CMU Cuts off Net Access for 71 Students Over MP3s 523
PresOdent writes "Carnegie Mellon University cut off network access to 71 students who allegedly put some copyrighted mp3s on their sites on the university's computer network. The university said it discovered the copyright violations last month, when it conducted surprise inspections of student computer files at the order of the Recording Industry Association of America. Read the article from the Chronicle of Higher Education for more info."
The saga continues (Score:1)
Hmm.. (Score:1)
If another RPI student could verify this, it'd be appreciated. I know plenty of them cruise slashdot.
I hate the RIAA, but... (Score:1)
I thought Carnegie Mellon students were smarter than this
Steve Jackson Games Anyone?? (Score:1)
It's their network... (Score:3)
Who in their right mind shares illegal (I am assuming they were copyright infringing) mp3's without at least protecting them with a password???
Good (Score:1)
By the way, the complaint that inspecting publicly available files in invasion of privacy registers a zero on the cluemeter.
Sounds worse than it is (Score:1)
--neil
And? (Score:1)
Re:Hmm.. (Score:1)
--
Chris Dunham
http://www.tetrion.com/~chameleo/index.html
Good and Bad (Score:1)
But I think it could've been done better. Like an email to all students "we will be seraching the disks for any mp3's soon. This will be considered a violation blah blah." Then do it. Again and again. Not just to suddenly do it.
I also have a problem with the RIAA saying they will sue CMU. Again the idea that CMU must police its student's pages is not something I like. I would agree that the RIAA has the right to sue those students though.
And yes I know this will probably be an unpopular opinion in many regards.
-cpd
Par for the course (Score:2)
Wonder if other colleges will do the same (Score:1)
Just because the rule wasn't enforced before doesn't mean that they have to make an announcement before they decide to enforce it.
Nothing new at college. (Score:2)
At the University of Maryland, College Park, they have been cracking down (or trying to) on the distribution of MP3s and pirated software for years. Unfortunatly, their detection has been rather limited, since all they really look for are student machines using significant bandwidth, which, in of itself, isn't proof of wrong doing.
What you'll find on these college campuses, however, is a staff of people who enforce these "Acceptable Use Policies," and these staffs are usually made up of beaurocrats, and not techies. You are usually tried, convicted, and sentenced on even the most circumstancial of evidence. Hell, I know someone who got kicked out of Resident housing over LEGAL MP3s.
And when the more serious network intrusions take place, they do it based on your IP address. It doesn't matter if your machine is owned, your IP hijacked, or the address simply spoofed.
Basicly, there's a new kind of fascist in town. While they may not be smart enough to catch you, they may accuse you anyway and run you through. Be careful.
invasion of privacy (Score:1)
However this is a good example of what is going to happen in the future of computing and the future of privacy.
More and more there is a push for server side computing. Server side data storage, and server side everything. They keep all your information in various databases, yes even the portols do this. So when all your emila and all your files are kept on a remote server somehwere, who is there to stop them from telling you what you can store and what you cannot store? Maybe I have seen to many episodes of 'the net' but there may soon be a day when your whole life and all your info is on the web, and sys admins will always be able to access this information.
send flames > /dev/null
Re:I hate the RIAA, but... (Score:1)
However, if the sites that were taken down were anything more than "My First Home Page(tm)" the students can contest it very easily. Asking someone to remove potentially illegal material from one's site is one thing, but denying them access altogether is another. I'd like to see what it says in their "Terms of Service" file...
--
Chris Dunham
http://www.tetrion.com/~chameleo/index.html
Re:Hmm.. (Score:1)
Good for CMU (Score:1)
I've got no time for college kids running warez sites (albeit music warez not software warez).
What's really strange is that if they go to some lame copyright seminar they get a lenient punishment. This smacks of the kind of enforced education (I use the word loosely) increasingly popular in the US as a way of treating young people of apparent delinquent behaviour. Very odd. At UCL we lost our accounts, full stop, for serious breaches of the rules. If that meant you couldn't complete your CS course then you were in big trouble.
Oops, guess the RIAA is right this time! (Score:1)
What worries me a lot more than CMU is the fact that the RIAA is forcing colleges to monitor content for compliance with their "rules." Since when can the RIAA enforce laws? Especially since the article doesn't say whether the songs were ripped by those posting them (legal, as long as no one who doesn't own it downloads it!), or which songs were available. Hmm....
Re:Sounds worse than it is (Score:3)
I agree with you in principle. I am a CMU student who didn't lose network access. And I support the actions of Computing Services. If RIAA had to do it, the school's ass would be on the line.
What raised the ire of many of the students (and prompted the action of the Student Senate, and other groups [such as the Student Dormitory Council]) was the violation of Computing Services's own guidelines. By guessing passwords (even if they were easy ones), they were not observing their own privacy statements.
In addition, students with legal MP3s were shut off. Also, students did not receive advance notice, nor did they receive adequate explanations of the actions taken.
--
Max V.
I know what you mean (Score:1)
I think I'm going to turn someone though.
They have on their dorm door, "movies for sale or trade." So I think that they deserve to be smacked. Advertising that you have illegal copies of SouthPark, Star Wars, and others. Freshman are just too damn stupid.
Re:The saga continues (Score:1)
Illegal search and seizure? (Score:2)
Re:Wonder if other colleges will do the same (Score:1)
Take your 90 minute class and get some free webspa (Score:1)
"At the order of the RIAA"? (Score:2)
While what we did as students was not strictly legal, it was pretty damn harmless. I suspect the RIAA has made a great deal of money on each and every student who did this in college, as nearly all of us have no doubt moved on to buying CD's (and some of us going the extra step and ripping them into mp3 format for convinient access on our hard drives).
I don't approve of what the students did, especially if the files in question were in areas with public access, which being on a web page implies. If they were running warez sites for the world to steal from, then shame on them. But if they were simply exchanging files among themselves, for their own use, then shame on the university and the RIAA for swatting a fly with a sledgehammer.
I once considered making my mp3 collection available *to myself only*, via 128-bit encryption and password authentication, on my web page so I could listen to my music anywhere in the world, without lugging cdroms around. I opted out, as explaining that subtle but critical difference -- the difference between fair use and piracy -- is not something I wanted to do before a judge, especially with the extreme presumption of guilt when the phrase "made his mp3 collection available on a web page" is uttered. While these students probably weren't doing this, can anyone be certain based on the article as written?
