Hacker News new | comments | show | ask | jobs | submit login
US entertainment industry to Congress: make it legal for us to deploy rootkits (boingboing.net)
608 points by Suraj-Sun 1699 days ago | hide | past | web | favorite | 257 comments

What qualities do people look for when buying movies and music?

1. The content they want.

2. Quality (i.e. resolution, bitrate, etc.)

3. Reliability (it actually plays)

4. Low annoyance (no ads, warnings, etc.)

5. Safety (guaranteed freedom from malware, etc.)

The movie and music industries haven't done a perfect job of delivering #1-4. Region coding means the content users want is frequently only available through pirate channels. Lower quality releases (DVD vs Bluray) are also often all that is available in some regions. Bluray is not reliable if users don't keep their hardware/software up to date. Nearly all DVD's and bluray discs on the market are utterly infested with annoying advertisements and warning screens.

#5 was the one thing that legally purchased media had an undeniable edge in over pirated media. If users lose trust in the safety of legally purchased media they will be driven to piracy in unprecedented numbers.

It is tempting to give RIAA and MPAA the rope to hang themselves with, sit back, and laugh. However, let's not forget that every piece of code they write and every root-kit they successfully deploy will soon be taken advantage of by black-hats, quite probably in ways that will cause damage to systems completely unrelated to media playback of any sort. The only way I can see to let the MPAA/RIAA proceed is to require them to post a significant bond (in the billions) to pay for damages their rootkits will cause. Managing how damages are going to be awarded is going to be a legal nightmare though, since this will not affect only U.S. systems and citizens. If the U.S. permits this, I sincerely hope other nations hold the U.S. government responsible for damages, so the U.S. had better make sure Hollywood is ready to foot the bill.

#5 Safety (guaranteed freedom from malware, etc.)... was the one thing that legally purchased media had an undeniable edge in over pirated media.

Disagreed. Sony rootkit was on the legally purchased media. DRM on streaming services can do all kind of stuff without users consent. DRM built into hardware with cameras can do even weirder stuff (just note the crazy DRM idea patented by Microsoft regarding detecting the people in the room). Since DRM is a black box, you never know what it can do. There is completely no reason to trust that it will respect your privacy and rights. Therefore DRMed media has no edge over pirated media at all.

Safety requires transparency (for the user), as well as trust in the used technology. DRM by its very definition is non trustworthy and non transparent, it's the antithesis of that. It's totally opaque precisely because it attempts to hide something from the user. Because ironically, DRM proponents don't trust the user! User is treated as potential criminal by default. How can users in situation when they aren't trusted, trust the DRM vendor in return? They can not, and they should not! Trust can be only mutual. I.e. DRM always implies something shady and risky. DRM proponents should be treated as potential criminals by default in return. And what do such criminals usually hide in their code? Malware.

I think OP was talking about average-Joe's understanding of safety. The "if I buy original version, it won't have viruses on it that break my computer". This is true so far, DRMs or not, and people trust legal media. But the moment this trust gets broken, there will be little reason to go to shop instead of Pirate Bay.

Actually, there's been at least one instance of legally purchased media installing spyware, the Sony rootkit scandal that's already come up in this discussion:


Yeah, and there are lots and lots of instances of illegaly gotten media installing spyware. You don't need a perfect track record to be the safest option.

The difference is, that it's a common knowledge not to trust pirated materials. But it's not a common knowledge not to trust DRMed ones.

My point was that such trust is misplaced and baseless. Since the distributors of the original DRMed media don't trust the average person (thus the DRM), there is no reason to trust them in return (and even are reasons not to trust). Though most people just don't realize it.

I think that was the OP's point really. But you're right in that it has already happened with DRM - rootkits are just the natural next step in this direction.

"It has already happened" means it was discovered. Since DRM is by definition obscured, we don't know what wasn't found. Insecurity and malicious code is to be expected from it. Their attempt to legalize it only reveals their original intentions.

Yeah, but it's relatively restricted right now, to the point that the vast majority of consumers have no idea it exists. If this is enshrined in law as a bona fide policy, it will become much more widespread - perhaps to the point that Joe Public notices.

So this is different - in degree if not in kind.

You left out one important point:

6. Convenience.

I believe that the content industry is relying on a sufficient number of people still finding it easier to buy a DVD/Bluray rather than pirate. For technical people, pirating is already sometimes more convenient for reasons that you stated.

There is also a

7. Ethics

Some people do not find pirating ethical under any circumstances, and will inconvenience themselves to avoid it.

Some people also think using animal products isn't ethical and inconvenience themselves to avoid it. But you probably don't want to build a mass market business on that.

For the record, I don't pirate music anymore. Spotify has made pirating too inconvenient.

Gabe Newell of Valve Software has famously said that piracy is a distribution problem, and I fully believe he's right.

> “The easiest way to stop piracy is not by putting antipiracy technology to work,” Newell said. “It’s by giving those people a service that’s better than what they’re receiving from the pirates.”

Steam single-handedly killed even the temptation to pirate games for me, because it's ridiculously convenient to just fire up Steam, click a button, and have the game delivered to my desktop at multi-megabit speeds without any obnoxious DRM getting in the way of me being able to play. Pandora, Spotify, and most recently Google All Access make music piracy a complete non-issue for me, because I don't want to have to spend time chasing down a song or even futzing with iTunes - I just punch something into search and it's playing. Netflix and Hulu provide so much content that I can't watch all of it - while they don't always have the most recent content, they have a lot of it.

Provide me a service that is a. affordable (Steam Sales and $8/month for movies or music are excellent models here, content folks) b. convenient (click button, enjoy content), and c. reliable (no explanation necessary) and I won't have any incentive to pirate content.

I'm convinced that the people who can afford stuff but pirate it anyway do so because of distribution problems in getting that content legally. The people who pirate stuff who can't afford it, or wouldn't buy it if they can are arguably even a net benefit - they aren't lost sales, but they increase the reach and visibility of the product. In either case, it's not really worth worrying about them (though the studios sure do love to gripe about them as if they're all lost sales), which leaves us with one very easy solution - have the best distribution channel available, and people will pay for it. At that point, piracy is about as solved as it'll get from an economic standpoint.

> Some people also think using animal products isn't ethical and inconvenience themselves to avoid it. But you probably don't want to build a mass market business on that.

Vegan products are mass market commodity goods like any grocery. Just because vegan goods consist of a smaller slice of all grocery and food sales doesn't mean you'd be a fool to make a business out of it.

Point. But I don't think the MPAA and RIAA are after the market of "people who find it more unethical to pirate than they find it inconvenient to consume legally"

I'm not sure the comparison is just. Using animal products isn't illegal.

I don't think ethics overlaps much with law.

Aw, come on, don't sound like a troll. Don't argue for the sake of arguing. THere is a big overlap between ethics and laws. Just because some items don't overlap doesn't warrant such a statement.

Seriously? Theft, Assault, Civil Liability etc.. I think there's a significant overlap between Ethics and Law. Our systems of laws are based on the work of philosophers studying ethics, of course there's a huge overlap

There's also offshore tax havens, political action committees, and patent trolls. Some unethical things are legal.

There's also underage sexting, media piracy, cryptocurrencies, and marijuana. Some things aren't globally agreed upon as ethical or unethical, but the law still attempts to address them.

Identifying the overlap is difficult.

people create laws to enforce ethics, but ethics and laws and law often don't overlap because law gets tinkered with less than ethical people and one man's justice is another man's horror.

I agree with you, they definitely don't match exactly. But I was arguing that they overlap: Some parts match, or at leats cover the same ground.

And that's the problem - you might as well keep pirating as Spotify isn't helping any artist while users think they're doing the noble thing.

Spotify is legal and the artists on the platform are on there of their own free will (or their publishers will who they signed that right away to).

They could decide that they on want to steam on another platform if that is a better deal for them.

Absolutely, and many smaller artists and indie labels chose not to offer their catalogue on those platforms.

I didn't intend to offend the users of streaming services. I subscribed to rdio myself, only as a tastemaker though - I still buy a lot of lossless music.

But people don't listen to music to benefit the artists (even when they purchase a CD or whatever) -- they do it for themselves.

Artists make the vast majority of their money on tour, which is more or less unrelated to the choice of distribution channel, except that a more prolific channel results in more people attending a show.

That point is brought up often, but don't forget that while touring might work for your average indie rockband, it's not as easy for obscure ambient, experimental musicians. Music that is primarily intended for home listening is a lot harder to sell as live performance.

Again, I don't intend to offend the users of those services - just saying that Spotify, rdio and co. alone won't work for many artists.

Ethics is really important for me, but rootkits makes the official distribution as ethical as the pirated content.

Agreed, I find the ethics of the recording industry extremely distasteful. Whenever I pay for music I feel like I'm giving money to a mobster.

> However, let's not forget that every piece of code they write and every root-kit they successfully deploy will soon be taken advantage of by black-hats, quite probably in ways that will cause damage to systems completely unrelated to media playback of any sort.

It will be stupidly easy to execute; if the malware shuts down computer when it detects illegal download, the only thing an attacker needs to do is to trick the computer/user into downloading illegal content. And that's it. Though this simple trick doesn't let them steal data or take control of the computer, there are many uses an attacker can find for just killing the machine. Blackmailing, social engineering, or just disturbing some crucial business operations. I can even imagine 4chan folks trolling people like this for fun.

