Follow Slashdot stories on Twitter


Forgot your password?
Music Media Your Rights Online

Legalizing Attacks on P2P Networks 851

miniver writes: "Rep. Howard Berman (D-Calif.) wants to legalize DoS attacks on P2P networks such as Kazaa and Morpheus by 'copyright holders.' The Washington Post reports on his proposed legislation here. Berman's bill, to be introduced in the next several weeks, would attempt to minimize the illegal trading of copyrighted songs and other content on "peer-to-peer" (P2P) networks by permitting copyright holders to use technology against pirates. As can be expected, the RIAA is in favor of the proposed legislation."
This discussion has been archived. No new comments can be posted.

Legalizing Attacks on P2P Networks

Comments Filter:
  • by Charm ( 313273 ) on Tuesday June 25, 2002 @11:51PM (#3766797)
    So it is ok to hack if you are rich but not if you just do it for fun.

    No wonder we never understand politicians.

    RIAA can suck my CD's

    • Sounds like legalized vigilanteeism. Where's the bill to allow hacking against antitrust violators?
    • It's more like a letter of reprisal. The question is if a generalized letter of reprisal is passed (entirely constitutional) would this legalize hacking the RIAA et al for any copyright violations they might be doing?

    • Did anyone actually read the article? It doesn't allow for DoS attacks on pirates, or anything damaging. The bulk of what it allows are putting up of decoy files, and doing the slow download thing.

      This is like saying : people steal lots of stuff from best buy, and best buy wants to put up some empty boxes on the shelves, so people steal those instead. You go to the cash register to get the stuff.

      There is nothing even vaugely evil about this.
  • On one hand a DoS attack is an act of terrorism, but it is OK if you are a record company? Hmmm.
    • by Xawen ( 514418 ) on Wednesday June 26, 2002 @01:40AM (#3767276)
      Even better, the RIAA wants to launch DoS attacks on networks full of (presumably) relatively computer savvy people with high speed connections??? Now c'mon, that's just dumb. Sure they can hit the "routers" or look for central nodes, but they're still gonna end up pinging normal users right off the net. That's going to do nothing but get the script kiddies all riled up enough to start launching packets back in the other direction.

      I almost hope this passes just to see the logs that are going to come from this one. Maybe we can print them out and mail them to Mr. Berman demanding to be reimbursed for the downtime we have while trying to coax our overworked routers out from under the floor tiles...
    • by spiveps ( 190995 ) on Wednesday June 26, 2002 @04:39AM (#3767715)
      There are som issues in this case that has to be sorted out if the proposal will be legal/law.
      1. Since this will be an US law, and not a law in Sweden (where I live) and if they attack me it will be considered as an terroristattack from US to Sweden. Therefore they must now that they only attack within US.
      2. If someone attacks you and you are only sharing legal data, they are actually stopping the free speech, and I do not now if it is illegal in US or not but in Sweden free speech is one of our most importand laws.
      3. I can only guees how the next generation of P2P apps will work. Maybe they will defend themself and generate an enormous counterstrike and what will happen then?
  • Legalized hacking? (Score:5, Insightful)

    by imac.usr ( 58845 ) on Tuesday June 25, 2002 @11:51PM (#3766800) Homepage
    Oh, the irony. What a wonderful message to send to script kiddies everywhere. "Well, the government does it, why can't i?"


  • DMCA vs this (Score:2, Insightful)

    by ObviousGuy ( 578567 )
    DMCA = use technology to pirate copyrighted works, break the law

    This = use technology to stop people from pirating copyrighted works, be a good citizen

    Boiling this down to its essences, there is neither contradiction nor illogic. Copyright infringers are by definition in the wrong and copyright holders should have the legal means of stopping them.
    • Re:DMCA vs this (Score:3, Informative)

      by cosmosis ( 221542 )
      There is only one flaw in your argument - going after specifically targeted songs is one thing, but a DoS attack disables the entire network regardless of what is crossing its wires. Now if you still think they have a right to do this, then by this same logic, banks should have the right to disable the entire transportation network, as some people use that network to carry large sums of cash they just got done steeling it from their banks. Or we should just allow cars, as some people use them for infringing purposes - robberies, hit and runs, drunk driving, reckless endangerment, kidnappings, etc.
      • Re:DMCA vs this (Score:3, Informative)

        by God! Awful ( 181117 )

        There is only one flaw in your argument - going after specifically targeted songs is one thing, but a DoS attack disables the entire network regardless of what is crossing its wires

        Are you sure you know what you are talking about? There are many types of DoS attacks. You can DoS attack a whole network, a single host, or just a single protocol. The effect of targetted decoy tracks is to disrupt the activities of people who are specifically looking for those tracks (a DoS attack). The rest of the users (who are presumably trading recipes or something) shouldn't be affected. Neither the article, nor the message you replied to, was advocating other types of DoS attacks, such as ping-bombs.

    • Re:DMCA vs this (Score:4, Insightful)

      by NanoGator ( 522640 ) on Wednesday June 26, 2002 @12:05AM (#3766886) Homepage Journal
      "Copyright infringers are by definition in the wrong and copyright holders should have the legal means of stopping them."

      Until our rights as consumers are defined (i.e. you have the right to have a backup copy of your music...) then the RIAA has no business being 'armed'.

