the Web site. I guess that says it all. Keep up the great work Brian.

Naive much?

You wonder why no large media companies (fixed it for you) have a report devoted to this, or even report on it much or do anything but rehash the RIAA/MPAA press statements and never ever examine it.

Follow the money. You might as well ask, why do popular

Re:

Certainly possible. However, as a guy who spent over two decades producing content for media companies (although back in my day we used to call it writing for the newspaper) I never, ever had anybody stop me from writing something. Heck, I rarely had anybody telling me what to cover, since as the designated expert, I was the guy telling my bosses what was important. But do go on...

The problem isn't so much blatant censorship int hat fashion it's more like this: Neo-con journalists tend to write Neo-con articles. Neo-Con editors tend to hire Neo-con journalists. Neo-con paper owners tend to hire Neo-Con editors. Thus The guy at the

Give kids a break

They're about to become corporate serfs. Give them a four year break from corporate dominance, so they have that much more psychological trauma when they exit school, which will make them the perfect mentally broken spiritual voids who need to buy our products.

Thanks,
The NWO

Re:

They're about to become corporate serfs. Give them a four year break from corporate dominance, so they have that much more psychological trauma when they exit school, which will make them the perfect mentally broken spiritual voids who need to buy our prod

we want to identify what?

This toolkit in comparison to instead installing a filter system that the MPAA (slashdot lame filter see this as junk characters) would then maintain a database off site from the university ...

But students would find ways around the filter?

vs.

Their toolkit

Sure, this will work....

All this will be is another challenge for people to find work-arounds. Has any of this stuff actually ever worked? Has any attempt to stifle people downloading ever resulted in anything other than increased downloading? How many times has the RIAA for exam

It's elementary, dear Watson...

it's all about control and flexing their legal muscles to intimidate the rest of the public into towing the line. The MPAA is using this to gather more ammo in order to sue the people who are old enough to know what P2P is, who tend to use P2P apps to get music/movies/etc. on a regular basis, and who tend to have limited resources to fight back in court.

Anyone want to make a bet....

.... That schools that do not install this "tool" will get the lion's share of RIAA lawsuits?

Here's an idea...

install an anti-MAFIAA toolkit!

1) Install a firewall that sniffs traffic
2) See if it's not bittorrent or bittorrent sites
3) if it is, BLOCK IT
4) Put the MPAA toolkit in a machine behind the firewall! Ta-da! :D

I want to thank...

... the hacker team MPAA for this great social engineering attack.

Everyone please remember to distribute those IP addresses of the kit downloaders so we can hit these colleges HARD!

It sounds like...

The MPAA got the same people to write this "tool" as they get to write those super-realistic computer scenes in the movies!

mpaa urges students to install mpaaBuddy, too

mpaaBuddy is an on-screen "intelligent software agent" created by the MPAA, and based upon Microsoft Agent technology. The goal of the program is to help users enrich their online movie experience as they discover digital movies together with the included "mpaaBuddy," which is an animated, purple Tom Cruise. Users can interact with Tom by asking him questions, get recommendations on new movies released by MPAA members, as well as be politely informed when unapproved websites are loaded.

Other features include, an integrated download tracker, movie-related themes, desktops, screen savers, and cute, animated emoticons, bearing a resemblance to top-selling actors. Also included is a desktop search utility that indexes a hard drive's contents in order to allow the user to easily perform searches.

While initial response to the program has been positive, a few early users complain that the program is buggy. "The program keeps changing my home page to a crappy MPAA home page," said one teenager who wished to remain anonymous out of fear of a MPAA-sponsored lawsuit. There have also been complaints of an increase in pop-up advertising.

Here's some information about the software.

The software is available to download here: UniversityToolkit.com [universitytoolkit.com] in ISO format. The software 'pings' this server on boot for this file [universitytoolkit.com]. If you want to crack a load of university networks, just crack that server and you're away (it's a flat Redhat Enterprise Server boxen).

Also, the software developer is breaking the law. They haven't shipped the modified code they've made (eg ntop).

Trademark and GPL issues?

As someone pointed out upthread, the kit is simply Xbuntu with a some network tools pre-installed like Snort and ntop. This leads to a few questions:

1. Since the kit is a derivative of the default Xbuntu install, is the MPAA still allowed to ship the kit with Canonical's trademark (Xbuntu) prominently displayed as boot splash?

2. Since the MPAA is distributing GPL'd software aren't they obligated to provide source code for the kit upon request?

3. Is there any MPAA written programs included in the kit? Is it based on GPL software and thus required under the licensing terms to have its source code available upon request?

4. IIRC, Canonical products ship with some proprietary drivers. Since the MPAA kit is a derivative of Xbuntu, does it have permission to distribute the same drivers, or did Canonical get special permission which the MPAA does not have?

5. If the MPAA does not supply any source code that the may be legally obligated to do under GPLv2 license, then can individual copyright holders of the multitude of programs included with Xbuntu, give notice that they are revoking the MPAA's right to distribute their software under the provision of Section 4? Section 4 states:

4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance.

Note that Fyodor terminated SCO's right to distribute Nmap in any of their products under that section, which SCO complied with.

Even If

Even if there is a firewall at the perimeter of the school network, all of the students are inside of it!