4chan yes, but remember most black hats are operating for profit. They don't want to shut down your computer. They want to root it so they can use it in their botnet, or maybe log your passwords and credit cards.

You're right, though there is some profit in shutting down computers. Even right now there's a proliferation of ransomware[0] [1] that locks out machines. I've removed several of those from computers in last two years and even once been paid to do this.

Moreover, if computer-locking DRM malware becomes commonplace, a market for cheaper-than-police unlocking will emerge, with incentives favouring hacking the DRM to then earn money on fixing it.

[0] - http://en.wikipedia.org/wiki/Ransomware_(malware)

[1] - http://en.wikipedia.org/wiki/Rogue_security_software

> It is tempting to give RIAA and MPAA the rope to hang themselves with, sit back, and laugh. However, let's not forget that every piece of code they write and every root-kit they successfully deploy will soon be taken advantage of by black-hats

Wouldn't it be the opposite? Like a free pentest? Malware they come up with would be widely available (included in the price of any movie) for dissection.

BTW Next release of Qubes[1] will need an "entertainment" AppVM.

[1] http://qubes-os.org/trac/wiki/QubesArchitecture

If "they" are both the planters of the rootkit (taking over the computer) and the ones claiming to be wronged, looking for recompense, doesn't this create an unreconcilable conflict of interest as well as a worthless chain of custody for evidence of any wrongdoing? What would stop them from simply taking over computers, planting evidence and profitting (extorting) hugely?

I would think that once my computer spends any length of time not under my direct and exclusive control, I would no longer be solely liable for any actions that may have been taken with it. There would be huge doubt, no?

This is an excellent point. "We can only get $X per song in damages? Plant 100 songs on that computer."

This is not going to go where they think it will go.

Right now their enemies are just pirates wanting to watch Game Of Thrones for free. A business threat, certainly, but one they're generally handling well.

But start infecting people's computers, and a portion of them are going to fight back. Then the entertainment industry has enemies actively trying to destroy their systems.

A whole different level of conflict, and one which I am certain they are not prepared for.

Never go for an escalation you don't need and will hurt you more than it hurts them.

If I ever find a rootkit on my system stemming from a company that thinks they can do stuff like this, and it is legal, it is to a demonstration that the law is not worthy of any respect any more, and that it is time for war. And given the resource discrepancy, the only way of fighting back against companies like this would be to cause vastly disproportionate amounts of damage. I'm sure getting rootkits into their networks wouldn't be all that hard.

If I ever find a rootkit on my system, that OS gets binned permanently, no questions asked. I have a zero tolerance policy for who's system my computer is: it's mine. Not the US's, not Law Enforcement's, not the MPAA's, not MS's. If it achieves sentience, fine, it can be it's own; until then, any OS which fails to understand this arrangement (that a secure OS means that only I and system services (Windows Update, various package managers and their delegates) install software...third parties are not allowed), will be binned. If I can't trust my machine to have my singular best interests at heart, I cannot work with it; multiple tethers, trojan rootkits, superseding accounts with permissions higher than my own...these run contrary to my designs, and make it difficult, in the very least, to know when a problem is being caused by them, or by me. Plus I despise being spied on; if I'm going to put on a show, I'm going to get paid for it (no freebies).

I am more and more disturbed with the way OSs are going in general. They are...slowly removing usefulness from themselves, making it hard for admins to work with them, and adding on crap, like Windows Store...which is not needed. It's starting to feel like the computers I work with are...owned by someone else...which means I will start caring for them a lot less. The least of things which currently bothers me are the cross-threading errors which seem to appear in Windows 7...why have these not been fixed?

This is a big part of the reason I moved entirely over to Linux and don't even have a token windows box anymore. When I absolutely need to run a windows app (Photoshop, or some MS Office crap that doesn't render properly in LibreOffice) I run (licensed) Windows 7 in a VM, where it is contained and constrained.

All the windows only applications I used to use for fun and hobbies (games, music apps) I've either found Linux replacements for (I basically buy the Humble Bundle whenever it looks good), or I simply do without. I would buy Linux applications for these functions if they were available AND the applications were sane, cross-platform developers sometimes try to treat your Linux box like its an MS box (wanting to put files all over the place etc) which is unacceptable.

We simply cannot trust MS or Apple. At least in the Linux community there is a strong culture of transparency, privacy, security, and freedom.

It's not down to the OS or OS vendor. Most rootkits are exploiting bugs, not intentional backdoors, and many of them are exploiting bugs that are not in the OS but in third party applications.

E.g. a common approach is to look for common third party applications that require admin/root privileges for some part of their functionality, and look for ways of tricking them into executing your code (via e.g. buffer overflows, or by finding ways of modifying the configuration with lower privileges).

So unless you never install third party software, you are potentially vulnerable even if the OS is flawless (and it isn't - no matter which OS you pick).

Sony's network has been a fertile testing ground for third-party rootkits for the past few years.

They tried it, and it seems to go pretty well:


> Then the entertainment industry has enemies actively trying to destroy their systems.

so to be fair this is actually where we are today, if you remember the efforts of anonymous and sony, etc...

To be fair:

1) Anonymous/Lulzsec aren't necessarily a best-of-the-best of the 'hacker world.' Do they want to raise the ire of even more skilled people?

2) Anonymous/Lulzsec are/were in it mostly for the publicity, and 'cheap thrills.' I'm sure that they could have done a lot more damage had they been focused on being as malicious as possible.

> mostly for the publicity, and 'cheap thrills.

You mean... for the lulz?

I purposely expanded 'for the lulz' into something a bit more succinct.

You actually expanded it into something that by definition is less succinct.

Lulz may be brief, but it is hardly clear.

Number 1 is a very good point and something those companies should keep in mind. Anonymous/Lulzsec are basically like children in terms of what they could do. Very skilled people could do substantially more disruption and damage.

Being actively targeted would certainly encourage membership.

I want to watch Game of Thrones and pay for it. I also want it available within a day of it's original airing and without having to buy cable or a TV. Charge me for HBO. Just don't make me wait a year before I can buy the video. You can even make me buy the HD version when I only want to pay for standard definition.

It's out on itunes the same day in HD for $3.5 an episode (unless you are in australia).

I just checked. You can't buy Game of Thrones season 3 via iTunes in the USA, but it looks like you could buy it in Australia. I tried buying an episode from the Australian iTunes store, but no luck.

Ah, I thought they offered that for everywhere, not just australia (and they're cancelling it in australia). Sorry to get your hopes up.

Season 3 isn't out on itunes in Canada at all yet. The only way for me to watch Season 3 is to subscribe to the $100/month + $20/month cable package that carries HBO.

I've not bothered to pirate it, yet.

There's a way to trick your iTunes into thinking you're not in Canada. All you need is a second account and a gift card situated in the US. (I've seen people in the US use this trick in reverse to get BBC shows in America without pirating them.) Granted, it's retarded (and potentially still illegal) that people should have to do this in order to pay for content rather than pirate...but the option is there.

Seems like a lot of effort to pay people that seem to go out of their way to stop you from buying their merchandise

I'm not setting up umpteen different itunes accounts to try to give you my money. The whole point of paying for something is that I provide the money in exchange for the product. Why should I jump through hoops in addition to that?

There are easier options if I care. But to be honest, right now I don't.

I read there was something coming in next season to prevent same time iTunes release in Australia? Is this currently the case as well?

Yes, Foxtel is moving to block the itunes episodes from getting a speedy release. Not until next season though so we'll see if they succeed.

It is interesting, I don't think it will actually help them much. If you have Foxtel already you can likely get the whole of showtime for around the same price your paying on itunes for Game of Thrones. (While the season is going and there are day 4 eps a month.)

Not sure they are going to convince people that don't have Foxtel that they should pay $60+ a month for the service purely on the back of Game of Thrones.

Especially since the only part of the market they can hope to capture with this move is "people who already pay for game of thrones legally over itunes". I would think that most of those people also know how to torrent but choose not to and foxtel just pissed them off, I doubt they happily switch services.

Thanks. I didn't realize that! Will check it out.

> Right now their enemies are just pirates wanting to watch Game Of Thrones for free. A business threat, certainly, but one they're generally handling well.

A reasonable point, but I think their argument about "we won't allow seeing GoT without a cable subscription" still is incredibly short sighted.

It lets them make money in a way they understand now. I would very happily pay them money straight up, but since I'm not in the US, it's not really about wanting access to free stuff - it's about access to stuff in the first place. They would lose money on setting up such a system in the short term, sure, but they are only delaying the inevitable - that such a system is what is required if they want to compete with bittorrent in the long term.

The problem is, it's the short-term that matters on quaterly reports and that moves you up the corporate label. Long-term changes take too long to benefit those who introduced them.

"...there are increasing calls for creating a more permissive environment for active network defense that allows companies not only to stabilize a situation but to take further steps, including actively retrieving stolen information, altering it within the intruder’s networks, or even destroying the information within an unauthorized network."

this is actually way worse than the headline indicates. the crazy bastards want the legal authority to actively exploit other peoples computers and "take back" information from it. they want the ability to re-write the world.

it would be pretty frightening that digital media companies were unaware that you couldn't "retrieve stolen information" from computer systems, except no other company seems to know that this is actually impossible so it's just kind of de regueur.