No matter how one slices this story, one thing is clear. Even the limited privacy we enjoyed as students even a few short years ago appears to have been vastly more sacrosanct than whatever it is students have now (calling it privacy would be a farce of the worst kind, I'm afraid).
Shame on everyone. This is despicable.
hrm... (Score:3)
If I was the head of a univeristy I wouldn't listen to the RIAA, even if they threatened to sue, because they could only bring legal action upon the students. It would be like if I hacked slashdot and put up an mp3 ftp site. The RIAA couldn't prosecute Rob or Hemos. They would find an prosecute me. People are so afraid of the RIAA. If I were in their shoes I would only listen to law enforcement officials.
Re:Illegal search and seizure? (Score:2)
Network Access Revocation (Score:2)
It will take a little more work to make Piracy really safe for the windows users, but most of the time the people looking for piracy don't check out SMB shares anyway.
Speaking of making piracy safe, here is an interesting idea: use a daemon (using a random port selected at install time and automatic portscan detector) to create a network were each person's computer shares it's list of MP3s but only talked to their friends systems for everyday sorts of contact (well execpt for actually transmitting the MP3s). Sorta like an old BBS style network.. execpt with no global network map. This could go a long way to making it impossible to effectivly bust pirates. I mean they could always go after the one guy who was pirating a specifi thin (like a movie) but it would be uneconomical to just go take out the popular since every site would be equally popular and tere would be no way (short of DLing all the MP3s on the network) to KNOW that you had them all. just a though..
Jeff
Carnegie Mellon will never get away with this! (Score:2)
I once had a nightmare in which Carnegie Mellon University was free to usher in the beginning of a disrespectful new era of parasitism. There is absolutely nothing these foul-mouthed diabolic-types will not do to destroy their enemies. They will poke into the most secret family affairs and not rest until their truffle-searching instinct digs up some deplorable incident that is calculated to finish off their unfortunate victim. It is easy to see from the foregoing that I take seriously the view that just because you can do something does not mean it's okay to do it. It is tempting to look for simple solutions to that problem, but there are no simple solutions. I don't know when obscurantism became chic, but we can never return to the past. And if we are ever to move forward to the future, we have to indicate in a rough and approximate way the two snooty tendencies that I believe are the main driving force of modern Marxism.
I respect Carnegie Mellon University's criticisms, although it got into a snit the last time I pointed out that the truth of this is by no means limited to the field of general culture, but applies to politics as well. If there is one thing I have learned, it is this: you don't need to look far to see that Carnegie Mellon University continuously seeks adulation from its cronies. Apparently, some of Carnegie Mellon University's wishy-washy tirades are so self-contradictory, they're their own refutation. If a new Dark Age is about to descend upon us -- as many believe it will -- it will be the result of Carnegie Mellon University's writings.
After all, if we submit to Carnegie Mellon University's definition of "hexosemonophosphoric" and become unscrupulous, we have lost the war for self-preservation. Unsettling as that is, the more infuriating fact is that if Carnegie Mellon University is allowed to burn books, the implications can be widespread. I have just one word for Carnegie Mellon University: transubstantiatively. If saturnine ignoramuses can one day replace the search for truth with a situationist relativism based on acrimonious alcoholism, then the long descent into night is sure to follow. By now, we are all more than familiar with Carnegie Mellon University's unpleasant deeds. Let me explain. Outrage pounded in my temples when I first realized that Carnegie Mellon University wants to hijack the word "ultraphotomicrograph" and use it to destroy the values, methods, and goals of traditional humanistic study.
Carnegie Mellon University's stratagems have grown into an intemperate tapestry weaving together classical conspiracy theories of the 19th century and post-Marxian economics. It's my hunch that Carnegie Mellon University uses the term "theoanthropomorphism" with ostensible confidence that its meaning is universally understood. Notice the raucous tendency of Carnegie Mellon University's bons mots. This is kind of a touchy subject to some people. Speaking of abominable imbeciles, no one of any intelligence believes that anyone who resists Carnegie Mellon University deserves to be crushed. Human life is full of artificiality, perversion, and misery, much of which is caused by the worst types of immoral riffraff I've ever seen. And that's the honest truth.
Invasion of privacy? nah. (Score:2)
If you're a CMU student and want to rebel against it, just fill up your public_html with mp3's generated with dd if=/dev/zero of=bjork-its_too_quiet.mp3 or dd if=/dev/random of=foo_fighters-random_mumblings.mp3. Civil disobedience is mighty effective.
Remember though guys, music is copyrighted and if you're listening to something then you like it enough to buy it. Most of the professional musicians I know are scared of mp3 due to the massive piracy which currently occurs in that medium. I'm not an mp3 fan, but I'd like to see the format legitimized. Let's hope this kind of thing doesn't give the record industry excuses to charge me even more per disc.
Re:hrm... (Score:3)
FWIW, I'm an admin at a university, and I'd do exactly the same if one of our students posted MP3's on the web.
--
What's funny is... (Score:4)
Which is exactly what the RIAA wants, methinks.
Crypto FS anyone? (Score:2)
Disclaimer: this is in no way an endorsement for illegally distributing copyrighted material!
(talk about covering MY ass)
Eejuts! (Score:2)
I'm lucky and can have my Linux box on-line 24/7 from the comfort of my bedroom; nobody demanded my root password as a condition of providing this service so I think I'm fairly lucky. But I do know damned well the Computer Services people run probes on the contents of anonymous FTP servers and regularly look for other network `weaknesses' on students' boxes.
So I hardly think this is an invasion of anybody's privacy, only a few stupid students who didn't hide their illegal activities a bit better; playing the invasion-of-privacy card just doesn't work here. In fact they've only been cut off for the rest of the semester; pretty lenient all in all.
That is unrealistic. (Score:2)
Re:hrm... (Score:2)
Re:Network Access Revocation (Score:2)
CMU Article on Crackdown (Score:2)
http://www.cmu. edu/computing/cursor/fall99cursor.html#anchornetw
It seems that shared directories on the local university LAN were searched.