      I don't have the right to put a bomb in my car and make it explode if somebody steals it. The RIAA should never be given the right to harass anybody. If they have a complaint about somebody in particular, they have laws they can sue them with. If that's not enough, then maybe they need to reconsider their business plan.

    • DMCA = use technology to pirate copyrighted works, break the law

      This = use technology to stop people from pirating copyrighted works, be a good citizen

      Just because a technology exists to "stop people from pirating pirated works" does NOT necessarily warrant its use. (If that was the case, then why don't we just drop a nuclear bomb on those suspected of infringing on copyrighted works?)
    • Re:DMCA vs this (Score:5, Interesting)

      by Aerog ( 324274 ) on Wednesday June 26, 2002 @12:23AM (#3766976) Homepage
      Here's the big thing. Who will this affect? If the RIAA has any say at all (and this goes above and beyond whatever means they use) it will affect everyone. That would be everyone in the world. Everyone in the world regardless of whether or not the US Constitution even affects them.

      Sure it's been said, and maybe not even necessary for this topic, but I can see no good coming of this when a US bill gives the RIAA power over everyone in the world. That's impossible, but very likely that it will be taken as such. No bill in the world, save from maybe a direct mandate by the UN, can give a company this power (and the UN is a little busy right now trying to stop people from killing each other, not making sure I don't download the latest N'sync auditory torture). Why don't we just launch targeted deterrents against everyone pirating music? Oh, wait. We can't. Sure we "can", but it would be illegal in THEIR country and wide open to a good old All-American lawsuit, just like everybody else. Or maybe we just forgot this little fact.

      Oh please let someone in Belgium sue the RIAA. It would just be funny.
    • Re:DMCA vs this (Score:3, Informative)

      by symbolic ( 11752 )
      Consider this portion of the article:
      The DMCA has been used to threaten suspected copyright violators, but questions about what constitutes legal sharing and illegal piracy continue to dilute the law's power.

      This suggests that the DMCA isn't even clear. The proposed legislation would allow the RIAA to make that determination, which is clearly not within its jurisdiction. The RIAA is a professional association, not an extension of the government.

      Just the same, I wish all those who are proponents of illegal file sharing would pull their heads and realize that they can do far more damage to the RIAA if they just stop buying its product.

  • by sterno ( 16320 ) on Tuesday June 25, 2002 @11:53PM (#3766812) Homepage
    While I think that technology is really the only thing that's going to realistically provide the media industry the defense they've been searching for, I'm wondering what exactly this law will permit. For example, I produce copyrighted works on a daily basis on my website, at my office, etc. So do I then, suddenly, have the right to launch attacks on P2P networks? Furthermore, what kinds of attacks will be legitmized. Would be rather bizarre to have a nasty and dangerous worm become legal simply because it was launched against a P2P network.

    Seems like another case of a congress critter trying to bring the law into an area he truely does not understand..
    • Seems like another case of a congress critter trying to bring the law into an area he truely does not understand..

      Your comment truly upsets me: you seem to imply that there are areas in which a congressperson (sic) might show competency!
  • SO.... (Score:5, Funny)

    by Anonymous Coward on Tuesday June 25, 2002 @11:53PM (#3766814)
    1. Copyright Song.

    2. Wait for someone to e-mail it to someone else on AOL.

    3. Massive DOS Attack on AOL tottaly taking it out forever.

    4. ???

    5. Profit.

  • Eye for an eye... (Score:5, Interesting)

    by NanoGator ( 522640 ) on Tuesday June 25, 2002 @11:54PM (#3766818) Homepage Journal
    "Rep. Howard Berman (D-Calif.) wants to legalize DoS attacks on P2P networks such as Kazaa and Morpheus by "copyright holders".

    Umm okay. They can have that right if I can have the right to DoS the RIAA for infringing on my fair use rights. After all, all men are created equal.
    • oh yes, they're opening a whole other can of worms with this one, and its gonna bite them in the ass for sure..

      the music copyright holders (most of whom are too fried from years of drug abuse) vs. the computer geeks of the world, where the battle ground is the internet? now who shall i bet my money on?
  • Vigilante justice? (Score:5, Insightful)

    by Smallest ( 26153 ) on Tuesday June 25, 2002 @11:54PM (#3766821)
    They want to make it ok to take the law into your own hands, well, their hands anyway.

    Isn't it the job of the local,state and federal law enforcement agencies to enforce the laws? Deputizing the RIAA doesn't really sound like a good idea.

    • Deputizing the RIAA doesn't really sound like a good idea.

      Can't you just hear it?
      • "You have the right to remain silent. If you do not choose to remain silent, anything you say may be used against you in a court of law. I'm going to kill you. You have the right to an attorney. If you cannot afford an attorney, one will be provided for you. Do you understand your rights as I have explained them to you?"
      • "Tak!"
  • DoS? (Score:5, Informative)

    by niloroth ( 462586 ) on Tuesday June 25, 2002 @11:55PM (#3766825) Homepage
    where does it say anything about DoS attacks? From the article:

    "His bill would allow copyright holders to set up decoy files and use other techno-tricks like file-blocking and redirection to throw P2P pirates off the trail, but it would forbid those holders from employing tactics that would damage or destroy pirates' own computer systems"

    And further along....

