A Modest Construct

Tag: legal

The Ethics of Software Patents

rev. 15 April 2009; get the PDF

The laws that protect the creation of content are manifold and complicated—even byzantine. America has copyright protection, which applies to concrete expressions of information, trademark protection, which protects distinctive symbols or verbiage associated with a legal entity, and patent protection, which protects “(1) processes, (2) machines, (3) manufactures or (4) compositions of matter” and is perhaps the least understood of all the various kinds of intellectual property protection (Guntersdorfer, 2003).

The explosion of the Internet in the late 20th and early 21st centuries has thrown into stark relief both the legal problems associated with protecting content in a digital age as well as the ethical issues inherent in the existing process for acquiring official intellectual property protection and the rights afforded involved parties in a redress of grievances. Copyright law specifically has come into public consciousness primarily due to the popularity of filesharing: for all intents and purposes, the advent of modern filesharing was the 1999 arrival of Napster, a program which allowed anyone to exchange digital copies of music online, for free. Legal problems eventually forced Napster to shut down (Ante, Brull, Herman , & France, 2000), but its legacy leaves not only alternative modes of filesharing, but a whole host of new web-based content creation engines that toe the lines of fair use.

Read the full article »

No Comments by Ben  /  April 21, 2009  /  Posted in: general
Tagged: , , , ,

The Fugitive Game

The Fugitive Game: Online with Kevin Mitnick The Fugitive Game: Online with Kevin Mitnick
by Jonathan Littman
Publisher: Little, Brown and Company
Year: 1997
Pages: 416
See the rest of this year's listings
What is 52 Books in 52 Weeks?
№24

As someone who spends a lot of time reading computer and security news, I’m no stranger to Kevin Metnick. I did an entire paper on social engineering, in fact, and you just know that I at least mentioned Mitnick. If that name has passed too far out of the cultural zeitgeist for you to know, you can do a bit of background reading before continuing this review. In short, Kevin Mitnick was a famous hacker in the mid-90s who was eventually caught by the FBI and served about five years in jail.

There is much myth about Kevin Mitnick, some of it still continuing today, although the public has by and large forgotten about him. There’s the old yarn about how, as a teenager, he hacked his way into NORAD, eventually inspiring the movie Wargames; this, needless to say, is spurious and false.

You may be familiar with another book about Mitnick’s capture; entitled Takedown, it was written by Tsutomu Shimomura and John Markoff. The former is a mysterious security researcher / hacker / spook who somehow assisted in Mitnick’s eventual capture; the latter is a journalist who claimed to know all about Mitnick—that is, in the form of junk articles for the New York Times that more often than not perpetuated Mitnick myths or regurgitated exaggerated government nonsense about the extent of his crimes.

Reading the previous paragraph, you may get the impression that I don’t think very highly of Markoff, and it’s true that from what I know of his Mitnick writings, he seems something of a hack. The Fugitive Game is a book written by another journalist involved in the Mitnick case, one Jonathan Littman, ostensibly to (1) set right some common misconceptions about Mitnick, (2) ask some damning questions about the role of Shimomura and Markoff in Mitnick’s capture, and the dubious legality of their involvement at all; finally, (3) Littman brings to light a new view of Mitnick, based on extensive phone interviews when Mitnick was in hiding. For reasons of which I dare not speculate, Mitnick formed a strange bond with Littman, and was at times surprisingly candid with him. The Mitnick that Littman paints is a relatively harmless nerd, not motivated by profit, and though certainly prolific in the number of systems he penetrated, almost never guilty of the monetary damages that he’s accused of.

I was initially skeptical of The Fugitive Game; the first section, which sets context, introduces a number of hacker personalities, and basically paints the FBI as regulation-skirting doofuses, reads like a bad detective novel. The characters seem exaggerated, almost stereotyped. I narrowly avoided giving up on it, but decided to wait until the promised Mitnick/Littman phone interviews took place. The good news is that the story gets better; the bad news is that the book still fails to be particularly interesting, especially more than a decade after the fact.

Perhaps I’m just too millennial: reading a book about über-l33t h4ck3rz using “high-speed” 14.4Kb modems makes me both giggle and cringe, knowing full well that the readers of 2018 will shake their heads in horror at the thought of a 6Mbps ADSL connection Most of the hacking here involves the phone companies: wiretapping, stolen cell phone serial numbers, ISP hacking, &tc.

What’s most interesting about Mitnick is that, as Littman seems to stress, he’s not particular concerned with coding. He’s not really a programmer; Mitnick was most famous for his social engineering: he plucked phone numbers and likely passwords out of corporate dumpsters. He gamed telephone operators into giving up information. He used available tools, like the Berkeley Packet Filter to exploit unpatched vulnerabilities in the Unix systems of corporations and ISPs.

