MPAA College Toolkit Raises Privacy, Security Concerns

An anonymous reader writes "The Motion Picture Association of America last month sent letters to the presidents of 25 major universities (pdf), urging them to download and install a 'university toolkit' to help identify students who were downloading/sharing movie files. The Washington Post's Security Fix blog reports that any university that installs the software could be placing a virtual wiretap on their networks for the MPAA (and the rest of the world) to listen in on all of the school's traffic. From the story: 'The MPAA also claims that using the tool on a university network presents "no privacy issues — the content of traffic is never examined or displayed.' That statement, however, is misleading. Here's why: The toolkit sets up an Apache Web server on the user's machine. It also automatically configures all of the data and graphs gathered about activity on the local network to be displayed on a Web page, complete with ntop-generated graphics showing not only bandwidth usage generated by each user on the network, but also the Internet address of every Web site each user has visited. Unless a school using the tool has firewalls on the borders of its network designed to block unsolicited Internet traffic — and a great many universities do not — that Web server is going to be visible and accessible by anyone with a Web browser."

Re:Xubuntu

[msuarezalvarez]

I hope they are making the sources available, so as to comply with the license of the software they are distributing...

Re:MPAA Chasing the Money?

[Truekaiser]

the disturbing part and the best example to date that the united states is now a fascist state(merger of large corporations and the government), is that they want the state and your tax money to pay for the police doing their dirty work.

Will they abide by GPL?

[Tatisimo]

Will they distribute the source code with it? Will they allow people to freely copy and modify that toolkit? I say, download it, get the tech department to modify it to their liking, and install it! That's what the open source spirit is all about, fixing broken software. I suggest they get fixing that privacy issue first...

Re:MPAA Chasing the Money?

[saintsfan]

uhm.. people's consuming habits change over time, and their reletive economic situation influences that greatly. the way i see it: worst case scenario (to the corporate interests)- they never buy a movie or cd in their life and just "steal" them all. so what? they were apparently never going to anyway so they aren't actually losing anything other than the right to say - "hey you didnt pay me so you cant watch or listen". thats not much. at least they arent taking them out of the stores.. "the other option" best case- they become avid movie and music fans and when they get good jobs after school they start buying lots and lots of it. likely case- they'll download a bunch of crap and lose it over time between drive failures and lost ipods. they'll fall out of the scene or get distracted by other stuff and be normal consumers the companies like. they (the hellbent company police) need to be careful. if they alienate everyone by spying on them (and subjecting them to invasion by the truely dark spots on the internet), getting their schools financial aid pulled, getting their right to use the internet taken away, suing the pants off broke people, they could start an underground revolution that seeks only to destroy them back. as a matter of fact, it sounds to me like this might have already begun. that is the only real long term threat to their businesses i see, but they won't unless it bites them on the ass.

Here's some information about the software.

[Gossi]

The software is available to download here: UniversityToolkit.com [universitytoolkit.com] in ISO format. The software 'pings' this server on boot for this file [universitytoolkit.com]. If you want to crack a load of university networks, just crack that server and you're away (it's a flat Redhat Enterprise Server boxen).

Also, the software developer is breaking the law. They haven't shipped the modified code they've made (eg ntop).

Re:Will they abide by GPL?

[happyslayer]

LOL...I can see it now. The next court case will be Stallman, FSF, EFF, and a million GPL-code authors suing the MAFIAA for copyright violations because they haven't released the source code. And, all the arguments that the MAFIAA have made in court previously will be dropping on them like a ton of AOL cd mailers. BWAH-HA-HA-HA-HA!!!!!

To the language nazis out there: if the MAFIAA gets hoisted on their own copyright petard, is that irony?

Trademark and GPL issues?

[Anonymous Coward]

As someone pointed out upthread, the kit is simply Xbuntu with a some network tools pre-installed like Snort and ntop. This leads to a few questions:

1. Since the kit is a derivative of the default Xbuntu install, is the MPAA still allowed to ship the kit with Canonical's trademark (Xbuntu) prominently displayed as boot splash?