    A copyright owner should not be allowed to damage the property of a P2P file trader or any intermediaries, including ISPs," Berman said. "(I) wouldn't want to let a particularly incensed copyright owner introduce a virus that would disable the computer from which copyrighted works are made available ... "

    Don't get me wrong, I don't think this is a good thing, but I also don't think we need to blow it out of proportion, who does that really help in the end? No one.
    • Re:DoS? (Score:3, Informative)

      by Salsaman ( 141471 )
      DoS == Denial of Service. Setting up a decoy file is a denial of service (the service being downloading the original file).

      DoS does not always have to mean flooding a network (though that is the most common DoS attack).

    • Re:DoS? (Score:3, Insightful)

      by dcgaber ( 473400 )
      I will say this, being at the conference yesterday where he announced the dropping of the bill. If you do not think that there will some massive safe harbor provision and a good faith clause, you are deluding yourself. Fortunatly this bill will never pass, much like when the RIAA tried to add something similar to the PATRIOT act (after being rebuffed trying to do it as a stand alone bill). This spells disaster though because it opens the debate so skewed on one side that the "happy middle ground" will in fact be far away from what we would want.

      2 interesting things to note though:
      1) This cannot be done with out amending DMCA Sec 2101 (I believe that is the correct section) on circumvention devices. This could be the chance to finally make that it something workable, or put the Sony doctrine into statute and not just common law (common law that is being eroded as the Napster decisions showed).

      2) I thought the most interesting thing Berman said yesterday (aside from this bombshell) is that when he came to Congress, he had no interest in IP per se, however being as he was the Congressman from Hollywood (I believe those were his exact words), he had to chose something to help his constituency out, and this was a great issue area for that.

      If you object to this legislation (as you all should), contact his subcommittee office, they deal with this issue (not his personal office) at (202)225-4695. Of course, it goes with out saying, be polite and respectful and state your opinion with out flaming. If you want your position to be taken seriously, then you have to treat it seriously. Being a former hill staffer, nothing gets a brush off more than someone spewing out angrily and irrationally, HOWEVER, contrary opinions, stated well are always well regarded.

      BTW, at the Q&A part everyone came out against this and told there objections to Berman.
  • America's Finest (Score:2, Insightful)

    by dnoyeb ( 547705 )
    AS usual, the laws all apply till they come pointing at you. Ala the American Taliban's who the law is not good enough to convict so they just ignore it and the American media campaigns every day to say its the right thing to do.

    Laws are laws and were a nation of Laws. AT least they want to legalize it as opposed to just doing it and saying its ok...
  • by KNicolson ( 147698 ) on Tuesday June 25, 2002 @11:57PM (#3766838) Homepage
    Sigh, not even the submitter is reading the story these days:

    His bill would allow copyright holders to set up decoy files and use other techno-tricks like file-blocking and redirection to throw P2P pirates off the trail, but it would forbid those holders from employing tactics that would damage or destroy pirates' own computer systems.

    It seems like a futile attempt, however, as people can always route around trouble, and if such tactics become commonplace, software will soon adapt so even the most clueless newbie can be autoupdated with the latest and greatest roadblocks to avoid.

    • by interiot ( 50685 ) on Wednesday June 26, 2002 @12:15AM (#3766943) Homepage
      DoS attacks actually don't damage the target's computer at all, they merely disable the network connection while the attack is ongoing. I read the above paragraph to mean that DoS attacks would specifically be permited.
      • by Tim C ( 15259 ) on Wednesday June 26, 2002 @03:13AM (#3767543)
        It is a DoS attack. It's just not aimed at any of the computers on the network, but at the network as a whole.

        If they flood the network with fake files, then most downloads will effectively result in garbage files being downloaded. The network becomes essentially unusable - service has been denied.

        Just because it's still capable of transeferring files doesn't mean that it's providing a useful service.


    • And how's this different from a DoS attack? Does really matter if you offer decoy files instead of sending decoy packets? In both cases, your intent is to disrupt the service.
  • by Erasmus Darwin ( 183180 ) on Tuesday June 25, 2002 @11:59PM (#3766857)
    It appears like this only makes it permissible for copyright holders to set up decoy songs. So it'd no longer be illegal (it was illegal before?) for them to put up mp3s with the names of RIAA-protected artists that're really just noise. In short, no big deal, as far as I can tell.

    Everyone who has already knee-jerked at the Slashdot summary and decided that this means the RIAA can start ping-flooding people on P2P networks needs to read the article.

    • by silvaran ( 214334 ) on Wednesday June 26, 2002 @12:09AM (#3766905)
      You're absolutely right: people automatically think flooding or hacking when they hear DoS. But denial of service attacks can mean rendering a network virtually useless in what it's supposed to provide. In the case of a web server, you use up so many connections no one else (ie: valid clients) can connect. In the case of Morpheus, you imitate so many false matches that clients can't get valid results (they can't retrieve the information, even though the information is available and the server -- or network -- should technically be able to produce it).

      The RIAA has already started doing this -- by posting songs with repeated choruses or large sections of the songs faded to silence, but the calibur has been relatively small -- you can usually pull off a legitimate copy after a few searches.