Were copyright laws broken? (Score:2)
I work for the networking department of my school, where I have a much faster computer than my own at home and a very fast link. So that's the computer I rip and encode my cds on so I can listen to music all day. Am I going to get fired because the filenames are publicly viewable?
I also often download mp3s -- the legal kind. Some of my favorite bands at least allow one or two mp3s to be freely distributed (often bootlegs). These files I'll even put in a publicly accessable directory. Will I get fired for that?
Sometimes I download my mp3s to my machine at home. This is over a modem line, so it's not always feasible, but I still sometimes do it. Is it illegal to distribute copyrighted material to oneself? I'm waiting for the day some power happy administrator with a sniffer is going to turn me in for breaking the backs of the poor exploited American musical artist through the horrible act of listening to and supporting their music.
So how many students at CMU were only distributing mp3s legitimately? How many of them simply only had their own mp3s, but weren't technologically competent enough to make them private? How far did the school go to locate these files, and in contrast how far did they go to prove that these files were indeed illegal? I'm afraid I didn't see any of these questions answered in the article. Are there any other sources of information?
logan
(eagerly awaiting RIAA to come to his school, though they probably have already)
Re:I hate the RIAA, but... (Score:2)
"The distribution of copyright protected materials is illegal and is in direct violation of the Computing Code of Ethics." "Users found to be distributing copyrighted music files will have their network connections revoked for not less than one full semester and may be subject to displinary action."[2]
1. http://www.cmu.edu/co mputing/documentation/unix/Policies.html [cmu.edu]
2. http://www.net.cmu.edu/docs/gui delines/reshall.html [cmu.edu]
--Siva (former CMU student)
Keyboard not found.
Re:Illegal search and seizure? Not. (Score:2)
>the public portions of 250 students' computer accounts". In no case, however, were system admins "illegally" searching through private
>computers.
And, if you had read the previous comments, you would have realized that the article was wrong.
All of the CMU students here (including myself) have pointed this out.
ALL of the searched computers were private - I'm not sure where the article writers got
the idea that 'student accounts' were checked.
The "illegality" issue is that Computing Services attempted to break people's passwords.
This is a violation of the CMU Computing Ethics code, if nothing else.
Re:hrm... (Score:2)
Re:I hate the RIAA, but... (Score:2)
Just because Your Favorite Artist sucks, doesn't mean it's RIAA's fault.
--
how many files were illegal? (Score:2)
Report from a Student at CMU now (Score:2)
CMU Cracking? (Score:2)
Several staff members went through Network Neighborhood by hand. Any machines that had open folders with names that appeared to contain copyright violations were checked. Passwords that are "obviously" intended for sharing (like "mp3") were checked. If there was a README that said anything like "My password is
A few students had only legal material, and when they pointed this out, their network access was quickly restored. Most of the students were only angry that they'd been caught.
This is a grey area, but the people who did the scan tried to make sure that they only went after people who were attempting to distribute music to people they might not know, which, if not illegal, is certainly a violation of CMU ethics.
As far as the passwords used, would you seriously argue that an ftp site wasn't open if the username and password were "ftp", and a README popped up before login telling you about this password? Passwords like "mp3" are the common way of saying "share and enjoy" around here, so it was considered public.
You Have No Privacy....Get Over It (Score:2)
I guess people always like to play the "P" card because they have a vague understanding of their Constitutional rights against illegal search and seizure.....by the governent on their private property.
Now, when one private entity--a corporation or university--owns a resource such as a network, you can kiss privacy goodbye. Court cases, like it or not, have clearly established that employers have the right to go through your corporate email at any time for any reason or no reason if they so choose--it's their network resources and they can do with them as they see fit. Now if the Feds show up in the company lobby and wanna go through the mail server logs that's a different story altogether.....that's where I say the Constitution kicks in.
The same rationale could be applied to these kids at CMU--a private institution. The university owns and operates the network, and grants the university community priveleges to use it, not rights. The university is responsible to ensure that its network resources are used in an ethical and legal manner, so it is perfectly within its rights to go through any area of the network and look at anything it wants to with no notice, except for private student PCs. Password protected or not, the files resided on a private network.
Reality is that the letter of the law and political correctness usually differ greatly. Public policy follows opinions in a democracy, and when opinions collide we end up in court. Does CMU have a PR battle ahead over this to win the hearts and minds of "violated" students and armchair rights activists chiming in on
I'm no fan of RIAA and their lawyers and scare tactics either....but they are doing what I'd expect them to do by aggressively protecting the cash flow of their artists.
Re:"At the order of the RIAA"? (Score:2)
Speeding is not without consequences, even on the freeway. Because you are willing to take the risk on yourself does not mean that I, as another driver on that road, have agreed to take on that added risk.
I, too, exceed the speed limit somewhat in my desire to get where I'm going, but if I get pulled over and get a ticket its just my own damned fault.
While I love free software and am very upset about patents and their effects on programming freedom, I totally support copyright in all of tis forms. It is up to an author whether or not to sell or give away their creation. When you copy and share, you steal. Period. It may be a small crime, but you knew you were breaking the law. You have to accept the consequences. "Everybody does it" is not an excuse.
"A patriot is someone who gets a parking ticket and rejoices that the system works."
-- Somebody clever whose name I can't recall right now...
Yet another reason to use Linux! (Score:2)
Use Linux, or any non-SMB FTP server for that matter, and you can leech to your heart's content.
What *REALLY* happened at CMU--article lied (Score:5)
The article said that people were putting up MP3s on Web sites. Uh, no. The university network administrations conducted a sweep of *Windows shared drives* looking for MP3s. Plenty of people have shared drives. Sharing a partition of your drive so that you can use it around campus (like listening to your MP3s in a computer cluster) is not equivalent to posting them to a Web site. Furthermore, the university deliberately broke into some of the computers they examined. Some of the shares were unpassworded. I supposed I can at least understand the university being upset about this, if the shares were obviously intended for public access. However, if CMU found what they deemed to be "dubious" computers, containing *passworded* shares with a name like "MP3", "MUSIC", they started running a password guesser on the computer until they got in.
