Slashdot Log In
MPAA Forced To Take Down University Toolkit
Posted by
kdawson
on Mon Dec 03, 2007 09:05 PM
from the sauce-for-the-goose dept.
from the sauce-for-the-goose dept.
bobbocanfly writes "Ubuntu developer Matthew Garrett has succeeded in getting the MPAA to remove their 'University Toolkit' after claims it violated the GNU GPL. After several unsuccessful attempts to contact the MPAA directly, Garrett eventually emailed the group's ISP and the violating software was taken down."
Related Stories
[+]
Your Rights Online: MPAA College Toolkit Raises Privacy, Security Concerns 188 comments
An anonymous reader writes "The Motion Picture Association of America last month sent letters to the presidents of 25 major universities (pdf), urging them to download and install a 'university toolkit' to help identify students who were downloading/sharing movie files. The Washington Post's Security Fix blog reports that any university that installs the software could be placing a virtual wiretap on their networks for the MPAA (and the rest of the world) to listen in on all of the school's traffic. From the story: 'The MPAA also claims that using the tool on a university network presents "no privacy issues — the content of traffic is never examined or displayed.' That statement, however, is misleading. Here's why: The toolkit sets up an Apache Web server on the user's machine. It also automatically configures all of the data and graphs gathered about activity on the local network to be displayed on a Web page, complete with ntop-generated graphics showing not only bandwidth usage generated by each user on the network, but also the Internet address of every Web site each user has visited. Unless a school using the tool has firewalls on the borders of its network designed to block unsolicited Internet traffic — and a great many universities do not — that Web server is going to be visible and accessible by anyone with a Web browser."
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Full
Abbreviated
Hidden
Loading... please wait.
A new low has been acheived here on Slashdot... (Score:5, Funny)
MPAA don't fuck with my shit.
(And yes, I did attempt to contact them by email and phone before resorting to the more obnoxious behaviour of contacting the ISP. No reply to my email, and the series of friendly receptionists I got bounced between had no idea who would be responsible but promised me someone would call back. No joy there, either.)
Awesome.
Re:A new low has been acheived here on Slashdot... (Score:5, Funny)
One might almost say that the summary of the article is more informative than the article itself.
Parent
Re:A new low has been acheived here on Slashdot... (Score:5, Insightful)
Parent
i like the post article (Score:4, Insightful)
No, this is all just a joke. Really.
>I don't nor does the Slashdotters posting here except the rabid, fanatical F/OSS fanboys.
How can you assert that? Did you do a survey?
>This is not a victory.
Then tell us what it is.
>Silly kids, go trim your neck beards and worship Stallman some more.
How do you know "kids" are responsible for this? What backs up your suggestion that if they are kids that they are silly? How old do you think Matthew Garrett is? Go google it.
Maybe you should take a chill pill and leave this topic alone if you aren't interested in it. You are making baseless assertions just to try and stir shit.
You come across as a dumb ass.
Parent
Re:i like the post article (Score:4, Funny)
Parent
Re:Uuuuubunnnntttuuuuuuuu Correction... (Score:4, Interesting)
"The University Toolkit is essentially an operating system (xubuntu) that you can boot up from a CD-ROM. The package bundles some powerful, open-source network monitoring tools, including "Snort," which captures detailed information about all traffic flowing across a network; as well as "ntop," a tool used to take data feeds from tools like Snort and display the data in more user-friendly graphics and charts. "
http://blog.washingtonpost.com/securityfix/2007/11/mpaa_university_toolkit_opens_1.html [washingtonpost.com]
Parent
Chinese Translation (Score:3, Funny)
Re: (Score:3, Funny)
Re:A new low has been acheived here on Slashdot... (Score:5, Funny)
2. LiveJournal servers slashdotted to hell
3. ???
4. geekocalypse!
Parent
Re:A new low has been acheived here on Slashdot... (Score:5, Informative)
You missed the two screen shots. Essentially the post shows a "before and after" screenshot of the MPA University Toolkit page [universitytoolkit.org]. The before picture contains a link that the after picture doesn't: "Click Here to Download The Beta Version of the Toolkit"
There's also another link that links to a blog entry about the MPAA toolkit [washingtonpost.com] which, if you dive into the comments, explains the GPL violation. (Just search for GPL, it's easier than trying to find it.)
So not entirely worthless, and therefore not a new low, just meeting the same low standards.
Parent
Re:A new low has been acheived here on Slashdot... (Score:4, Funny)
You got 20 gil.
You found an MP3!
Parent
Re:A new low has been acheived here on Slashdot... (Score:5, Insightful)
Copyright laws do need to be changed to take reality into account, but the issue here is that the software is being distributed in violation of the license. Copyright law is just the "enforcement stick" of this license.
Parent
Duh (Score:5, Funny)
Re:Duh (Score:5, Funny)
Parent
Obvious retaliation (Score:5, Funny)
Explanation. (Score:5, Informative)
As TFS & TFA have little info, here's some background:
The MPA(A) released a Xubuntu derived livecd with a bunch of F/OSS tools to assist universities in monitoring their networks. *rolls*eyes*. More info about the software in this Washington Post article [washingtonpost.com].