      Legalizing this operation would give the RIAA a defense for using these mechanisms, and they could avoid [further] bad publicity. They would also be permitted to store massive amounts of slightly varied mp3 names that house illegitimate or incomplete songs, register numerous Kazaa/Morpheus/etc. accounts and attempt to pose as valid song providers, flooding the network with useless information.
      • I've noticed that stuff like this "false files" seems to be going on already. When I've searched Gnutella I always get a a bunch of maches with files that contain only my search terms plus .mp3 .avi .mpg .exe and others. Either sombody is trying to get people to download nastyness or somebody is tying do this already.
  • What is this the Wild West? You have the pirates' IP addresses. SUE THEM!
  • using my copyrighted material I can do the same thing ?
  • This reminds me of a story I read a while back (several years ago) about software that would watch over your network for an attack. Upon catching one, it would automatically retaliate against the source of the attack, performing a DoS or some other damaging act. Several corporate management types were interviewed, and they all thought this was the greatest thing they'd ever heard of.

    When I read the article, the first thing that came to my mind was spoofing. How hard would it be to spoof my identity while attacking one of these corporations, through either IP spoofing or bouncing an attack off an unsuspecting victim? If done right, it would be possible to make these corporate hosts launch an attack on anyone you wanted. Needless to say, this type of "counterstrike" software never caught on.

    Now I see that the RIAA wants free reign to DoS P2P users. What happens if someone is able to spoof their identity and trick the RIAA (or copyright holders, etc) into attacking someone else? What are the legal ramifications of this? Now, having said that, if someone can spoof their identity to trick the RIAA into DoSing themselves, I'll gladly turn my back while I laugh my ass off.
  • Great idea. I think it would be wholly ethical, assuming I were permitted to kick a police officer in the nuts if I am pulled over without cause. It's great, as long as I can leagally glue the doors of my bank shut if they hit me with unwarranted charges. Cool, if I can legally assault anyone who comes to my door without permission. What a great idea, let's legalize sexual mutilation if the experience was unfulfilling. Hey, let's legalize assassinating politicians who subvert the Consitution!

    Who is this congressman and what the fuck has he been smoking? You can't legalize revenge, and if you think you can, be prepared to become a victim.

  • Checkmate (Score:3, Insightful)

    by eyeball ( 17206 ) on Wednesday June 26, 2002 @12:10AM (#3766913) Journal
    His bill would allow copyright holders to set up decoy files and use other techno-tricks like file-blocking and redirection to throw P2P pirates off the trail, but it would forbid those holders from employing tactics that would damage or destroy pirates' own computer systems.

    P2P systems should copyright and copy protect the out-of-band packets (the ones used to search, return search results, etc), then use the DMCA to prevent these types of DoS attacks. At the very least they should also specify in the EULA that intentionally supplying misleading files will result in being banned from the P2P network.

  • by bcrowell ( 177657 ) on Wednesday June 26, 2002 @12:10AM (#3766914) Homepage
    There's a more fundamental problem with anonymous P2P networks, which is that there's no reward for good behavior, and no social penalty for bad behavior. Putting up a decoy song is just one example of antisocial behavior.

    As an example, one of the things that normally stops child pornography from getting too popular is that people are embarrassed to look at it, and will express strong social disapproval of anyone who makes it or uses it.

    Another example is that if there's a social vacuum surrounding a P2P network, then there's not much incentive to donate bandwidth and disk space. Nobody gives you a pat on the back for running a useful node.

    Free speech doesn't mean that the ideal social environment is one where your speech has no consequences.

  • by scubacuda ( 411898 ) <> on Wednesday June 26, 2002 @12:10AM (#3766915)
    Someone posts the IP addresses of the "legit hackers" on the web? You can bet that all the script kiddies will come out of the woodwork then...

    As for the dummy files, what about a system that allows people to A) vouch for their songs, and B) give an MD5 hash?

    Sure...pass this stupid bill; the ramifications will be FAR worse. You cut off one head of this monster, and 10 heads will grow in its place.

    Instead of passing this shit, why not give people an INCENTIVE for buying the cds (like free coupons, chance to meet the band, concert tickets, login to their website, etc.)
  • This guy is obviously a made-man: paid-off, bribed, owned by the RIAA/MPAA -- in their back pocket.

    This probably won't get passed, because numerous representatives will raise objections, as it'll prevent people from sharing non-copyrighted files. As P2P may be the future of communication, such a bill threatnes that very future.

    However, rest assured, that if this bill passes, counter-measures will be taken. There are ways to deal with people offering fake files. There are also ways to make a network resistant to various types of attacks.

    Normally, the attackers of the network have the advantage, but not in this case. In this case, P2P, the P2P community has the advantage b/c we have far more programmers, and the code is open, and anyone around the world can contribute.
    • Take a look at the PAC contributions made to Berman [] $37500 from entertainment company PACs, easily the largest category. Communications and Electronics, both individual and PAC contributions dwarf all other contributions. $185K from "TV/Movies/Music." Top Contributors are Disney, AOL/Time-Warner, and Vivendi. He's in the RIAA's back pocket all right. Now we just need to get the mainstream press to report this and question his motives.
  • Good Grief (Score:5, Insightful)

    by Quill_28 ( 553921 ) on Wednesday June 26, 2002 @12:12AM (#3766928) Journal
    Let's see when radio first came out the record companies freaked. They figure that no one would buy a record if you could get here it over the radio. They were wrong.