The Fugitive Game likely isn’t as dramatic as Takedown; Littman doesn’t seem particularly concerned with hyping Mitnick’s case. He spends a lot more time trying to flesh out Mitnick qua human being, and exposing the gross exaggerations related to his story. I can’t say that the much-anticipated phone interviews with Mitnick were anything to write home about, but I at least credit Littman for writing about Mitnick in a way that fellow computer enthusiasts can appreciate.

1 Comment by Ben  /  March 17, 2008  /  Posted in: general
Tagged: , , , , ,

Open Source Stupidity

The flame-wars between GPL and BSD proponents flared up again this weekend. Marcus Glocker, an OpenBSD developer, used GPLed driver code for the “bcw” driver (Broadcom wireless) he was developing, and which he had committed to OpenBSD’s public CVS server.

First, it’s important to note that GPL and BSD are not necessarily compatible licenses. GPL requires that modifications to the source code be made available, and it also requires that any project which uses it must also be open source. BSD does not. Therefore, in theory, Broadcom—a very nasty vendor—could take said code from OpenBSD’s CVS server, under the auspices of a BSD license, and include it in their own closed source, proprietary driver for Windows. This is not something that Michael Buesch, one of the original reverse engineers and copyright colder of the bcm43xx code (the Linux kernel driver), wanted to see happen.

Here is an excerpt from Buesch’s original e-mail to Glocker, which he also CCed to a number of other parties.

I, Michael Buesch, am one of the maintainers of the GPL’d Linux wireless LAN driver for the Broadcom chip (bcm43xx). The Copyright holders of bcm43xx (which includes me) want to talk to you, OpenBSD bcw developers, about possible GPL license and therefore Copyright violations in your bcw driver.

We believe that you might have directly copied code out of bcm43xx (licensed under GPL v2), without our explicit permission, into bcw (licensed under BSD license). There are implementation details in bcm43xx that appear exactly the same in bcw. These implementation details clearly don’t come from the open specifications at bcm-specs.sipsolutions.net or bcm-v4.sipsolutions.net.

[...]

We’d like to have this issue resolved. In general we are not against having a free (and BSD licensed) driver in the BSD operating system. But you _have_ to cooperate with us if you’d like to take our code and relicense it under BSD license.

[...]

We’d like to offer you to start cooperating with us. We respect you and your Copyright. You should also do so on our work.

We would not be opposed to relicensing parts of our code under the BSD license on an explicit case-by-case base. So if you ask “May I use this and that function” and if I own the Copyright on that particular function, I will approve or deny your request. Other Copyright holders of the bcm43xx code might act the same way.

We’re not out for blood, just for a fair resolution. We’d like you to start contacting us to resolve the issue now.

Have a nice day.

In immediate response, OpenBSD’s founder and #1 bulldog, Theo De Raadt, launched a verbal assault on Buesch for what he (deRaadt) viewed not only as a big to-do over a piffling issue, but a breach of personal conduct as well. deRaadt is a strange one to be moralizing about social niceties, however, considering that the Theo—despite being a brilliant programmer—has all the social grace of a rabid animal. That was, in fact, part of the impetus behind his forming a separate BSD distribution. But that’s not the point.

The point is that to read the mailing lists, you’d think it was Buesch on trial here; in fact, no one is on trial. Here are the salient points.

Two Linux teams develop a Broadcom wireless driver under strict “Clean Room” standards. This driver includes features that aren’t present in the official Windows driver. This driver is then licensed under the GPL, meaning that further modifications and uses must be licensed under the GPL, as well.

Marcus Glocker very apparently copies code from this GPLed driver, which he uploads to a public CVS server under the auspices of a BSD license. This driver was only in development, meaning that it hadn’t been distributed as part of any release, but insofar as it was on a public CVS server, it could have been copied at any time—including by Broadcom—and used, however illegitimately—under a BSD license. This is the crux of Buesch’s complaint. It doesn’t matter if Glocker was only studying the code or not.

The issue has nothing to do with which is a better license. It also has nothing to do with the relative merits of Copyright. De Raadt and his camp immediately leaped upon Buesch for enforcing his self-described “Copyright,” which is almost a non-entity in the BSD world. In fact, asking that the GPL be respected is hardly an overbearing enforcement of Copyright. It’s downright liberal, in fact.

The BSD camp has ragged about GPL Nazis and such, blaming them for causing the complete removal of the driver from the BSD tree. I’ve heard some suggest that Glocker has now given up development of the driver. This is not Buesch’s fault: he asked that he and other bcw43xx copyright-holders be approached about relicensing, and that GPL-licensed code not sit in a public BSD tree–he never demanded that Glocker stop work on the driver. Glocker should not have uploaded GPL code to the public server: it should have stayed on his machine until he was done studying it, if in fact that’s what he was doing.

deRaadt has ragged Buesch extensively about making a “public spectacle” out of the issue, instead of simply contacting Glocker privately. That could have worked, yes, but open source is all about transparency–not just in code, but in development process, as well. Buesch was not out of line in making this public, likely because he didn’t expect there to be such a furious overreaction to a relatively simple matter. Buesch was perfectly reasonable in his demands, and perfectly civil in his tone. Where does the problem lie? Theo “Fuck Tha GPL” de Raadt and some very touchy OpenBSD proponents.