Now, I can at least see accessing public shares. If they weren't designated as "for public use", that's one thing. But guessing passwords is unforgivable. Quite frankly, if I started trying to "guess" root passwords to the network administrators' computers, I'd be kicked off the network. Evidently, the fact that our computers happened to be connected to the network gives the network admins an idea that they have a right to break into our computers. They broke into some of our *privately owned* computers, into *passworded* segments of our computer that were obviously *not* public. This is blatently illegal, and the fact that CMU would do something like this at the urging of the RIAA disgusts me.
The news article was flat out wrong, and heavily biased toward the RIAA. I'm not impressed.
This sets a chilling prescedent. If I can say that some sort of content on a computer connected to my network is "dubious", then I would evidently have some sort of legal right to break in to private computers. This is, in my mind, not acceptable. If I have a share named "warez", can the university then legally break into my computer? What about one called "software"? What about one called "private project for MIT" (i.e. research not being done for CMU)?
Quite frankly, I hope the CMU network admins get sued under every computer trespassing law available. If CMU can do it (a traditionally level-headed place), *anyone* can legally examine your private computer.
Funny thing is.. (Score:2)
Re:Report from a Student at CMU now (Score:2)
Yes, it's their network...BUT... (Score:5)
1) These files were NOT on student websites. They were on students' own machines shared via Microsoft Networking.
2) Many of the computers found "in violation" had their shares passworded. However, CMU tried to guess passwords when it ran into them. So if they could guess it, they considered it public access.
3) The uproar is not so much about the school trying to reduce mp3 sharing over their network, but the manner in which they did it. The CMU Computing Code of Ethics [cmu.edu] clearly states, "Every member of Carnegie Mellon has two basic rights: privacy and a fair share of resources. It is unethical for any other person to violate these rights...On shared computing systems, all user files and directories are considered to be private and confidential. Only files which a user has explicitly made public (e.g., by placing in a "public" directory) should be considered open for general access. Accessing and using files in another person's directory when not expressly permitted to do so by the owner is a violation of that person's privacy" The Code further states "Loopholes in computer systems or knowledge of a special password should not be used to alter computer systems, obtain extra resources or take resources from another person". Clearly what CMU has done, by going into folders not marked as public and guessing passwords has violated their own Code of Ethics. That has gotten a lot of people pretty upset. They followed the rules but lost access anyway.
4. The students affected could reduce the time they lost network access by a few weeks by going to a stupid "education" seminar to hear why copyright infringement is bad, and then write some paper along those lines. I think those that did that get their access back on Nov 14, or something like that.
5. Computing Services sent out an email to the student body giving their side of the event. You can find the text here [cmu.edu].
an addendum (Score:2)
If you had a folder shared and they couldn't guess the password, if you said anywhere that you would give out the password upon request they killed your connectivity. Even if there was no copyright-infringing material there, but merely if it *seemed* that way! They simply assumed that there was if you said you would give out passwords like that. Of course no one would give passwords to Computing Services, so they couldn't check. For all the details check the Computing Services email message linked in my above post.
Re:What *REALLY* happened at CMU--article lied (Score:2)
You're not telling the whole story. Recall that the password "guessing" was very limited -- "mp3", "password" were tried... as were any passwords explicitly listed in shared, public README files.
If a password's listed in a file, or it's the folder name, or is another giveaway, it's clearly intended to be publicly shared. Remember that the default directory permission is: NOT shared, and that there are far more private ways to transfer files.
I just hope.. (Score:2)
CMU has a history of this. (Score:2)
I know several people who go there/have gone there, and have heard about their unofficial yearly student file check for illegal material. last year, there were quite a few software piracy busts. of course, this begs the question: "Is this a privacy violation?"
Re:hrm... (Score:2)
actually. if you hacked slashdot and did illegal things. rob and hemos would be responsable for stopping your. if they didn't do anything, they could be sued for your actions on their part.
their computers are their responsability regardless of who hacked into them.
if you are at a school and you are using the schools network you are under their law. the administration can trun your network off whenever they feel like it. its not your network. if you are using their network for illegal activities, it is the administrations responsibility to deal with you.
i am speaking from expirence. geffin (sp?) records put the smack down when i lived in the dorm, and the university disconnected me without a word. i was rather disturbed at the time, but they were within their right. i was pretty lucky no legal action was taken.
they are actually doing the students a favor. if they didnt stop them the riaa could easly have them arrested.
john
mp3s (Score:3)
If not, can I be arrested by hanging my CDs on my front porch if somebody then takes them and copies them? Um, shouldn't it be THEM that get in trouble?
This is going a bit far. Really, I think RIAA and software companies use the "warez"-scare just to inflate their prices ("our product is so expensive because bad people are copying and not paying for it").
Re:hrm... (Score:2)
I go to one of the largest public universities in the country, and at any given time, they have at least 50 lawsuits pending against them, probably many more. The threat is real. Don't count on universities to take a stand in this case. They almost never take a stand on anything.
You would think students at CMU would be smarter than this. Rule number 1: no mp3s on the web. OThey'll be taken down quickly. ONLY run ftp sites from YOUR computer. Rule 2: Don't suck more bandwidth than you can get away with. If you're bogging down an entire t3 line, people will start asking questions.
Re:What *REALLY* happened at CMU--article lied (Score:2)
Get over it (Score:2)
Network access in your dorm isn't a right---it's a privelidge. At virtually every university with dorm network access, in order to gain access you must sign a "contract" or at least agree to some sort of AUP. Pirating software (music included) is definate breaching of that AUP/contract. You pay the price. Period. It's a shame those kids didn't get reported to the RIAA or law enforcement. The problem is that large private universities want to avoid bad press in any way possible; "there certainly aren't any illegal activities going on at OUR campus... look over THERE!" say school officials.
I digress. There are RULES. The rules are there for a reason. You may disagree with the reason, but you still have to follow them or you pay the price. If you don't like the rules, talk to the people who make them. If you talk in large enough numbers, things change. That's how America works. Last I checked, CMU was in America.
(And don't even get started with the "well, people are going to pirate mp3's anyway, why should the school stop them?" because it's NOT the university's decision whether it's illegal or not; it's the federal government. Universities stop underage drinking on campus, stopping pirating is the same thing.)
-Chris
Re:"At the order of the RIAA"? (Score:2)
Yup, and as soon as the Artists call CMU and tell them to take their creations off the local network I will support that decision.