I want to say that this will of course go nowhere because the legislatures support of far weaker measures (like CISPA) is lukewarm, but then again this is the group that brought us the DMCA. it would be especially ironic if the MPAA was more empowered to use computer hacking to protect popular music from theft, than technology and national defense companies trying to protect national defense information and private consumer information.

Would that require disclosure?

A problem now which is more frightening (I can secure my network from the media companies, not worried about that one bit) is the remarkable number of companies with known security problem that won't and don't disclose it. Going on the offensive should be illegal unless they can disclose damages which justify it and then their customers can sue.

I don't see this happening in a healthy world, defense will get much much better much more quickly if it was to be legal though, ultimately it would involve violence though.

Well, DMCA was back in 1998.

I'm sick and tired of being in such a lazy-ass, apathetic society that possesses zero regard to freedom.

Stallman may be a nut, but when you think long and hard about what he says, and think about SOPA, PIPA, and this lobby, in horror, your face twists in fear and you watch, helplessly, as your fellow citizens bend over backwards and let the government have their way.

I don't even know what to do anymore. Nobody will lobby against Hollywood; people already gobble up TMZ and are too obsessed with celebrity pseudo-culture and movies and pop music that they won't do it.

We need more activists. And without them, we are fucked.

"I don't even know what to do anymore."


People use Skype because there's no clear alternative (maybe work on Jitsi... It still needs a server for the good stuff). People use Facebook because there's no alternative (maybe work on RetroShare). People let their government tell them what to do because they think it's better than anarchy (maybe work on a political Kickstarter). Copyright enforcement against BitTorrent users has gone into high gear because BitTorrent is good at sharing but weak in anonymity. Fix that. Don't make tools to break laws, just make tools. Write software to empower individuals and make institutions unnecessary and you won't have to spend as much time cleaning up after institutions and the egos that run them when they get carried away.

Promoting open-source software as a way to counter spyware, and general activism, is better than nothing, but the best way to change the world is still to invent it IMHO. (Just don't throw yourself on the fire unnecessarily either... Bitcoin's author was wise to keep his identity out of it.)

I love to write software, but unfortunately, I don't think that will solve the problem at hand, which is the MPAA's DRM lobby. They have millions and millions of dollars' worth of support behind them.

What's a few hundred hackers to a huge industry? If we want to really make a difference, we need all the support we can get. Perhaps even start an organization to lobby against the MPAA/RIAA similar to what sinak has done, but with far greater support.

How many times will this happen? People must wake up.

Ideally, IMHO, copyright would be non-transferable.

And your answer is Stallman?

Yes, he is a nut. In the sense of "no one will ever take him seriously, especially anyone involved in mainstream decision-making, who has ever read anything he has written," which is in this case the most relevant metric. Stallman is never going to be any help here, nor is anyone like him, because any "normal" person -- that is, one that other people won't ignore out of hand -- will ignore him out of hand. This includes politicians, to whom said "normal" people are the all-important majority.

"We need more activists" is bullshit. You think we need more activists? More of those outliers that get lampooned in every media outlet for railing against the status quo? Because that's what activists are to most people: Nuts and/or malcontents.

Of course, my real problem with this statement is exactly the same reason I'm not making it. You think we don't have enough activists? GO BE ONE. If you think they can do any good and you believe that "we are fucked" without them, stop posting on HN, get off your ass, and DO SOMETHING.

Otherwise get back on the bench with the rest of us, because all your whining about mass media and celebrity culture is just that. You can gripe all you want that people aren't doing anything, but as soon as you start telling people what they SHOULD be doing, either you'd better be doing it yourself or you'll have to excuse those of us -- everyone -- who will not take you seriously.

In the event that you actually are interested in backing up your hollow rhetoric: The only way to work this system is from the inside. So start campaigning, or start schmoozing, because while real change is essentially impossible, the only way to mitigate damage is by convincing the relevant politicians that it's in their best interests to do so.

Do you really think that Aaron Swartz, Larry Lessig and the masses of people protesting Capitol Hill last year when SOPA came around didn't make a difference?

They were activists.

Do you really think we'd have so much free/open source software today without the contribution of Eric S. Raymond, Stallman, et al.?

They're activists.

Do you really think that we'd be here today if Benjamin Franklin, Thomas Jefferson, James Madison, and George Washington never existed?

They were -- yep, you guessed it -- activists.

For what it's worth though, Ben Franklin was much more diplomatic and compromising than RMS. RMS would be more like a modern day Patrick Henry, Thomas Paine or Samuel Adams. Though all mentioned parties during the revolution played a key role in the independence of the United States. So I guess one could say it "takes people of all sorts."

The flow of human events isn't bound to individuals. Names merely get played up in the remembering, and the events downplayed. E.g., America was going to revolt regardless of whether T.J., et al had ever been born. Really amazing that a war is misremembered as activism....pass the K-Y.

Not actually true. The colonies could have received the things they wanted had they actually attempted to fight for them (and by 'things they wanted', I mean the things we wrote about England (and specifically a king with little political power at that time (it was all parliament's by that point)) not giving us).

The American Revolutionary War was started because of political activism. They saw a chance to start a new country in whatever manner they pleased, and leapt at the opportunity. Even just a little effort put to really trying to get a voice in parliament would have worked fine, but instead we went and write the bloody Declaration in an attempt to rally support of other nations not really pleased with England (I'm looking at you France), and filled it with rhetoric, half-truths, and blatant lies. Okay, maybe not blatant, but they're there.

Really amazing that a war is mistaught to most American students. Okay, it isn't that amazing, I mean, you're going to teach your country's history in the most favorable light possible, but, still...

I think you're misunderstanding me. It's my claim that any sufficiently profitable colony sufficiently far away from its mother country will inevitably cease to be a part of said mother country. The how is irrelevant.

The how isn't irrelevant, especially when the colony in question ceased being a party of the mother country because of opportunists who thought that it would be fun to start a new country built in whatever manner they pleased. Without our specific set of malcontents the Revolutionary War wouldn't have occurred and the US would have been given a voice in parliament.

Your claim is wrong.

>because of

That's how the history is written, yes. And how the history is written...is irrelevant. Where are all these profitable, distant colonies with voices in parliament today? Australia? Canada? Technically not sovereign, but they operate as separate nations. No country in the world fits the description of the U.S. you claim would have otherwise been inevitable, and you don't give this a second thought. The oldest truism is the ephemeral nature of Empire. You let your piecemeal study of history delude you.

We need Stallman because he's our extreme figure. He sets the bar for crazy-level. He makes you look like Jimmy McReasonable and your demands look sane.

Crazy doesn't help in the long run and often isn't helpful even in the short run. People exhibit something like an immune reaction to crazy ideas, and develop an allergy to the stimulus. Marxism has scared people away from social policy. Andrea Dworkin types have scared people away from feminism. (When I left liberal Oakland to go to U Chicago for college, I was shocked to hear people say, "I support equal rights but I'm not a feminist...")

The civil rights movement and the early neocon movement are two examples of movements that suppressed crazy elements, and were highly successful for it.

Exactly, without a Stallman the overton window is narrowed in a non-beneficial way.

> And your answer is Stallman?

Stallman is absolutely part of the answer.

Sure, not everybody can be RMS and live the way he does. He's still correct about the importance of values he's staked out and made a lifelong effort to demonstrate and respect. And to the GP's point, when you have content producers arguing they need legalized malware to police every machine, it makes it all the more obvious how much we need voices insisting on user freedom.

> More of those outliers that get lampooned in every media outlet for railing against the status quo?

While I agree it's good for activists to consider how their messaging might be received by various audiences, the fact that media outlets -- and even everyday citizens or presumably otherwise intelligent commentators on HN -- tend to collapse people to caricatures may not be an indictment of activists.

> Otherwise get back on the bench with the rest of us, because all your whining about mass media and celebrity culture is just that.

You've managed to work up a good froth of whine yourself there for somebody complaining about whining -- apparently summoned up to promote the ethic of more quiet frustration.

Even if effective political action can't let its end be posts on a website, it starts with people talking to each other. Maybe even here.

The best thing Stallman could do is improve his outward image from hippy to something less ... hippy. Appearances matter and his, together with what he says makes him, and therefore his message, unpalatable and unrelatable to most people.

We live in a shallow society and the best thing the pro-privacy movement can have are moderately attractive, presentable, glib spokespeople.

I don't see why Stallman doesn't wear something a bit more presentable, like a suit and tie and shave his beard. It looks a little repulsive to be honest.

He was actually a really attractive guy. [1] You can still see he's fairly attractive for a 60 year old under the disheveled hair and beard, and excess weight.

[1] http://en.wikinoticia.com/Technology/linux/33921-the-young-r...

I don't mean to split hairs, but you might be exaggerating just a bit.

You're not splitting hairs because you're not being pedantic!

How might I be exaggerating?

Stallman isn't an activist for the end user, he's an activist for the activists.

> Yes, he is a nut.

Eccentric is what he is. Must be fun living in a black and white world.

Yes, it's not reasonable to call him crazy since many things he's been predicting have come true. He's eccentric.

