What qualities do people look for when buying movies and music?
1. The content they want.
2. Quality (i.e. resolution, bitrate, etc.)
3. Reliability (it actually plays)
4. Low annoyance (no ads, warnings, etc.)
5. Safety (guaranteed freedom from malware, etc.)
The movie and music industries haven't done a perfect job of delivering #1-4. Region coding means the content users want is frequently only available through pirate channels. Lower quality releases (DVD vs Bluray) are also often all that is available in some regions. Bluray is not reliable if users don't keep their hardware/software up to date. Nearly all DVD's and bluray discs on the market are utterly infested with annoying advertisements and warning screens.
#5 was the one thing that legally purchased media had an undeniable edge in over pirated media. If users lose trust in the safety of legally purchased media they will be driven to piracy in unprecedented numbers.
It is tempting to give RIAA and MPAA the rope to hang themselves with, sit back, and laugh. However, let's not forget that every piece of code they write and every root-kit they successfully deploy will soon be taken advantage of by black-hats, quite probably in ways that will cause damage to systems completely unrelated to media playback of any sort. The only way I can see to let the MPAA/RIAA proceed is to require them to post a significant bond (in the billions) to pay for damages their rootkits will cause. Managing how damages are going to be awarded is going to be a legal nightmare though, since this will not affect only U.S. systems and citizens. If the U.S. permits this, I sincerely hope other nations hold the U.S. government responsible for damages, so the U.S. had better make sure Hollywood is ready to foot the bill.
#5 Safety (guaranteed freedom from malware, etc.)... was the one thing that legally purchased media had an undeniable edge in over pirated media.
Disagreed. Sony rootkit was on the legally purchased media. DRM on streaming services can do all kind of stuff without users consent. DRM built into hardware with cameras can do even weirder stuff (just note the crazy DRM idea patented by Microsoft regarding detecting the people in the room). Since DRM is a black box, you never know what it can do. There is completely no reason to trust that it will respect your privacy and rights. Therefore DRMed media has no edge over pirated media at all.
Safety requires transparency (for the user), as well as trust in the used technology. DRM by its very definition is non trustworthy and non transparent, it's the antithesis of that. It's totally opaque precisely because it attempts to hide something from the user. Because ironically, DRM proponents don't trust the user! User is treated as potential criminal by default. How can users in situation when they aren't trusted, trust the DRM vendor in return? They can not, and they should not! Trust can be only mutual. I.e. DRM always implies something shady and risky. DRM proponents should be treated as potential criminals by default in return. And what do such criminals usually hide in their code? Malware.
I think OP was talking about average-Joe's understanding of safety. The "if I buy original version, it won't have viruses on it that break my computer". This is true so far, DRMs or not, and people trust legal media. But the moment this trust gets broken, there will be little reason to go to shop instead of Pirate Bay.
My point was that such trust is misplaced and baseless. Since the distributors of the original DRMed media don't trust the average person (thus the DRM), there is no reason to trust them in return (and even are reasons not to trust). Though most people just don't realize it.
"It has already happened" means it was discovered. Since DRM is by definition obscured, we don't know what wasn't found. Insecurity and malicious code is to be expected from it. Their attempt to legalize it only reveals their original intentions.
Yeah, but it's relatively restricted right now, to the point that the vast majority of consumers have no idea it exists. If this is enshrined in law as a bona fide policy, it will become much more widespread - perhaps to the point that Joe Public notices.
I believe that the content industry is relying on a sufficient number of people still finding it easier to buy a DVD/Bluray rather than pirate. For technical people, pirating is already sometimes more convenient for reasons that you stated.
There is also a
Some people do not find pirating ethical under any circumstances, and will inconvenience themselves to avoid it.
Gabe Newell of Valve Software has famously said that piracy is a distribution problem, and I fully believe he's right.
> “The easiest way to stop piracy is not by putting antipiracy technology to work,” Newell said. “It’s by giving those people a service that’s better than what they’re receiving from the pirates.”
Steam single-handedly killed even the temptation to pirate games for me, because it's ridiculously convenient to just fire up Steam, click a button, and have the game delivered to my desktop at multi-megabit speeds without any obnoxious DRM getting in the way of me being able to play. Pandora, Spotify, and most recently Google All Access make music piracy a complete non-issue for me, because I don't want to have to spend time chasing down a song or even futzing with iTunes - I just punch something into search and it's playing. Netflix and Hulu provide so much content that I can't watch all of it - while they don't always have the most recent content, they have a lot of it.
Provide me a service that is a. affordable (Steam Sales and $8/month for movies or music are excellent models here, content folks) b. convenient (click button, enjoy content), and c. reliable (no explanation necessary) and I won't have any incentive to pirate content.
I'm convinced that the people who can afford stuff but pirate it anyway do so because of distribution problems in getting that content legally. The people who pirate stuff who can't afford it, or wouldn't buy it if they can are arguably even a net benefit - they aren't lost sales, but they increase the reach and visibility of the product. In either case, it's not really worth worrying about them (though the studios sure do love to gripe about them as if they're all lost sales), which leaves us with one very easy solution - have the best distribution channel available, and people will pay for it. At that point, piracy is about as solved as it'll get from an economic standpoint.
> Some people also think using animal products isn't ethical and inconvenience themselves to avoid it. But you probably don't want to build a mass market business on that.
Vegan products are mass market commodity goods like any grocery. Just because vegan goods consist of a smaller slice of all grocery and food sales doesn't mean you'd be a fool to make a business out of it.
Seriously? Theft, Assault, Civil Liability etc.. I think there's a significant overlap between Ethics and Law. Our systems of laws are based on the work of philosophers studying ethics, of course there's a huge overlap
But people don't listen to music to benefit the artists (even when they purchase a CD or whatever) -- they do it for themselves.
Artists make the vast majority of their money on tour, which is more or less unrelated to the choice of distribution channel, except that a more prolific channel results in more people attending a show.
That point is brought up often, but don't forget that while touring might work for your average indie rockband, it's not as easy for obscure ambient, experimental musicians. Music that is primarily intended for home listening is a lot harder to sell as live performance.
Again, I don't intend to offend the users of those services - just saying that Spotify, rdio and co. alone won't work for many artists.
> However, let's not forget that every piece of code they write and every root-kit they successfully deploy will soon be taken advantage of by black-hats, quite probably in ways that will cause damage to systems completely unrelated to media playback of any sort.
It will be stupidly easy to execute; if the malware shuts down computer when it detects illegal download, the only thing an attacker needs to do is to trick the computer/user into downloading illegal content. And that's it. Though this simple trick doesn't let them steal data or take control of the computer, there are many uses an attacker can find for just killing the machine. Blackmailing, social engineering, or just disturbing some crucial business operations. I can even imagine 4chan folks trolling people like this for fun.
4chan yes, but remember most black hats are operating for profit. They don't want to shut down your computer. They want to root it so they can use it in their botnet, or maybe log your passwords and credit cards.
You're right, though there is some profit in shutting down computers. Even right now there's a proliferation of ransomware  that locks out machines. I've removed several of those from computers in last two years and even once been paid to do this.