My problem with the RIAA and it's practices is the abuse of artists by the big 5 recording companies. Making them sign away their lifelong right to their own music and URL simply to get the foot in the door of a building that the RIAA (for simplicity's sake) has bolted shut.
When I have to chose between supporting what I see as immoral market actions with slightly illegal actions (made illegal by the same people who wish to control it), well, I think it's fairly obvious where I stand. This is the same moral market decision that has allowed me to install the same copy of Win95 on *gasp* three machines.
(Most of the streaming MP3's I listen to are either electronica/ambient/tech or from Phish, who have seen in thier wisdom that freely distributing live music is a GREAT way to promote a band)
Re:OH, GET REAL! (Score:2)
I agree totally and I would suspect that the courts would see it this way too, but I would like to hear from someone with some legal credentials.
So what can these people do about it? Can they sue or prosecute CMU for hacking into their systems? How dose one go about prosecuting these sorts of hacking attempts?
Also, is there anything we can do to encurage the victimised students to prosecute CMU? Or are there web sites to report hacking attempts to the athorities that will at least make life difficult for the people at CMU while they are investigated?
One last question.. Can someone post more information or links regarding the specifics of these hack attempts? Like maybe the names of the hackers, i.e. CMU IT personel who ran the passxword cracking program.
Jeff
Re:Yes, it's their network...BUT... (Score:2)
ok.
2) ...(in short, u said)...CMU guessed passwords, considered public
Not entirely accurate according to their email. They considered 'easily guessed' passwords and those that had passwords in readme files, or were freely given upon request, the same as public access. They did find systems that had mp3s and such, but with better passwords. Those they considered were there for legal, 'private' use.
3) ...(in short, u said)... CMU violated their code of ethics
No... If you read a little further you would have noticed this line under the 'System Administration' section: "On rare occasions, computing staff may access others' files, but only when strictly necessary for the maintenance of a system or in active pursuit of serious security or abuse incidents."
They were well within their rights to search the systems, whether password protected or not. The students have no grounds to complain about anything.
Re:What's funny is... (Score:2)
This gives me an idea for a great legal system hack that someone who really wanted to ``get them back'' could use. ``Find'' a kiddy porn site hosted at CMU.. and sue them. Nope, sorry, no common carrier status. That would be just wonderful.
This has given me another idea for a way to pirate legally.. by taking advantage of the common carrier status. Use a daemon to run network of moving files (not all MP3s). I would never know what I had on my system as that would change all the time and anyone could put files into the system, so I could claim common carrier status (since I have never erased anyhting) and there would be no logs to prove that any MP3s originatted from my system. I'm not shure how well this would work in practice since people might fill it up, but I suspect it would provide some legal protection.. especially if the files you actually use for yourself (i.e. not on the network because you dont want them randomly deleted) are kept on a partiation encrypted with a plausible deniability system (SegFS) AND there were probable legal uses for the system.
Jeff
Re:This is why I no longer pay for music (Score:2)
So someone who has a different value system than you is automatically a 'lame pirate' who needs to 'grow up'? It seems you might want to examine the logic behind his position before you flame it.
I rarely purchase music, now that I can listen to streaming mp3 sites, and radio stations all over the world I have no need to download MP3s or Pay for music in any fashion. Am I now a 'lame pirate' as well? Considering that most artists make their money from concerts, not from radio play or CD sales it's almost meaningless to the artist whether they sell CDs or not as long as they get a good concert turn out. Korn even posted Mp3s of their own songs on their website and were forced by their record label to remove them. How is this protecting Korns IP? The Recording industry is bloated and corrupt. The artists would do better releasing a couple of songs for free on Mp3 and then doing a tour.
Kintanon
read the Microsoft End User Agreement (Score:2)
The user agrees that Microsoft Corporation, TM, retains full use and ownership of all intelectual property enableled by Windows,TM, software, TM. Because of this property right overrides all others, we have made sure that nothing on your personal computer can be concealed from us, or anyone else. The term "Privacy", which sounds like piracy, as used by the popular press is a fiction and will not be found anywhere else in this user agreement.
There you have it surrender your creativity and consume! Microsoft and the RIAA, which sued the Girls Scouts of America for singing a copyrighted song around the capmfire, are birds of a feather.
Re:LOL at rationalization (Score:2)
First of all, if you listen only to net "radio" stations that have a right and license to broadcast all of the music they use, then great, no problem. However, if your are listening to streaming broadcasts of illegally distributed MP3 files, then you are just as guilty as the person broadcasting (at least for a moral, if not legal perspective).
Some of the other arguments are even more laughable though. The idea that only food, cars, etc can be stolen, is pretty funny. I mean, why should taking food count as stealing. It's way overpriced (just like software and music supposedly are), and people need food a lot more than they need music and software.
Or how 'bout the "I wouldn't buy it anyway, because I don't have the money" argument. This is just as funny. There are lots of things I can't afford, but that doesn't mean I can just take them if I want them. I would love to be able to talk to the people I know in England any time I feel like it, but I can't afford to. Since there's no way I would actually pay for all that phone time, it's OK for me to just steal it, right?
People get it through your head! Just because the reproduction cost of something is basically free does not mean you can justify stealing it.
Re:"At the order of the RIAA"? (Score:2)
Whether it is theft is hardly an excercise in rhetoric, unless all things equal all things in your world. Theft != Assualt != murder != copyright infringement. It is that simple.
The problem with the RIAA (and now the film industry) is that they are happy to redefine "copyright infringement" as "theft", even though legally, ethically, and semanticly they are not the same. Indeed, they often even go further, equating "fair use" (legally permitted) and "reverse engineering" (also legally permitted if you are trying to get something to interoperate with something else, such as, say DVD and Linux mentioned in another thread). Their purpose in doing this is to demonize those infringing upon the copyright, which includes just about everybody who ever taped a song off the radio, a television show with their VCR, or made a tape from their CD, if they *gasp* went so far as to share it with another.
Re:Yes, it's their network...BUT... (Score:2)
Okay, lets say I share a folder with MP3's...
If I make it publically accessible, that's fine for anyone to look at. I'm implictly granting copy permissions.
If I put a password on it, of any kind, be it easy or hard, I'm denying that permission. For a school to come into my system, basically hack it (guessing passwords is the oldest form of hacking), then they are breaking the law. Period. Criminal Trespass. Illegal Search (possibly). Definitly a rights violation.