I'm kind of shocked by the extremist label. I don't think Richard Stallman is a nut at all. Eccentric, sure, but only for the unfortunate reality that it is rare for most people to stick with a principle over decades.

EDIT: ok, that foot eating thing is weird.

As much as I appreciate Stallman, videos like http://www.youtube.com/watch?v=I25UeVXrEHQ show him as eccentric for reasons that go well beyond sticking to principle.

If he is a nut, he's our nut.

If advancing a rational cause is nutty, being a nut sounds like a good plan.

Stallman is not a nut. Try finding one other nut that has so consistently foretold the future.

Being right is no defense. "you're a nut, that will never happen." "you're a nut, that's not what's happening." and finally "you're a nut. why does what's happening bother you so much?"

We need more activists. And without them, we are fucked.

You can change the system from within as well. While it is impractical to go out and run for President and hope to win, one of the things I hope the current crop of young adults will see is that they have the power to become the system and change it. First build a resume in public service (city council, county supervisor, state representative) then use your training to help you and your fellow revolutionaries move into a position of power and change.

One of the saddest things is that the folks in power have convinced the youth of America that they are powerless and nothing can be done forcing them into acts of "activism" which allows them to be identified and eliminated.

Perhaps an example that doesn't resonate with you but has been doing what your compatriots have not, is the Tea Party. These folks have shown you that it isn't about dominating the world, its about setting a theme, recruiting to your cause, and then using the institutions that are in place to allow you to affect change, to work for you.

I didn't mind what you said until you brought in the horrible example of the tea party. Even ignoring its political message it was pretty much all astroturf, pumped up and hyped by established players. A few election cycles later it's pretty much gone.

I appreciate that the example can be distasteful. However, I have looked into the astro-turfing dismissal argument as well.

Generally, astro-turfing (the use of a PR engine to create the appearance of grass roots support) is designed to get a candidate elected (or issue passed) that favors the money financing the campaign. We have seen a number of these in California and there has consistently been a strong correlation between benefit and later funding source analysis.

However, some really earnest but ineffective people were elected under the guise of the 'tea party'. Much to the disgust of the Republican Party power infrastructure (the speaker of the house cannot count on all of his own party's votes for that reason). Generally, power interests that are trying to manipulate the system don't throw random people into the mix like that.

My conclusion after looking at the folks who were elected that way is that a large number of them, perhaps the majority of them, were elected by people fed up with the system and not an interested third party.

But lets set that aside for a moment. Lets say you and your friends can get elected to city government. If your city runs well, and you don't put up with the baloney that sometimes passes as politics these days, you can parley that into county government. And that into state government. Assuming that you are good enough to learn the skills you need to make that trip. It can take you 6 - 10 years to go from city supervisor to state representative. Once enough people around you know who you are, you can chose to focus on local elections or national ones.

The starting point though is that in order for this to work someone with the idea of doing public service to serve the public and not their own interests has to step forward. Waiting for someone else to step forward has never been a good idea, either seeking out people and supporting their efforts or putting your hat in yourself are the workable choices.

> the speaker of the house cannot count on all of his own party's votes for that reason

This is diverging from your original point so I won't push it too hard... But you don't think this has more to do with the larger trend in GOP members of congress over the last few decades? There has been a pattern of primary challenges against moderates for some time; it did not start with the 2010 election, it was only slightly re-branded and allowed to have a majority after a 4 year hiatus.

I lobby against Hollywood by refusing to give them a thin dime of my money.

This paper barely even mentions music or movies, and its proposals are for going after foreign entities who steal intellectual property, such as R&D, to develop counterfeit goods.

This is less about going after little Timmy for downloading a movie and more to do with a Chinese firm stealing biotechnology secrets from a U.S. company to produce its own products.

I don't even care what the true intent of the lobby group is. Once in effect, the laws will hit little Timmys, perhaps with a little help of outspoken lawyers painting Timmy as evil as a Chinese spy.

The "three strikes" was intended for violent criminals, not little Timmy who smokes a joint with his friends. Guess how that turned out.

Did you read the paper or just the BoingBoing article? The part about the rootkit and active network defense referenced by the BoingBoing article come from chapter 13 of the paper, which deal with targeted cyber espionage attacks. If Timmy is the target of that section, then Timmy has bigger issues to deal with.

>and its proposals are for going after foreign entities who steal intellectual property

No it isn't. The proposals are for going after anyone who attacks American corporate/government systems, including Americans themselves. The report spends much time waxing philosophical on int'l contributions to IP 'theft' -- specifically China -- but nowhere does it restrict jurisdiction to foreign entities.

As laid out the commission seems to want broad application here that plausibly could allow use by consumer entertainment companies. The problem there is that while you don't think consumer entertainment seems important enough for companies to bother protecting, consumer entertainment companies do. So it while you'd only bother securing Important Research Co. with genius solutions like rootkit-as-a-feature, Big Music Corp. is going to do it to little Timmy's copy of a Biebz single.

Then why would Hollywood propose that with its own money about an issue it don't care about? Surly it won't mention movie download because it doesn't want to stimulate you. But it will screw you.

What gives you the impression that Hollywood is behind it? The BoingBoing article completely misrepresents what is in the paper, so I would not be surprised if they got that part wrong, too. Have you read it? It proposes protecting American companies from foreign entities stealing our technology and using it to develop products.

Here are the members of The Commission of the Theft of American Intellectual Property, the commission that authored the paper:

Dennis C. Blair (co-chair), former Director of National Intelligence and Commander in Chief of the U.S. Pacific Command • Jon M. Huntsman, Jr. (co-chair), former Ambassador to China, Governor of the state of Utah, and Deputy U.S. Trade Representative

• Craig R. Barrett, former Chairman and CEO of Intel Corporation

• Slade Gorton, former U.S. Senator from the state of Washington, Washington Attorney General, and member of the 9-11 Commission

• William J. Lynn III, CEO of DRS Technologies and former Deputy Secretary of Defense

• Deborah Wince-Smith, President and CEO of the Council on Competitiveness

• Michael K. Young, President of the University of Washington and former Deputy Under Secretary of State

Which of those is from the MPAA?

At this point, does it even matter? This lobby still has the backing of the entertainment industry, and it doesn't matter if it's stolen IP, trying to create an exemption for installing rootkits on remote machines is the entertainment industry's dream.

That is not what is being proposed by this paper at all.


Since there are few corporations that have a corporate interest in "freedom," then the money and resources have to come from individuals.

I'd disagree. The majority of corporations have a financial interest in freedom. Getting them to commit resources to any lobbying effort is the challenge.

Basic economic theory says you're wrong. Corporations don't have incentives to be good outside if their bottom line long-term, the only reason they occasionally do good is due to social or regulatory pressure. For the most part, corporations are going to do what's good for their bottom line without carrying about the long-term effects.

I'm not sure we need be this terrified. Gear-heads made similar claims about freedom as cars became more complicated and less user-serviceable. But you know what? While cars have their issues, and are indeed now more difficult to service, they have continued to get better- a lot better. The last totally user-serviceable cars were made in the 60's and early 70's. Many of the improvements come from improvements to manufacturing, but the sophisticated electronic control systems are integral.

Now, the internet is of course not an automobile. But my point is, batshit insane legislation aside, perhaps maintaining the maximum amount of freedom is not as valuable as we think? I'd hate to be stuck with late 60's cars.

Your analogy is completely flawed. Automakers aren't putting root exploits in vehicles that allow override by the government when it detects you're going to an "unauthorized" music dealer.

And are late 60's cars really that bad? There weren't any of the fallback mechanisms we take for granted, such as airbags, so people drove better. Styling is questionable, but many cars on the road look and drive like bloated, lifeless wagons. The cars were actually fun to drive...

Maybe I'm being romantic about 60's vehicles, but if you care to argue, please do so.

I probably wasn't clear enough, but I wasn't trying to compare cars to rootkits. I agree this rootkit thing is ridiculous. Rather, I was thinking about the general idea that ordinary Joes ought to be as worried about freedom as we are being.

Late 60's cars are not horrific or anything like that. But be realistic- the performance, longevity, emissions, driveability, and weight of engines have all come a very very long way, and in my personal experience a multitude of other characteristics have made leaps and bounds as well, such as suspension- though that is mostly just more sophisticated now, rather than more electronic.

I love old sports cars, and I love their soul. But if we are talking engineering, ground yourself- take a gander at this article: http://grassrootsmotorsports.com/articles/soccer-moms-reveng...

We should absolutely be more worried about digital rights and freedoms, because freedoms with your car are already pretty well secured. You can loan it to a friend, you can sell it, you're allowed to take it apart and mess with it on your own property, you can publish manuals on how to take it apart and mess with it without fear of legal action, the manufacturers aren't going to add a camera to watch your every move, etc.

And there's no equivalent of manufacturers selling a car such that it is impossible for you to swap out parts unless Microsoft has signed them.

In this increasingly digital world, many people are going to be totally beholden to Microsoft, Apple, et al in terms of what software they are allowed to install on their devices. In certain cases they are already constrained by the ideology of one provider. This should frighten you. And it's even more frightening that we can already legally prevent people from altering the software on their own device to make it behave as they wish.

In sum, your car is never going to refuse to take you to an adult bookstore, that's why it is different.