Moreover, if computer-locking DRM malware becomes commonplace, a market for cheaper-than-police unlocking will emerge, with incentives favouring hacking the DRM to then earn money on fixing it.
> It is tempting to give RIAA and MPAA the rope to hang themselves with, sit back, and laugh. However, let's not forget that every piece of code they write and every root-kit they successfully deploy will soon be taken advantage of by black-hats
Wouldn't it be the opposite? Like a free pentest? Malware they come up with would be widely available (included in the price of any movie) for dissection.
BTW Next release of Qubes will need an "entertainment" AppVM.
If "they" are both the planters of the rootkit (taking over the computer) and the ones claiming to be wronged, looking for recompense, doesn't this create an unreconcilable conflict of interest as well as a worthless chain of custody for evidence of any wrongdoing? What would stop them from simply taking over computers, planting evidence and profitting (extorting) hugely?
I would think that once my computer spends any length of time not under my direct and exclusive control, I would no longer be solely liable for any actions that may have been taken with it. There would be huge doubt, no?
If I ever find a rootkit on my system stemming from a company that thinks they can do stuff like this, and it is legal, it is to a demonstration that the law is not worthy of any respect any more, and that it is time for war. And given the resource discrepancy, the only way of fighting back against companies like this would be to cause vastly disproportionate amounts of damage. I'm sure getting rootkits into their networks wouldn't be all that hard.
If I ever find a rootkit on my system, that OS gets binned permanently, no questions asked. I have a zero tolerance policy for who's system my computer is: it's mine. Not the US's, not Law Enforcement's, not the MPAA's, not MS's. If it achieves sentience, fine, it can be it's own; until then, any OS which fails to understand this arrangement (that a secure OS means that only I and system services (Windows Update, various package managers and their delegates) install software...third parties are not allowed), will be binned. If I can't trust my machine to have my singular best interests at heart, I cannot work with it; multiple tethers, trojan rootkits, superseding accounts with permissions higher than my own...these run contrary to my designs, and make it difficult, in the very least, to know when a problem is being caused by them, or by me. Plus I despise being spied on; if I'm going to put on a show, I'm going to get paid for it (no freebies).
I am more and more disturbed with the way OSs are going in general. They are...slowly removing usefulness from themselves, making it hard for admins to work with them, and adding on crap, like Windows Store...which is not needed. It's starting to feel like the computers I work with are...owned by someone else...which means I will start caring for them a lot less. The least of things which currently bothers me are the cross-threading errors which seem to appear in Windows 7...why have these not been fixed?
This is a big part of the reason I moved entirely over to Linux and don't even have a token windows box anymore. When I absolutely need to run a windows app (Photoshop, or some MS Office crap that doesn't render properly in LibreOffice) I run (licensed) Windows 7 in a VM, where it is contained and constrained.
All the windows only applications I used to use for fun and hobbies (games, music apps) I've either found Linux replacements for (I basically buy the Humble Bundle whenever it looks good), or I simply do without. I would buy Linux applications for these functions if they were available AND the applications were sane, cross-platform developers sometimes try to treat your Linux box like its an MS box (wanting to put files all over the place etc) which is unacceptable.
We simply cannot trust MS or Apple. At least in the Linux community there is a strong culture of transparency, privacy, security, and freedom.
It's not down to the OS or OS vendor. Most rootkits are exploiting bugs, not intentional backdoors, and many of them are exploiting bugs that are not in the OS but in third party applications.
E.g. a common approach is to look for common third party applications that require admin/root privileges for some part of their functionality, and look for ways of tricking them into executing your code (via e.g. buffer overflows, or by finding ways of modifying the configuration with lower privileges).
So unless you never install third party software, you are potentially vulnerable even if the OS is flawless (and it isn't - no matter which OS you pick).
Number 1 is a very good point and something those companies should keep in mind. Anonymous/Lulzsec are basically like children in terms of what they could do. Very skilled people could do substantially more disruption and damage.
I want to watch Game of Thrones and pay for it. I also want it available within a day of it's original airing and without having to buy cable or a TV. Charge me for HBO. Just don't make me wait a year before I can buy the video. You can even make me buy the HD version when I only want to pay for standard definition.
There's a way to trick your iTunes into thinking you're not in Canada. All you need is a second account and a gift card situated in the US. (I've seen people in the US use this trick in reverse to get BBC shows in America without pirating them.) Granted, it's retarded (and potentially still illegal) that people should have to do this in order to pay for content rather than pirate...but the option is there.
I'm not setting up umpteen different itunes accounts to try to give you my money. The whole point of paying for something is that I provide the money in exchange for the product. Why should I jump through hoops in addition to that?
There are easier options if I care. But to be honest, right now I don't.
It is interesting, I don't think it will actually help them much. If you have Foxtel already you can likely get the whole of showtime for around the same price your paying on itunes for Game of Thrones. (While the season is going and there are day 4 eps a month.)
Not sure they are going to convince people that don't have Foxtel that they should pay $60+ a month for the service purely on the back of Game of Thrones.
Especially since the only part of the market they can hope to capture with this move is "people who already pay for game of thrones legally over itunes". I would think that most of those people also know how to torrent but choose not to and foxtel just pissed them off, I doubt they happily switch services.
> Right now their enemies are just pirates wanting to watch Game Of Thrones for free. A business threat, certainly, but one they're generally handling well.
A reasonable point, but I think their argument about "we won't allow seeing GoT without a cable subscription" still is incredibly short sighted.
It lets them make money in a way they understand now. I would very happily pay them money straight up, but since I'm not in the US, it's not really about wanting access to free stuff - it's about access to stuff in the first place. They would lose money on setting up such a system in the short term, sure, but they are only delaying the inevitable - that such a system is what is required if they want to compete with bittorrent in the long term.
"...there are increasing calls for creating a more permissive environment for active network defense that allows companies not only to stabilize a situation but to take further steps, including actively retrieving stolen information, altering it within the intruder’s networks, or even destroying the information within an unauthorized network."
this is actually way worse than the headline indicates. the crazy bastards want the legal authority to actively exploit other peoples computers and "take back" information from it. they want the ability to re-write the world.
it would be pretty frightening that digital media companies were unaware that you couldn't "retrieve stolen information" from computer systems, except no other company seems to know that this is actually impossible so it's just kind of de regueur.
I want to say that this will of course go nowhere because the legislatures support of far weaker measures (like CISPA) is lukewarm, but then again this is the group that brought us the DMCA. it would be especially ironic if the MPAA was more empowered to use computer hacking to protect popular music from theft, than technology and national defense companies trying to protect national defense information and private consumer information.
A problem now which is more frightening (I can secure my network from the media companies, not worried about that one bit) is the remarkable number of companies with known security problem that won't and don't disclose it. Going on the offensive should be illegal unless they can disclose damages which justify it and then their customers can sue.
I don't see this happening in a healthy world, defense will get much much better much more quickly if it was to be legal though, ultimately it would involve violence though.
