Forgot your password?
typodupeerror
GNU is Not Unix Your Rights Online

MPAA Forced To Take Down University Toolkit 292

Posted by kdawson
from the sauce-for-the-goose dept.
bobbocanfly writes "Ubuntu developer Matthew Garrett has succeeded in getting the MPAA to remove their 'University Toolkit' after claims it violated the GNU GPL. After several unsuccessful attempts to contact the MPAA directly, Garrett eventually emailed the group's ISP and the violating software was taken down."
This discussion has been archived. No new comments can be posted.

MPAA Forced To Take Down University Toolkit

Comments Filter:
  • Explanation. (Score:5, Informative)

    by Whiney Mac Fanboy (963289) * <whineymacfanboy@gmail.com> on Monday December 03, 2007 @09:12PM (#21567103) Homepage Journal
    Explanation.

    As TFS & TFA have little info, here's some background:

    The MPA(A) released a Xubuntu derived livecd with a bunch of F/OSS tools to assist universities in monitoring their networks. *rolls*eyes*. More info about the software in this Washington Post article [washingtonpost.com].

    Unfortuntately the CD as shipped contained no source & no written offer for the source, so was in violation of the GPL (and hence, the MPAA are in violation of various software author's copyright).

    After several attempts to reach contact the MPAA, the ubuntu developer sent a takedown notice to the hosting ISP.

    I hope he now presses for copyright violation - as he so elequoently says: MPAA don't fuck with my shit.
  • Re:Explanation. (Score:5, Informative)

    by faedle (114018) on Monday December 03, 2007 @09:23PM (#21567203) Homepage Journal
    The MPAA was distributing "modified binaries" of GPLed software without distributing, or offering to distribute under the terms of the GPL, the modifications.

    Even if all you do is change a strcat(); line, you have to (at minimum) distribute that change's source.
  • Re:Explanation. (Score:2, Informative)

    by Anonymous Coward on Monday December 03, 2007 @09:28PM (#21567255)

    Wait, last I checked, you merely had to tell people where to get the source.
    Common misconception at least with regard to GPLv2 because when it's done that way, FOSS authors often let it slide but strictly speaking it's a license violation. Quoting from GPLv2 section 3:

    3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following:

    a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,

    b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,

    c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.)

    Those are the _only_ options for distributing the source code. The GPLv3 is a bit more lax on this but v2 is very strict.
  • "Simple email" (Score:5, Informative)

    by ucblockhead (63650) on Monday December 03, 2007 @09:31PM (#21567293) Homepage Journal
    DMCA takedown notice is exactly the legal action you are supposed to take in these situations. It is not "social engineering". He has every legal right to do it.
  • Re:Explanation. (Score:5, Informative)

    by faedle (114018) on Monday December 03, 2007 @09:34PM (#21567321) Homepage Journal
    Additionally, it is my understanding they actually made some changes to ntop, and did not provide any instructions on how to obtain the changes.

    So, it's not even a technical violation in the letter of the license, it's a legitimate violation of the spirit of the license. They are distributing a change to the code without source.
  • Actually (Score:4, Informative)

    by p3d0 (42270) on Monday December 03, 2007 @09:40PM (#21567387)
    Even if you don't change a line of code, you still have to distribute (or offer to distribute) source if you're distributing the binaries.
  • Re:Actually (Score:3, Informative)

    by faedle (114018) on Monday December 03, 2007 @09:44PM (#21567415) Homepage Journal
    They actually are "distributing the source", granted via the Ubuntu package system. You could argue in court (and probably get traction with the argument) that you were obeying the "spirit" of the license agreement.

    Where that breaks is when you change the code (like they did with ncat), and then not distribute the changes in the form of a diff. That's not a minor "technicality:" that's the whole purpose of the GPL, is to require that if you make those kinds of changes you distribute your code changes.
  • by Michael Woodhams (112247) on Monday December 03, 2007 @09:47PM (#21567427) Journal
    No, the MPAA can't necessarily just reissue the toolkit with source code and suffer no further consequences.

    Once you violate the GPL, your right to distribute the licensed software is terminated. You can only start distributing it again if the copyright holder relicenses you to do so. In GPL violation disputes, the FSF have normally relicensed a distributer once they conform to the GPL's requirements - but this is not automatic, or written into the GPL.

    From GPL v2:

    "4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License."

    There is no clause about reinstating rights under the license.