Unfortuntately the CD as shipped contained no source & no written offer for the source, so was in violation of the GPL (and hence, the MPAA are in violation of various software author's copyright).
After several attempts to reach contact the MPAA, the ubuntu developer sent a takedown notice to the hosting ISP.
I hope he now presses for copyright violation - as he so elequoently says: MPAA don't fuck with my shit.
Re:Explanation. (Score:5, Interesting)
Parent
Re:Explanation. (Score:5, Informative)
Even if all you do is change a strcat(); line, you have to (at minimum) distribute that change's source.
Parent
Actually (Score:4, Informative)
Parent
Re: (Score:3, Informative)
Where that breaks is when you change the code (like they did with ncat), and then not distribute the changes in the form of a diff. That's not a minor "technicality:" that's the whole purpose of the GPL, is to require that if you make those kinds of changes you distribute your code changes.
Re:Actually (Score:5, Insightful)
Parent
Re: (Score:3, Informative)
You could argue that, provided you do nothing to hinder the user from accessing it, that providing a URL to somebody who hosts the code IS distribution.
That might not be the FSF's reasoning, mind you.
But, I'm quite sure that the court would at least hear the argument: "While we personally didn't distribute the source code, we made arrangements for the source code to be obtained free of charge on the Internet through a third-party."
In brief, you're m
Stop talking shit (Score:5, Informative)
You must distribute (or offer to) the complete source code corresponding to the binaries you distribute. The whole purpose of the GPL is that someone getting a binary can get the full source for the binary.
Parent
Re: (Score:3, Informative)
For the changed packages it would be interesting to know what the changes were, to the extent that can be determined without the source.
It would be interesting, I suppose, from an academic point of view, but it doesn't really matter. As long as they changed them, even the slightest bit, they're required to distribute (or offer / provide a method for users to obtain) the complete sources to the modified components -- specifically not diffs [gnu.org] -- or they're in violation of the GPL.
Even if all they did was change a few strings or customize an interface, they have to distribute the changed components in source form along with the binaries.
Re:Except in one scenario (Score:5, Insightful)
Parent
Re:Explanation. (Score:5, Informative)
So, it's not even a technical violation in the letter of the license, it's a legitimate violation of the spirit of the license. They are distributing a change to the code without source.
Parent
Re:Explanation. (Score:5, Informative)
There was also a page on the 'monitor' site that stated the software was released under the GPL, but I don't recall if it included a copy of the license itself. The MPAA code seemed to be kept separate and the license on that was unclear, however there were Java Server Pages distributed as binary only as well as some shell scripts and maybe some python (again, i don't remember).
Does anyone know of a mirror of the original ISO? I would like to look at it further but I deleted the one I originally downloaded.
Parent
Re: (Score:3, Funny)
Encouraging result (Score:5, Interesting)
Re:Encouraging result (Score:5, Insightful)
The delicious irony here is that the MPAA drafted the DMCA and were primarily responsible for pushing it through Congress.
Parent
Re:Encouraging result (Score:5, Insightful)
Parent
Re:Encouraging result (Score:4, Insightful)
It probably stings terribly to be spanked with a paddle of your own design and construction.
Parent
"Simple email" (Score:5, Informative)
Parent
Re: (Score:3, Insightful)
Re:Encouraging result (Score:5, Informative)
We're not talking about a "social-engineering" takedown, but about a takedown notice defined and authorized by federal law, and enforceable in any court in the land.
IMO, the takedown notice defined in the Digital Millenium Copyright Act is one of the few good things in that law. It says that if someone is publishing your copyrighted materials on the Internet, all you have to do is send a notice to the ISP, stating that the material is yours. The ISP is then *required* to take it down, or else be considered guilty of infringement. On the other hand, if the ISP does take it down, they are granted a "Safe Harbor" status, meaning that they're absolutely free of any liability for the infringement.
If something you've published on-line is taken down as a result of a DMCA takedown and it is not infringing, all you have to do is send the ISP a notice stating that the material is not infringing. The ISP can then put the material back on-line, without losing the "Safe Harbor" status. The system is set up so that the ISP doesn't end up trying to determine what is infringing and what is not.
Both the DMCA takedown notice and the counter-notice are sworn affidavits, meaning that when the issue goes to court any untruths in the notices can be prosecuted as perjury. So there's a strong disincentive for someone to issue a DMCA takedown frivolously, as it will cost the publisher almost nothing to get the takedown reversed, and may land the issuer in hot water. Likewise, there's a strong disincentive for a publisher of infringing materials to issue a counter-notice.
And, above all, the ISP who is caught in the middle is shielded from any potential liability, and doesn't have to make any attempt to adjudicate the ownership of the materials (which, obviously, no rational ISP would do anyway -- if in doubt they'd just take it down and leave it that way).