I'm sick and tired of being in such a lazy-ass, apathetic society that possesses zero regard to freedom.
Stallman may be a nut, but when you think long and hard about what he says, and think about SOPA, PIPA, and this lobby, in horror, your face twists in fear and you watch, helplessly, as your fellow citizens bend over backwards and let the government have their way.
I don't even know what to do anymore. Nobody will lobby against Hollywood; people already gobble up TMZ and are too obsessed with celebrity pseudo-culture and movies and pop music that they won't do it.
We need more activists. And without them, we are fucked.
People use Skype because there's no clear alternative (maybe work on Jitsi... It still needs a server for the good stuff). People use Facebook because there's no alternative (maybe work on RetroShare). People let their government tell them what to do because they think it's better than anarchy (maybe work on a political Kickstarter). Copyright enforcement against BitTorrent users has gone into high gear because BitTorrent is good at sharing but weak in anonymity. Fix that. Don't make tools to break laws, just make tools. Write software to empower individuals and make institutions unnecessary and you won't have to spend as much time cleaning up after institutions and the egos that run them when they get carried away.
Promoting open-source software as a way to counter spyware, and general activism, is better than nothing, but the best way to change the world is still to invent it IMHO. (Just don't throw yourself on the fire unnecessarily either... Bitcoin's author was wise to keep his identity out of it.)
I love to write software, but unfortunately, I don't think that will solve the problem at hand, which is the MPAA's DRM lobby. They have millions and millions of dollars' worth of support behind them.
What's a few hundred hackers to a huge industry? If we want to really make a difference, we need all the support we can get. Perhaps even start an organization to lobby against the MPAA/RIAA similar to what sinak has done, but with far greater support.
How many times will this happen? People must wake up.
Yes, he is a nut. In the sense of "no one will ever take him seriously, especially anyone involved in mainstream decision-making, who has ever read anything he has written," which is in this case the most relevant metric. Stallman is never going to be any help here, nor is anyone like him, because any "normal" person -- that is, one that other people won't ignore out of hand -- will ignore him out of hand. This includes politicians, to whom said "normal" people are the all-important majority.
"We need more activists" is bullshit. You think we need more activists? More of those outliers that get lampooned in every media outlet for railing against the status quo? Because that's what activists are to most people: Nuts and/or malcontents.
Of course, my real problem with this statement is exactly the same reason I'm not making it. You think we don't have enough activists? GO BE ONE. If you think they can do any good and you believe that "we are fucked" without them, stop posting on HN, get off your ass, and DO SOMETHING.
Otherwise get back on the bench with the rest of us, because all your whining about mass media and celebrity culture is just that. You can gripe all you want that people aren't doing anything, but as soon as you start telling people what they SHOULD be doing, either you'd better be doing it yourself or you'll have to excuse those of us -- everyone -- who will not take you seriously.
In the event that you actually are interested in backing up your hollow rhetoric: The only way to work this system is from the inside. So start campaigning, or start schmoozing, because while real change is essentially impossible, the only way to mitigate damage is by convincing the relevant politicians that it's in their best interests to do so.
For what it's worth though, Ben Franklin was much more diplomatic and compromising than RMS. RMS would be more like a modern day Patrick Henry, Thomas Paine or Samuel Adams. Though all mentioned parties during the revolution played a key role in the independence of the United States. So I guess one could say it "takes people of all sorts."
The flow of human events isn't bound to individuals. Names merely get played up in the remembering, and the events downplayed. E.g., America was going to revolt regardless of whether T.J., et al had ever been born. Really amazing that a war is misremembered as activism....pass the K-Y.
Not actually true. The colonies could have received the things they wanted had they actually attempted to fight for them (and by 'things they wanted', I mean the things we wrote about England (and specifically a king with little political power at that time (it was all parliament's by that point)) not giving us).
The American Revolutionary War was started because of political activism. They saw a chance to start a new country in whatever manner they pleased, and leapt at the opportunity. Even just a little effort put to really trying to get a voice in parliament would have worked fine, but instead we went and write the bloody Declaration in an attempt to rally support of other nations not really pleased with England (I'm looking at you France), and filled it with rhetoric, half-truths, and blatant lies. Okay, maybe not blatant, but they're there.
Really amazing that a war is mistaught to most American students. Okay, it isn't that amazing, I mean, you're going to teach your country's history in the most favorable light possible, but, still...
I think you're misunderstanding me. It's my claim that any sufficiently profitable colony sufficiently far away from its mother country will inevitably cease to be a part of said mother country. The how is irrelevant.
The how isn't irrelevant, especially when the colony in question ceased being a party of the mother country because of opportunists who thought that it would be fun to start a new country built in whatever manner they pleased. Without our specific set of malcontents the Revolutionary War wouldn't have occurred and the US would have been given a voice in parliament.
That's how the history is written, yes. And how the history is written...is irrelevant. Where are all these profitable, distant colonies with voices in parliament today? Australia? Canada? Technically not sovereign, but they operate as separate nations. No country in the world fits the description of the U.S. you claim would have otherwise been inevitable, and you don't give this a second thought. The oldest truism is the ephemeral nature of Empire. You let your piecemeal study of history delude you.
Crazy doesn't help in the long run and often isn't helpful even in the short run. People exhibit something like an immune reaction to crazy ideas, and develop an allergy to the stimulus. Marxism has scared people away from social policy. Andrea Dworkin types have scared people away from feminism. (When I left liberal Oakland to go to U Chicago for college, I was shocked to hear people say, "I support equal rights but I'm not a feminist...")
The civil rights movement and the early neocon movement are two examples of movements that suppressed crazy elements, and were highly successful for it.
Sure, not everybody can be RMS and live the way he does. He's still correct about the importance of values he's staked out and made a lifelong effort to demonstrate and respect. And to the GP's point, when you have content producers arguing they need legalized malware to police every machine, it makes it all the more obvious how much we need voices insisting on user freedom.
> More of those outliers that get lampooned in every media outlet for railing against the status quo?
While I agree it's good for activists to consider how their messaging might be received by various audiences, the fact that media outlets -- and even everyday citizens or presumably otherwise intelligent commentators on HN -- tend to collapse people to caricatures may not be an indictment of activists.
> Otherwise get back on the bench with the rest of us, because all your whining about mass media and celebrity culture is just that.
You've managed to work up a good froth of whine yourself there for somebody complaining about whining -- apparently summoned up to promote the ethic of more quiet frustration.
Even if effective political action can't let its end be posts on a website, it starts with people talking to each other. Maybe even here.
The best thing Stallman could do is improve his outward image from hippy to something less ... hippy. Appearances matter and his, together with what he says makes him, and therefore his message, unpalatable and unrelatable to most people.
We live in a shallow society and the best thing the pro-privacy movement can have are moderately attractive, presentable, glib spokespeople.
I'm kind of shocked by the extremist label. I don't think Richard Stallman is a nut at all. Eccentric, sure, but only for the unfortunate reality that it is rare for most people to stick with a principle over decades.
