MPAA Forced To Take Down University Toolkit

bobbocanfly writes "Ubuntu developer Matthew Garrett has succeeded in getting the MPAA to remove their 'University Toolkit' after claims it violated the GNU GPL. After several unsuccessful attempts to contact the MPAA directly, Garrett eventually emailed the group's ISP and the violating software was taken down."

A new low has been acheived here on Slashdot...

Linking to a LiveJournal post that reads:

MPAA don't fuck with my shit.

(And yes, I did attempt to contact them by email and phone before resorting to the more obnoxious behaviour of contacting the ISP. No reply to my email, and the series of friendly receptionists I got bounced between had no idea who would be responsible but promised me someone would call back. No joy there, either.)

Awesome.

Re:A new low has been acheived here on Slashdot...

Or a new high...

One might almost say that the summary of the article is more informative than the article itself.

Re:A new low has been acheived here on Slashdot...

One might almost say that the summary of the article is more informative than the article itself.

Well, I wouldn't know, and you shouldn't either. We're not supposed to RTFA around here - turn in your slashdot ID at the door.

i like the post article

quote ">Seriously?
No, this is all just a joke. Really.

>I don't nor does the Slashdotters posting here except the rabid, fanatical F/OSS fanboys.
How can you assert that? Did you do a survey?

>This is not a victory.
Then tell us what it is.

>Silly kids, go trim your neck beards and worship Stallman some more.
How do you know "kids" are responsible for this? What backs up your suggestion that if they are kids that they are silly? How old do you think Matthew Garrett is? Go google it.

Maybe you should take a chill pill and leave this topic alone if you aren't interested in it. You are making baseless assertions just to try and stir shit.

You come across as a dumb ass.

Re:i like the post article

Careful, your chill pill will be countered by his get off my lawn. Maybe if you play a take it easy gramps, he wont have to bust out the cane shaking of ultimate exasperation.

Re:Uuuuubunnnntttuuuuuuuu Correction...

Read the article.. it's XuuuuuBuuuuuTTTuuuuuuuuu !!

"The University Toolkit is essentially an operating system (xubuntu) that you can boot up from a CD-ROM. The package bundles some powerful, open-source network monitoring tools, including "Snort," which captures detailed information about all traffic flowing across a network; as well as "ntop," a tool used to take data feeds from tools like Snort and display the data in more user-friendly graphics and charts. "
http://blog.washingtonpost.com/securityfix/2007/11/mpaa_university_toolkit_opens_1.html [washingtonpost.com]

Chinese Translation

Uuuuubuuuuuuuuuuunnnnnnnnntuuuuuuuuuuuuuu !!

Chinese Translation: "GNU Not Want!"

Re:

if it is any consolation, we are now hosing LJ to death.

Re:A new low has been acheived here on Slashdot...

1. send takedown notice to MPAA
2. LiveJournal servers slashdotted to hell
3. ???
4. geekocalypse!

Re:A new low has been acheived here on Slashdot...

You missed the two screen shots. Essentially the post shows a "before and after" screenshot of the MPA University Toolkit page [universitytoolkit.org]. The before picture contains a link that the after picture doesn't: "Click Here to Download The Beta Version of the Toolkit"

There's also another link that links to a blog entry about the MPAA toolkit [washingtonpost.com] which, if you dive into the comments, explains the GPL violation. (Just search for GPL, it's easier than trying to find it.)

So not entirely worthless, and therefore not a new low, just meeting the same low standards.

Re:A new low has been acheived here on Slashdot...

Can we play the Final Fantasy "fanfare" music?
You got 20 gil.
You found an MP3!

Re:A new low has been acheived here on Slashdot...

Aha, but this result is only possible because of copyright law. Thus, if one is celebrating this case, they are indirectly saying copyright is good.

They are directly stating that the GPL enforcement is good. They are not saying that this software should be protected for 120 years (hell, a bug fix next week makes 120 years laughable).
Copyright laws do need to be changed to take reality into account, but the issue here is that the software is being distributed in violation of the license. Copyright law is just the "enforcement stick" of this license.

Duh

This is news?! What is up with that! Every body knows that the RIAA is a completely honest and upright organization. They practice what they preach. They obey everyone else's takedown notice, be it gpl or dmca, whatever, just like they expect you to obey their takedown notices. I can't wait to see the day that all these trolls on slashdot finally go the way of the dinosaur and the true intellectuals out there call the RIAA what it is! It is an honest, upright, artist first organization! IF YOU CAN'T HANDLE THAT GET OFF SLASHDOT!!