2. Since the MPAA is distributing GPL'd software aren't they obligated to provide source code for the kit upon request?

3. Is there any MPAA written programs included in the kit? Is it based on GPL software and thus required under the licensing terms to have its source code available upon request?

4. IIRC, Canonical products ship with some proprietary drivers. Since the MPAA kit is a derivative of Xbuntu, does it have permission to distribute the same drivers, or did Canonical get special permission which the MPAA does not have?

5. If the MPAA does not supply any source code that the may be legally obligated to do under GPLv2 license, then can individual copyright holders of the multitude of programs included with Xbuntu, give notice that they are revoking the MPAA's right to distribute their software under the provision of Section 4? Section 4 states:

4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance.

Note that Fyodor terminated SCO's right to distribute Nmap in any of their products under that section, which SCO complied with.

Re:MPAA Chasing the Money?

[Sique]

Scarcity is a necessary economic principle even for intellectual items, and without it, you won't see anyone interested in producing intellectual works.

1. I am producing lots of intellectual works and never got paid for them. I just happen to like to create them.
2. If the only reason to limit access to a resource of plenty is creating the ability for a few to profiteer from it, then I would call this theft. That's like putting soldiers around a well to allow a person to sell more bottled water.
3. The intrinsic value of information lies in the fact that it is connected to other pieces of information, and the value of information increases if it can be connected to more information. Limiting the ability to interconnect information is thus degrading the value of said information.
4. There is always the famous quote (sometimes attributed to Isaac Newton or Robert Hooke, but both were also just quoting, thus pirating valuable intellectual property!): "If I have seen a little further it is by standing on the shoulders of Giants." There is no work of Art or invention or other intellectual work that stands all for itself. It is always the result of a huge body of knowledge and art it builds on. Limiting access to this body of knowledge is limiting the ability to create new intellectual works.
5. Thus, while the argument that a creator should be able to somehow get rewarded for his creation, has something for itself, it's not the sole reason for the creation itself. There are many others, and limiting access to creative works is in fact reducing the ability or the joy of new creation. Encouraging creative works thus has to take other things in consideration, and access to already created works is one of the most basic things.
6. Most economies were growing fastest at the moment, when limits of access to the body of knowledge were lifted, when duplication of works was getting cheaper, when monastry libraries were opened to the public, when access to universities was facilitated, when the number of people learning a music instrument by playing music works was increasing, in fact when creative works were turned from a scarce resource to a nearly unlimited source.

Hidden Content

[KingEomer]

http://universitytoolkit.com/ [universitytoolkit.com] (mentioned in the pdf) seems to have some hidden content. The page displays a link to: http://universitytoolkit.com/MPAA_University_Toolkit_Admin_Guide.pdf [universitytoolkit.com]. If you look at the source, you can notice a link at the bottom which isn't displayed: MPAA_University_Toolkit_Administrators_Guide.pdf (it's a relative link in the source).

This version is slightly longer, with what looks like a section detailing development goals. Can anyone see anything incriminating there?

Re:MPAA Chasing the Money?

[thisissilly]

The problem here is not copyright infringement: it's media companies setting themselves up as private police forces, with unchecked surveillance and enforcement capabilities, and no due process. That goes very much against the grain of, well, pretty much every civilized nation on the planet. These are powers that should be reserved for legitimate government, not the private sector.

Don't worry, the *AA are trying to fix that, via making copyright infringement a criminal offense, or passing laws to allow the Department of Justice to file civil suits on their behalf [slashdot.org]. Those private police forces cost money, so the *AA would much rather put the bill on the taxpayer's dime, and then it *will* be the legitimate government with unchecked surveillance and enforcement. As to due process, we'll see. Of course, there are those in the Department of Justice who agree with wanting to be able to prosecute copyright infringement on a corporations behalf, because they see with dollar-signs in their eyes the new increases in budgets and manpower such actions would confer, not to mention getting to spy on everyone's traffic, because hey, you might be "pirating" something.

If possible, I'd like to keep the *AA member companies footing the bill, because then there is a slight chance they will eventually realize that suing your customers is bad for business. If they get the government to do the dirty work for them, it will be public costs for private gains.