We need more activists. And without them, we are fucked.
You can change the system from within as well. While it is impractical to go out and run for President and hope to win, one of the things I hope the current crop of young adults will see is that they have the power to become the system and change it. First build a resume in public service (city council, county supervisor, state representative) then use your training to help you and your fellow revolutionaries move into a position of power and change.
One of the saddest things is that the folks in power have convinced the youth of America that they are powerless and nothing can be done forcing them into acts of "activism" which allows them to be identified and eliminated.
Perhaps an example that doesn't resonate with you but has been doing what your compatriots have not, is the Tea Party. These folks have shown you that it isn't about dominating the world, its about setting a theme, recruiting to your cause, and then using the institutions that are in place to allow you to affect change, to work for you.
I didn't mind what you said until you brought in the horrible example of the tea party. Even ignoring its political message it was pretty much all astroturf, pumped up and hyped by established players. A few election cycles later it's pretty much gone.
I appreciate that the example can be distasteful. However, I have looked into the astro-turfing dismissal argument as well.
Generally, astro-turfing (the use of a PR engine to create the appearance of grass roots support) is designed to get a candidate elected (or issue passed) that favors the money financing the campaign. We have seen a number of these in California and there has consistently been a strong correlation between benefit and later funding source analysis.
However, some really earnest but ineffective people were elected under the guise of the 'tea party'. Much to the disgust of the Republican Party power infrastructure (the speaker of the house cannot count on all of his own party's votes for that reason). Generally, power interests that are trying to manipulate the system don't throw random people into the mix like that.
My conclusion after looking at the folks who were elected that way is that a large number of them, perhaps the majority of them, were elected by people fed up with the system and not an interested third party.
But lets set that aside for a moment. Lets say you and your friends can get elected to city government. If your city runs well, and you don't put up with the baloney that sometimes passes as politics these days, you can parley that into county government. And that into state government. Assuming that you are good enough to learn the skills you need to make that trip. It can take you 6 - 10 years to go from city supervisor to state representative. Once enough people around you know who you are, you can chose to focus on local elections or national ones.
The starting point though is that in order for this to work someone with the idea of doing public service to serve the public and not their own interests has to step forward. Waiting for someone else to step forward has never been a good idea, either seeking out people and supporting their efforts or putting your hat in yourself are the workable choices.
> the speaker of the house cannot count on all of his own party's votes for that reason
This is diverging from your original point so I won't push it too hard... But you don't think this has more to do with the larger trend in GOP members of congress over the last few decades? There has been a pattern of primary challenges against moderates for some time; it did not start with the 2010 election, it was only slightly re-branded and allowed to have a majority after a 4 year hiatus.
Did you read the paper or just the BoingBoing article? The part about the rootkit and active network defense referenced by the BoingBoing article come from chapter 13 of the paper, which deal with targeted cyber espionage attacks. If Timmy is the target of that section, then Timmy has bigger issues to deal with.
>and its proposals are for going after foreign entities who steal intellectual property
No it isn't. The proposals are for going after anyone who attacks American corporate/government systems, including Americans themselves. The report spends much time waxing philosophical on int'l contributions to IP 'theft' -- specifically China -- but nowhere does it restrict jurisdiction to foreign entities.
As laid out the commission seems to want broad application here that plausibly could allow use by consumer entertainment companies. The problem there is that while you don't think consumer entertainment seems important enough for companies to bother protecting, consumer entertainment companies do. So it while you'd only bother securing Important Research Co. with genius solutions like rootkit-as-a-feature, Big Music Corp. is going to do it to little Timmy's copy of a Biebz single.
What gives you the impression that Hollywood is behind it? The BoingBoing article completely misrepresents what is in the paper, so I would not be surprised if they got that part wrong, too. Have you read it? It proposes protecting American companies from foreign entities stealing our technology and using it to develop products.
Here are the members of The Commission of the Theft of American Intellectual Property, the commission that authored the paper:
Dennis C. Blair (co-chair), former Director of National Intelligence and Commander in Chief
of the U.S. Pacific Command
• Jon M. Huntsman, Jr. (co-chair), former Ambassador to China, Governor of the state of Utah,
and Deputy U.S. Trade Representative
• Craig R. Barrett, former Chairman and CEO of Intel Corporation
• Slade Gorton, former U.S. Senator from the state of Washington, Washington Attorney General,
and member of the 9-11 Commission
• William J. Lynn III, CEO of DRS Technologies and former Deputy Secretary of Defense
• Deborah Wince-Smith, President and CEO of the Council on Competitiveness
• Michael K. Young, President of the University of Washington and former Deputy Under Secretary
At this point, does it even matter? This lobby still has the backing of the entertainment industry, and it doesn't matter if it's stolen IP, trying to create an exemption for installing rootkits on remote machines is the entertainment industry's dream.
Basic economic theory says you're wrong. Corporations don't have incentives to be good outside if their bottom line long-term, the only reason they occasionally do good is due to social or regulatory pressure. For the most part, corporations are going to do what's good for their bottom line without carrying about the long-term effects.
I'm not sure we need be this terrified. Gear-heads made similar claims about freedom as cars became more complicated and less user-serviceable. But you know what? While cars have their issues, and are indeed now more difficult to service, they have continued to get better- a lot better. The last totally user-serviceable cars were made in the 60's and early 70's. Many of the improvements come from improvements to manufacturing, but the sophisticated electronic control systems are integral.
Now, the internet is of course not an automobile. But my point is, batshit insane legislation aside, perhaps maintaining the maximum amount of freedom is not as valuable as we think? I'd hate to be stuck with late 60's cars.
Your analogy is completely flawed. Automakers aren't putting root exploits in vehicles that allow override by the government when it detects you're going to an "unauthorized" music dealer.
And are late 60's cars really that bad? There weren't any of the fallback mechanisms we take for granted, such as airbags, so people drove better. Styling is questionable, but many cars on the road look and drive like bloated, lifeless wagons. The cars were actually fun to drive...
Maybe I'm being romantic about 60's vehicles, but if you care to argue, please do so.
I probably wasn't clear enough, but I wasn't trying to compare cars to rootkits. I agree this rootkit thing is ridiculous. Rather, I was thinking about the general idea that ordinary Joes ought to be as worried about freedom as we are being.
Late 60's cars are not horrific or anything like that. But be realistic- the performance, longevity, emissions, driveability, and weight of engines have all come a very very long way, and in my personal experience a multitude of other characteristics have made leaps and bounds as well, such as suspension- though that is mostly just more sophisticated now, rather than more electronic.
We should absolutely be more worried about digital rights and freedoms, because freedoms with your car are already pretty well secured. You can loan it to a friend, you can sell it, you're allowed to take it apart and mess with it on your own property, you can publish manuals on how to take it apart and mess with it without fear of legal action, the manufacturers aren't going to add a camera to watch your every move, etc.
And there's no equivalent of manufacturers selling a car such that it is impossible for you to swap out parts unless Microsoft has signed them.