    In other words - if any of the copyright holders in Xubuntu code insist, the MPAA can't ever distribute their software, even with source. IANAL, so I don't know if the courts would support this hard-line.
  • by _xeno_ (155264) on Monday December 03, 2007 @10:18PM (#21567607) Homepage Journal

    You missed the two screen shots. Essentially the post shows a "before and after" screenshot of the MPA University Toolkit page [universitytoolkit.org]. The before picture contains a link that the after picture doesn't: "Click Here to Download The Beta Version of the Toolkit"

    There's also another link that links to a blog entry about the MPAA toolkit [washingtonpost.com] which, if you dive into the comments, explains the GPL violation. (Just search for GPL, it's easier than trying to find it.)

    So not entirely worthless, and therefore not a new low, just meeting the same low standards.

  • by forkazoo (138186) <wrosecrans@gmai[ ]om ['l.c' in gap]> on Monday December 03, 2007 @10:19PM (#21567617) Homepage
    You don't really need "actual damages" because you can go for statutory damages. If you can prove willfull infringement, you can get 150,000 per offense. If you skip proving willfullness, I think this is the section that applies:

    (1) Except as provided by clause (2) of this subsection, the copyright owner may elect, at any time before final judgment is rendered, to recover, instead of actual damages and profits, an award of statutory damages for all infringements involved in the action, with respect to any one work, for which any one infringer is liable individually, or for which any two or more infringers are liable jointly and severally, in a sum of not less than $750 or more than $30,000 as the court considers just. For the purposes of this subsection, all the parts of a compilation or derivative work constitute one work.

    $30,000 a pop ain't bad money if you can swing it. I'm not sure exactly what the result would be if you claimed "actual damages" on a zillion dollar price tag despite never having had an "actual sale." Judge might throw out the claim, I suppose. AFAICT, worst case would just be to get laughed at with the huge price tag and then just fall back to statutory damages instead.
  • Stop talking shit (Score:5, Informative)

    by Chuck Chunder (21021) on Monday December 03, 2007 @10:26PM (#21567659) Homepage Journal
    You do not have to distribute "changes in the form of a diff", or "distribute your code changes" in particular.

    You must distribute (or offer to) the complete source code corresponding to the binaries you distribute. The whole purpose of the GPL is that someone getting a binary can get the full source for the binary.
  • by swillden (191260) <shawn-ds@willden.org> on Monday December 03, 2007 @10:42PM (#21567763) Homepage Journal

    but at the same time rather worrysome what a simple email to the ISP can do, even if it's for a good cause... A pile of court-issued takedowns might be a more impressive repellant against future violations of the GPL (or any other such license) than a pile of social-engineering-issued takedowns.

    We're not talking about a "social-engineering" takedown, but about a takedown notice defined and authorized by federal law, and enforceable in any court in the land.

    IMO, the takedown notice defined in the Digital Millenium Copyright Act is one of the few good things in that law. It says that if someone is publishing your copyrighted materials on the Internet, all you have to do is send a notice to the ISP, stating that the material is yours. The ISP is then *required* to take it down, or else be considered guilty of infringement. On the other hand, if the ISP does take it down, they are granted a "Safe Harbor" status, meaning that they're absolutely free of any liability for the infringement.

    If something you've published on-line is taken down as a result of a DMCA takedown and it is not infringing, all you have to do is send the ISP a notice stating that the material is not infringing. The ISP can then put the material back on-line, without losing the "Safe Harbor" status. The system is set up so that the ISP doesn't end up trying to determine what is infringing and what is not.

    Both the DMCA takedown notice and the counter-notice are sworn affidavits, meaning that when the issue goes to court any untruths in the notices can be prosecuted as perjury. So there's a strong disincentive for someone to issue a DMCA takedown frivolously, as it will cost the publisher almost nothing to get the takedown reversed, and may land the issuer in hot water. Likewise, there's a strong disincentive for a publisher of infringing materials to issue a counter-notice.

    And, above all, the ISP who is caught in the middle is shielded from any potential liability, and doesn't have to make any attempt to adjudicate the ownership of the materials (which, obviously, no rational ISP would do anyway -- if in doubt they'd just take it down and leave it that way).

  • by Kadin2048 (468275) * <[slashdot.kadin] [at] [xoxy.net]> on Monday December 03, 2007 @11:12PM (#21567969) Homepage Journal

    For the changed packages it would be interesting to know what the changes were, to the extent that can be determined without the source.
    It would be interesting, I suppose, from an academic point of view, but it doesn't really matter. As long as they changed them, even the slightest bit, they're required to distribute (or offer / provide a method for users to obtain) the complete sources to the modified components -- specifically not diffs [gnu.org] -- or they're in violation of the GPL.