I say, sue the shit out of the school. Or at least go wacko and shoot a few administrators (mainly a joke
---
User 'mp3' pass 'mp3' != password protected (Score:3)
Just because somebody puts a password of 'mp3' on their share does *not* mean it's classified as private/password-protected. This is a very typical and normal way of setting up MP3 shares on anonymous FTP sites or Windows shares and, in my opinion, is essentially the same as "public access."
Don't think of it as a crappy lock, think of it as a code-word required for entry that's general knowledge. If the students really were protecting their files, they'd have used a real password. Their intent was to set it up for public access, which tips the scales against them. I believe there is a legal definition for 'password protected', and the intent of the owner to restrict access is a requirement. This is not the case here.
like some other schools, this email should have been sent out before the event, so that the kids would not have publicly shared the stuff!
At my previous university, in order to get campus ethernet, you had to agree to terms and conditions that required, in part, compliance with copyright laws. This should have been adequate warning. Just because some of your l33t hax0r mp3 friends are doing it and not getting caught doesn't mean you won't get caught either. You will have a hard time finding any of those students that didn't know what they were doing was illegal.
Not to sound evil here, but the university can do whatever the hell they like with their network connections. They don't *have* to have any proof of wrong-doing to nuke a connection. If they were in fact overzealous in their efforts, they were no doubt trying to send a "message" to the rest of the student body that these things won't be tolerated. The students in question will probably have their connections restored in short order.
Re:Yes, it's their network...BUT... (Score:2)
Not quite.
Intent to restrict access is a vital point in any 'password-protected' defense against CMU's actions. By using a password of 'mp3' (which most people recognize as the password to use when attempting to access MP3 resources) or by placing the password in a README file, you are making it clear that you have no intention to restrict access to your MP3 files. For that reason, the data can be legally classified as 'public'.
As you say, "Period."
Re:"At the order of the RIAA"? (Score:2)
This is facile. It depends on who owned what you're sharing in the first place. Feel free to share anything you own. When you share property of mine without asking me or telling me, you are stealing. And I don't care if the law views it differently, I am talking about moral conduct here.
I think there is plenty of room for a philosophical debate about the nature of a duplicable recording -- how can it be stolen if the "owner" still has the thing? You've just made more of it. Is a copy of a thing the thing? This is metaphysics.
As a matter of practice, however, the whole of copyright law is based on the notion that the author of a text (or score, and by extension the more modern texts of film, broadcasts, and recordings of the same) can choose to reserve rights to that work; can choose to grant those rights in whole or in part. Unpublished works are protected. Published works are protected by copyright.
The point of this that the copyright holder is the sole entity with the right to assign those rights. When you copy and distribute, you are usurping the right of the creator because you feel like it. Criminal copyright violation is a felony and carries considerably greater criminal and civil penalties than would theft of a CD from a record store, which would be a petty misdemeanor.
In music these days, most artists are covered by ASCAP (in the US) or BMI (in the UK) minimum basic agreement (or better as negotiated by the artist or his/her agent) which grants certain specific rights to the record label for a certain period of time and certain rights to the artist. Amongst other things, these basic agreements specify terms for radio broadcasting of songs, so that indivdual radio stations don't have to enter into individual contracts with indivdual artists to play individual songs on the radio.
Now, if I publish a song and copyright it, I do so in the expectation that I (or contractually authorized agents) will control distribution of the song. When you copy it and give it to a friend, you steal that right (and in all likelihood, cost me money). If I publish a song and do not copyright it, or I grant specific permission for everyone to use it as they please, then fine. I don't then expect that control.
The courts have established a fairly consistent pattern when it comes to home recording. When a recording is of material legally purchased by you and that recording is intended for personal use, then it constitutes "fair use" and you may do so. Play it to others for profit, give it away to others, or sell copies and you are stealing (criminal copyright infringement).
As for the RIAA, they are the trade association of the recording industry. They act in the interest of their members (the record companies).
This is not a free-speech, free-software issue. This isn't even like the Linux CSS software debacle, which was about a boneheaded encryption scheme that locked out open-source software. But why does the entertainment industry want bonedheaded encryption? Because of a bunch people out there "sharing."
Look, we either live in a civil society or we live in a "bugger the hindmost" every savage for himself, take what you can get, screw your neighbor society.
Your choice.
Re:Stupidity (Score:2)
And made the data freely available and therefore not requiring a warrant to collect any proof.
... which are run off the CMU network.
"You want to kiss the sky? Better learn how to kneel." - U2
"It was like trying to herd cats..." - Robert A. Heinlein
You're looking at this the wrong way.. (Score:2)
Universities tend to turn a blind eye to this sort of thing, much to the charign of developers and other copyright holders, but I would *certainly* expect a university to follow up and do something about a legitimate and explicit complaint.
Get your quotes right (Score:2)
I believe the article explicitely said, "...at the behest of..." This is hardly the same thing. From the article, it appears that the RIAA sent a blanket letter to several dozen universities about the ongoing problems of illegal MP3 distribution. CMU, upon receiving this, decided to stop turning a blind eye to it and start enforcing their school policies against violating copyright laws.
We don't know the contents of those letters, but it surely wasn't anything specific. It probably outlined the RIAA's concern over MP3's and how common it was to find these things distributed from university ethernet hosts. CMU took the next logical step.
If I were a university, I would be more concerned with my image of harboring a bunch of l33t MP3/warez-trading kids in my dorms than being overzealous in my *internal* conflict/legal resolution methods.
Re:I just hope.. (Score:2)
I personally don't see anything wrong with MP3's until you burn 'em to a CD and sell them as your own. Up to that point you are using a transitory media, much too vulnerable to random corruption to warrant $1 a song pricing (especially using a windoze machine), which is more like listening to rebroadcasts on the radio than any other form of old media.
I could go on, but I like eating lunch, so e-mail me if you want the full treatise.
And, um, yea, like I have, a, uh, cooledge degrea.
More Points (Score:2)
On rare occasions, computing staff may access others' files, but only when strictly necessary for the maintenance of a system or in active pursuit of serious security or abuse incidents.