In this increasingly digital world, many people are going to be totally beholden to Microsoft, Apple, et al in terms of what software they are allowed to install on their devices. In certain cases they are already constrained by the ideology of one provider. This should frighten you. And it's even more frightening that we can already legally prevent people from altering the software on their own device to make it behave as they wish.
In sum, your car is never going to refuse to take you to an adult bookstore, that's why it is different.
I tried to be rational and then I got to the second paragraph of their own brief:
"The second and even more pernicious effect is that illegal theft of intellectual property is undermining both the means and the incentive for entrepreneurs to innovate, which will slow the development of new inventions and industries that can further expand the world economy and continue to raise the prosperity and quality of life for everyone. Unless current trends are reversed, there is a risk of stifling innovation, with adverse consequences for both developed and still developing countries."
They are not stupid. This isn't a mistake. It's Dark Arts. They're trying (quite successfully) to attach the word "theft" to copyright infringement, so that people discuss it in terms of moral intuitions about stealing. 'cause if it is called "stealing" then it must be evil, right?
Because every country strives to be more like Syria.
"MPAA told Congress that they wanted SOPA and knew it would work because it was the same tactic used by governments in "China, Iran, the UAE, Armenia, Ethiopia, Saudi Arabia, Yemen, Bahrain, Burma, Syria, Turkmenistan, Uzbekistan, and Vietnam."
Funny how all the countries listed here have a strong central government (too say the least), and the MPAA wants to replicate this balance of power in a more liberal context (ie in the hand of an economic agent). United Corporation of America, anyone?
Let's let this proceed, then take anyone who supported it or voted for it and send them to the listed countries.
When do we treat this sort of nonsense as a threat, ala the Boston rapper. If I announced a business model of selling something for $0.99, but claiming its real value was $150K and then using the millions of dollars of "damages" to justify rooting through your computer, I'd have the police called on me. So why doesn't this extend to the real criminals in our society?
I doubt they'll get this, but they need to be kicked for even asking.
That's actually the fundamental problem in democracy - the assumption that everything is up for grabs if you win some popularity contest, and that there are no limits on how often you can ask. If I asked if I could do something horrible to you, you'd say no and move on. If I ask your government I just keep doing it until fatigue or human error on your part lets me win.
This has little to do with the entertainment industry. This is dealing with intellectual property such as research and development.
They are trying to protect U.S. companies from having their R&D stolen and used by foreign companies, calling for sanctions via the FTC and by amending the espionage act to go after those who steal trade secrets, for example. The whole paper is on protecting the innovations developed in this country from being copied by foreign entities without repercussions, and when viewed in this light, the proposals are not that crazy.
I recommend reading the paper directly, as the BoingBoing link completely misrepresents it.
The proposals that allow select private companies to deploy destructive software which would land other people in jail very quickly is that crazy. Notion that it is somehow OK to kidnap my property because somebody thinks I owe them some money is that crazy. We have courts and due process for that. We can see how they are abused by copyright trolls (see Prenda Law case, for example, but there are many more). I can't even describe how much more abuse will be invited if cyber-criminal tactics would be made legal for them. It is that crazy and more, and no amount of moral panic about supposed foreign spies who steal all our R&D can justify any of it.
"Informed deliberations over whether corporations and individuals should be legally able to conduct threat-based deterrence operations against network intrusion, without doing undue harm to an attacker or to innocent third parties, ought to be undertaken."
"he Department of Homeland Security, the Department of Defense, and law enforcement agencies should have the legal authority to use threat-based deterrence systems that operate at network speed against unauthorized intrusions into national security and critical infrastructure networks."
Apart from the proposal that starts "In the future..." and ends "The Commission is not ready to endorse this recommendation", that's as crazy as it gets.
edit: after reading the boingboing article I see it's about 20 words and two out of context paragraphs.
The first paragraph specifically states that "such measures do not violate existing laws on the use of the Internet." It is simply recommending this as a measure to protect corporate IP, not as something that should be changed.
The second paragraph is immediately followed by noting that such actions are currently illegal, and then recommending deliberation on whether it should be made legal.
I'm not a lawyer but I suspect locking somebody's computer up does violate the laws, as it is an unauthorized access to a computer system and a property damage.
>>> that's as crazy as it gets.
Not really. If you read recommendations on page 81, it does not explicitly endorses, but consistently hints at the law as inadequate in areas where it prohibits discussed offensive techniques. See "second" and "finally" parts where it does not explicitly says the mentioned tactics should be allowed but again strongly hints the changes in the law should be made, and implies allowing such methods are those changes.
Maybe we have a different understanding of how this would work. My understanding is that the malware would not be deployed to remote computers. Rather, the malware would be embedded in files that were never meant to be distributed outside of your network. You are either in possession of those files or not, and whether someone believes that you have them or that you owe them money is not really relevant.
The issue of IP theft is not simply moral panic. There are national security implications, as we saw in the Chinese attacks on defense contractors.
(Not that I believe that embedded rootkits would have been helpful or anything)
Does it say anywhere how deployment would be restricted? Even if it's the case, it's both dangerous (I could easily imagine this getting deployed by accident because a contractor set it wrong) and one hell of a slippery slope.
Rootkits are a thing. They're neither good nor bad. That value is supplied subjectively within different contexts, no?
Would I want the RIAA/MPAA to install rootkits in media files that are distributed to customers? Absolutely not.
Would I want the ability to install rootkits in engineering schematics and documentation that are never intended to be distributed outside of my organization and are only activated in cases where data theft has occurred? Absolutely.
I would also want the ability to shoot anybody I dislike at will, but make it so no one else would have this ability. But fortunately for our civilization, it is not rules by what I like. That's why if you suspect somebody stole a car from you, you can not just make it blow up - you have to call the police. If you suspect somebody stole a software from you, should you be allowed to blow up their computer? In the same vein, definitely not. In the light of abundant copyright abuse we are witnessing now, I am astonished to see anybody even considers this idea to be sane.
Based on your comment, I can see that you have not read the paper. The section with rootkits is about thwarting active, targeted cyber espionage. Organizations should have the right to protect files on their own networks by any reasonable means. They are not proposing a mechanism by which organizations would be allowed to distribute rootkits.
I certainly have the right to disable my car remotely if it is stolen. I also have the right to lock the doors and take pictures of the assailant who stole it and send them to the police.
I doubt you have the right to cut off the engine while the car is being driven. Also in the example cases you mentioned you have the right to do something with property that is legally yours. The problem comes in the fact that someone else's computer is not your property so no you should not be allowed to install rootkits and take control of their computer. The best example of what your talking about is DRM which is already legal.
Sending pictures to the police is not the same as disabling the whole system on the suspicion of illegal access. Especially that copyright trolls' opinion of which information belongs to them may be very different from anyone else's, to which we have seen a lot of evidence. So I wouldn't want to have my comp locked up because some media company decided it absolutely needs to install rootkit on my machine to watch some legit movie I paid for and later that rootkit thinks I've downloaded some files to which they hold copyright. I appreciate that they would like this power very much - as they probably would like the power to conduct searches without a warrant or imprison and fine people on mere suspicion, without tiresome process of trial. That would indeed make punishing criminals and fighting crime much easier. The only thing that prevents it is that people have rights, and I'd very much like to keep them, even if it inconveniences some companies a little. I'm not living for their convenience and at their pleasure, so they'd have to find some other ways to protect their interests.