2 Comments by Ben  /  April 8, 2007  /  Posted in: general
Tagged: , , , ,

**AA and BayTSP: Low Down Dirty Crooks

I could go on for pages and pages of complaints against Big Media and its fascist take on intellectual property rights and fair use. But this is a bit more specific: I stumbled upon a very interesting blog post about BayTSP, a company that monitors download swarms for bittorrent downloads ostensibly containing data copyrighted by their client. They then hand over a list of IP addresses to their client, who flexes its legal muscle to get a DCMA notice sent to the ISP associated with each IP address.

Here’s an excerpt from the blog post:

For my investigation, I wrote a very simple BitTorrent client. My client sent a request to the tracker, and generally acted like a normal Bittorrent client up to sharing files. The client refused to accept downloads of, or upload copyrighted content. It obeyed the law.

I placed this client on a number of torrent files that I suspected were monitored by BayTSP (For my own protection I don’t want to identify the torrents used for this research. I used the fact that NBC is a client of BayTSP to find trackers. If you want to check if BayTSP is monitoring a torrent, look for IPs coming from ranges in test.blocklist.org). Because the university’s information security office is very diligent about processing DMCA notices, I would be able to tell if the BayTSP folks sent notices based on this. With just this, completely legal, BitTorrent client, I was able to get notices from BayTSP.

Having gotten two completely baseless DCMA notices in the last few years, I’m even more angered now than I was before. Obviously, the **AA’s interpretation of the law is distinctly at odds with those of a sane person, and it misses the clue train once again: rather than leverage Bittorrent to its advantage, it seeks to ostracize BT users by reinforcing the all-too-common misconception that bittorrent = illegal p2p.

I use Comcast, which, despite some of its less-than-stellar qualities, doesn’t seem to care very much about this rubberstamped DCMA forms they get from Dan Glickman’s corpulent, œdematous empire.

3 Comments by Ben  /  February 9, 2007  /  Posted in: general
Tagged: , , , ,

Keith Olbermann: “Beginning of the End”

Keith Olbermann, the only talking head worth listening to, laments the loss of Habeus Corpos Habeus Corpus Habeas Corpus. (Below the fold).

Transcript here.

Read the full article »

7 Comments by Ben  /  October 23, 2006  /  Posted in: general
Tagged: , , ,

Do they give merit badges for prostituting yourself to a media conglomerate?

Boy Scouts in the Los Angeles area will now be able to earn a merit patch for learning about the evils of downloading pirated movies and music. [...]

The movie industry has developed the curriculum.

“Working with the Boy Scouts of Los Angeles, we have a real opportunity to educate a new generation about how movies are made, why they are valuable, and hopefully change attitudes about intellectual property theft,” Dan Glickman, chairman of the Motion Picture Association of America, said Friday.

…. Does this seem just a bit creepy to anyone else, or am I on my own here?

A few problems:

Allowing an industry to develop a curriculum is a recipe for disaster (or should I say “flop”?). I would no more allow the MPAA or RIAA to tell me about copyright than I would allow Exxon to tell me about alternative energy or Microsoft to tell me about “embrace and extend.” Remember, the MPAA’s the same organization that said you aren’t allowed to make backups of the DVDs you buy—if it gets damaged, you simply have to go out and buy another copy. Apparently, this sort of stricture is perfectly OK, but it strikes me as odd, given the Boy Scouts’ fear of homosexuals: apparently, getting fucked in the ass is only all right if it’s a litigious media conglomerate doing the mounting.

Glickman, ever stubbornly flogging the same dead horse, is right when he concludes that the attitude toward intellectual property theft needs to be changed—yes, by consumers, but just as much by the studios and the soulless abysses which represent them. I think people know the value of movies, and that is precisely the problem: certainly, they don’t seem to be worth buying anymore. At least, not when they suck, hard, and are available on digital media that was designed to give consumers the shaft.

The article goes on to that say that prospective badge-earners must also choose from a list of activities which include visiting a movie studio “to see how many people can be harmed by film piracy.” I love this, because I’m quite certain these children will be told that for every movie they download, some humble janitor or assistant to the assistant director will lose their job and return home, Bob Cratchit-like, to tell his starving family that there’ll be no Christmas presents this year—piracy has ruined the movie industry and it tireless, selfless constituents. No one will tell the Boy Scouts, of course, that the people who really care about piracy are executives whose salaries won’t be affected. The truth is that this tack by conglomerates to stem piracy with appeals to pathos is little more than people like Dan Glickman holding a pistol to some lowly worker’s temple and screaming that Dammit, if the piracy doesn’t stop, then Mr. Cratchit here gets it!

Dan Glickman is an asshole. And his merit badge isn’t worthy to wipe my ass with. Fín.

2 Comments by Ben  /  October 23, 2006  /  Posted in: general
Tagged: , , , ,
« Older Posts