    When the tape cassette came out, the record companies freaked, everybody would copy thier friends tape or tape off the radio. They figure no one would buy would buy their tapes. They were wrong.

    When the vcr first came on the scene, the movie industry freaked, who would go see movies if you watch it for free? They figured people would stop going to movies. They were wrong.

    Don't have the stats but I would guess that the above three all made them more money than without them.

    Now, we have recordable cd's and dvd's, and they are freaked. Who will buy music/movies if people can copy it over the internet?

    I believe I am sounding like a broken record, but these folks are obtuse. ::sigh::

  • by interiot ( 50685 ) on Wednesday June 26, 2002 @12:12AM (#3766933) Homepage
    During the 1800's, various countries such as Britian and France took a new tack at getting under the skin of their enemies. They passed laws that made "privateering" legal -- private citizens were allowed to take over ships from an enemy country by force, and were promised that there would be no legal retribution. When these countries eventually changed their minds on these policies, the privateers became unwanted and illegal pirates.

    Flip forward 150 years, and those who copy data without the authors' permission are called pirates. Fearsome mercenaries of the sea, to be sure. But in an ironic turnabout, California wants to make it legal for mercenaries to get under the skin of these modern pirates.

    I wonder what they'll call these P2P mercenaries once the states change their minds?

  • "(Berman) has called for a posse of copyright vigilantes," she said

    If a posse of copyright vigilantes actually forms, what's going to happen is they're going to turn their attention to the RIAA.

    "Ah, so you don't want to support people's rights to fair use, mmm? You want to pass overreaching legislation like the SSSCA, hmmm?"

  • by quantaman ( 517394 ) on Wednesday June 26, 2002 @12:17AM (#3766955)
    As can be expected, the RIAA is in favor of the proposed legislation.

    Should read,
    As can be expected, the RIAA proposed the legislation.
  • Assuming I hold a single copyright then, and assuming a massive P2P network (the internet) is being used to distribute my content, can I therefore engage in widespread DDoS attacks against major internet sites? Better yet, assuming I see a copy of my copyrighted work on a .gov or .mil site; I can DDoS the hell out of the legally, right?

    Those in power really ought to think (or have someone think for them) before they open that wide contraption from which so much foolishness and BS spews.

  • by Moosifer ( 168884 ) on Wednesday June 26, 2002 @12:31AM (#3767009)
    Rep. Howard Berman ought to read up on message digests and then try his "file decoy" strategy. Many P2P's today employ some kind of hashing which isn't too easily fooled by file naming dissemblance.
  • I'm a copyright holder, in fact I distribute my works for free on P2P networks. AND NOW I WILL BE ABLE TO DOS THEM LEGALLY!
  • From the article:
    "Despite the passage in 1998 of the Digital Millennium Copyright Act, piracy continues to nag at copyright holders and businesses."

    In other news, burglars are still burglarizing homes despite the practice having been illegal under various statutes for the past few millennia.

    Remember people--by definition--criminals break laws. If only lawmakers would realize this fact in creating legislation, as the only people who are affected are those who are willing to obey it.
  • by Anonymous Coward
    All that's needed is a trust metric.

    Here's one example: If a person is on your trusted list, you can get files from them, people they trust, and so on down for as many levels as you like.

    Each trusted node would be identified by a unique ID and a matching key. All that's needed is an optimized searching system for finding friends. It would be easy to cache friends' trust lists, signed with their key. When trusted friends aren't on, you can check with their friends for caches.

    Searching would be expensive while priming caches, and there'd be a bit of extra traffic involved with this, but you might also limit friends to people with decent bandwidth and be sure to have a few friends who're always connected. Include blacklists as well in the same scheme, and sites giving bogus data (as well as sites that like to shut-down with transfers incomplete or allow too many connections for their bandwidth) would vanish from your acceptable search set in a hurry.

  • by ActMatrix ( 246577 ) on Wednesday June 26, 2002 @01:00AM (#3767120) Homepage

    Check out [] if you want to see who's financing this guy's campaign. Top donors, surprise surprise, are: Walt Disney, AOL Time Warner, Viviendi Universal, Viacom, DreamWorks, and Sony. Gee, no bias there.

  • So a single copyright holder could attempt to take down an entire network because a single song is there? Shutting out thousands and thousands of users? God bless America where the individual has more power then an army of users.
  • This could be great (Score:3, Interesting)