This analogy only holds if there's a corresponding improvement in engineering to come from giving up freedom on the Internet, which there is not.

I tried to be rational and then I got to the second paragraph of their own brief:

"The second and even more pernicious effect is that illegal theft of intellectual property is undermining both the means and the incentive for entrepreneurs to innovate, which will slow the development of new inventions and industries that can further expand the world economy and continue to raise the prosperity and quality of life for everyone. Unless current trends are reversed, there is a risk of stifling innovation, with adverse consequences for both developed and still developing countries."

Source: http://ipcommission.org/report/IP_Commission_Report_052213.p...

1. Their intellectual property is not being stolen, it's impossible to "steal" a digital file. Their rights are being infringed.

2. The major thing retarding development of new inventions and industries are the wealthy luddites digging their feet in and trying to extract as much as possible from actual innovators.

Yes, they might as well have thrown "... for the good of mankind..." in for good measure.

On another note, thanks for linking to the source material.

And ... won't someone please think of the children

The dinosaurs running the entertainment industry wouldn't know innovation if it smacked them in the face.

They are not idiots, at least not all of them. The're mostly the real-life example of Upton Sinclair's quote.

"It is difficult to get a man to understand something, when his salary depends upon his not understanding it!"

> "illegal theft of intellectual property"

Say what?

Such bizarre phrases make me seriously doubt the intelligence and education of the people who wrote this.

They are not stupid. This isn't a mistake. It's Dark Arts. They're trying (quite successfully) to attach the word "theft" to copyright infringement, so that people discuss it in terms of moral intuitions about stealing. 'cause if it is called "stealing" then it must be evil, right?

And they've been doing so for a long time. "You wouldn't steal a car" etc. were all about equating piracy with stealing from a shop or whatever.

Exactly. Funny though, now the obvious answer to "you wouldn't download a car" is "of course I would, just give me a big enough 3D printer!".

But they are petitioning for legal theft of control over your computer. I think they know what they are saying.

Wow, "The National Bureau of Asian Research", really?

Because every country strives to be more like Syria.

"MPAA told Congress that they wanted SOPA and knew it would work because it was the same tactic used by governments in "China, Iran, the UAE, Armenia, Ethiopia, Saudi Arabia, Yemen, Bahrain, Burma, Syria, Turkmenistan, Uzbekistan, and Vietnam."

Funny how all the countries listed here have a strong central government (too say the least), and the MPAA wants to replicate this balance of power in a more liberal context (ie in the hand of an economic agent). United Corporation of America, anyone?

So what's worse? When it's driven by people thirsty for power, or people thirsty for money?

Is there a difference? Isn't money just a means to power?

Equally for both you open the door for this one thing, it's hard not to open it for everything else.

Is it bad that the first thing that stood out to me was the mismatched quotation marks?

Thanks for ruining my day.

textmate spoils me

Let's let this proceed, then take anyone who supported it or voted for it and send them to the listed countries.

When do we treat this sort of nonsense as a threat, ala the Boston rapper. If I announced a business model of selling something for $0.99, but claiming its real value was $150K and then using the millions of dollars of "damages" to justify rooting through your computer, I'd have the police called on me. So why doesn't this extend to the real criminals in our society?

I doubt they'll get this, but they need to be kicked for even asking.

That's actually the fundamental problem in democracy - the assumption that everything is up for grabs if you win some popularity contest, and that there are no limits on how often you can ask. If I asked if I could do something horrible to you, you'd say no and move on. If I ask your government I just keep doing it until fatigue or human error on your part lets me win.

Lobbyists are a rootkit against democracy.

This has little to do with the entertainment industry. This is dealing with intellectual property such as research and development.

They are trying to protect U.S. companies from having their R&D stolen and used by foreign companies, calling for sanctions via the FTC and by amending the espionage act to go after those who steal trade secrets, for example. The whole paper is on protecting the innovations developed in this country from being copied by foreign entities without repercussions, and when viewed in this light, the proposals are not that crazy.

I recommend reading the paper directly, as the BoingBoing link completely misrepresents it.


The proposals that allow select private companies to deploy destructive software which would land other people in jail very quickly is that crazy. Notion that it is somehow OK to kidnap my property because somebody thinks I owe them some money is that crazy. We have courts and due process for that. We can see how they are abused by copyright trolls (see Prenda Law case, for example, but there are many more). I can't even describe how much more abuse will be invited if cyber-criminal tactics would be made legal for them. It is that crazy and more, and no amount of moral panic about supposed foreign spies who steal all our R&D can justify any of it.

Quotes from page 80:

"Informed deliberations over whether corporations and individuals should be legally able to conduct threat-based deterrence operations against network intrusion, without doing undue harm to an attacker or to innocent third parties, ought to be undertaken."

"he Department of Homeland Security, the Department of Defense, and law enforcement agencies should have the legal authority to use threat-based deterrence systems that operate at network speed against unauthorized intrusions into national security and critical infrastructure networks."

Apart from the proposal that starts "In the future..." and ends "The Commission is not ready to endorse this recommendation", that's as crazy as it gets.


edit: after reading the boingboing article I see it's about 20 words and two out of context paragraphs.

The first paragraph specifically states that "such measures do not violate existing laws on the use of the Internet." It is simply recommending this as a measure to protect corporate IP, not as something that should be changed.

The second paragraph is immediately followed by noting that such actions are currently illegal, and then recommending deliberation on whether it should be made legal.

I'm not a lawyer but I suspect locking somebody's computer up does violate the laws, as it is an unauthorized access to a computer system and a property damage.

>>> that's as crazy as it gets.

Not really. If you read recommendations on page 81, it does not explicitly endorses, but consistently hints at the law as inadequate in areas where it prohibits discussed offensive techniques. See "second" and "finally" parts where it does not explicitly says the mentioned tactics should be allowed but again strongly hints the changes in the law should be made, and implies allowing such methods are those changes.

Maybe we have a different understanding of how this would work. My understanding is that the malware would not be deployed to remote computers. Rather, the malware would be embedded in files that were never meant to be distributed outside of your network. You are either in possession of those files or not, and whether someone believes that you have them or that you owe them money is not really relevant.

The issue of IP theft is not simply moral panic. There are national security implications, as we saw in the Chinese attacks on defense contractors.

(Not that I believe that embedded rootkits would have been helpful or anything)

Thank you for pointing this out. I was looking for which specific entertainment firms to blame, and found "The National Bureau of Asian Research" instead.

Does it say anywhere how deployment would be restricted? Even if it's the case, it's both dangerous (I could easily imagine this getting deployed by accident because a contractor set it wrong) and one hell of a slippery slope.

Chapter 13 is about protecting against target cyber espionage, so within that context, it would seem that the malware would not be distributed.

So, rootkits are okay then...?

Rootkits are a thing. They're neither good nor bad. That value is supplied subjectively within different contexts, no?

Would I want the RIAA/MPAA to install rootkits in media files that are distributed to customers? Absolutely not.

Would I want the ability to install rootkits in engineering schematics and documentation that are never intended to be distributed outside of my organization and are only activated in cases where data theft has occurred? Absolutely.

I would also want the ability to shoot anybody I dislike at will, but make it so no one else would have this ability. But fortunately for our civilization, it is not rules by what I like. That's why if you suspect somebody stole a car from you, you can not just make it blow up - you have to call the police. If you suspect somebody stole a software from you, should you be allowed to blow up their computer? In the same vein, definitely not. In the light of abundant copyright abuse we are witnessing now, I am astonished to see anybody even considers this idea to be sane.

Based on your comment, I can see that you have not read the paper. The section with rootkits is about thwarting active, targeted cyber espionage. Organizations should have the right to protect files on their own networks by any reasonable means. They are not proposing a mechanism by which organizations would be allowed to distribute rootkits.

I certainly have the right to disable my car remotely if it is stolen. I also have the right to lock the doors and take pictures of the assailant who stole it and send them to the police.

I doubt you have the right to cut off the engine while the car is being driven. Also in the example cases you mentioned you have the right to do something with property that is legally yours. The problem comes in the fact that someone else's computer is not your property so no you should not be allowed to install rootkits and take control of their computer. The best example of what your talking about is DRM which is already legal.

Sending pictures to the police is not the same as disabling the whole system on the suspicion of illegal access. Especially that copyright trolls' opinion of which information belongs to them may be very different from anyone else's, to which we have seen a lot of evidence. So I wouldn't want to have my comp locked up because some media company decided it absolutely needs to install rootkit on my machine to watch some legit movie I paid for and later that rootkit thinks I've downloaded some files to which they hold copyright. I appreciate that they would like this power very much - as they probably would like the power to conduct searches without a warrant or imprison and fine people on mere suspicion, without tiresome process of trial. That would indeed make punishing criminals and fighting crime much easier. The only thing that prevents it is that people have rights, and I'd very much like to keep them, even if it inconveniences some companies a little. I'm not living for their convenience and at their pleasure, so they'd have to find some other ways to protect their interests.

I also have the right to lock the doors and take pictures of the assailant who stole it and send them to the police.

Wouldn't locking the doors effectively be kidnapping?

Is it kidnapping when doors lock in robbers during bank robberies? I believe that it would be covered under citizen's arrest common law and statutes. Generally, a private citizen has the right to make a warrantless arrest during or after the commission of a felony or during the commission of a misdemeanor.