Is it kidnapping when doors lock in robbers during bank robberies? I believe that it would be covered under citizen's arrest common law and statutes. Generally, a private citizen has the right to make a warrantless arrest during or after the commission of a felony or during the commission of a misdemeanor.
A major problem with this is liability the first time this causes major damage to systems because the rootkit had a bug or because someone in your organization legally redistributed the data outside your organization, with approval, but without realizing the consequences.
Especially as it is unlikely this would affect serious criminals: If tech like this becomes common, then nobody sane would open stolen files without ensuring it was done in a self-contained environment and with software that ought to be unable to execute any of this crap. It will be trivial to stop for all but people who are unaware.
>> But start infecting people's computers, and a portion of them are going to fight back. <<
I already fought back. I don't watch movies, nor TV. No cable, no Netflix, no movie theaters, no nothing. Fsck 'em.
You want to do the same? Stop watching their lowest common denominator tripe and read a book or make something up for yourself. When they have no money they'll go away. And what will we have lost? Wasted hours sitting in front of their junk.
Are they also going to push for laws that mandate that all anti-virus software must ignore their rootkits?
And with secure boot in Windows 8, it will be harder for rootkits to remain undetected by hiding in the boot loader. Will the entertainment industry push for laws that force operating system vendors to provide back-doors for the official malware?
No way ... MS can buy Hollywood with pocket change. Also the moment they sign something like that - no more business with enterprises and national governments. The integrity of windows and office is imperative for them.
The point is that any company can sign a rootkit (for the price of $99) to run on windows machines with our without SecureBoot. The best MS can do is to revoke certificates of rogue companies but by then the damage could be done.
In fact, as that Wikipedia article points out, it was exposed by a Microsoft employee:
The scandal erupted on October 31, 2005, when Microsoft researcher Mark Russinovich posted to his blog a detailed description and technical analysis of F4I's XCP software that he ascertained had been recently installed on his computer by a Sony BMG music CD. Russinovich compared the software to a rootkit due to its surreptitious installation and its efforts to hide its existence. He noted that the EULA does not mention the software, and he asserted emphatically that the software is illegitimate and that digital rights management had "gone too far".
No it won't be harder for the entertainment industry to create rootkits. You just buy a proper certificate and sign it like any other driver developer. Secure boot does nothing to protect the users from the entertainment industry.
And if we remember what happened the last time that happened when an entertainment company deployed a rootkit. They made it much easier for unskilled malware writers to hide their work. And IIRC it wasn't trivial to remove the rootkit Sony deployed.
I do trust pirates more. I get the media I want in whatever format that I want it. I get it on time, several minutes after it airs. There is no DRM on it so I can use it with my home theater setup without any complications even when my internet goes offline. All I want is a site that lets me pay a reasonable amount of money for a television show or movie and download it in whatever format I want with no DRM. I want to give the creators and the actors money, but I refuse to do it in a way that harms me, or my access to the material I bought for doing so. That is not going to happen anytime soon, so for now I continue to trust the pirates more.
Frankly, this might be the sort of kick in the ass people need to start writing more secure software. Who wants their software to be known as the MPAA's attack vector?
On the other hand, I suspect that the MPAA would be in for a world of hurt if they did this. They would not only be dealing with file sharing, but also a coordinated campaign by blackhats to take down their systems, boycotts organized by the EFF and the like, lawsuits from companies whose employees brought rootkit infected machines on the corporate network, etc.
They grasp it alright, but they haven't figured out how to monetize it properly yet, especially compared to their established physical business model, which already has all the infrastructure in place, and they are trying to exploit to the very end.
When I read those excerpts from this report, I assumed it was written by some extremist lobbying group that doesn't have any real power. Then I read this statement from Congressman Mike Rogers (Chair of CHPSCI, House Permanent Select Committee on Intelligence):
“It is already clear to me that this report is going to make a very important contribution to the discussion about the grave danger that IP theft poses to our economic well-being. In particular, all should carefully read what the report has to say about Chinese economic espionage. I heartily agree that Congress and the Administration need to act quickly to help American companies defend the hard work and innovation that is the life-blood of our economy. That must begin with getting cyber information sharing legislation signed into law."
When put in context, this is hardly surprising. His wife was recently the CEO and vice chairman of Aegis, LLC, and is now a high-powered lobbyist for Manatt .
Straight from her biography:
...she focused on business development and new-market-entry relationship building for Aegis LLC and the worldwide Aegis Group, drawing on her established global network of relationships with key stakeholders in U.S. federal civilian, defense and intelligence agencies, foreign governments and leading private sector companies to pursue and secure new business opportunities in Latin and South America, the Caribbean, the Middle East and Africa, and to land U.S. defense and intelligence contracts. [Ibid] (emphasis mine).
She presumably still has equity in Aegis Group.
Playing up the Chinese espionage threat plays well with her key stakeholder relationships, and making everyone less secure certainly opens up new market opportunities and brings more visibility to defense services.
Rogers' agenda is just to influence the legislative process to line his own pockets. Business as usual in Washington.
The movie and music publishing businesses are tiny compared to the telecom industry. It amazes me that they are able to get such proposals taken seriously.
This is beyond wacky in light of serious security threats from both organized crime and foreign governments. The same machines they want to root to check on your music and movies are used for serious work in industry and government.
This does not surprise me. I currently am legally entitled to watch several dozen movies, and quite a few TV shows on iTunes, I suppose I've spent about £500 over the years. Here's the problem. I cannot transfer any of these legally purchased movies or TV shows to other platforms, I am held ransom inside a platform-specific eco-system apparently forever. I am a willing customer, I want to reward creators, but in return I am treated like a criminal by the entertainment industry. If there is one thing which is clear it is that the entertainment industry hate their customers.
> The Commission on the Theft of American Intellectual Property
> With U.S. companies suffering losses and American workers losing jobs
Jobs. Translation: this is a PR piece.
> The Department of Homeland Security, the Department of
Defense, and law enforcement agencies should have the legal authority to use threat-based deterrence
systems that operate at network speed against unauthorized intrusions into national security and
critical infrastructure networks
Huh? This includes national security now? Are they deliberately blurring the lines between pirating and national security? Why I think so.
> Informed deliberations over whether corporations and individuals should be legally
able to conduct threat-based deterrence operations against network intrusion, without doing undue
harm to an attacker or to innocent third parties, ought to be undertaken.
They want to legalize Sony's rootkit, but they want to do it right. Rootkits in the wild cannot be tamed, don't even go there.
> if counterattacks against hackers were legal, there are many techniques that companies could employ
that would cause severe damage to the capability of those conducting IP theft.
You do something that the system thinks is pirating and your computer blows up. What could go wrong.