;)

Re:Duh

Who said anything about the RIAA?

Obvious retaliation

Next they'll contract a russian ISP and put the torrent up on one of their trackers...

Explanation.

Explanation.

As TFS & TFA have little info, here's some background:

The MPA(A) released a Xubuntu derived livecd with a bunch of F/OSS tools to assist universities in monitoring their networks. *rolls*eyes*. More info about the software in this Washington Post article [washingtonpost.com].

Unfortuntately the CD as shipped contained no source & no written offer for the source, so was in violation of the GPL (and hence, the MPAA are in violation of various software author's copyright).

After several attempts to reach contact the MPAA, the ubuntu developer sent a takedown notice to the hosting ISP.

I hope he now presses for copyright violation - as he so elequoently says: MPAA don't fuck with my shit.

Re:Explanation.

Should also be made clear that the tools only identified torrent users, and didn't make any attempt to distinguish between 'naughty' and legal torrents.

Re:Explanation.

The MPAA was distributing "modified binaries" of GPLed software without distributing, or offering to distribute under the terms of the GPL, the modifications.

Even if all you do is change a strcat(); line, you have to (at minimum) distribute that change's source.

Actually

Even if you don't change a line of code, you still have to distribute (or offer to distribute) source if you're distributing the binaries.

Re:

They actually are "distributing the source", granted via the Ubuntu package system. You could argue in court (and probably get traction with the argument) that you were obeying the "spirit" of the license agreement.

Where that breaks is when you change the

Re:Actually

I saw no indication that the MPAA was hosting their own apt repositories with source. If you mean that sources.list was pointing at Ubuntu's servers, that's not good enough. That's Ubuntu doing the distribution.

Re:

That theory has never been argued in a court of law, AFAIK.

You could argue that, provided you do nothing to hinder the user from accessing it, that providing a URL to somebody who hosts the code IS distribution.

That might not be the FSF's reasoning, mind y

Stop talking shit

You do not have to distribute "changes in the form of a diff", or "distribute your code changes" in particular.

You must distribute (or offer to) the complete source code corresponding to the binaries you distribute. The whole purpose of the GPL is that someone getting a binary can get the full source for the binary.

Re:

For the changed packages it would be interesting to know what the changes were, to the extent that can be determined without the source.

It would be interesting, I suppose, from an academic point of view, but it doesn't really matter. As long as they changed them, even the slightest bit, they're required to distribute (or offer / provide a method for users to obtain) the complete sources t

Re:Except in one scenario

Well, it depends on what they changed. If they added code to phone home a lot with lots of personal information....that would be interesting from more than a purely academic point of view (IMO).

Re:Explanation.

Additionally, it is my understanding they actually made some changes to ntop, and did not provide any instructions on how to obtain the changes.

So, it's not even a technical violation in the letter of the license, it's a legitimate violation of the spirit of the license. They are distributing a change to the code without source.

Re:Explanation.

I would be really interested in seeing some data to back up this claim. When the toolkit was first released I downloaded a copy and checked the md5sums on both the ntop binaries and the snort binaries. Both corresponded to the binaries I downloaded form the Ubuntu server.

There was also a page on the 'monitor' site that stated the software was released under the GPL, but I don't recall if it included a copy of the license itself. The MPAA code seemed to be kept separate and the license on that was unclear, however there were Java Server Pages distributed as binary only as well as some shell scripts and maybe some python (again, i don't remember).

Does anyone know of a mirror of the original ISO? I would like to look at it further but I deleted the one I originally downloaded.

Re:

Two wrongs don't make a right, but three lefts do.

Encouraging result

but at the same time rather worrysome what a simple email to the ISP can do, even if it's for a good cause. Why not sue them and make things bullet-proof and at the same time strengthen the GPL in court, rather than sorting things out vigilantism-style? A pile of court-issued takedowns might be a more impressive repellant against future violations of the GPL (or any other such license) than a pile of social-engineering-issued takedowns. Don't associate "social engineering" with the negative connotation of spam/phising/etc. as I used it; instead, read it in its original meaning: someone requested a blocking of content from an ISP, essentially (TFA is void of details) only with convincing arguments but no hard proof that the GPL was indeed violated.

Re:Encouraging result

On the other hand, the MPAA should have had all it's ducks lined up in a row. They're big boys, they can afford to do things right. The fact that they didn't bother is another indication of their above-the-law attitude. They really just don't care. I'll bet they're caring now, and I'll bet there are some heads rolling in the legal department right now.