    by drix ( 4602 ) on Wednesday June 26, 2002 @01:02AM (#3767128) Homepage
    There's nothing like a little adversity to foster innovation. Of course there are gaping holes in the current suite of P2P apps. The upshot to RIAA or the record companies trying to disrupt service is that it will force people to sit down and actually think about these weaknesses, and fix them. End result: much more secure, robust P2P networks. Just off the top of my head, adding PGP-style "webs of trust" on top of any of the current P2P networks would seem like a good way to circumvent this sort of attack. Someone sends you white noise in place of your Black Sabbath? Shitlist them. Similarly, clients that you repeatedly, successfully transact with become "trusted" in your eyes. And depending on how much you trust them, their "trustees" become trusted (and their shitlisteed, erm... shitted) to you, as well. Granted, it's 12:50AM and I'm babbling, but the beauty of this approach is that it harnesses the inherent power of the a distributed network. There's no single point of failure, so there's no way a rogue client could spoof these webs of trust. Every client speaks for itself. Get enough shithits (God, the lingo alone makes fleshing this system out worthwhile) on a certain client--for the sake of discussion, we'll call him ""--and you just start ignoring it. And so does everyone that trusts you, etc. etc. etc. This type of system has I'm sure been worked out in much more detail and analyzed for potential weaknesses than I'm capable of doing at the moment. Anyways, moral of the story is that this sort of forced evolution, even though it usually gets painful and ugly in the short-term, is often be a good thing in the long-run. (If you haven't guessed yet, you're speaking to someone who treats capitalism as a religion and social Darwinism as God's gift to man :)
  • I don't think anybody's yet brought up the more important consequences of this legislation (which basically legalises a sort of vigilante justice). Consider the long-running feud the CoS has had over Scientology documents. It's not difficult to imagine this being employed offensively against websites which host disputed materials.
  • When I think of DoS, i think of ping flooding with big packets. Ping flooding pirate computers to give cruddy bandwidth??? All I can see is lawsuits on their hands. Internet traffic usually goes through anywhere from 4-8 routers. That would mean 4-8 routers would suffer the effects of a ping attack. If this were to be done on a large scale, the whole internet would be crippled. After all, traffic goes through the same routers as MP3 files, and if the RIAA attacked thousands of hosts at once...

    A lot of WAN links are rented. Local ISPs do pay for the bandwith that they use. You don't think the RIAA would be able to get away scott free from lawsuits comming from cable ISPs only able to offer their customers 8 kilobytes a second to the website of the user's choice? I wonder when the RIAA will realize that the people who pirate on P2P networks normally wouldn't buy a music cd anyway. I suppose they have the right to place dummy files or whatever, but not cripple the internet. Seems like the RIAA is just wasting time on this P2P thing. If they didn't want P2P networks, well they should have used Microsoft tactics [about] on the companies when they were small -- buy them out :P
  • "(I) wouldn't want to let a particularly incensed copyright owner introduce a virus that would disable the computer from which copyrighted works are made available ... "

    Gee that's sweet of him, but would a law like this permit the RIAA or someone else to write a legal virus that contains its own Gnutella or Morpheous client and offer bogus files (1) to clog up the system, and (2) spread itself?

    This would arguably be a kind of legal distributed file-spoofing on a massive scale without technically "disabling" any of the infected machines.

    Or, if a virus is too unpalatable, this law might let the RIAA sneak Kazaa file-jamming software into the "bonus" software they include on CDs.

    Either way, it would be kind of ironic if the RIAA used distributed methods to attack Kazaa, considering Kazaa built a secret virtual network [] within their own client.

  • I find unclear in the article if it would allow DoS attacks,
    His bill would allow copyright holders to set up decoy files and use other techno-tricks like file-blocking and redirection to throw P2P pirates off the trail, but it would forbid those holders from employing tactics that would damage or destroy pirates' own computer systems.

    However if this law is passed and does allow things like DoS attacks I would think it would be very prone to abuse. Are they going to have to get a court order to launch an attack? Sounds very cumbersome the alternative would be to leave it largely at the discretion of the RIAA which could mean just randomly attacking any files that look suspicious or that they just plain don't like. Perhaps a recording of a band that label has a beef , a news story that they don't want getting out or maybe just someone they don't like. I would think it could be pretty hard to prove that your site was clean and didn't warrent an attack. I don't see a way this law could be effective without being a license to kill for the RIAA.
  • The problem (Score:5, Insightful)

    by Xunker ( 6905 ) on Wednesday June 26, 2002 @01:12AM (#3767166) Homepage Journal
    The problem with this, if you didn't see it already, is not that it allows them to attack, it's that is gives them the ability to enforce the law.

    It makes the copyright holder a law enforcer without all the nagging issues about due process.

    If something like this is passed, how likely do you think it would be that is would include statues for just cause or disclosure? They could empy it just on the off chance they "think" something illegal is going on, and if they get in trouble they can plead ignorance. It could vary easily be used by companies against individuals or companies against companies.

    A good example -- and one where I pick on microsoft too -- would be easy. Owing that this legislation simply says "copyrigth holders" and not "musical copyright holders", it could be used by anyone. So, suppose Microsoft wanted to buy some technology from a company, and the company didn't want play ball? Well, Microsoft could do around the clock DDOS attacks to tie up all ther bandwidth (which the company would be unable to stop, as it would be illegal under such a law), and cause the company to be able to do no business and as such go out of business -- and they could do this all under the guise of "well, they were using a pirated copy of Excel 97".

    And suppose it doesn't lay out what kind of retaliation is allowed, or on what medium? Suppose ClearChannel Communications (who own 87% of all radio in the USA) "though" that some mom&pop station iun Bumsville, Iowa was inteding to rebroadcast one of their programs? There stand a good chance that CC would be allowed (under such a law) to jam the offending stations signal until they got satisfaction.