> ...The Commission is not ready to endorse this recommendation because of the larger questions of
collateral damage caused by computer attacks
Ahh I see, they're reasonable after all! IOW, they want to make their rootkit legalization idea sound sane.
> Recommend to Congress and the administration that U.S. funding to the World Health Organization (WHO) program budget in whole or in part be withheld
At this point I want to punch someone in the face.
At a past address, neighbors would leave a bundle of fresh green coconuts, and a few DVDs to back up, at my front stairs. This worked well; They'd get their DVDs backed up (hey, I didn't ask questions), I'd get my coconut water fix.
At my current address, I have access to my own coconut bundles by the dozen, but I still have to wonder, if this came to pass, imagine how many coconuts would I get for 'unlocking' and recovering the computers they would leave at my door due to MPAA 'stabilizing' their situations!
Put another way, like DVDCSS, this is just another minor annoyance to the technically inclined, and only serves to penalize the less-computer-literate, and enrich the people who do favors for them.
DRM lobby must have started smoking some heavy stuff. It's not enough that they insist that breaking DRM is illegal, now they want to make spyware DRM to be legal. True intentions revealed. The next - they must be deploying the Watchbirds.
DRM by definition implies weakened security and privacy for the end user. DRM was never about security, it was always about satisfying their bottomless desire for control. DRM already has a history of using rootkits and etc. These lunatics just want to make it legal in order to create another protective legal wall around DRM (with current being DMCA).
I suppose this is about demanding extremes to have lots of room to negotiate in the inevitable following political negotiations. So they can be like - we didn't request the shoot-pirates-on-sight thing, we even gave up on the idea of rootkits, BUT we have to make stand on <insert real agenda>. Politicians will by their nature try to make compromises. So if you start by demanding what you really want you will lose it.
This is why I sometimes defend the people who want to abolish copyright. I don't think it would actually be optimal, but neither would it be a serious catastrophe, and by making the argument and convincing people of the plausibility of it you create a rational baseline from which to contextualize the naked batshit insane power grabs of industry executives.
The trouble with all of this is that it's ruining politics. The way you optimize social utility is for each side to negotiate in good faith and give up the thing which is more valuable to the other side than it is to them. But in a situation where each side has a veto on getting anything done, refusing to compromise is an extremely effective strategy for exactly as long as it takes the other side to mirror it, and then it becomes a high stakes game of chicken where everybody goes over the cliff unless both sides blink. Because a screaming contest is ineffective, but one side utterly and repeatedly capitulating to the other is even worse.
And that's the situation we're in until the extremists at the heads of these companies give up on demanding absolute control over everything.
And still people buy stuff from RIAA labels and similar organisations. I buy more music than all of my friends but I always check label and parent label affiliations with any of those anti-consumer organisations. But as long as people are usually buying everything without caring, they can do whatever they want.
There is no way this will ever pass, this is the most ridiculous sounding proposed legislation I have ever heard. You think SOPA is bad if something like this were to ever be passed theoretically of course, you can bet the world would be a sad, dark place to live in.
There are consequences to this kind of thing and many things to consider. I mean imagine if hackers somehow managed to find a security exploit in the malware the entertainment companies are forcefully installing on peoples computers? Ransomware one minute, botnet the next.
"...you can bet the world would be a sad, dark place to live in."
I suspect $world = USA here. The chances of anything as daft as this happening in Europe are small. Some European countries already have taxes on blank media/contributions to copyright organisations. Australia and Canada had court action against Sony last time this was tried.
UK politicians do persist in trying to pass legislation allowing monitoring all communications in UK, but we all know how effective that will be.
That's hardly the point, which is that they can get Congress to bend over backwards for them. Since this piece of legislation is obviously absurd, they'll attempt for something pared down but clearly authoritarian with minimal (non-existent?) oversight.
At this point they're just flexing their muscle to see how much wiggle room they've got. A small part of me wishes votes on legislation were anonymous so our congress-critters would avoid the constraints of having to vote along party lines (and notably their campaign donors' wrath).
I can see where you're coming from regarding anonymous voting on legislation, but I'd definitely disagree. It's much more important in my opinion that our representatives are transparent, or else how do we know whether we want them to continue representing us?
It's true that campaign donors have too much influence over the success of legislators, but maintaining a representative democracy is far too important to lose in order to deal with that issue.
It is perfectly legal for the entertainment industry to deploy rootkits.
What you decide to put on your computer is up to you. If someone wants to put something in the software, the agreement is between you and them. So long as they disclose what they are doing, it's not like anyone reads the those agreement contracts on the internet.
A company that deploys rootkits, then survives class actions and angry consumers? Not likely.
This sort of thing is an externality, like pollution: it compromise rights of persons other than the companies' willing customers.
Suppose I don't have any Hollywood stuff on my PC, am I then immune from the poison-ware? Can you easily recover costs if you are falsely accused? People must remain unaffected unless they are successfully sued or convicted, in a court with proper procedures and evidence.
Sound like the entertainment industry is suffering from a severe case of walter mitty syndrome cased by to much watching of 24 they will be asking for their investigators for the right to use enhanced interrogation techniques ala Jack Bauer.
They will be dressing up in multicam and running round the woods pretending to be devguru operators with paint guns next.
I kind of hope this happens, just to increase the demand for real security. In the short term it would make things worse, but in the long run we'd end up with market pressure to give individuals control over their own resources (both protection from corporate control and from incompetent implementation).
Sandbox everything, in effect. I already have a dozen or so different VM's for different types of projects mostly because it's easier to reproduce environments that way, but if there was even a remote chance of something like this, I'd sandbox every untrusted app.
From the paper - "Recommend that Congress and the administration impose a tariff on all Chinese-origin imports,
designed to raise 150% of all U.S. losses from Chinese IP theft in the previous year, as estimated by the
secretary of commerce."
So... they want their people to pay for the crimes of others?
I know this is not really about games and Im not sure this is actually related, but I'll offer it up in case.
Last night I went looking for info on the game Far Cry 3 Blood Dragon. I ended up on several forums and discovered something I found interesting. Turns out that the official legal version is plagued with various problems. But oddly, it seems that people who downloaded the leaked version are having no reported problems. I had a look at comments on various download sites, and yes there were some problems, but not many and they were normally about getting the cracked version to run, and these problems were quickly solved.
Now, while I accept that there would be an obvious difference between feedback from downloaders and customers, I do wonder if this happens a lot. And if the "pirates" are actually releasing versions of games, that actually work, while the likes of UbiSoft and Steam are angering paying customers with reportedly terrible support and poor product, why would any one in their right mind pay up? On top of that, it would seem that people who used "illegal" copies actually got quicker support that solved the problem from the users on the download site its self. Again, I can see the arguments and flaws there, but on the face of it, its madness.
What completely amazed me was the number of people saying they bought the game, it didn't work, they got no useful support, so they downloaded and played the pirate version.
If paying customers end up having problems, (say the root kit fails to install because for example it doesn't like your NIC, so you cant play the disk,) using other media, TV, Movies, etc, then they too would surely end up having to get their media in other ways. Then, experience would teach them to continue with other sources.