A major problem with this is liability the first time this causes major damage to systems because the rootkit had a bug or because someone in your organization legally redistributed the data outside your organization, with approval, but without realizing the consequences.

Especially as it is unlikely this would affect serious criminals: If tech like this becomes common, then nobody sane would open stolen files without ensuring it was done in a self-contained environment and with software that ought to be unable to execute any of this crap. It will be trivial to stop for all but people who are unaware.

You are arguing a different point, but I do agree with you. I am not arguing that the ideas are necessarily effective. I am just pointing out that the BoingBoing article is wrong about many points.

Sure, I agree entirely. However, is that what's being advocated here, by parties concerned by such a thing? If so, the headline is incredibly misleading.

The headline is incredibly misleading. Please read chapter 13 of the paper.

>> But start infecting people's computers, and a portion of them are going to fight back. <<

I already fought back. I don't watch movies, nor TV. No cable, no Netflix, no movie theaters, no nothing. Fsck 'em.

You want to do the same? Stop watching their lowest common denominator tripe and read a book or make something up for yourself. When they have no money they'll go away. And what will we have lost? Wasted hours sitting in front of their junk.

I am much better entertained reading and writing on reddit and here. I don't open TV any more. Rarely go to movies. I probably only watch 5 or 10 Hollywood productions per year any more.

Fuck'em. They don't deserve our attention. I prefer a free culture of exchange to a centralized culture of consumption.

Are they also going to push for laws that mandate that all anti-virus software must ignore their rootkits?

And with secure boot in Windows 8, it will be harder for rootkits to remain undetected by hiding in the boot loader. Will the entertainment industry push for laws that force operating system vendors to provide back-doors for the official malware?

Unless Microsoft signs the rootkits purposefully.

No way ... MS can buy Hollywood with pocket change. Also the moment they sign something like that - no more business with enterprises and national governments. The integrity of windows and office is imperative for them.

Last time I checked MS was still in business.


This was done without MS active involvement. Microsoft signing a piece of code in wild that can subvert their own secure boot ... is something else entirely.

The point is that any company can sign a rootkit (for the price of $99) to run on windows machines with our without SecureBoot. The best MS can do is to revoke certificates of rogue companies but by then the damage could be done.

In fact, as that Wikipedia article points out, it was exposed by a Microsoft employee:

The scandal erupted on October 31, 2005, when Microsoft researcher Mark Russinovich posted to his blog a detailed description and technical analysis of F4I's XCP software that he ascertained had been recently installed on his computer by a Sony BMG music CD. Russinovich compared the software to a rootkit due to its surreptitious installation and its efforts to hide its existence. He noted that the EULA does not mention the software, and he asserted emphatically that the software is illegitimate and that digital rights management had "gone too far".

No it won't be harder for the entertainment industry to create rootkits. You just buy a proper certificate and sign it like any other driver developer. Secure boot does nothing to protect the users from the entertainment industry.

And if we remember what happened the last time that happened when an entertainment company deployed a rootkit. They made it much easier for unskilled malware writers to hide their work. And IIRC it wasn't trivial to remove the rootkit Sony deployed.

The copyright cartel these days is indistinguishable from the pirates they lobby against. In fact, I think I trust the pirates more lately.

I do trust pirates more. I get the media I want in whatever format that I want it. I get it on time, several minutes after it airs. There is no DRM on it so I can use it with my home theater setup without any complications even when my internet goes offline. All I want is a site that lets me pay a reasonable amount of money for a television show or movie and download it in whatever format I want with no DRM. I want to give the creators and the actors money, but I refuse to do it in a way that harms me, or my access to the material I bought for doing so. That is not going to happen anytime soon, so for now I continue to trust the pirates more.

Frankly, this might be the sort of kick in the ass people need to start writing more secure software. Who wants their software to be known as the MPAA's attack vector?

On the other hand, I suspect that the MPAA would be in for a world of hurt if they did this. They would not only be dealing with file sharing, but also a coordinated campaign by blackhats to take down their systems, boycotts organized by the EFF and the like, lawsuits from companies whose employees brought rootkit infected machines on the corporate network, etc.

Forget black hat; any sane person would organize attacks against the MPAA.

I know Anonymous is one of the prime offenders in this area, but I wouldn't be surprised if many on Reddit organized and attacked the MPAA's systems.

> blackhats to take down their systems

I'm pretty sure something like this would get the greys and whites involved too.

From the report:

> there are increasing calls for [...] that allows companies [...] actively retrieving stolen information

They are still living in the last century, and think that if somebody steals something from them they can take it back. They have yet to grasp what this 'digital media' is.

They grasp it alright, but they haven't figured out how to monetize it properly yet, especially compared to their established physical business model, which already has all the infrastructure in place, and they are trying to exploit to the very end.

1. Self publish a book 2. Wreck havoc in world's critical infrastructure while exempt from responsibility because there might be infringement going on. 3. Enjoy your brave new world.

I boycotted SONY because of this and have been free of their products for 6 years.

Now it seems that more companies want to learn a lesson the hard way.

When I read those excerpts from this report, I assumed it was written by some extremist lobbying group that doesn't have any real power. Then I read this statement from Congressman Mike Rogers (Chair of CHPSCI, House Permanent Select Committee on Intelligence):

“It is already clear to me that this report is going to make a very important contribution to the discussion about the grave danger that IP theft poses to our economic well-being. In particular, all should carefully read what the report has to say about Chinese economic espionage. I heartily agree that Congress and the Administration need to act quickly to help American companies defend the hard work and innovation that is the life-blood of our economy. That must begin with getting cyber information sharing legislation signed into law."


The report and Congressman's statement came out on the same day.

The cognitive dissonance involved in playing up the "Chinese economic espionage" threat while simultaneously supporting a move to legally make everyone's computers less secure is astounding.

When put in context, this is hardly surprising. His wife was recently the CEO and vice chairman of Aegis, LLC, and is now a high-powered lobbyist for Manatt [1].

Straight from her biography: ...she focused on business development and new-market-entry relationship building for Aegis LLC and the worldwide Aegis Group, drawing on her established global network of relationships with key stakeholders in U.S. federal civilian, defense and intelligence agencies, foreign governments and leading private sector companies to pursue and secure new business opportunities in Latin and South America, the Caribbean, the Middle East and Africa, and to land U.S. defense and intelligence contracts. [Ibid] (emphasis mine).

She presumably still has equity in Aegis Group.

Playing up the Chinese espionage threat plays well with her key stakeholder relationships, and making everyone less secure certainly opens up new market opportunities and brings more visibility to defense services.

Rogers' agenda is just to influence the legislative process to line his own pockets. Business as usual in Washington.

[1]: http://www.manatt.com/KristiRogers.aspx

Why should the entertainment industry get special treatment?

Local, state, federal police, IRS should install rootkits to monitor all transactions and activity, turn on audio and video capture from webcams.

Of course it's absurd and would destroy consumer trust of any device connected to the internet.

This is why I'm really hesitant about the Internet of Things. Can you imagine if some hacker got ahold of my toaster? He could burn my toast!

Or burn down your house for an immature laugh while ruining your life.

Ehhh, it would be ok as long as I still got my toast and coffee. I'm really grumpy in the morning without toast and coffee.

The movie and music publishing businesses are tiny compared to the telecom industry. It amazes me that they are able to get such proposals taken seriously.

This is beyond wacky in light of serious security threats from both organized crime and foreign governments. The same machines they want to root to check on your music and movies are used for serious work in industry and government.

And the general tech industry on top of that. I'm surprised there hasn't been a canada-style tax on media that 'legalizes' such downloading.

This does not surprise me. I currently am legally entitled to watch several dozen movies, and quite a few TV shows on iTunes, I suppose I've spent about £500 over the years. Here's the problem. I cannot transfer any of these legally purchased movies or TV shows to other platforms, I am held ransom inside a platform-specific eco-system apparently forever. I am a willing customer, I want to reward creators, but in return I am treated like a criminal by the entertainment industry. If there is one thing which is clear it is that the entertainment industry hate their customers.


> The Commission on the Theft of American Intellectual Property > With U.S. companies suffering losses and American workers losing jobs

Jobs. Translation: this is a PR piece.

> The Department of Homeland Security, the Department of Defense, and law enforcement agencies should have the legal authority to use threat-based deterrence systems that operate at network speed against unauthorized intrusions into national security and critical infrastructure networks

Huh? This includes national security now? Are they deliberately blurring the lines between pirating and national security? Why I think so.

> Informed deliberations over whether corporations and individuals should be legally able to conduct threat-based deterrence operations against network intrusion, without doing undue harm to an attacker or to innocent third parties, ought to be undertaken.

They want to legalize Sony's rootkit, but they want to do it right. Rootkits in the wild cannot be tamed, don't even go there.

> if counterattacks against hackers were legal, there are many techniques that companies could employ that would cause severe damage to the capability of those conducting IP theft.

You do something that the system thinks is pirating and your computer blows up. What could go wrong.

> ...The Commission is not ready to endorse this recommendation because of the larger questions of collateral damage caused by computer attacks

Ahh I see, they're reasonable after all! IOW, they want to make their rootkit legalization idea sound sane.