This was indeed a rare occasion and, at least to CMU, this was a serious abuse incident. People are quick to point out that CMU broke the rules, but being skeptical, I read the whole privacy statement and found this line. This line right here, which students (I'm assuming) agreed to as part of agreeing to policy, gives them the right to access those files as part of their 'sweep'.
I don't think it's a great thing, what CMU did, but I think people are directing attention away from the real issue which is that people were breaking the law and got caught. Yes, it's rather fascist and if the government did this to me (and who's to say they haven't already), I'd be in an uproar, but this is a private institution that runs a private network. If you break the law on it, damned if they won't bust your ass for it. People need to read all of the terms when they sign up, not just the parts that they think will let them get away with what they want on their own personal machines.
Guess what people. These students abused the system and the system called them on it by their own rules. There are 179 kids right now who aren't in trouble and are laughing at the other 71.
p.s. (because I've seen this a couple of times)
Borrowing CDs is not copyright infringement anymore than borrowing a book is. Copying a CD and giving it away (which is very akin to making an MP3 and distributing it) is copyright infringement, just like xeroxing a book and giving it away ain't legal, either.
Just thought I'd get that off my chest.
Re:But officer... it's true!!! (Score:2)
1:The officer won't care - I'd be willing to bet you won't be ticketed, you'll be arrested too. (I'd bet you're one of those morons who doesn't have insurance either, eh?)
2:The judge won't care how many URLS you throw at him, he'll throw several different law books back at you and your lawyer (and remember, "The lawyer who represents himself has a fool for a client").
3:The big guy named bubba you share your cell with won't care - he'll just thank you nightly for not paying your stupid car tabs.
Get real - you're violating state law in all 50 states. Just because you can find a frigging URL that says otherwise means nothing.
Ooooh, look who didn't do his research and is spouting off without any knowledge whatsoever. The URLs that Soldier listed are the URLs that lead to researched and proven legal precedent for lving in the US without any kind of state/federal registration. He's perfectly within EVERY law in EVERY state because the state laws don't apply to him in these specific cases because he has placed himself under the jurisdiction of a higher law which over rules those (more or less). There is no law which states you must specifically have a US drivers license to drive a car in the US.
Kintanon
Re:This is why I no longer pay for music (Score:2)
Oh? And why do they have to do that?
If the entire idea is to draw people to concerts so that the band can make money then the band just has to record a couple of the live concert versions and send them out for free. Voila, song is done. They make money from the concerts.
Recording studios are outdated. So is most of the recording industry.
Kintanon
Re:Yes, it's their network...BUT... (Score:2)
Complaining is like Jello. There's always room for more.
The point is I'm sure you could convince a judge otherwise. And even if not, you could be enough of a pain in the at that at the very least they'd think twice about doing it again.
I'm not saying it's right to pirate music, I'm saying it's wrong for anyone to do illegal things to you. It's a rights violation, damnit. They may have signed away that right, but that doesn't make it any less wrong!
Argh.. I shouldn't get drawn into these arguements.. my head is hurting.. argh.. need pizza...
---
Re:Yes, it's their network...BUT... (Score:2)
Were the shares they searched administrative shares?
(for the NT-unaware, and administrative share, is one that is at the root of every drive-letter, by default, on NT, anyone can use NET USE with the administrator password to gain access. Most savvy NT administrators delete these "hidden" shares after installation of the OS - but this subsequently can interfere with some applications)
I wish I had a nickel for every time someone said "Information wants to be free".
Compain to: fowler@andrew.cmu.edu (Score:2)
A few thousant emails should give him something to think about.
fowler@andrew.cmu.edu
Re:What *REALLY* happened at CMU--article lied (Score:2)
Its inadmissable, not to mention who would go after a copyright voilation if no money was made out of it and was just one person listening to a few tunes. Even the RIAA has better things to do.
Re:Yes, it's their network...BUT... (Score:2)
Its also impossible to know which MP3's are illegal and which aren't without an investigation. I may have lots of Who mp3s and I might just own every Who album. Ever hear of fair use?
"Yeah officer I stole that car radio, but the guy left his door unlocked!"
Re:Yes, it's their network...BUT... (Score:2)
Now if the sign said "Set my house of fire" with a gas can and a lighter next to it would that be fine too? Arson is still illegal regardless of how easy it is or if 'everyone else is doing it.'
Another thing everyone is forgetting is you have no idea what MP3's are legal or illegal without knowing what CD's or Tapes that person owns. MP3 transer also isn't illegal if the recipient keeps it for under 24 hours. Its called fair use.
2 wrongs certainly don't make a right.
Re:"At the order of the RIAA"? (Score:2)
Of come on now, spare me you self-righteous sanctimony. People do this constantly be it traffic laws, littering, 'stupid' local laws, trespassing, piracy, drugs, prostitution, curfews, etc.
What the first post of this thread really was about is, yes, the harmlessness of consumer piracy and how the litigation craze has become the net's inseparable partner. It will continue to happen until mama-cass-meteor smacks the earth and for the most part its beneficial. How many musical acts would be unknown if it wasn't for word of mouth and piracy? The grateful dead comes to mind here.
Selling pirated music is much more a crime because it actually DOES take money away from the rightful company. While giving your buddy a copy of something doesn't mean he was going out to buy it, in fact he might think its terrible and save himself 15 bucks.
If you're that naive and have zero-tolerance for software piracy than its just not the industry for you.
Re:Yes, it's their network...BUT... (Score:2)
I'd draw the line where the password ceases to be obvious. I'm not a regular MP3 trader, but I automatically know that 'mp3' is usually the password to use when I come up to an MP3 share. Beyond that, it's a gray area, and one I, as an admin, would not be willing to venture.
Re:"At the order of the RIAA"? (Score:2)
As it happens, the penalties for theft of a $25 something are far less than the potential penalties for copying a $25 something and giving it to friend. Criminal copyright infringement is a federal crime and a felony. $25 theft from your local Market-o-Mass-Media is a petty misdemeanor.
Believe it or not, there is a conception of right and wrong beyond the narrow confines of legalese. It seems to me right and proper that the creator of a work should have the right to control of the work. That's what copyright is about. The right to copy.
If you create something and wish to cast it into the wind, so be it. That's what the GPL is about: using the instrument of copyright to ensure that a work is and shall remain free.