If this becomes any sort of trend, such businesses don't deserve to survive.
Why they just don't offer better service than pirates? If they made it easier to buy than to download torrent, maybe people would actually use it. If I were in their place I would make it payable with bitcoin transaction, which would be as simple as downloading torrent.
The only thing which explains things like this is that, somewhere in the entertainment industry hierarchy, people feel that they are being severely underpaid for their work. Which level do you think it is?
This is more FUD for the pro-piracy crowd to get their panties in a twist over. The root kit is obviously an unrealistic idea though the network idea is a bit more realistic but I seriously doubt either will go anywhere.
This is our fault though. We have these companies that sell us digital recordings of media we want at a price they've chosen. We found a way to circumvent the buying process and get it free. This is simply not okay. We can debate how fair artists get treated, the price of media, and whether or not distributing copyrighted materials online is technically stealing all day long but in the end any rational person sees this is wrong.
So while we infringe on the copyright holders rights for years any time they try to take steps to curb this behavior (which is on a scale way larger than other types of black markets and impossible to ignore) we act shocked and appalled as if we've dont nothing to instigate it. Each time they fail to curb piracy they come back with an even more deplorable plan to stop it. In the end we're all losing, both the media companies and the consumers.
I still can't understand why anyone would think piracy is okay. I've done it myself but I know its wrong. Using reasons like region availability, pricing, and the usual copyright complaints to justify it dont make sense. They're usually all excuses for the person with "I should be able to get this on my terms because, uhh, freedom" syndrome.
Sometimes the complaints are legitimate but still don't excuse piracy. We've created this problem ourselves and the only way to stop it is to vote with our wallets. Piracy does not count as voting with your wallet. To vote with your wallet you have to be willing to live without the thing you desire or go to a competitor until the seller starts giving the consumer what they want. A black market is not a competitor and it undermines the goal of getting media companies to start making it convenient to buy their product at a reasonable price. Piracy just shows them we want what they've got but don't want to pay. The only way to compete with piracy is to shut it down which is impossible and leads us to crazy proposals like the one discussed here. But lets say HBO and Shotime both aired Game of Thrones. If HBO sucks at distribution and pricing consumers go to Shotime instead. HBO sees this and can't shut down Shotime so the solution is to get better at pleasing consumers.
My point is that you can't compete with a black market and this constant arms race to implement and circumvent anti-piracy measures will lead to a stalemate where we all lose. If we quit both pirating media and buying it, that would start leading to changes in a positive direction (for those of us who aren't just pirating to be cheap at least).
*Side note: unfortunately, getting media online has the potential to become VERY convenient but can never be as convenient as piracy as it'll always require a payment step but is that really so awful?
It would automatically be illegal to break this spyware (i.e. to defend against it) the moment the spyware itself becomes legal. Since breaking DRM is forbidden by DMCA. DMCA/1201 should be really repealed, as well as any such new idiocy pushed by the DRM lobby.
In a more modern version, VM just won't be able to support a hardware-assisted DRM conveniently preinstalled straight into your CPU or video card's firmware.
Hmm. This leads me to the idea. Why care for software rootkits when PCIe hardware may actively screw with the system? Considering MAFIAA already had success with enforcing HDCP on almost every modern video card out there...
I actually just read a book set in 2040 England where this basically happened, they'd created a system where if you tried to remove the hardware the CPU would be dissolved. The book was called "Pirate [something]" I can't remember the exact name but it had pirate in it...
Just about every Linux kernel version has had some root privilege escalation bug. So long as they can get some executable software on your system (perhaps not easy!) it's reasonable any such bug could be exploited, and voila, they can install a rootkit!
This is not as unlikely as you may think. All it takes is the right bug in a virtio driver, and they can go from vm-root to host-user, and assuming some level of competence they can go from host-user to host-root. Of course, you're welcome not to use any virtio devices, and you're welcome not to use hardware virtualisation support, but the performance of your guest will not be much to write home about.
Of course it is possible that they find holes, but I consider the odds that they will find holes like that early enough that countermeasures won't already be deployed in a situation where people have come to expect destructive actions from their software on a regular basis to be quite unlikely.
Also OS level virtualization is not the only protection worth using in a scenario like this. Sandboxing at the syscall level (restricting allowed syscalls and arguments substantially) is also highly useful, and if we start seeing a threat from apps that people are expected to intentionally install knowing that they pose a risk, we will see a lot more aggressive security work.
> Of course it is possible that they find holes, but I consider the odds that they will find holes like that early enough that countermeasures won't already be deployed in a situation where people have come to expect destructive actions from their software on a regular basis to be quite unlikely.
How so? People will be expecting their software to contain rootkits, and so there will be tons of people immediately analyzing any new releases.
Given that already when I last bothered with pirated software in the early 90's, serious warez traders were mostly only interested in software weeks before its scheduled release (it was not uncommon for unfinished versions of games to leak), which involved not just getting hold of the releases through leaks or hacking, but breaking any protection, and this would make up the first serious challenge for the warez scene in many years, and this will draw not just the warez scene, but security researchers, as well as a lot of "regular" developers like me who are fed up with these kinds of attempts, they are facing pretty much an army that will be dissecting every release.
Sure, some will slip through for some users, but every single instance will result in new counter-measures, many of which you can expect will cover as-yet undiscovered flaws in addition to just fixing specific issues.
E.g. a logical protection against attempts at attacking faulty filesystem permissions settings is to blanket ban access to the filesystem and whitelist specific files, specific directories, and sanity check all access to them.
For every loss, we will win more robust application sandboxing capabilities, and more people will be motivated to consistently make use of them.
I understand what you're saying, but so far Nintendo 3DS doesn't have any way of playing pirated 3DS games. (DS games are playable on a 3DS now). XBOX360 has some cracks, but these are complicated. Too complex for most people to bother with. PS3 is also too complex for most people. (I think, I haven't really looked hard for this.) I think even PS2 isn't trivial, although I could be wrong and I welcome corrections.
It bothers me. I'm probably wrong, but it feels like we have a bunch of sub-optimal OSs that have security kludged in as an after-thought, built on legacy hampered hardware, with a lot of concentration on "preventing people playing illegal content" (but also strictly controlling what people do with their legal content). There's a kind of arms race with pirates and anti-pirates competing on DRM schemes, and it feels like if all that effort had gone into better directions that we'd have 24 cores at 3.5 GHz and better threading with decent nice architecture.
And I know it's just marketing, and that washing powder (Whiter than white!) has been doing it for years, but being told that my content (which was sold to me as best quality available last time) is now being called garbage and I'm told I need to upgrade. In the past I didn't need to upgrade. I could keep my record deck and buy a CD player and rip those CDs to digital for my streaming media player. But in the future this is not going to be allowed. I'm going to have to buy an extra licence for family use.
Of course not. But it's easy to maintain a list of public bugs for different kernel versions and also a list of 0day bugs that may have been found, and then exploit the appropriate privilege escalation bug depending on the kernel version.