The delicious irony here is that the MPAA drafted the DMCA and were primarily responsible for pushing it through Congress.

Re:Encouraging result

They won't care. There's currently the idea that some people are above, below or completely outside the law. Since they were involved in drafting some copyright laws they are of the opinion that those laws are not for them and are only for the peasants.

Re:Encouraging result

I believe the DMCA provides the legal framework for takedown requests.

It probably stings terribly to be spanked with a paddle of your own design and construction.

"Simple email"

DMCA takedown notice is exactly the legal action you are supposed to take in these situations. It is not "social engineering". He has every legal right to do it.

Re:

Yes, and if instead he sued the MPAA and won damages in court, he'd be validating the MPAA tactic of suing individual users for posting copyrighted movies for damages.

Re:Encouraging result

but at the same time rather worrysome what a simple email to the ISP can do, even if it's for a good cause... A pile of court-issued takedowns might be a more impressive repellant against future violations of the GPL (or any other such license) than a pile of social-engineering-issued takedowns.

We're not talking about a "social-engineering" takedown, but about a takedown notice defined and authorized by federal law, and enforceable in any court in the land.

IMO, the takedown notice defined in the Digital Millenium Copyright Act is one of the few good things in that law. It says that if someone is publishing your copyrighted materials on the Internet, all you have to do is send a notice to the ISP, stating that the material is yours. The ISP is then *required* to take it down, or else be considered guilty of infringement. On the other hand, if the ISP does take it down, they are granted a "Safe Harbor" status, meaning that they're absolutely free of any liability for the infringement.

If something you've published on-line is taken down as a result of a DMCA takedown and it is not infringing, all you have to do is send the ISP a notice stating that the material is not infringing. The ISP can then put the material back on-line, without losing the "Safe Harbor" status. The system is set up so that the ISP doesn't end up trying to determine what is infringing and what is not.

Both the DMCA takedown notice and the counter-notice are sworn affidavits, meaning that when the issue goes to court any untruths in the notices can be prosecuted as perjury. So there's a strong disincentive for someone to issue a DMCA takedown frivolously, as it will cost the publisher almost nothing to get the takedown reversed, and may land the issuer in hot water. Likewise, there's a strong disincentive for a publisher of infringing materials to issue a counter-notice.

And, above all, the ISP who is caught in the middle is shielded from any potential liability, and doesn't have to make any attempt to adjudicate the ownership of the materials (which, obviously, no rational ISP would do anyway -- if in doubt they'd just take it down and leave it that way).

Re:Encouraging result

No, the MPAA can't necessarily just reissue the toolkit with source code and suffer no further consequences.

Once you violate the GPL, your right to distribute the licensed software is terminated. You can only start distributing it again if the copyright holder relicenses you to do so. In GPL violation disputes, the FSF have normally relicensed a distributer once they conform to the GPL's requirements - but this is not automatic, or written into the GPL.

From GPL v2:

"4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License."

There is no clause about reinstating rights under the license.

In other words - if any of the copyright holders in Xubuntu code insist, the MPAA can't ever distribute their software, even with source. IANAL, so I don't know if the courts would support this hard-line.

Don't think that's true.

If you are, in fact, a lawyer, I'll happily defer, but in my layman's opinion I don't think that's the correct conclusion.

If you violate one of the GPL terms, your license to use the software is terminated. Fine. However, as long as the software is still being offered to anyone under the GPL, you can just go, conform to every part of the GPL, and use it again. You can think of it as one license being terminated, but then going and getting a new one; the GPL is an "infinite stack" of licenses: all you need to do to get a new one is to play by the rules.

There's nothing in the GPL that says 'if you violate this once, you're out for good,' although I'm not sure that would be an entirely terrible idea. But that license-termination clause doesn't necessarily imply that.

Re:Don't think that's true.

Um, no. The GPL isn't an infinite stack of licenses where you can just help yourself to a new one every time you want; in fact, it seems that you are confused as to what the term "license" really means here.

It does not refer to the right to modify or distribute a piece of software, it refers to the developer's decision to grant you that right. It's not an automatic right in copyright law, so it needs to be granted; without a license (that is, the developer's granting of this right), you don't have it. So if the developer decides to not allow you to do this anymore, you can't do anything: you can't "take a new license", because the developer simply isn't granting you this right anymore.