    Ever play Shadowrun, a game where giant corporation war against each other?
  • by Indy1 ( 99447 ) <> on Wednesday June 26, 2002 @01:13AM (#3767170) Homepage
    Simple solution. Totally black list any riaa sites from the rest of the net. Enter their ips on the major backbone routers, and blackhole their traffic. Think about it, you dos someone, and we blackhole 100% of your traffic. No email, no vpn's, no nothing for you riaa pigs. A dos attack is an abuse of the net. And if the fascists want to abuse the net, then they simply dont need it. And i think its likely that the riaa WOULD get their net nuts cut off if they started this crap, simply because a dos is against any kind of TOS (terms of service) in existance. If your uunet, exodus, etc, would you tolerate that kind of crap on your network? i sure as hell wouldnt.
  • by Wylie Coyote ( 257347 ) <wylie@[ ] ['gee' in gap]> on Wednesday June 26, 2002 @01:45AM (#3767288) Homepage
    This is great news, however the bill is too limited in scope to be really effective.

    The bill should be expanded to allow the victms of all crime to directly take action against those who commit crimes against them, be it copyright infringement, property theft, assult, or murder.

    Imagine a world where the RIAA can commit DOS attacks on those who they claim would infringe their copyright. Imagine a world where a rape victim could stalk and ultimately castrate her attacker. Imagine a world where parents of murdered children could take the life of the person accused of that crime.

    Allowing the RIAA to DOS p2p networks is legalising revnge and retribution. Keep going down that road, and you will find the above examples. I cant beleive there are people in your government that actually believe this would be a good thing. I only hope such people dont exist in ours [].... Unfortunately Im beginning to think they do.

    • Ironically, there's an excellent movie starring Michael Douglas titled Star Chamber that deals with the consequences of vigilante justice. An excellent flick for law students and inquiring minds alike.
  • Mass Media Control (Score:5, Insightful)

    by i1984 ( 530580 ) on Wednesday June 26, 2002 @02:03AM (#3767332)
    This proposal does more than empower a squad of vigilantes. Rather, I see this as the latest step in an expansions of corporate media control. Beyond legalising some tactics that are currently illegal for a good reason, this proposal would have the effect of enhancing the monopoly large corporations already have on the flow of information. The implications are very disturbing.

    Considering that flooding a P2P network is easiest when you have the greatest resources to throw at the task, it's hard to imagine that this recourse would be viable for any but large corporate powers or those lucky enough to find themselves in the RIAAA's, etc, best graces. Thus this technique would have the effect of extending the monopolies of the most dominant players, and would choke off P2P distribution paths that could be used by any dangerous upstart rivals. Maintaining their distribution monopoly has, of course, long been the recording industry's primary concern.

    It is also perfectly plausible that any organization with sufficient resources could squash any sort of offending content, beyond any specific type of media, rendering entirely useless existing P2P systems. Note, however, that by sufficient resources I don't mean just network resources. Rather, the most useful resource will be money. Since this is designed as a tool of harrasment, it's likely there would be lawsuits -- but small entities might not be able or willing to risk the cost of a lawsuit. That could work in favor of large entities in two ways: first to limit the ability of individual parties to sue those disrupting a network, and second to empower only the wealthiest entities to venture to disrupt that network. So once again the largest entities benefit at the expense of the little guy.

    I don't see any mention of any special recourse unfairly targeted parties may have, but it's not far fetched to assume that by design any recourse wouldn't be very effective -- otherwse there wouldn't be any point having the law in the first place (It's hard to image much opportunity for recourse when the law is designed to inflict haphazard damage.) Without disincentives, why shouldn't companies spam & otherwise disrupt the P2P for any perceived or concocted reason?

    Thus the system could be ripe for abuse, but without the opportunity for that inconvenient oversight afforded the wronged under our official legal system. But then again, that's why modern society doesn't tolerate vigalantes...

    Of course these concerns are on top of the already harebrained notion that it would be a good idea to destroy the current implementations of an extremely popular emerging technology that can be (and is) used for legitimate purposes.

    Finally, what's to prevent a broad interpretation of a law like this? At this point the details are too vague to comment on with certainty, but it's not far fetched to imagine that a few poorly worded lines could turn something like this in to another DMCA.

    Fortunately for the 'net and the economy, it shouldn't be difficult to make someone -- even a typical luddite congressman -- understand that unleashing vigilante chaos on the Internet is a very bad idea. With only a small amount of luck this media industry power grab will be quickly defeated.

    Finally, I would like you to consider that corporate censoship can be more dangerous than government censoship, since we do not have any direct individual control over corporate power as we do (theoretically) with our government. Plus, the more control corporate interests with agendas have over mass communication, the harder it is to democratically render grass roots changes. This self-reinforcing cycle of corporate media power is well evidenced by the proposed legislation.

  • by foniksonik ( 573572 ) on Wednesday June 26, 2002 @03:01AM (#3767493) Homepage Journal
    A very close approximation don't you think? The RIAA gets to presume guilt and act towards anyone who they think may be violating copyright... even if they only find files with 'names' including their copyrighted material's reference. 'I hate tha Back Stret Boys.txt' is now a punishable offense and subject to DOS, Denial of Sovereignty.

    In The Minority Report (I might get DOS'ed by Hollywood just for writing this), 'potential' murderers are hunted down and imprisoned because they 'will' commit murder. In the present day our government is considering a law which will allow a non-government body to hunt down and 'imprison' a person's right to fair use because they presume that it will lead to piracy.