    Even if all they did was change a few strings or customize an interface, they have to distribute the changed components in source form along with the binaries.
  • Re:Explanation. (Score:5, Informative)

    by andy753421 (850820) on Monday December 03, 2007 @11:28PM (#21568087) Homepage
    I would be really interested in seeing some data to back up this claim. When the toolkit was first released I downloaded a copy and checked the md5sums on both the ntop binaries and the snort binaries. Both corresponded to the binaries I downloaded form the Ubuntu server.

    There was also a page on the 'monitor' site that stated the software was released under the GPL, but I don't recall if it included a copy of the license itself. The MPAA code seemed to be kept separate and the license on that was unclear, however there were Java Server Pages distributed as binary only as well as some shell scripts and maybe some python (again, i don't remember).

    Does anyone know of a mirror of the original ISO? I would like to look at it further but I deleted the one I originally downloaded.
  • Re:Actually (Score:3, Informative)

    by faedle (114018) on Tuesday December 04, 2007 @12:06AM (#21568335) Homepage Journal
    That theory has never been argued in a court of law, AFAIK.

    You could argue that, provided you do nothing to hinder the user from accessing it, that providing a URL to somebody who hosts the code IS distribution.

    That might not be the FSF's reasoning, mind you.

    But, I'm quite sure that the court would at least hear the argument: "While we personally didn't distribute the source code, we made arrangements for the source code to be obtained free of charge on the Internet through a third-party."

    In brief, you're making a "Item 1" claim of violation. I'm stating that the "Item 2" violation would hold more weight with the court, and is considerably more insidious.
  • by Hyperspite (980252) on Tuesday December 04, 2007 @03:09AM (#21569295)
    Go to chillingeffects.org
    They watch this stuff. Here is a fun link for you though: DMCA Takedown For Professor Showing How Copyright Owners Exaggerate Their Rights [techdirt.com]
  • by Antique Geekmeister (740220) on Tuesday December 04, 2007 @03:55AM (#21569477)
    It's spelled "copyright", referring to your rights to make a copy, not how you write a copy.

    Congratulatons, you've learned something for tomorrow, too! (I don't normally bother about spelling errors on Slashdot, but this was actually a good point to remember.)
  • by Anonymous Coward on Tuesday December 04, 2007 @04:35AM (#21569691)
    Um, no. The GPL isn't an infinite stack of licenses where you can just help yourself to a new one every time you want; in fact, it seems that you are confused as to what the term "license" really means here.

    It does not refer to the right to modify or distribute a piece of software, it refers to the developer's decision to grant you that right. It's not an automatic right in copyright law, so it needs to be granted; without a license (that is, the developer's granting of this right), you don't have it. So if the developer decides to not allow you to do this anymore, you can't do anything: you can't "take a new license", because the developer simply isn't granting you this right anymore.

    Now, of course, you might say that once you've been granted a right, the developer can't arbitrarily take it away again whenever it suits them. That's true. However, the restrictions to your granted right to distribute and modify is subject to are explicitely spelled out in the GPL, so you know about them right away; you know right away what you can't do and what will happen if you do it anyway.

    So, yes, the GPL *does* say "if you violate this once, you're out for good" - unless/until the developer decides to grant you these rights again after all, something that is neither automatic nor guaranteed (even though most developers - notably, the FSF - will probably do so if you start complying with the license and show an understanding of why this is important).

    Finally, allow me to say that you seem pretty confused about the GPL in general, anyway: you talk about a "license to use the software", yet no such thing exists. In fact, the GPL specifically does not apply to mere *use* of the software, and you do not have the accept it in order to do so. You don't even have to accept it to modify the software (at least in the GPLv2); you only have to accept it if you want to *distribute* the software, modified or unmodified.
  • Re:aww... (Score:5, Informative)

    by l-ascorbic (200822) on Tuesday December 04, 2007 @07:09AM (#21570281)
    [citation needed] http://www.youtube.com/watch?v=MTbX1aMajow [youtube.com]
  • Re:Actually (Score:3, Informative)

    by jonbryce (703250) on Tuesday December 04, 2007 @09:11AM (#21571059) Homepage
    The GPL is quite clear on this

    You must do one of the following:

    a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,

    [with the further clarification that: "If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code."]

    b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,

    c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.)

    c) doesn't apply here because it is a commercial distribution. Also they don't have a three year contract with Canonical to host the source code, and in any case, they modified some of it.

    So, in summary, you must either host the source code on the same server as the binaries, have a contract in place to host the source code for the next three years, or make an offer to supply the source for no more than the cost of burning a CD and mailing it to you.

    There have been previous court cases on the GPL, and in every case, the courts have ruled that the terms are perfectly valid and enforceable.

The typical page layout program is nothing more than an electronic light table for cutting and pasting documents.

Working...