Now, of course, you might say that once you've been granted a right, the developer can't arbitrarily take it away again whenever it suits them. That's true. However, the restrictions to your granted right to distribute and modify is subject to are explicitely spelled out in the GPL, so you know about them right away; you know right away what you can't do and what will happen if you do it anyway.

So, yes, the GPL *does* say "if you violate this once, you're out for good" - unless/until the developer decides to grant you these rights again after all, something that is neither automatic nor guaranteed (even though most developers - notably, the FSF - will probably do so if you start complying with the license and show an understanding of why this is important).

Finally, allow me to say that you seem pretty confused about the GPL in general, anyway: you talk about a "license to use the software", yet no such thing exists. In fact, the GPL specifically does not apply to mere *use* of the software, and you do not have the accept it in order to do so. You don't even have to accept it to modify the software (at least in the GPLv2); you only have to accept it if you want to *distribute* the software, modified or unmodified.

He should also sue...

for copyright infringement as well.

Now that would be poetic justice.

Re:He should also sue...

Everyone that has GPL code in xubuntu and the tools that come on the CD should file copyright violation for $9250 per line of code shared.

MPAA Pwned by DMCA Takedown Notice

Now THAT is the (accurate) headline I want to read!

Possible deterrent?

IANAL, but why don't OSS developers offer a GPL-free version of their software for some really high price. That way, when big-media tries to steal (their words, not mine) their creative works, the developers can sue them for legitimate damages, citing a stratospheric market price per copy, then multiply the number of CDs they've distributed by their stratospheric market price to get damages from them?

"The MPAA/RIAA has distributed 1500 copies of my work. I offer that software at $50,000 per copy. They owe me 75 million dollars in damages!"

That's basically what they big media is trying to do to the consumers, isn't it?

Re:Possible deterrent?

You don't really need "actual damages" because you can go for statutory damages. If you can prove willfull infringement, you can get 150,000 per offense. If you skip proving willfullness, I think this is the section that applies:

(1) Except as provided by clause (2) of this subsection, the copyright owner may elect, at any time before final judgment is rendered, to recover, instead of actual damages and profits, an award of statutory damages for all infringements involved in the action, with respect to any one work, for which any one infringer is liable individually, or for which any two or more infringers are liable jointly and severally, in a sum of not less than $750 or more than $30,000 as the court considers just. For the purposes of this subsection, all the parts of a compilation or derivative work constitute one work.

$30,000 a pop ain't bad money if you can swing it. I'm not sure exactly what the result would be if you claimed "actual damages" on a zillion dollar price tag despite never having had an "actual sale." Judge might throw out the claim, I suppose. AFAICT, worst case would just be to get laughed at with the huge price tag and then just fall back to statutory damages instead.

Nomenclature, please

Instead of saying they "violated the GPL", let's keep this simple. They violated copyright law. By their own definition, they're "pirates". They stole. Etc.

If I may be a geek...

I read this post and immediately pictured Ewoks dancing in the forest as the Death Star burned above them. Sure, you know it's not over, but what a nice blow against the Dark Side.

Re:aww...

they still distributed in violation of the license and therefor copyright law! You can't make stuff up this funny, the MPAA in violation of copyright, LOL. The FSF can still go after them if they want to.

Re:aww...

You wouldn't steal a purse! You wouldn't steal a car! GPL software distribution without following the license - IT'S STEALING!!!

Re:aww...

You wouldn't steal a handbag!

You wouldn't steal a car!

You wouldn't steal a baby!

You wouldn't shoot a policeman

and then steal his helmet.

You wouldn't go to the toilet in his helmet!

And then send it to the policeman's grieving widow.

And then steal it again!

Re:aww...

[citation needed] http://www.youtube.com/watch?v=MTbX1aMajow [youtube.com]

Re:No GPL Violation

None of what this AC says is true. It doesn't matter if the MPAA never changed any code, the fact remains that they were distributing the code, changed or not. Now, if you want to distribute GPLed code, either you comply with the license and provide source code, or you find yourself just as guilty of copyright infringement as these people torrenting movies that they are so quick to prosecute. What happened was the latter. As for suing them for copyright violation, the fact that no one lost any money is also immaterial. There is such a thing as statutory damages, which would be at minimum US$750 for each copyrighted work thus violated, and could be as high as US$30,000. They would thus theoretically be on the hook for statutory damages for every GPLed package in the Xubuntu distribution, just like Ms. Jammie Thomas. There are hundreds of GPLed packages in Xubuntu... You do the math.