    In other news: guns, pencils, nunchakus, and gasoline are all deemed illegal because a person might in the future use them to commit crimes. Castration and hysterectomies are now required of all people because sexual organs and sex could lead to rape and/or abortion/murder. Literacy has been outlawed because it may lead someone to learn how to build bombs or start a revolution.

    Cheers! Here's to the future of living in a prison state....

    What ever happened to Life, Liberty and the Pursuit of Happiness

    or even Life, Liberty and Property

    ...for those cynical historians out there.

    Remember that fair use is part of Property, as in I can own a car AND I get to drive it, just not recklessly while in town.

  • by madmancarman ( 100642 ) on Wednesday June 26, 2002 @03:12AM (#3767541)
    From the article:

    His bill would allow copyright holders to set up decoy files and use other techno-tricks like file-blocking and redirection to throw P2P pirates off the trail, but it would forbid those holders from employing tactics that would damage or destroy pirates' own computer systems.

    Destroying, crashing or damaging people's computers, software or other technology systems is illegal under the Computer Fraud and Abuse Act, as are many of the ideas Berman is suggesting should be available to content owners - though he said that viruses should not be used as defense mechanisms.

    The major goal of this bill is probably not to give the RIAA and MPAA new tools against p2p pirates, but legitimize tactics that they're already using. I can't imagine that they haven't already started putting up bogus files - I mean, people are already doing this to each other (go find the Minority Report avi on gnutella and tell me if you like watching the Scorpion King trailer over and over and over again). What probably spurred on this proposal was that someone, somewhere within the RIAA and/or MPAA realized that they might be breaking some sort of laws relating to online misrepresentation or - god forbid - violating the Terms of Agreement of the p2p software, so they're just making loopholes in existing laws in order to wreak havoc legally.

    What would happen if the RIAA violated the Morpheus terms of agreement? Would that mean we're allowed to redirect their network connections or flood them with bogus files, since they're using the software in ways other than it was originally intended? Does that misuse violate the DMCA, or are they going to write the bill so that they are allowed to get around the DMCA in order to protect their copyrights?

    Finally, as someone else suggested, are they allowed to spew garbage traffic all over private networks on which these p2p apps are run? Of course, I'm sure Roadrunner (a la AOL Time Warner) won't mind, since they're aligned with the RIAA and the MPAA, but it should be interesting if someone sues because they can't legimately use their favorite p2p app because the record labels have been flooding its network.

    First they ignore you, then they laugh at you, then they fight you, then you win. -- Gandhi

  • "Copyright holder" (Score:3, Insightful)

    by lpontiac ( 173839 ) on Wednesday June 26, 2002 @04:25AM (#3767683)

    So, I guess you're either a copyright holder or you're not.

    Congratulations, America. Just over 200 years and you've developed your very own class system.

  • by mikethegeek ( 257172 ) <blair@NOwcmifm.comS P A M> on Wednesday June 26, 2002 @07:34AM (#3768035) Homepage
    A certain amount of "piracy" is CRUCIAL to keeping IP monopolies honest, and to keep prices reasonable.

    When the day comes when there is NO WAY AT ALL to copy and distribute something (ie, unbreakable copy protection), the price of IP will have no brakes on it at all.

    I'm not saying that it's right to "pirate" music/movies/software, etc, but that when the government grants what is, for all intents and purposes, a monopoly on IP to the IP rights holder (and the trend is to diminish if not completely eliminate any "fair use" rights), "piracy" becomes the only mechanism by which competition is introduced, and any pressure to NOT raise prices comes.

    Do you think the RIAA really CARES if CD sales would fall by 50% if they jacked the price up to $60 a CD? No, they don't. Because they will find a point somewhere where they are saved money by being able to produce LESS, versus how many they can sell.

    Indeed, the RIAA/MPAA would realistically rather have you IN a "pay to hear/view" situation than sell consumers copies of their stuff.

    The upshot of all this is that "piracy" is the ONLY source of incentive for these guys to NOT jack up prices. Which is why they are so fanatical about eliminating it as a threat.

    Of course, the best copy protection is reasonable prices. $20 for a CD, especially when I've not heard ALL the tracks is not reasonable. P2P is one way to do that before I do buy a CD.

    There is also the fact that I'm perfectly willing to pay $30-40 a month for a fast, Napster like service. But they won't sell that to me at ANY price, which means that there is no way to obtain/swap MP3's legitimately.

  • by shimmin ( 469139 ) on Wednesday June 26, 2002 @07:46AM (#3768063) Journal
    I mean, isn't this one of the first real examples of privatized justice? Enforcing copyright on the Internet has proven infeasible / pointless / not-cost-effective for the federal government to do, so they are out-sourcing this governmental function to private industry, who may be able to perform it more efficiently. (The fact that perceived gains in efficiency may be due to private industrial enforcement efforts being exempt from certain trivialities like "due process", "unreasonable search and seizure", and "security in persons, houses, papers, and effects" that hinder governmental law inforcement agencies will be temporarily overlooked.)

    Moreover, this move makes for a more equitable social contract by placing the financial costs of copyright enforcement directly on the shoulders of those who benefit the most from said enforcement.

    Isn't the free market grand? We ought to increase the number of representatives in Congress. With greater supply, the price should go down.

Long computations which yield zero are probably all for naught.