My whole point (I had one when I started) is that this is not like the Linux DeCSS mess (where they did nothing AFAIK that would constitute a violation of US law; how sad they were in Norway if their laws make what they did illegal). This is not a free-speech issue (unless you are talking about the free-speech rights of the artists). This is not like the arguments against software patents.
There was a recent case where somebody wanted to use Dr. Martin Luther King's famous "I have a dream" speech in a television advertisement. This is something I would have held to be a grotesque debasement of one of the most important examples on rhetoric in this, or any other, century. Fortunately, Dr. King copyrighted all his speeches. The advertisers went to court arguing that it had been news, and therefore a matter of public record. The court upheld the copyright. Copyright good.
You may indeed be doing little or no harm when you copy a song and give it to a friend. If it stays at that level, it is unlikely to draw the attention of any law enforcement or corporate lackeys. But it is the same usurpation of the creator's rights as it would be if you did it on an industrial scale. It is simply a matter of scale, or degree. It is the same act. We convict someone of murder no matter if they kill one person or fifty. When you copy a song and give it to a friend you are acting as those advertisers would have acted if they had gone ahead and used "I have a dream" to sell a car, or some soap, or bottles of beer.
The placing of mp3s on public servers (and we didn't get enough detail on this story, so I am only assuming this is what they did), and then to argue fair use is like me copying your book 100,000 times and leaving the copies lying around and then trying to claim, "Oh, that's fair use -- those are all for me."
Re:LOL at rationalization (Score:2)
As far as I know all of the mp3s I listen to are legal as either I own them or the person who is streaming them owns them. Last time I checked letting someone else listen to your music for free wasn't illegal, and if it is I'd better throw away my speakers and get some headphones because my girlfriend has been illegaly listening to my music for months now....
Kintanon
Tell that Randal Schwartz... (Score:2)
area is not illegally breaking into a computer system and stealing private data? Tell that to Randal Schwartz, "just another Perl hacker and convicted felon".
Rahul.net [rahul.net] on Randal, Friends of Randal Schwartz [lightlink.com], Randal's Homepage [stonehenge.com], Tim O'Reilly on the prosecution of Randal [lightlink.com].
I'd say, sue CMU and see what comes from it.
© Copyright 1999 Kristian Köhntopp
Re:Yes, it's their network...BUT... (Score:2)
CMU is not, as far as I know, any kind of government agent - therefore though they may be guilty of breaking into computers, it is by no means "illegal search and seizure"
That is correct. Instead of 'illegal search and seizure' it's called 'Breaking and Entering' in most places when a private entity does something like this. Do you think CMU could raid your dorm without a warrant? They may be able to, but they shouldn't be able to.
Kintanon
Re:[OT]Re:This is why I no longer pay for music (Score:2)
If the only reason the band sounds good is because their music has been 'edited' in the studio then they don't need to be making music.
And if no one can listen to 24-bit digital music then what is the purpose of producing it? Selling music should NOT be a business, anymore than playing Baseball or Basketball should be. These are things people should be doing for fun, not for money. If people want to give the artists money then that's great. But having an 'entertainment industry' is just rediculous.
Kintanon
Re:Yes, it's their network...BUT... (Score:2)
For this reason (intent), these shares are not "private" resources. The owner of the share is either publishing the password in a README or he's using a known, public password specifically so the public can get access.
Re:Yes, it's their network...BUT... (Score:2)
When it ceases to be obvious.
If 'mp3' or 'guest' doesn't work, it's not obvious in my opinion. Either of these passwords is very common in the world of MP3 trading, and if I were the one doing the searches, I would try 'mp3', then 'guest', then I'd stop.
Think about this for a minute. If all someone has to do to avoid being identified (through legal process) as an MP3 distributor is place a 'mp3' password on their share, that's like giving them free reign to break the law. It's common knowledge that 'mp3' opens MP3 shares. It doesn't make sense to award shares set up in this fashion any more degree of protection or privacy than other public (but non-passworded) shares.
Re:Yes, it's their network...BUT... (Score:2)
Heh, you consult the lawyers and save me the $$$.
What?? (Score:2)
Additional ramifications of this assumption include (but are not limited to):
Video rentals. Why rent when you can buy, watch it, and return it within 24 hours FOR FREE?
Magazine sales. Buy a mag, read it, return it the next day. Consider that $2.99 a refundable deposit!
Fast reader? Why rent from the library when you can get a 24-hour rental from the book store?
Fair use has NOTHING to do with "evaluation" of a copywritten work. Fair use is meant to allow people limited reproduction rights for certain research and educational purposes and to grant certain exemptions for libraries.
An excellent web site that explains copyright and "fair use": http://fairuse.stanford.edu/ [stanford.edu]
Re:Yes, it's their network...BUT... (Score:2)
Yep. Here, 'guess' is synonymous with 'try'.
i.e. breaking into the computer!
No. Since when is it considered 'breaking in' when you 'try' to turn the doorknob?
If you set up some sort of marketing thing and have a web site that's password protected with a password like "money4you", and then proceed to parade that password across your superbowl commercials, in print, magazines, before movies, and every place you can think of with announcements saying, "Come visit our web site, enter the password 'money4you' on the correct page and get $50 off your next purchase!", are each of those people "breaking in" to the web site? They have to try ("guess") the password in order to see if it lets them in.
If you read CMU's computing policy
CMU's computing policy is nothing more than a POLICY for its *STUDENTS*. This carries absolutely NO legal weight WHATSOEVER except in that it can be used as justification for CMU to use disciplinary action should those policies be violated by a student. CMU cannot be legally held to these posted guidelines, but their students can (since their contracts with CMU regarding things like computing and network resources point specifically to these policies as guidelines the student must abide by).
What people seem to be objecting to is the *legal* ramifications of CMU's efforts. For that reason, you should be looking at the definitions as set forth in the laws themselves, not some stupid student policy set forth by the university. If you think CMU is evil because the university doesn't abide by the same rules they make their students abide by, fine, but that's another topic entirely.
Re:What?? (Score:2)
Obviously, you can't charge $$ for evaluating, so you won't see bookstores handing out copies of anything because they will lose money from losing that potential sale.
You can buy and return all the magazines you want, just make sure the store's return policy covers it. No copyrights to worry about.
I suggest YOU read the links you keep tossing out.