> Recommend to Congress and the administration that U.S. funding to the World Health Organization (WHO) program budget in whole or in part be withheld

At this point I want to punch someone in the face.

I can't read anymore.

At a past address, neighbors would leave a bundle of fresh green coconuts, and a few DVDs to back up, at my front stairs. This worked well; They'd get their DVDs backed up (hey, I didn't ask questions), I'd get my coconut water fix.

At my current address, I have access to my own coconut bundles by the dozen, but I still have to wonder, if this came to pass, imagine how many coconuts would I get for 'unlocking' and recovering the computers they would leave at my door due to MPAA 'stabilizing' their situations!

Put another way, like DVDCSS, this is just another minor annoyance to the technically inclined, and only serves to penalize the less-computer-literate, and enrich the people who do favors for them.

DRM lobby must have started smoking some heavy stuff. It's not enough that they insist that breaking DRM is illegal, now they want to make spyware DRM to be legal. True intentions revealed. The next - they must be deploying the Watchbirds.

Strong DRM means inherently weak security. DRM in your TPM means the weakest link in your system security is the low bidder on an MPAA RFP.

DRM by definition implies weakened security and privacy for the end user. DRM was never about security, it was always about satisfying their bottomless desire for control. DRM already has a history of using rootkits and etc. These lunatics just want to make it legal in order to create another protective legal wall around DRM (with current being DMCA).

I suppose this is about demanding extremes to have lots of room to negotiate in the inevitable following political negotiations. So they can be like - we didn't request the shoot-pirates-on-sight thing, we even gave up on the idea of rootkits, BUT we have to make stand on <insert real agenda>. Politicians will by their nature try to make compromises. So if you start by demanding what you really want you will lose it.

This is why I sometimes defend the people who want to abolish copyright. I don't think it would actually be optimal, but neither would it be a serious catastrophe, and by making the argument and convincing people of the plausibility of it you create a rational baseline from which to contextualize the naked batshit insane power grabs of industry executives.

The trouble with all of this is that it's ruining politics. The way you optimize social utility is for each side to negotiate in good faith and give up the thing which is more valuable to the other side than it is to them. But in a situation where each side has a veto on getting anything done, refusing to compromise is an extremely effective strategy for exactly as long as it takes the other side to mirror it, and then it becomes a high stakes game of chicken where everybody goes over the cliff unless both sides blink. Because a screaming contest is ineffective, but one side utterly and repeatedly capitulating to the other is even worse.

And that's the situation we're in until the extremists at the heads of these companies give up on demanding absolute control over everything.

This sounds like a Hollywood magic trick. Tarantino filmed a gruesome headshot to distract censors to get his desired version of Pulp Fiction into cinemas. This might very well be the same thing.

Before we blow-up this topic we probably should collect all the nasty parts hidden in the document and fight-off all of them at once.

And still people buy stuff from RIAA labels and similar organisations. I buy more music than all of my friends but I always check label and parent label affiliations with any of those anti-consumer organisations. But as long as people are usually buying everything without caring, they can do whatever they want.

It'll be just like the Kazaa days!


There is no way this will ever pass, this is the most ridiculous sounding proposed legislation I have ever heard. You think SOPA is bad if something like this were to ever be passed theoretically of course, you can bet the world would be a sad, dark place to live in.

There are consequences to this kind of thing and many things to consider. I mean imagine if hackers somehow managed to find a security exploit in the malware the entertainment companies are forcefully installing on peoples computers? Ransomware one minute, botnet the next.

"...you can bet the world would be a sad, dark place to live in."

I suspect $world = USA here. The chances of anything as daft as this happening in Europe are small. Some European countries already have taxes on blank media/contributions to copyright organisations. Australia and Canada had court action against Sony last time this was tried.

UK politicians do persist in trying to pass legislation allowing monitoring all communications in UK, but we all know how effective that will be.

US people to Congress: make it legal for us to share what we love

All this requires money to accomplish. (Lobbying, development, bribes, etc.)

I, for one, have begun to make efforts to -- legally -- contribute as little as possible to the bottom lines of these organizations.

Put it this way: I look at "Hollywood", and I see bunch of prima donnas (admittedly, amidst a sea of workaday "nonames") who want to root my system.

I'm significantly less inclined to purchase their wares, every time I'm reminded of this.

Then I go outside, and discover I've better things to do with my time, anyway.

I use only legitimate means to consume entertainment right now, but shit like this really makes me wonder why I should let them use my money to take away my freedoms.

So downloading copyrighted content makes you a "hacker" now?

That's hardly the point, which is that they can get Congress to bend over backwards for them. Since this piece of legislation is obviously absurd, they'll attempt for something pared down but clearly authoritarian with minimal (non-existent?) oversight.

At this point they're just flexing their muscle to see how much wiggle room they've got. A small part of me wishes votes on legislation were anonymous so our congress-critters would avoid the constraints of having to vote along party lines (and notably their campaign donors' wrath).

I can see where you're coming from regarding anonymous voting on legislation, but I'd definitely disagree. It's much more important in my opinion that our representatives are transparent, or else how do we know whether we want them to continue representing us?

It's true that campaign donors have too much influence over the success of legislators, but maintaining a representative democracy is far too important to lose in order to deal with that issue.

> campaign donors

I would dare to say this could be a contributing factor to the state of politics and law. Essentially, laws and regulations are bought by the highest bidder.

I think many agree with me that neither religion or money should have influence on direction of politics.

For the anonymity on legislation; No. Legislation, political- and judicial processes IMHO be 100% transparent.

I have heard that in Australia the word "rooting" is used to mean "f%%%%%%". So it seems quite appropriate when Sony say they want to "root" your computer :|

I haven't knowingly bought anything from Sony since their last rootkit debacle. I'm sure there's been media from them that I've consumed - but I've definitely avoided hardware purchases from them.

"Most people don't even know what a rootkit is, so why should they care about it?"


In other news, convenience store owners want the right to track down people they suspect of vandalizing their bathrooms and burn their houses down.

It is perfectly legal for the entertainment industry to deploy rootkits.

What you decide to put on your computer is up to you. If someone wants to put something in the software, the agreement is between you and them. So long as they disclose what they are doing, it's not like anyone reads the those agreement contracts on the internet.

A company that deploys rootkits, then survives class actions and angry consumers? Not likely.

AFAIK, Sony is still there: http://en.wikipedia.org/wiki/Sony_rootkit

This sort of thing is an externality, like pollution: it compromise rights of persons other than the companies' willing customers.

Suppose I don't have any Hollywood stuff on my PC, am I then immune from the poison-ware? Can you easily recover costs if you are falsely accused? People must remain unaffected unless they are successfully sued or convicted, in a court with proper procedures and evidence.

Hey, look, it's time for me to try linux again...

Sound like the entertainment industry is suffering from a severe case of walter mitty syndrome cased by to much watching of 24 they will be asking for their investigators for the right to use enhanced interrogation techniques ala Jack Bauer.

They will be dressing up in multicam and running round the woods pretending to be devguru operators with paint guns next.

I kind of hope this happens, just to increase the demand for real security. In the short term it would make things worse, but in the long run we'd end up with market pressure to give individuals control over their own resources (both protection from corporate control and from incompetent implementation).

Sandbox everything, in effect. I already have a dozen or so different VM's for different types of projects mostly because it's easier to reproduce environments that way, but if there was even a remote chance of something like this, I'd sandbox every untrusted app.

From the paper - "Recommend that Congress and the administration impose a tariff on all Chinese-origin imports, designed to raise 150% of all U.S. losses from Chinese IP theft in the previous year, as estimated by the secretary of commerce."

So... they want their people to pay for the crimes of others?

Given some of the rest of the logic behind this whole thing that one did not stand out as particularly idiotic.

I know this is not really about games and Im not sure this is actually related, but I'll offer it up in case.

Last night I went looking for info on the game Far Cry 3 Blood Dragon. I ended up on several forums and discovered something I found interesting. Turns out that the official legal version is plagued with various problems. But oddly, it seems that people who downloaded the leaked version are having no reported problems. I had a look at comments on various download sites, and yes there were some problems, but not many and they were normally about getting the cracked version to run, and these problems were quickly solved.

Now, while I accept that there would be an obvious difference between feedback from downloaders and customers, I do wonder if this happens a lot. And if the "pirates" are actually releasing versions of games, that actually work, while the likes of UbiSoft and Steam are angering paying customers with reportedly terrible support and poor product, why would any one in their right mind pay up? On top of that, it would seem that people who used "illegal" copies actually got quicker support that solved the problem from the users on the download site its self. Again, I can see the arguments and flaws there, but on the face of it, its madness.

What completely amazed me was the number of people saying they bought the game, it didn't work, they got no useful support, so they downloaded and played the pirate version.

If paying customers end up having problems, (say the root kit fails to install because for example it doesn't like your NIC, so you cant play the disk,) using other media, TV, Movies, etc, then they too would surely end up having to get their media in other ways. Then, experience would teach them to continue with other sources.

If this becomes any sort of trend, such businesses don't deserve to survive.

Why they just don't offer better service than pirates? If they made it easier to buy than to download torrent, maybe people would actually use it. If I were in their place I would make it payable with bitcoin transaction, which would be as simple as downloading torrent.