Parent
Re:Encouraging result (Score:5, Informative)
Once you violate the GPL, your right to distribute the licensed software is terminated. You can only start distributing it again if the copyright holder relicenses you to do so. In GPL violation disputes, the FSF have normally relicensed a distributer once they conform to the GPL's requirements - but this is not automatic, or written into the GPL.
From GPL v2:
"4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License."
There is no clause about reinstating rights under the license.
In other words - if any of the copyright holders in Xubuntu code insist, the MPAA can't ever distribute their software, even with source. IANAL, so I don't know if the courts would support this hard-line.
Parent
Don't think that's true. (Score:5, Insightful)
If you violate one of the GPL terms, your license to use the software is terminated. Fine. However, as long as the software is still being offered to anyone under the GPL, you can just go, conform to every part of the GPL, and use it again. You can think of it as one license being terminated, but then going and getting a new one; the GPL is an "infinite stack" of licenses: all you need to do to get a new one is to play by the rules.
There's nothing in the GPL that says 'if you violate this once, you're out for good,' although I'm not sure that would be an entirely terrible idea. But that license-termination clause doesn't necessarily imply that.
Parent
Re:Don't think that's true. (Score:4, Informative)
It does not refer to the right to modify or distribute a piece of software, it refers to the developer's decision to grant you that right. It's not an automatic right in copyright law, so it needs to be granted; without a license (that is, the developer's granting of this right), you don't have it. So if the developer decides to not allow you to do this anymore, you can't do anything: you can't "take a new license", because the developer simply isn't granting you this right anymore.
Now, of course, you might say that once you've been granted a right, the developer can't arbitrarily take it away again whenever it suits them. That's true. However, the restrictions to your granted right to distribute and modify is subject to are explicitely spelled out in the GPL, so you know about them right away; you know right away what you can't do and what will happen if you do it anyway.
So, yes, the GPL *does* say "if you violate this once, you're out for good" - unless/until the developer decides to grant you these rights again after all, something that is neither automatic nor guaranteed (even though most developers - notably, the FSF - will probably do so if you start complying with the license and show an understanding of why this is important).
Finally, allow me to say that you seem pretty confused about the GPL in general, anyway: you talk about a "license to use the software", yet no such thing exists. In fact, the GPL specifically does not apply to mere *use* of the software, and you do not have the accept it in order to do so. You don't even have to accept it to modify the software (at least in the GPLv2); you only have to accept it if you want to *distribute* the software, modified or unmodified.
Parent
He should also sue... (Score:5, Insightful)
for copyright infringement as well.
Now that would be poetic justice.
Re:He should also sue... (Score:5, Funny)
Parent
MPAA Pwned by DMCA Takedown Notice (Score:3, Funny)
Possible deterrent? (Score:5, Interesting)
"The MPAA/RIAA has distributed 1500 copies of my work. I offer that software at $50,000 per copy. They owe me 75 million dollars in damages!"
That's basically what they big media is trying to do to the consumers, isn't it?
Re:Possible deterrent? (Score:4, Informative)
(1) Except as provided by clause (2) of this subsection, the copyright owner may elect, at any time before final judgment is rendered, to recover, instead of actual damages and profits, an award of statutory damages for all infringements involved in the action, with respect to any one work, for which any one infringer is liable individually, or for which any two or more infringers are liable jointly and severally, in a sum of not less than $750 or more than $30,000 as the court considers just. For the purposes of this subsection, all the parts of a compilation or derivative work constitute one work.
$30,000 a pop ain't bad money if you can swing it. I'm not sure exactly what the result would be if you claimed "actual damages" on a zillion dollar price tag despite never having had an "actual sale." Judge might throw out the claim, I suppose. AFAICT, worst case would just be to get laughed at with the huge price tag and then just fall back to statutory damages instead.
Parent
Nomenclature, please (Score:5, Insightful)
If I may be a geek... (Score:3, Funny)
Re:aww... (Score:4, Interesting)
Parent
Re:aww... (Score:5, Funny)
Parent
Re:aww... (Score:5, Funny)
You wouldn't steal a car!
You wouldn't steal a baby!
You wouldn't shoot a policeman
and then steal his helmet.
You wouldn't go to the toilet in his helmet!
And then send it to the policeman's grieving widow.
And then steal it again!
Parent
Re:aww... (Score:5, Informative)
Parent
Re:No GPL Violation (Score:4, Interesting)
None of what this AC says is true. It doesn't matter if the MPAA never changed any code, the fact remains that they were distributing the code, changed or not. Now, if you want to distribute GPLed code, either you comply with the license and provide source code, or you find yourself just as guilty of copyright infringement as these people torrenting movies that they are so quick to prosecute. What happened was the latter. As for suing them for copyright violation, the fact that no one lost any money is also immaterial. There is such a thing as statutory damages, which would be at minimum US$750 for each copyrighted work thus violated, and could be as high as US$30,000. They would thus theoretically be on the hook for statutory damages for every GPLed package in the Xubuntu distribution, just like Ms. Jammie Thomas. There are hundreds of GPLed packages in Xubuntu... You do the math.
Parent