This is completely off-topic. Where in the entire IP Commission report did they mention anything about the entertainment industry?


Are there any congressfolk actually buying this specific report?

I could release reports all day long about how incredibly beneficial it is to eat my soufflé, but that doesn't mean congress is going to pass a "t0mcat soufflé protection act of 2013" bill.

I think what worries me the most is reading between the lines. As in, "we've already been doing this, it should work, please make it legal." Would be interesting if the bill had retroactive legalese.

Additionally, can consumers claim DMCA violations?

The only thing which explains things like this is that, somewhere in the entertainment industry hierarchy, people feel that they are being severely underpaid for their work. Which level do you think it is?

They're forgetting that their product is entertainment. It's something I like to use as a diversion from hum-drum daily life, but I don't require it. I can quit any time.

Co-Chaired by Jon Hunstman Jr. FTW!


I'm just worried that this has already happened and they are waiting for it to be legal before they flip the switch.

Next up: HTML5/browser-based rootkit?

You never know with W3C these days.

This was really unwarranted and unnecessarily provocative.

DRM in HTML5 makes the comment not just warranted, but a statement of the obvious. If that is provocative, then I say provoke.

if the camera catches a naked 8 year old, who will go to prison for taking a pedophile picture that the administrator will see?

yeah, like computers are used only to watch movies and listen to music.

This is more FUD for the pro-piracy crowd to get their panties in a twist over. The root kit is obviously an unrealistic idea though the network idea is a bit more realistic but I seriously doubt either will go anywhere.

This is our fault though. We have these companies that sell us digital recordings of media we want at a price they've chosen. We found a way to circumvent the buying process and get it free. This is simply not okay. We can debate how fair artists get treated, the price of media, and whether or not distributing copyrighted materials online is technically stealing all day long but in the end any rational person sees this is wrong.

So while we infringe on the copyright holders rights for years any time they try to take steps to curb this behavior (which is on a scale way larger than other types of black markets and impossible to ignore) we act shocked and appalled as if we've dont nothing to instigate it. Each time they fail to curb piracy they come back with an even more deplorable plan to stop it. In the end we're all losing, both the media companies and the consumers.

I still can't understand why anyone would think piracy is okay. I've done it myself but I know its wrong. Using reasons like region availability, pricing, and the usual copyright complaints to justify it dont make sense. They're usually all excuses for the person with "I should be able to get this on my terms because, uhh, freedom" syndrome.

Sometimes the complaints are legitimate but still don't excuse piracy. We've created this problem ourselves and the only way to stop it is to vote with our wallets. Piracy does not count as voting with your wallet. To vote with your wallet you have to be willing to live without the thing you desire or go to a competitor until the seller starts giving the consumer what they want. A black market is not a competitor and it undermines the goal of getting media companies to start making it convenient to buy their product at a reasonable price. Piracy just shows them we want what they've got but don't want to pay. The only way to compete with piracy is to shut it down which is impossible and leads us to crazy proposals like the one discussed here. But lets say HBO and Shotime both aired Game of Thrones. If HBO sucks at distribution and pricing consumers go to Shotime instead. HBO sees this and can't shut down Shotime so the solution is to get better at pleasing consumers.

My point is that you can't compete with a black market and this constant arms race to implement and circumvent anti-piracy measures will lead to a stalemate where we all lose. If we quit both pirating media and buying it, that would start leading to changes in a positive direction (for those of us who aren't just pirating to be cheap at least).

*Side note: unfortunately, getting media online has the potential to become VERY convenient but can never be as convenient as piracy as it'll always require a payment step but is that really so awful?

Would it also then become illegal to program software that would defend against such software rooting your machine and erasing things that goes against its views of fairness?

I'd like see them try to root my Gentoo box.

It would automatically be illegal to break this spyware (i.e. to defend against it) the moment the spyware itself becomes legal. Since breaking DRM is forbidden by DMCA. DMCA/1201 should be really repealed, as well as any such new idiocy pushed by the DRM lobby.

Remember when you couldn't watch DVDs on Linux? And then someone wrote DeCSS, which provided decryption of DVD for Linux users.

It'll be similar if this law passes. There's a binary blob for Windows and OSX. It's illegal to reverse engineer that blob. It's illegal to circumvent the need for that blob.

I guess we'll just have to use a VM then. They can "root" that all they want.

Of course, the blob would detect a virtual machine and refuse access to the content.

Actually, some games do that, as they interpret the existence of a VM or developer tools installed as an attempt to decrypt/reverse engineer the game's DRM. Which would be funny if it weren't so sad.

In a more modern version, VM just won't be able to support a hardware-assisted DRM conveniently preinstalled straight into your CPU or video card's firmware.

Hmm. This leads me to the idea. Why care for software rootkits when PCIe hardware may actively screw with the system? Considering MAFIAA already had success with enforcing HDCP on almost every modern video card out there...

I actually just read a book set in 2040 England where this basically happened, they'd created a system where if you tried to remove the hardware the CPU would be dissolved. The book was called "Pirate [something]" I can't remember the exact name but it had pirate in it...

The best I could do after a lot of searching (lots of books with pirate in the title): http://www.amazon.com/Pirate-Cinema-Cory-Doctorow/dp/0765329...

Your description sounds good. This book doesn't sound that good but it is future England, has to do with computers has pirate in the title.

That's it!

The book is okay, I was kinda surprised at how good he was at keeping the tech believable... still he mostly failed as authors who know little about tech do

Just about every Linux kernel version has had some root privilege escalation bug. So long as they can get some executable software on your system (perhaps not easy!) it's reasonable any such bug could be exploited, and voila, they can install a rootkit!

For an industry as fucking inept as the MPAA and the rest of the copyright cartel, I'd be absolutely floored if they managed to break into a Linux machine.

They have the money to pay people who can though!

But not the competence to identify them

Good luck for them breaking out of the VM their software would end up getting run in.

This is not as unlikely as you may think. All it takes is the right bug in a virtio driver, and they can go from vm-root to host-user, and assuming some level of competence they can go from host-user to host-root. Of course, you're welcome not to use any virtio devices, and you're welcome not to use hardware virtualisation support, but the performance of your guest will not be much to write home about.

Of course it is possible that they find holes, but I consider the odds that they will find holes like that early enough that countermeasures won't already be deployed in a situation where people have come to expect destructive actions from their software on a regular basis to be quite unlikely.

Also OS level virtualization is not the only protection worth using in a scenario like this. Sandboxing at the syscall level (restricting allowed syscalls and arguments substantially) is also highly useful, and if we start seeing a threat from apps that people are expected to intentionally install knowing that they pose a risk, we will see a lot more aggressive security work.

> Of course it is possible that they find holes, but I consider the odds that they will find holes like that early enough that countermeasures won't already be deployed in a situation where people have come to expect destructive actions from their software on a regular basis to be quite unlikely.

That's incredibly optimistic.

How so? People will be expecting their software to contain rootkits, and so there will be tons of people immediately analyzing any new releases.

Given that already when I last bothered with pirated software in the early 90's, serious warez traders were mostly only interested in software weeks before its scheduled release (it was not uncommon for unfinished versions of games to leak), which involved not just getting hold of the releases through leaks or hacking, but breaking any protection, and this would make up the first serious challenge for the warez scene in many years, and this will draw not just the warez scene, but security researchers, as well as a lot of "regular" developers like me who are fed up with these kinds of attempts, they are facing pretty much an army that will be dissecting every release.

Sure, some will slip through for some users, but every single instance will result in new counter-measures, many of which you can expect will cover as-yet undiscovered flaws in addition to just fixing specific issues.

E.g. a logical protection against attempts at attacking faulty filesystem permissions settings is to blanket ban access to the filesystem and whitelist specific files, specific directories, and sanity check all access to them.

For every loss, we will win more robust application sandboxing capabilities, and more people will be motivated to consistently make use of them.

I understand what you're saying, but so far Nintendo 3DS doesn't have any way of playing pirated 3DS games. (DS games are playable on a 3DS now). XBOX360 has some cracks, but these are complicated. Too complex for most people to bother with. PS3 is also too complex for most people. (I think, I haven't really looked hard for this.) I think even PS2 isn't trivial, although I could be wrong and I welcome corrections.

It bothers me. I'm probably wrong, but it feels like we have a bunch of sub-optimal OSs that have security kludged in as an after-thought, built on legacy hampered hardware, with a lot of concentration on "preventing people playing illegal content" (but also strictly controlling what people do with their legal content). There's a kind of arms race with pirates and anti-pirates competing on DRM schemes, and it feels like if all that effort had gone into better directions that we'd have 24 cores at 3.5 GHz and better threading with decent nice architecture.

And I know it's just marketing, and that washing powder (Whiter than white!) has been doing it for years, but being told that my content (which was sold to me as best quality available last time) is now being called garbage and I'm told I need to upgrade. In the past I didn't need to upgrade. I could keep my record deck and buy a CD player and rip those CDs to digital for my streaming media player. But in the future this is not going to be allowed. I'm going to have to buy an extra licence for family use.

But they don't have all the same bug.

Of course not. But it's easy to maintain a list of public bugs for different kernel versions and also a list of 0day bugs that may have been found, and then exploit the appropriate privilege escalation bug depending on the kernel version.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact