On Jan 19, 2012, at 6:44 PM, james@smithwaysecurity.com wrote:
You guys serous, when did the order come in to sezie the domain?
http://arstechnica.com/tech-policy/news/2012/01/why-the-feds-smashed-megaupl... has a good analysis; also see http://online.wsj.com/article_email/SB10001424052970204616504577171060611948... (which seems to be outside their paywall). What differentiates this from many of the earlier domain name seizures is that this is based on a grand jury indictment, not just an administrative decision by Immigration and Customs Enforcement. It may be heavy-handed or questionable, per the Ars Technica analysis, but as a matter of process it's about as good as you'll get.
Sent from my HTC
----- Reply message ----- From: "Ryan Gelobter" <ryan.g@atwgpc.net> To: "NANOG" <nanog@nanog.org> Subject: Megaupload.com seized Date: Thu, Jan 19, 2012 6:41 pm
The megaupload.com domain was seized today, has anyone noticed significant drops in network traffic as a result?
http://www.scribd.com/doc/78786408/Mega-Indictment http://techland.time.com/2012/01/19/feds-shut-down-megaupload-com-file-shari...
--Steve Bellovin, https://www.cs.columbia.edu/~smb
I would agree. They've dotted every i and crossed every t here. This will inevitably be followed by a prosecution of some sort and/or there's also scope for Megaupload to sue the USG for restitution. It'll be interesting to see how this pans out - especially wrt any safe harbor provisions in the DMCA for providers (which do have a provision for due diligence being exercised etc). Probable cause for seizure should have been easy to establish - no shortage of warez, cp etc on these free upload sites. On Fri, Jan 20, 2012 at 7:39 AM, Steven Bellovin <smb@cs.columbia.edu> wrote:
What differentiates this from many of the earlier domain name seizures is that this is based on a grand jury indictment, not just an administrative decision by Immigration and Customs Enforcement. It may be heavy-handed or questionable, per the Ars Technica analysis, but as a matter of process it's about as good as you'll get.
-- Suresh Ramasubramanian (ops.lists@gmail.com)
On Jan 19, 2012, at 10:07 PM, Suresh Ramasubramanian wrote:
I would agree. They've dotted every i and crossed every t here.
This will inevitably be followed by a prosecution of some sort and/or there's also scope for Megaupload to sue the USG for restitution.
It'll be interesting to see how this pans out - especially wrt any safe harbor provisions in the DMCA for providers (which do have a provision for due diligence being exercised etc).
Note this from the NY Times article: The Megaupload case is unusual, said Orin S. Kerr, a law professor at George Washington University, in that federal prosecutors obtained the private e-mails of Megaupload’s operators in an effort to show they were operating in bad faith. "The government hopes to use their private words against them," Mr. Kerr said. "This should scare the owners and operators of similar sites." And see 17 USC 512(c)(1)(A) (http://www.law.cornell.edu/uscode/17/512.html) for why that's significant. --Steve Bellovin, https://www.cs.columbia.edu/~smb
Er I'm sorry but do you mean joeschmoe@corp.megaupload.com type emails, or joeschmoe@hotmail.com type emails? If megaupload's corporate email was siezed to provide due diligence in such a prosecution - it would quite probably not constitute private mail On Fri, Jan 20, 2012 at 8:49 AM, Steven Bellovin <smb@cs.columbia.edu> wrote:
The Megaupload case is unusual, said Orin S. Kerr, a law professor at George Washington University, in that federal prosecutors obtained the private e-mails of Megaupload’s operators in an effort to show they were operating in bad faith.
"The government hopes to use their private words against them," Mr. Kerr said. "This should scare the owners and operators of similar sites."
-- Suresh Ramasubramanian (ops.lists@gmail.com)
I don't mean either -- I've only skimmed the indictment. But from the news stories, it would *appear* that they got a search or wiretap warrant to get at employees' email. I don't see how that would make it "not private". (Btw -- "due diligence" is a civil suit concept; this is a criminal case.) The prosecution is trying to claim that the targets had actual knowledge of what was going on. I do know Orin Kerr, however. He's a former federal prosecutor and he's *very* sharp, and I've never known him to be wrong on straight-forward legal issues like this. He himself may not have all the facts himself. But here are two sample paragraphs from the indictment: On or about August 31, 2006, VAN DER KOLK sent an e-mail to an associate entitled lol. Attached to the message was a screenshot of a Megaupload.com file download page for the file Alcohol 120 1.9.5 3105complete.rar with a description of Alcohol 120, con crack!!!! By ChaOtiX!. The copyrighted software Alcohol 120 is a CD/DVD burning software program sold by www.alcohol-soft.com. and On or about June 24, 2010, members of the Mega Conspiracy were informed, pursuant to a criminal search warrant from the U.S. District Court for the Eastern District of Virginia, that thirty-nine infringing copies of copyrighted motion pictures were believed to be present on their leased servers at Carpathia Hosting in Ashburn, Virginia. On or about June 29, 2010, after receiving a copy of the criminal search warrant, ORTMANN sent an e-mail entitled Re: Search Warrant Urgent to DOTCOM and three representatives of Carpathia Hosting in the Eastern District of Virginia. In the e-mail, ORTMANN stated, The user/payment credentials supplied in the warrant identify seven Mega user accounts, and further that The 39 supplied MD5 hashes identify mostly very popular files that have been uploaded by over 2000 different users so far[.] The Mega Conspiracy has continued to store copies of at least thirty-six of the thirty-nine motion pictures on its servers after the Mega Conspiracy was informed of the infringing content. (I got the indictment from http://static2.stuff.co.nz/files/MegaUpload.pdf -- while I'd prefer to use a DoJ site cite, for some reason their web server is very slow right now...) On Jan 19, 2012, at 10:48 PM, Suresh Ramasubramanian wrote:
Er I'm sorry but do you mean joeschmoe@corp.megaupload.com type emails, or joeschmoe@hotmail.com type emails?
If megaupload's corporate email was siezed to provide due diligence in such a prosecution - it would quite probably not constitute private mail
On Fri, Jan 20, 2012 at 8:49 AM, Steven Bellovin <smb@cs.columbia.edu> wrote:
The Megaupload case is unusual, said Orin S. Kerr, a law professor at George Washington University, in that federal prosecutors obtained the private e-mails of Megaupload’s operators in an effort to show they were operating in bad faith.
"The government hopes to use their private words against them," Mr. Kerr said. "This should scare the owners and operators of similar sites."
-- Suresh Ramasubramanian (ops.lists@gmail.com)
--Steve Bellovin, https://www.cs.columbia.edu/~smb
Interesting, going to do some more digging. -----Original Message----- From: Steven Bellovin Sent: Friday, January 20, 2012 12:07 AM To: Suresh Ramasubramanian Cc: james@smithwaysecurity.com ; NANOG Subject: Re: Megaupload.com seized I don't mean either -- I've only skimmed the indictment. But from the news stories, it would *appear* that they got a search or wiretap warrant to get at employees' email. I don't see how that would make it "not private". (Btw -- "due diligence" is a civil suit concept; this is a criminal case.) The prosecution is trying to claim that the targets had actual knowledge of what was going on. I do know Orin Kerr, however. He's a former federal prosecutor and he's *very* sharp, and I've never known him to be wrong on straight-forward legal issues like this. He himself may not have all the facts himself. But here are two sample paragraphs from the indictment: On or about August 31, 2006, VAN DER KOLK sent an e-mail to an associate entitled lol. Attached to the message was a screenshot of a Megaupload.com file download page for the file Alcohol 120 1.9.5 3105complete.rar with a description of Alcohol 120, con crack!!!! By ChaOtiX!. The copyrighted software Alcohol 120 is a CD/DVD burning software program sold by www.alcohol-soft.com. and On or about June 24, 2010, members of the Mega Conspiracy were informed, pursuant to a criminal search warrant from the U.S. District Court for the Eastern District of Virginia, that thirty-nine infringing copies of copyrighted motion pictures were believed to be present on their leased servers at Carpathia Hosting in Ashburn, Virginia. On or about June 29, 2010, after receiving a copy of the criminal search warrant, ORTMANN sent an e-mail entitled Re: Search Warrant Urgent to DOTCOM and three representatives of Carpathia Hosting in the Eastern District of Virginia. In the e-mail, ORTMANN stated, The user/payment credentials supplied in the warrant identify seven Mega user accounts, and further that The 39 supplied MD5 hashes identify mostly very popular files that have been uploaded by over 2000 different users so far[.] The Mega Conspiracy has continued to store copies of at least thirty-six of the thirty-nine motion pictures on its servers after the Mega Conspiracy was informed of the infringing content. (I got the indictment from http://static2.stuff.co.nz/files/MegaUpload.pdf -- while I'd prefer to use a DoJ site cite, for some reason their web server is very slow right now...) On Jan 19, 2012, at 10:48 PM, Suresh Ramasubramanian wrote:
Er I'm sorry but do you mean joeschmoe@corp.megaupload.com type emails, or joeschmoe@hotmail.com type emails?
If megaupload's corporate email was siezed to provide due diligence in such a prosecution - it would quite probably not constitute private mail
On Fri, Jan 20, 2012 at 8:49 AM, Steven Bellovin <smb@cs.columbia.edu> wrote:
The Megaupload case is unusual, said Orin S. Kerr, a law professor at George Washington University, in that federal prosecutors obtained the private e-mails of Megaupload’s operators in an effort to show they were operating in bad faith.
"The government hopes to use their private words against them," Mr. Kerr said. "This should scare the owners and operators of similar sites."
-- Suresh Ramasubramanian (ops.lists@gmail.com)
--Steve Bellovin, https://www.cs.columbia.edu/~smb
Well they did take down megaupload.com and the sister website mega video. But now with one of the worlds biggest websites down. Others will step up to take over Megaupload's place. Well maybe depending on trial etc. -----Original Message----- From: Steven Bellovin Sent: Friday, January 20, 2012 12:07 AM To: Suresh Ramasubramanian Cc: james@smithwaysecurity.com ; NANOG Subject: Re: Megaupload.com seized I don't mean either -- I've only skimmed the indictment. But from the news stories, it would *appear* that they got a search or wiretap warrant to get at employees' email. I don't see how that would make it "not private". (Btw -- "due diligence" is a civil suit concept; this is a criminal case.) The prosecution is trying to claim that the targets had actual knowledge of what was going on. I do know Orin Kerr, however. He's a former federal prosecutor and he's *very* sharp, and I've never known him to be wrong on straight-forward legal issues like this. He himself may not have all the facts himself. But here are two sample paragraphs from the indictment: On or about August 31, 2006, VAN DER KOLK sent an e-mail to an associate entitled lol. Attached to the message was a screenshot of a Megaupload.com file download page for the file Alcohol 120 1.9.5 3105complete.rar with a description of Alcohol 120, con crack!!!! By ChaOtiX!. The copyrighted software Alcohol 120 is a CD/DVD burning software program sold by www.alcohol-soft.com. and On or about June 24, 2010, members of the Mega Conspiracy were informed, pursuant to a criminal search warrant from the U.S. District Court for the Eastern District of Virginia, that thirty-nine infringing copies of copyrighted motion pictures were believed to be present on their leased servers at Carpathia Hosting in Ashburn, Virginia. On or about June 29, 2010, after receiving a copy of the criminal search warrant, ORTMANN sent an e-mail entitled Re: Search Warrant Urgent to DOTCOM and three representatives of Carpathia Hosting in the Eastern District of Virginia. In the e-mail, ORTMANN stated, The user/payment credentials supplied in the warrant identify seven Mega user accounts, and further that The 39 supplied MD5 hashes identify mostly very popular files that have been uploaded by over 2000 different users so far[.] The Mega Conspiracy has continued to store copies of at least thirty-six of the thirty-nine motion pictures on its servers after the Mega Conspiracy was informed of the infringing content. (I got the indictment from http://static2.stuff.co.nz/files/MegaUpload.pdf -- while I'd prefer to use a DoJ site cite, for some reason their web server is very slow right now...) On Jan 19, 2012, at 10:48 PM, Suresh Ramasubramanian wrote:
Er I'm sorry but do you mean joeschmoe@corp.megaupload.com type emails, or joeschmoe@hotmail.com type emails?
If megaupload's corporate email was siezed to provide due diligence in such a prosecution - it would quite probably not constitute private mail
On Fri, Jan 20, 2012 at 8:49 AM, Steven Bellovin <smb@cs.columbia.edu> wrote:
The Megaupload case is unusual, said Orin S. Kerr, a law professor at George Washington University, in that federal prosecutors obtained the private e-mails of Megaupload’s operators in an effort to show they were operating in bad faith.
"The government hopes to use their private words against them," Mr. Kerr said. "This should scare the owners and operators of similar sites."
-- Suresh Ramasubramanian (ops.lists@gmail.com)
--Steve Bellovin, https://www.cs.columbia.edu/~smb
I can only imagine the bloodbath this will cause.!! -----Original Message----- From: Steven Bellovin Sent: Friday, January 20, 2012 12:07 AM To: Suresh Ramasubramanian Cc: james@smithwaysecurity.com ; NANOG Subject: Re: Megaupload.com seized I don't mean either -- I've only skimmed the indictment. But from the news stories, it would *appear* that they got a search or wiretap warrant to get at employees' email. I don't see how that would make it "not private". (Btw -- "due diligence" is a civil suit concept; this is a criminal case.) The prosecution is trying to claim that the targets had actual knowledge of what was going on. I do know Orin Kerr, however. He's a former federal prosecutor and he's *very* sharp, and I've never known him to be wrong on straight-forward legal issues like this. He himself may not have all the facts himself. But here are two sample paragraphs from the indictment: On or about August 31, 2006, VAN DER KOLK sent an e-mail to an associate entitled lol. Attached to the message was a screenshot of a Megaupload.com file download page for the file Alcohol 120 1.9.5 3105complete.rar with a description of Alcohol 120, con crack!!!! By ChaOtiX!. The copyrighted software Alcohol 120 is a CD/DVD burning software program sold by www.alcohol-soft.com. and On or about June 24, 2010, members of the Mega Conspiracy were informed, pursuant to a criminal search warrant from the U.S. District Court for the Eastern District of Virginia, that thirty-nine infringing copies of copyrighted motion pictures were believed to be present on their leased servers at Carpathia Hosting in Ashburn, Virginia. On or about June 29, 2010, after receiving a copy of the criminal search warrant, ORTMANN sent an e-mail entitled Re: Search Warrant Urgent to DOTCOM and three representatives of Carpathia Hosting in the Eastern District of Virginia. In the e-mail, ORTMANN stated, The user/payment credentials supplied in the warrant identify seven Mega user accounts, and further that The 39 supplied MD5 hashes identify mostly very popular files that have been uploaded by over 2000 different users so far[.] The Mega Conspiracy has continued to store copies of at least thirty-six of the thirty-nine motion pictures on its servers after the Mega Conspiracy was informed of the infringing content. (I got the indictment from http://static2.stuff.co.nz/files/MegaUpload.pdf -- while I'd prefer to use a DoJ site cite, for some reason their web server is very slow right now...) On Jan 19, 2012, at 10:48 PM, Suresh Ramasubramanian wrote:
Er I'm sorry but do you mean joeschmoe@corp.megaupload.com type emails, or joeschmoe@hotmail.com type emails?
If megaupload's corporate email was siezed to provide due diligence in such a prosecution - it would quite probably not constitute private mail
On Fri, Jan 20, 2012 at 8:49 AM, Steven Bellovin <smb@cs.columbia.edu> wrote:
The Megaupload case is unusual, said Orin S. Kerr, a law professor at George Washington University, in that federal prosecutors obtained the private e-mails of Megaupload’s operators in an effort to show they were operating in bad faith.
"The government hopes to use their private words against them," Mr. Kerr said. "This should scare the owners and operators of similar sites."
-- Suresh Ramasubramanian (ops.lists@gmail.com)
--Steve Bellovin, https://www.cs.columbia.edu/~smb
On Thu, Jan 19, 2012 at 11:30 PM, James Smith <james@smithwaysecurity.com>wrote:
I can only imagine the bloodbath this will cause.!!
Show me a file sharing site with no illegal content! This is just insane. What's quite interesting is that Rapper/Producer Swiss BeatZ is the current CEO of megaupload how ironic.
-----Original Message----- From: Steven Bellovin Sent: Friday, January 20, 2012 12:07 AM To: Suresh Ramasubramanian Cc: james@smithwaysecurity.com ; NANOG Subject: Re: Megaupload.com seized
I don't mean either -- I've only skimmed the indictment. But from the news stories, it would *appear* that they got a search or wiretap warrant to get at employees' email. I don't see how that would make it "not private". (Btw -- "due diligence" is a civil suit concept; this is a criminal case.) The prosecution is trying to claim that the targets had actual knowledge of what was going on.
I do know Orin Kerr, however. He's a former federal prosecutor and he's *very* sharp, and I've never known him to be wrong on straight-forward legal issues like this. He himself may not have all the facts himself. But here are two sample paragraphs from the indictment:
On or about August 31, 2006, VAN DER KOLK sent an e-mail to an associate entitled lol. Attached to the message was a screenshot of a Megaupload.com file download page for the file Alcohol 120 1.9.5 3105complete.rar with a description of Alcohol 120, con crack!!!! By ChaOtiX!. The copyrighted software Alcohol 120 is a CD/DVD burning software program sold by www.alcohol-soft.com.
and
On or about June 24, 2010, members of the Mega Conspiracy were informed, pursuant to a criminal search warrant from the U.S. District Court for the Eastern District of Virginia, that thirty-nine infringing copies of copyrighted motion pictures were believed to be present on their leased servers at Carpathia Hosting in Ashburn, Virginia. On or about June 29, 2010, after receiving a copy of the criminal search warrant, ORTMANN sent an e-mail entitled Re: Search Warrant Urgent to DOTCOM and three representatives of Carpathia Hosting in the Eastern District of Virginia. In the e-mail, ORTMANN stated, The user/payment credentials supplied in the warrant identify seven Mega user accounts, and further that The 39 supplied MD5 hashes identify mostly very popular files that have been uploaded by over 2000 different users so far[.] The Mega Conspiracy has continued to store copies of at least thirty-six of the thirty-nine motion pictures on its servers after the Mega Conspiracy was informed of the infringing content.
(I got the indictment from http://static2.stuff.co.nz/** files/MegaUpload.pdf <http://static2.stuff.co.nz/files/MegaUpload.pdf> -- while I'd prefer to use a DoJ site cite, for some reason their web server is very slow right now...)
On Jan 19, 2012, at 10:48 PM, Suresh Ramasubramanian wrote:
Er I'm sorry but do you mean joeschmoe@corp.megaupload.com type
emails, or joeschmoe@hotmail.com type emails?
If megaupload's corporate email was siezed to provide due diligence in such a prosecution - it would quite probably not constitute private mail
On Fri, Jan 20, 2012 at 8:49 AM, Steven Bellovin <smb@cs.columbia.edu> wrote:
The Megaupload case is unusual, said Orin S. Kerr, a law professor at George Washington University, in that federal prosecutors obtained the private e-mails of Megaupload’s operators in an effort to show they were operating in bad faith.
"The government hopes to use their private words against them," Mr. Kerr said. "This should scare the owners and operators of similar sites."
-- Suresh Ramasubramanian (ops.lists@gmail.com)
--Steve Bellovin, https://www.cs.columbia.edu/~**smb<https://www.cs.columbia.edu/~smb>
In message <CABRP1o8-_eN5uCsXFHtELWRiivMrKs7-9XA5OJPsJ9F3JYSqpw@mail.gmail.com> , Rodrick Brown writes:
On Thu, Jan 19, 2012 at 11:30 PM, James Smith <james@smithwaysecurity.com>w= rote:
I can only imagine the bloodbath this will cause.!!
Show me a file sharing site with no illegal content! This is just insane. What's quite interesting is that Rapper/Producer Swiss BeatZ is the current CEO of megaupload how ironic.
I suspect most file sharing site don't have illegal content. Most would have some content that is there without the permission of the copyright holder. These are different things. This case is not that there is copyrighted content there without the permission of the copyright holder. It's that they, allegedly, failed to remove such content when explictly notified of it which put them outside the safe harbour provision of DMCA. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
Mark Andrews <marka@isc.org> wrote:
I suspect most file sharing site don't have illegal content. Most would have some content that is there without the permission of the copyright holder. These are different things.
<nitpick> "Without the permission of the copyright holder" _is_ contrary to statute, and thus 'against the law'. As such 'illegal' is _not_ an incorrect term to apply to the situation. It may not be a _criminal_ violation, but it is still proscribed by law. "Illegal" and "criminal" -- _these_ are different things. Junk faxing is illegal, Telemarketing calls to cell phones are illegal, Public distribution without the permission of the copyright owner is illegal. Except in special cases, none of those actions are _criminal_, but they are all violations of law, and thus _illegal_. Claiming that a thing is not 'illegal' if it is not 'criminal', is similar to asserting "it's not a crime if you don't get caught". </nitpick>
In article <201201201025.q0KAPdM5040190@mail.r-bonomi.com>, Robert Bonomi <bonomi@mail.r-bonomi.com> writes
I suspect most file sharing site don't have illegal content. Most would have some content that is there without the permission of the copyright holder. These are different things.
<nitpick> "Without the permission of the copyright holder" _is_ contrary to statute, and thus 'against the law'. As such 'illegal' is _not_ an incorrect term to apply to the situation.
It may not be a _criminal_ violation, but it is still proscribed by law.
"Illegal" and "criminal" -- _these_ are different things.
Junk faxing is illegal, Telemarketing calls to cell phones are illegal, Public distribution without the permission of the copyright owner is illegal.
Except in special cases, none of those actions are _criminal_, but they are all violations of law, and thus _illegal_.
Claiming that a thing is not 'illegal' if it is not 'criminal', is similar to asserting "it's not a crime if you don't get caught".
</nitpick>
As is common in most industries there are expressions in the world of Internet Governance that are jargon, and have agreed meanings in that context. "Illegal Material" is reserved for content which is illegal to possesses and/or distribute (even if, and possibly even more so, if you originated it). "Harmful Material" is content which is legal to possess but is nevertheless regarded by many as immoral or highly undesirable within some framework of commonly held values. "Infringing Material" is content which is held without a legitimate rightsholder's permission. -- Roland Perry
What sould fileshares must do, is to store files in these services in a encrypted way, and anonimized name. So these services have absolutelly no way to tell what are hosting. Fileshares can organize thenselves in sites based on a forum software that is private by default (open with registration), then share some "information" file that include the url to the files hosted, and the key to unencrypt these files, and some metadata. A special desktop program* would load that information file, and start the http download. This way can combine the best of the old "BBS" systems to the best of the current caching and hosting technologies. These http hosting services seems to operate well enough. A % of the users go premium to allow more and better downloads. *Maybe is time to write such program. -- -- ℱin del ℳensaje.
On 20 Jan 2012, at 11:00, Tei wrote:
Fileshares can organize thenselves in sites based on a forum software that is private by default (open with registration), then share some "information" file that include the url to the files hosted, and the key to unencrypt these files, and some metadata. A special desktop program* would load that information file, and start the http download.
At the risk of kicking over old ground, there are a bunch of privacy solutions like this; possibly the most complete attempt (in terms of attempted privacy and distribution) is Freenet: http://freenetproject.org/whatis.html ...but it's slow; then there's Tahoe-LAFS - a decentralised filesystem: https://tahoe-lafs.org/trac/tahoe-lafs ...but it's slow; then there are connection anonymisation tools like I2P and Tor, but - wonderful as they are - they're slow. Can you see a pattern developing that would be relevant to the downloader of 700Mb+ AVIs? :-) It would be great to speed them through wider adoption, but until then... -a
On 20 January 2012 12:14, Alec Muffett <alec.muffett@gmail.com> wrote:
On 20 Jan 2012, at 11:00, Tei wrote:
Fileshares can organize thenselves in sites based on a forum software that is private by default (open with registration), then share some "information" file that include the url to the files hosted, and the key to unencrypt these files, and some metadata. A special desktop program* would load that information file, and start the http download.
At the risk of kicking over old ground, there are a bunch of privacy solutions like this; possibly the most complete attempt (in terms of attempted privacy and distribution) is Freenet:
http://freenetproject.org/whatis.html
...but it's slow; then there's Tahoe-LAFS - a decentralised filesystem:
https://tahoe-lafs.org/trac/tahoe-lafs
...but it's slow; then there are connection anonymisation tools like I2P and Tor, but - wonderful as they are - they're slow.
Can you see a pattern developing that would be relevant to the downloader of 700Mb+ AVIs? :-)
It would be great to speed them through wider adoption, but until then...
-a
These services are not needed yet. But is good that are under study, in case changes in laws or balance of power make it needed. For now, I think people will continue using HTTP download/stream movies and tv series. Perhaps countries where the 3 strikes legislation is aprobed will make one of these systems necesary. But I think speed is a important factor, and no slow system will suceed. -- -- ℱin del ℳensaje.
On Fri, 2012-01-20 at 11:14 +0000, Alec Muffett wrote:
On 20 Jan 2012, at 11:00, Tei wrote:
Fileshares can organize thenselves in sites based on a forum software that is private by default (open with registration), then share some "information" file that include the url to the files hosted, and the key to unencrypt these files, and some metadata. A special desktop program* would load that information file, and start the http download.
At the risk of kicking over old ground, there are a bunch of privacy solutions like this; possibly the most complete attempt (in terms of attempted privacy and distribution) is Freenet:
http://freenetproject.org/whatis.html
...but it's slow; then there's Tahoe-LAFS - a decentralised filesystem:
https://tahoe-lafs.org/trac/tahoe-lafs
...but it's slow; then there are connection anonymisation tools like I2P and Tor, but - wonderful as they are - they're slow.
Can you see a pattern developing that would be relevant to the downloader of 700Mb+ AVIs? :-)
It would be great to speed them through wider adoption, but until then...
-a
Tahoe-lafs can be fast. A grid I help out with is often capable of 600kilobyte/per/second downloads (or faster), and I personally have several files stored on there in excess of 500mb. Close enough to your 700mb movie example. I use this storage as a CDN of sorts, as a friend wrote an HTTP interface to the Tahoe-lafs grid. Should you wish to see it in action, the code and download links are over here --> http://cryto.net/projects/tahoe.html
On 23 January 2012 04:05, Jacob Taylor <orangewinds@gmail.com> wrote: ..
Tahoe-lafs can be fast. A grid I help out with is often capable of 600kilobyte/per/second downloads (or faster), and I personally have several files stored on there in excess of 500mb. Close enough to your 700mb movie example.
I use this storage as a CDN of sorts, as a friend wrote an HTTP interface to the Tahoe-lafs grid.
Fast and not centralized seems good traits. Urls are ugly, but thats manageable, are not human readable, but humans can copy it around.
Should you wish to see it in action, the code and download links are over here --> http://cryto.net/projects/tahoe.html
I get this: 2012-01-24 10:01:22 ERROR 504: Gateway Time-out. Googling for VVJJOkNISzp3NWo1aWd2M3NmYnlsM21pczZ5enRjN2thbTpmMjdjenBtNW13ZmxkY2Rud2NpM3NxeGVkamRncmt0ZGljYTd4bXFsNWN3bGh0c2x4bWdhOjM6NjozMTM2 finds only this site. (I somehow expected to find other servers hosting a gateway to the same file). -- -- ℱin del ℳensaje.
On Fri, 20 Jan 2012 12:00:15 +0100, Tei said:
What sould fileshares must do, is to store files in these services in a encrypted way, and anonimized name. So these services have absolutelly no way to tell what are hosting.
On Jan 20, 2012, at 11:25, Robert Bonomi wrote:
Public distribution without the permission of the copyright owner is illegal.
This is veering off the purpose of this list, but maybe it is operationally significant to be able to use the right terms when a law enforcement officer is standing in the door. Mark Andrews was pointing out that content being file-shared is rarely illegal. By itself. Examples of "illegal content" might be hate speech, child pornography, lèse-majesté, blasphemy, with the meaning of these terms depending on your jurisdiction. What you are pointing out is that distribution of content may be illegal. That does not make the content itself illegal. The legality of transfer under copyright is bound to many legal issues, such as fair use, right to personal copies, and of course licensing, again depending on your jurisdiction. But all this is divorced from the content. Content is never illegal with respect to copyright. (It might have been copied illegally, but once it's sitting somewhere, it's not illegal by itself. A license would suddenly make it legal.) The point is important because a lot of idiots are running around shouting "he had all this copyrighted material on his computer!". Of course he had! There are very few computers that don't carry copyrighted material, starting from the BIOS. Without examining the legal context, such as purchasing histories, supreme court decisions etc., it is sometime really hard to say whether all of it got there in a legal way, and its presence may be an indication of previous illegal activity. But (at least wrt copyright law) it is never illegal while sitting somewhere on a computer. So the next time somebody says "illegal content", think "hate speech" or "child pornography", "lèse-majesté" or "blasphemy", not copyrighted content. Almost everything on a computer is copyrighted. Now let's return to the impact of this heist on network utilization... Grüße, Carsten
On Fri, Jan 20, 2012 at 5:48 AM, Carsten Bormann <cabo@tzi.org> wrote:
On Jan 20, 2012, at 11:25, Robert Bonomi wrote:
Public distribution without the permission of the copyright owner is illegal.
This is veering off the purpose of this list, but maybe it is operationally significant to be able to use the right terms when a law enforcement officer is standing in the door.
Mark Andrews was pointing out that content being file-shared is rarely illegal. By itself. Examples of "illegal content" might be hate speech, child pornography, lèse-majesté, blasphemy, with the meaning of these terms depending on your jurisdiction.
What you are pointing out is that distribution of content may be illegal. That does not make the content itself illegal. The legality of transfer under copyright is bound to many legal issues, such as fair use, right to personal copies, and of course licensing, again depending on your jurisdiction. But all this is divorced from the content. Content is never illegal with respect to copyright. (It might have been copied illegally, but once it's sitting somewhere, it's not illegal by itself. A license would suddenly make it legal.)
The point is important because a lot of idiots are running around shouting "he had all this copyrighted material on his computer!". Of course he had! There are very few computers that don't carry copyrighted material, starting from the BIOS. Without examining the legal context, such as purchasing histories, supreme court decisions etc., it is sometime really hard to say whether all of it got there in a legal way, and its presence may be an indication of previous illegal activity. But (at least wrt copyright law) it is never illegal while sitting somewhere on a computer.
So the next time somebody says "illegal content", think "hate speech" or "child pornography", "lèse-majesté" or "blasphemy", not copyrighted content. Almost everything on a computer is copyrighted.
There is a lot of disinformation in this area, with loaded words with no legal meaning being used to make political points or engender desired reactions. I am not a lawyer, and this is certainly not legal advice, but in the US copyright infringement is not theft, the shear possession of infringing material is not illegal, nor is listening / watching / reading such material in private, and the terms "piracy" and "intellectual property" are not to be found in US copyright law. That you would not know this reading the press releases is a feature, not a bug. And, since 1976, registration is not required for copyright and almost everything written, sung, videoed, etc., including these emails, is copyrighted from the time it is created. But, indeed, this is far the purpose of this mail list. Regards Marshall
Now let's return to the impact of this heist on network utilization...
Grüße, Carsten
Carsten Bormann <cabo@tzi.org> wrote:
On Jan 20, 2012, at 11:25, Robert Bonomi wrote:
Public distribution without the permission of the copyright owner is illegal.
This is veering off the purpose of this list, but maybe it is operationally s This is veering off the purpose of this list, but maybe it is operationally s ignificant to be able to use the right terms when a law enforcement officer i s standing in the door.
The point is important because a lot of idiots are running around shouting "h e had all this copyrighted material on his computer!". Of course he had! Th ere are very few computers that don't carry copyrighted material, startinug f rom the BIOS.
By law, _EVERYTHING_ stored on a computer is copyrighted. Whether it is 'in memory', or on some more 'durable' media (disk,tape, etc.) the material has been 'fixed in a tangible medium of expression', and is thus covered by copyright. Copyright is automatic, and occurs when anything is first 'fixed' as described.
Without examining the legal context, such as purchasing histor ies, supreme court decisions etc., it is sometime really hard to say whether all of it got there in a legal way, and its presence may be an indication of previous illegal activity. But (at least wrt copyright law) it is never ille gal while sitting somewhere on a computer.
Sorry, but the last sentence is simply _not_ true. If the making of the copy was a violation of 17 USC 106 (1) or (2), it's existance is proscribed by law. if it is, by virtue of 'sitting somewhere on a computer', being 'offered to the public' [without benefit of express permission for that activity from the copyright owner(s)], that is a violation of 17 USC 106 (3),
So the next time somebody says "illegal content", think "hate speech" or "chi ld pornography", "lese-majeste" or "blasphemy", not copyrighted content. Alm ost everything on a computer is copyrighted.
Repeating: not 'almost everyting', but _absolutely_ everything. Nitpicking again, but the original references were to computers with 'illegal content' on them, and _not_ "files containing illegal content". A file, or other document, can be 'illegal', by reason of a 'making' in violation of 17 USC 106, or because it is being 'offered to the public, in violation of the same law, without the content of the file being illegal. Thus, content on a computer can be legally proscribed -- for reasons not involving the 'content of the content' as it were. :) Responsible (in _all_ meanings of that word :) parties are strongly advised _not_ to rely on any opinions expressed by any individual here, and to professionally consult competent legal counsel with expertise in this specific area for an authoritative opinion.
On Fri, 20 Jan 2012 12:46:51 CST, Robert Bonomi said:
Sorry, but the last sentence is simply _not_ true. If the making of the copy was a violation of 17 USC 106 (1) or (2), it's existance is proscribed by law.
Nice try, but reading 17 USC 503 (b) we see: "As part of a final judgment or decree, the court may order the destruction or other reasonable disposition of all copies or phonorecords found to have been made or used in violation of the copyright owner's exclusive rights, and of all plates, molds, matrices, masters, tapes, film negatives, or other articles by means of which such copies or phonorecords may be reproduced." Note - the court *may* order the destruction. It's not mandatory. And there's no implied mandatory destruction elsewhere - if there was, 503(b) wouldn't need to exist because the destruction would already be required, so a court couldn't order additional destruction.
On Jan 20, 2012, at 2:25 AM, Robert Bonomi wrote:
Mark Andrews <marka@isc.org> wrote:
I suspect most file sharing site don't have illegal content. Most would have some content that is there without the permission of the copyright holder. These are different things.
<nitpick> "Without the permission of the copyright holder" _is_ contrary to statute, and thus 'against the law'. As such 'illegal' is _not_ an incorrect term to apply to the situation.
It may not be a _criminal_ violation, but it is still proscribed by law.
"Illegal" and "criminal" -- _these_ are different things.
Junk faxing is illegal, Telemarketing calls to cell phones are illegal, Public distribution without the permission of the copyright owner is illegal.
Except in special cases, none of those actions are _criminal_, but they are all violations of law, and thus _illegal_.
Actually, they are all criminal violations. They may be infractions, or, they may not often get prosecuted, but, each is, in fact, a criminal violation. Owen
On Fri, Jan 20, 2012 at 03:05:47AM -0800, Owen DeLong wrote:
On Jan 20, 2012, at 2:25 AM, Robert Bonomi wrote:
Mark Andrews <marka@isc.org> wrote:
I suspect most file sharing site don't have illegal content. Most would have some content that is there without the permission of the copyright holder. These are different things.
<nitpick> "Without the permission of the copyright holder" _is_ contrary to statute, and thus 'against the law'. As such 'illegal' is _not_ an incorrect term to apply to the situation.
It may not be a _criminal_ violation, but it is still proscribed by law.
"Illegal" and "criminal" -- _these_ are different things.
Junk faxing is illegal, Telemarketing calls to cell phones are illegal, Public distribution without the permission of the copyright owner is illegal.
Except in special cases, none of those actions are _criminal_, but they are all violations of law, and thus _illegal_.
Actually, they are all criminal violations. They may be infractions, or, they may not often get prosecuted, but, each is, in fact, a criminal violation.
Owen
depends on the jurisdiction me thinks. Do US laws apply in India? Nigeria? Mars? Your broad generlizations may not hold. /bill
"Without the permission of the copyright holder" _is_ contrary to statute, and thus 'against the law'. As such 'illegal' is _not_ an incorrect term to apply to the situation.
It may not be a _criminal_ violation, but it is still proscribed by law.
"Illegal" and "criminal" -- _these_ are different things.
Storing copyrighted material in *any* place, file-sharing server or not, is _not_ illegal under the current law as it stands. There is no law which dictates the location of file with a legally obtained content I keep for my personal use. I have no obligation to prevent unauthorized access to copyrighted material by any third parties. I don't need permission of copyright owner to make copies for my own personal use, and I don't need permission to entrust keeping of these copies in any place by any agent - as long as that agent does not *use* these copies. What is illegal is the act of publishing this material (making a public performance) and making copies for use by other people without permission from copyright holder. In the digital world it is, basically, publishing a reference (and a decryption password) in a public forum or otherwise sharing it with others. That's the dirty secret behind all that PIPA/SOPA lawmaking - as it stands now, as long as file sharing services refrain from *publishing* the material (as opposed to merely storing it and allowing the rightful owner(s) to download it - but without any obligation to actually verify that the posession of ownership rights) and have a procedure for dealing with takedowns they are in the clear, legally. This places the burden of finding infringing content and proving infringement to the copyright holders. They cannot efficiently do that, and so they want to off-load that burden to the user content hosters. The less charitable interpretation is that PIPA/SOPA is a massive shakedown attempt by Hollywood; by basically threatening to shut down social networks and user-generated content hosters they'll be able to hold hostage the business of some very wealthy companies. If the law passes, these large companies will have to come to terms with Hollywood and music industry by means of purchasing blanket licenses (it is impossible to monitor all user content for copyright violations), resulting in transfer of billions of dollars from high-tech to Hollywood. The worst part is that companies like Google and Facebook may end up seeing PIPA/SOPA or future bills of the same nature as beneficial to them - after all, they already have enough money to pay copyright extortionists off, but their upstart competitors won't be able to get into the field at all. Paying a portion of their income in exchange for exclusion of future competition may be looked at as a good bargain, without negative P.R. normally associated with explicit attempts to cartelize. --vadim
----- Original Message -----
From: "Robert Bonomi" <bonomi@mail.r-bonomi.com>
Mark Andrews <marka@isc.org> wrote:
I suspect most file sharing site don't have illegal content. Most would have some content that is there without the permission of the copyright holder. These are different things.
<nitpick> "Without the permission of the copyright holder" _is_ contrary to statute, and thus 'against the law'. As such 'illegal' is _not_ an incorrect term to apply to the situation.
It may not be a _criminal_ violation, but it is still proscribed by law.
"Illegal" and "criminal" -- _these_ are different things.
<nitpick level="2"> The *act of making the copy (available)* may be contrary to law (and whether the law should make this particular category of copyright infringement a criminal offense, rather than the civil one it's been for over a century is a completely different topic :-)... but whether the *contents of the file themselves* contravene some law is, I think, the issue that Mark was talking about, and clearly we all agree, a copy of Gigli, while a crime against nature, is not inherently criminal, in the way that a Traci Lords film is. Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
Steven Bellovin wrote:
Note this from the NY Times article:
The Megaupload case is unusual, said Orin S. Kerr, a law professor at George Washington University, in that federal prosecutors obtained the private e-mails of Megaupload�s operators in an effort to show they were operating in bad faith.
"The government hopes to use their private words against them," Mr. Kerr said. "This should scare the owners and operators of similar sites."
(I base my rant on the assumption megaupload had outsourced their email to one of those "enterprise level" offerings, such as gmail or yahoo). If this isn't a convincing argument for using your own physical email servers (with encrypted filesystems and limited log keeping and what have you) and against outsourcing your email, then I don't know. I understand they can seize your servers and get your email that way if you were not smart enough to delete it and/or use encrypted filesystems. However it's much much harder to use email against you in preparation of a case when you run your own servers. Because they can't just quietly ask your email provider to hand over the data and forbid them to talk about it... Besides, running an email server is almost a trivial exercise for any marginally competent IT person. If you can set up a system such as megaupload you for sure can run your own, secure, email servers. If not ask someone competent enough to do it for you. Greetings, Jeroen -- Earthquake Magnitude: 4.8 Date: Tuesday, January 31, 2012 07:26:11 UTC Location: Fiji region Latitude: -21.9943; Longitude: -179.4848 Depth: 596.00 km
Suresh Ramasubramanian wrote:
It'll be interesting to see how this pans out - especially wrt any safe harbor provisions in the DMCA for providers (which do have a provision for due diligence being exercised etc).
I quickly read through the indictment, but the gov't claims that when given a takedown notice, MU would only remove the *link* and not the file itself. They specifically mention some movies that were still on the site years after the notice, thus negating MU's eligibility for safe harbor. As you say, interesting for sure with the dotted i s and crossed t s.
On Thu, 19 Jan 2012 22:34:33 -0500, Michael Painter <tvhawaii@shaka.com> wrote:
I quickly read through the indictment, but the gov't claims that when given a takedown notice, MU would only remove the *link* and not the file itself.
That's actually a standard practice. It allows the uploader to file a counterclaim and have the content restored. One cannot "restore" what has already been deleted. However, never going back and cleaning up the undisputed content is a whole other mess of dead monkeys.
On 01/20/2012 09:11 AM, Ricky Beam wrote:
On Thu, 19 Jan 2012 22:34:33 -0500, Michael Painter <tvhawaii@shaka.com> wrote:
I quickly read through the indictment, but the gov't claims that when given a takedown notice, MU would only remove the *link* and not the file itself.
That's actually a standard practice. It allows the uploader to file a counterclaim and have the content restored. One cannot "restore" what has already been deleted.
However, never going back and cleaning up the undisputed content is a whole other mess of dead monkeys.
From what I understand about MegaUpload's approach, they created a hash of every file that they stored. If they'd already got a copy of the file that was to be uploaded they'd just put an appropriate link in a users space, saving them storage space, and bandwidth for both parties. Fairly straight forward. Whenever they received a DMCA take-down they would remove the link, not the underlying file, so even though they knew that a file was illegally hosted, they never actually removed it. That comes up for some argument about the ways the company should be practically enforcing a DMCA take-down notice, whether each take-down should apply to just an individual user's link to a file or whether the file itself should be removed. That could be different from circumstance to circumstance. Paul
On 20 January 2012 19:37, Paul Graydon <paul@paulgraydon.co.uk> wrote:
From what I understand about MegaUpload's approach, they created a hash of every file that they stored. If they'd already got a copy of the file that was to be uploaded they'd just put an appropriate link in a users space, saving them storage space, and bandwidth for both parties.
This sounds very similar to data deduplication eg http://www.netapp.com/uk/products/platform-os/dedupe.html
In a message written on Fri, Jan 20, 2012 at 09:37:16AM -1000, Paul Graydon wrote:
From what I understand about MegaUpload's approach, they created a hash of every file that they stored. If they'd already got a copy of the file that was to be uploaded they'd just put an appropriate link in a users space, saving them storage space, and bandwidth for both parties. Fairly straight forward. Whenever they received a DMCA take-down they would remove the link, not the underlying file, so even though they knew that a file was illegally hosted, they never actually removed it. That comes up for some argument about the ways the company should be practically enforcing a DMCA take-down notice, whether each take-down should apply to just an individual user's link to a file or whether the file itself should be removed. That could be different from circumstance to circumstance.
Note that with A DMCA take down the original uploader can issue a counter-notice to get the content put back. Most sites don't immediately delete the content but rather disable it in some way so that should the file be counter noticed it can be put back up. Also, when using a hashed file store, it's possible that some uses are infringing and some are not. I might make a movie, put it on Megaupload, and then give the links only to the 5 people who bought it from them. One of them might turn around, upload it again to Megaupload, and share it with the world, infringing on my content. I would hope that when I issue a takedown notice they take down the infringers copy (link), but leave mine in place. None of this should be taken to mean I'm behind Megaupload. I have a greater concern here wondering if law enforcement, the courts, and most importantly the law makers understand the technolgy and can craft and apply laws in a reasonable way. One major issue that already came up is that a whole lot of people used Megaupload for storing perfectly legal content. It's now offline, and there appears to be no way for them to retrieve that data. At what percentage is that reasonable? If 99% of your users are infringing? 50%? 1%? Could this be used to take down your competitors? Buy some Amazon instances and put a bunch of infringing content on them, and then watch the feds seize all of Amazon's servers? Lots of troubling questions, no good answers. -- Leo Bicknell - bicknell@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/
In article <20120120200216.GA62670@ussenterprise.ufp.org>, Leo Bicknell <bicknell@ufp.org> writes
Also, when using a hashed file store, it's possible that some uses are infringing and some are not. I might make a movie, put it on Megaupload, and then give the links only to the 5 people who bought it from them. One of them might turn around, upload it again to Megaupload, and share it with the world, infringing on my content. I would hope that when I issue a takedown notice they take down the infringers copy (link), but leave mine in place.
It's been suggested that many movies which have been made widely available without the film company's permission were derived from legitimate copies supplied to reviewers. This is a similar issue to the unfortunate AUP of some access providers that say users are prohibited from downloading any copyrighted material, when the majority of websites are exactly that. In Europe we have a Copyright Directive which seeks to legitimise what could be termed "incidental copying" involved in using a browser, and I'm happy to say I was one of the industry people who persuaded a sceptical previous generation of media lawyers that this was OK. -- Roland Perry
On Fri, Jan 20, 2012 at 3:02 PM, Leo Bicknell <bicknell@ufp.org> wrote:
In a message written on Fri, Jan 20, 2012 at 09:37:16AM -1000, Paul Graydon wrote:
From what I understand about MegaUpload's approach, they created a hash of every file that they stored. If they'd already got a copy of the file that was to be uploaded they'd just put an appropriate link in a users space, saving them storage space, and bandwidth for both parties. Fairly straight forward. Whenever they received a DMCA take-down they would remove the link, not the underlying file, so even though they knew that a file was illegally hosted, they never actually removed it. That comes up for some argument about the ways the company should be practically enforcing a DMCA take-down notice, whether each take-down should apply to just an individual user's link to a file or whether the file itself should be removed. That could be different from circumstance to circumstance.
Note that with A DMCA take down the original uploader can issue a counter-notice to get the content put back. Most sites don't immediately delete the content but rather disable it in some way so that should the file be counter noticed it can be put back up.
Also, when using a hashed file store, it's possible that some uses are infringing and some are not. I might make a movie, put it on Megaupload, and then give the links only to the 5 people who bought it from them. One of them might turn around, upload it again to Megaupload, and share it with the world, infringing on my content. I would hope that when I issue a takedown notice they take down the infringers copy (link), but leave mine in place.
None of this should be taken to mean I'm behind Megaupload. I have
My take only, of course
a greater concern here wondering if law enforcement,
maybe
the courts,
probably not
and most importantly the law makers
You've got to be kidding.
understand the technolgy and can craft and apply laws in a reasonable way.
"A new scientific truth does not triumph by convincing its opponents and making them see the light, but rather because its opponents eventually die, and a new generation grows up that is familiar with it." -- Max Planck, We're in for an interesting few years.
One major issue that already came up is that a whole lot of people used Megaupload for storing perfectly legal content. It's now offline, and there appears to be no way for them to retrieve that data. At what percentage is that reasonable? If 99% of your users are infringing? 50%? 1%? Could this be used to take down your competitors? Buy some Amazon instances and put a bunch of infringing content on them, and then watch the feds seize all of Amazon's servers?
Maybe. It would help if you had a budget to lobby Congress sufficiently. Regards Marshall
Lots of troubling questions, no good answers.
-- Leo Bicknell - bicknell@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/
----- Original Message -----
From: "Paul Graydon" <paul@paulgraydon.co.uk> To: nanog@nanog.org Sent: Friday, January 20, 2012 2:37:16 PM Subject: Re: Megaupload.com seized <SNIP> From what I understand about MegaUpload's approach, they created a hash of every file that they stored. <SNIP>
So Megaupload did de-dupe.. Compare that to selecting the "de-dupe" option in your NetApp (or having someone else do it for you) and in that case other instances can exist on your site and you really don't know because, well De-Dupe is magic right? Are you doing the wrong thing by only removing the instance of that file that was complained about? Or are you required to dig further? I would think not. Is it possible that a file could be legal and illegal at the same time based on context of use? Like some guy is backing up his legitimate copy in his "locker" and some other guy is putting it out there for all his buddies.. Its the same file, de-dupe does its thing and now we need to re-think what do when we get a complaint. -Scott
On Fri, 20 Jan 2012 14:37:16 -0500, Paul Graydon <paul@paulgraydon.co.uk> wrote:
... Whenever they received a DMCA take-down they would remove the link, not the underlying file, so even though they knew that a file was illegally hosted, they never actually removed it.
And that's where their safe harbour evaporated. Upon receiving notice a file is infinging, they know that *file* is illegal, and must now remove all the links to it, not just the one that was reported. Mega is in a possition to know all the links, where as the copyright holder is not. They thought they had a gaping loophole. Well, the DOJ is about to teach them how wrong they are.
----- Original Message -----
From: "Ricky Beam" <jfbeam@gmail.com>
On Fri, 20 Jan 2012 14:37:16 -0500, Paul Graydon <paul@paulgraydon.co.uk> wrote:
... Whenever they received a DMCA take-down they would remove the link, not the underlying file, so even though they knew that a file was illegally hosted, they never actually removed it.
And that's where their safe harbour evaporated. Upon receiving notice a file is infinging, they know that *file* is illegal, and must now remove all the links to it, not just the one that was reported. Mega is in a possition to know all the links, where as the copyright holder is not.
They thought they had a gaping loophole. Well, the DOJ is about to teach them how wrong they are.
Nope; I agree with the amusingly psuedonymmed "Administrator" who posted immediately before you: the possibility exists that there's a copy of that file uploaded legally because some other client of the site has the right to do so... and if you delete the underlying file, you're then screwing over that other paying customer who isn't breaking the law. Is everyone beginning to see how "legislators and LEOs who simply don't understand the playing field" are a critically dangerous condition, here? This is precisely the grounds on which we opposed SOPA. Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
Technical nuances notwithsatnding, isn't the guts of the case that the megaupload team wilfully engaged in harbouring infringing files as evidenced by the email snooping, eg boasting to each other about having feature movies available prior to release etc. Similar evidence brought grokster down, and was confirmed by the US Supreme Court. j -- --------------------------------------------------------------- Joly MacFie 218 565 9365 Skype:punkcast WWWhatsup NYC - http://wwwhatsup.com http://pinstand.com - http://punkcast.com VP (Admin) - ISOC-NY - http://isoc-ny.org -------------------------------------------------------------- -
----- Original Message -----
From: "Joly MacFie" <joly@punkcast.com>
Technical nuances notwithsatnding, isn't the guts of the case that the megaupload team wilfully engaged in harbouring infringing files as evidenced by the email snooping, eg boasting to each other about having feature movies available prior to release etc.
That appears to be the case at this time, based on things which are hearsay to we the public, and should not have been released. But "has a substantially non-infringing use" is, if not a defense, a fact which should have made them *much* more careful in how they did the take down, a response which is all of a piece with our objections to SOPA. Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
On Fri, Jan 20, 2012 at 03:06:04PM -0500, Ricky Beam wrote:
Upon receiving notice a file is infinging, they know that *file* is illegal, and must now remove all the links to it, not just the one that was reported.
But what -- *exactly* -- is an "illegal file"? As Leo Bicknell astutely pointed out in this thread: "Also, when using a hashed file store, it's possible that some uses are infringing and some are not." His example goes on to explain how this is so. (And I'll point out that his example applies, for example, to Amazon. There are coprighted files there -- e.g., books, music -- which may be used legally by those who have purchased them. Do they become infringing if someone finds a way to access them without authorization/payment because Amazon's programmers made an error and left a backdoor open that allow them to be retrieved via static links? No, they don't. Should Amazon delete them in this instance? No. Amazon should fix the backdoors, i.e., remove the spurious links.) Suppose that Joe and Jane are photographers. Joe has produced image X (to which he holds copyright) and Jane has produced image Y (similarly). Digital images X and Y are used as inputs to program P which produces output Z that is visually unrecognizable -- that is, anyone who looks at it sees what appears to be random noise. Does Z infringe on Joe or Jane's copyrights? How? Why? How does this change (or does it change) if program P' which can reverse the actions of P exists? Let me give another example, this time using content that is intrinsically illegal -- and to avoid triggering hot-button responses, I'm going to posit a hypothetical: marshmallow peep dioramas. Let's suppose that these are illegal in every country on the planet, that those responsible for them are universally reviled, that it's a crime to photograph them, possess photographs of them, etc. We thus conclude that a file consisting of a picture of one of these is always illegal: that is, it's illegal no matter where it's found. Now what happens if that picture is decomposed into individual files, each consisting of one row of pixels from the original? None of those files contain anything recognizable as a marshmallow peep diorama. The original cannot be reconstructed from any one of them. Is any one of them illegal? Further: reassembling these will require something: an index, an algorithm, some construct that allows the individual files to be recombined. (This construct contains no content of any kind, marshmallow peep or otherwise. It's merely a recipe for putting together files.) Is that construct illegal? If those individual files are spread across a multitude of hosts, are any of those hosts holding an illegal file? How would they know? (If you're going to argue that those individual rows of pixels are illegal because the original is illegal, then replace the above with "individual pixels". I trust nobody will argue that a single pixel is illegal. Ever.) One more scenario: a photo of a marshmalllow peep diorama is encrypted and uploaded onto server A. Does server A hold an illegal file? How would the operators of server A know? How would anyone (other than the uploader) know? Now suppose that the uploader, the only person on the planet with the decryption key for that file, dies; therefore, the file is reduced to -- for all practical purposes -- a random collection of bits. Is that file still illegal? Why? How? Who will be able to determine this? (Schrodinger's cat paradox in 1...2...) I posit these thought experiments (and I'll stop here, although many others suggest themselves) to highlight some serious problems with terminology, and with the law: it's an attempt to apply the principles of the physical world to the digital one, and it's a total failure. The putative sharp dividing line between "legal file" and "illegal file" doesn't really exist -- although many people would like it to exist, hope it exists, etc., because it serves their agendas or would make things easier for them. That doesn't make it so. Sometimes the world changes, and sometimes when it does, it's time to discard outdated philosophy that no longer applies to current reality -- because stubborn attempts to hang onto it at all costs, especially by warping it into something completely unrecognizable from the original framework, really DO cost, often dearly. (It's 2012, and there are still inferior people living on this planet who assign more credibility to astrology and ghosts than to evolution or anthropocentric global warming. This isn't funny or quaint any more. It's stupid and dangerous.) Schneier famously said "Trying to make bits uncopyable is like trying to make water not wet". What we are witnessing is precisely an attempt to do that, via a combination of anti-security technology (e.g., DRM) and purchased legislation, orchestrated by failing, legacy companies run by insatiably greedy people. These people simply don't care how much damage they do, how many lives they destroy, how much they hold back civilization, how much they twist the law, -- as long as they get paid. They are *exactly* like one of their own famous characters: "It can't be bargained with. It can't be reasoned with. It doesn't feel pity, or remorse, or fear. And it absolutely will not stop, ever, until you are dead." See, for example: http://www.techdirt.com/articles/20120120/16442117496/clay-shirky-why-sopas-... which points to an excellent exposition by Clay Shirky on this very point. So: {Internet, Hollywood}: choose one. ---rsk
that was reported.
But what -- *exactly* -- is an "illegal file"?
As Leo Bicknell astutely pointed out in this thread:
"Also, when using a hashed file store, it's possible that some uses are infringing and some are not."
The problem is going to be the thousands of people who have now lost their legitimate files, research data, personal recordings, etc. that they were using Megaupload to share. http://torrentfreak.com/feds-please-return-my-personal-files-megaupload-1201...
On 01/21/12 12:38, George Bonser wrote:
that was reported. But what -- *exactly* -- is an "illegal file"?
As Leo Bicknell astutely pointed out in this thread:
"Also, when using a hashed file store, it's possible that some uses are infringing and some are not." The problem is going to be the thousands of people who have now lost their legitimate files, research data, personal recordings, etc. that they were using Megaupload to share.
http://torrentfreak.com/feds-please-return-my-personal-files-megaupload-1201...
Not that I would not be a bit miffed if personal files disappeared, but that's one of the risks associated with using a cloud service for file storage. It could have been a fire, a virus erasing file, bankruptcy, malicious insider damage... Doesn't matter, you lost access to legit content in the crossfire. There is always a risk of losing access to cloud resources. And for years, we always joked in my computer buddy circles, computers know when you don't have a backup. It's your fault(not theirs) if that was your only copy. Lyle Giese LCR Computer Services, Inc.
Not that I would not be a bit miffed if personal files disappeared, but that's one of the risks associated with using a cloud service for file storage. It could have been a fire, a virus erasing file, bankruptcy, malicious insider damage... Doesn't matter, you lost access to legit content in the crossfire.
There is always a risk of losing access to cloud resources. And for years, we always joked in my computer buddy circles, computers know when you don't have a backup.
It's your fault(not theirs) if that was your only copy.
Lyle Giese LCR Computer Services, Inc.
Entire governments in the US are using "cloud storage" for their documentation these days. It is my understanding (which is hearsay) that Google has an entire service aimed at small governments (county and municipal mostly) in Google Docs for just this purpose and I know of at least one city on California that is using Google for their document repository and their city email. In case of an emergency where Google is unreachable, they are in a world of hurt and won't even be able to send email from one department to another in city hall because all their mail and documents are now "in the cloud" which would then be inaccessible to them rather than on a server in their local data center. So ... and Earthquake in Santa Clara county might take out city governments in Monterey or Santa Cruz counties which might otherwise be perfectly able to conduct their business. Point is, MANY people are using "the cloud" as their primary storage because it is marketed as being safe and secure (backed up and with better access security than they could manage themselves).
On 01/21/2012 11:38 AM, George Bonser wrote:
Entire governments in the US are using "cloud storage" for their documentation these days. It is my understanding (which is hearsay) that Google has an entire service aimed at small governments (county and municipal mostly) in Google Docs for just this purpose and I know of at least one city on California that is using Google for their document repository and their city email. In case of an emergency where Google is unreachable, they are in a world of hurt and won't even be able to send email from one department to another in city hall because all their mail and documents are now "in the cloud" which would then be inaccessible to them rather than on a server in their local data center. So ... and Earthquake in Santa Clara county might take out city governments in Monterey or Santa Cruz counties which might otherwise be perfectly able to conduct their business.
Sure, but balance that with podunk.usa's possibly incompetent IT staff? It costs a lot of money to run a state of the art shop, but only incrementally more as you add more and more instances of essentially identical shops. I guess I have more trust that Google is going to get the redundancy, etc right than your average IT operation. Now whether you should *trust* Google with all of that information from a security standpoint is another kettle of fish. Mike
Sure, but balance that with podunk.usa's possibly incompetent IT staff? It costs a lot of money to run a state of the art shop, but only incrementally more as you add more and more instances of essentially identical shops. I guess I have more trust that Google is going to get the redundancy, etc right than your average IT operation.
Now whether you should *trust* Google with all of that information from a security standpoint is another kettle of fish.
Mike
I agree, Mike. Problem is that the communications infrastructure that enables these sorts of options is generally so reliable people don't think about what will happen if something happens between them and their data that takes out their access to those services. Imagine a situation where several municipal governments in, say, Santa Cruz County, California are using such services and there is a repeat of the Loma Prieta quake. Their data survives in Santa Clara county, their city offices survive but there is considerable damage to infrastructure and structures in their jurisdiction. But the communications is cut off between them and their data and time to repair is unknown. The city is now without email service. Employees in one department can't communicate with other departments. Access to their files is gone. They can't get the maps that show where those gas lines are. The local file server that had all that information was retired after the documents were transferred to "the cloud" and the same happened to the local mail server. At this point they are "flying blind" or relying on people's memories or maybe a scattering of documents people had printed out or saved local copies of. It's going to be a mess. The point is that "the cloud" seems like a great option but it relies on being able to reach that "cloud". Your data may be safe and sound and your office may have survived without much wear, but if something happens in between, you might be sunk. And out in "Podunk", there aren't often multiple paths. You are stuck with what you get. Or your cloud provider might announce they are going out of that business next week.
I have always had a certain fondness for paper. Thanks, Donald ============================= Donald E. Eastlake 3rd +1-508-333-2270 (cell) 155 Beaver Street, Milford, MA 01757 USA d3e3e3@gmail.com On Sat, Jan 21, 2012 at 3:19 PM, George Bonser <gbonser@seven.com> wrote:
Sure, but balance that with podunk.usa's possibly incompetent IT staff? It costs a lot of money to run a state of the art shop, but only incrementally more as you add more and more instances of essentially identical shops. I guess I have more trust that Google is going to get the redundancy, etc right than your average IT operation.
Now whether you should *trust* Google with all of that information from a security standpoint is another kettle of fish.
Mike
I agree, Mike. Problem is that the communications infrastructure that enables these sorts of options is generally so reliable people don't think about what will happen if something happens between them and their data that takes out their access to those services. Imagine a situation where several municipal governments in, say, Santa Cruz County, California are using such services and there is a repeat of the Loma Prieta quake. Their data survives in Santa Clara county, their city offices survive but there is considerable damage to infrastructure and structures in their jurisdiction. But the communications is cut off between them and their data and time to repair is unknown. The city is now without email service. Employees in one department can't communicate with other departments. Access to their files is gone. They can't get the maps that show where those gas lines are. The local file server that had all that information was retired after the documents were transferred to "the cloud" and the same happened to the local mail server. At this point they are "flying blind" or relying on people's memories or maybe a scattering of documents people had printed out or saved local copies of. It's going to be a mess.
The point is that "the cloud" seems like a great option but it relies on being able to reach that "cloud". Your data may be safe and sound and your office may have survived without much wear, but if something happens in between, you might be sunk. And out in "Podunk", there aren't often multiple paths. You are stuck with what you get.
Or your cloud provider might announce they are going out of that business next week.
On 21/01/12 12:19 PM, George Bonser wrote:
Imagine a situation where several municipal governments in, say, Santa Cruz County, California are using such services and there is a repeat of the Loma Prieta quake. Their data survives in Santa Clara county, their city offices survive but there is considerable damage to infrastructure and structures in their jurisdiction. But the communications is cut off between them and their data and time to repair is unknown. The city is now without email service. Employees in one department can't communicate with other departments. Access to their files is gone. They can't get the maps that show where those gas lines are. The local file server that had all that information was retired after the documents were transferred to "the cloud" and the same happened to the local mail server. At this point they are "flying blind" or relying on people's memories or maybe a scattering of documents people had printed out or saved local copies of. It's going to be a mess.
This is what disaster simulations are for, to suss out these problems before a disaster and put in systems to avoid the mess. In the real world, while a city might keep the digital documents "in the cloud" they would also (always) have paper copies, because in a big emergency their computers (local mail/file servers or internet access to the cloud) are likely to be unavailable, power or internet access is likely to be disrupted. In a true emergency such as Loma Prieta, they are going to reach for the paper maps that were printed and saved for just this eventuality, and part of the emergency preparedness is to have a regular process to print and save updated maps (every year or 6 months or month or whenever there's a major change - each department will undoubtedly have their own metrics depending on how critical their maps are). If you haven't participated in your city/county CERT training and disaster simulation exercises, I highly suggest you get involved. CERT is a great program and will really help open your eyes to many types of emergency planning you probably haven't thought about. Plus, the more involved you are with CERT the more you are "known" to your local disaster management teams, and the better access you will have to them in the event of a major disaster. jc
This is what disaster simulations are for, to suss out these problems before a disaster and put in systems to avoid the mess.
In the real world, while a city might keep the digital documents "in the cloud" they would also (always) have paper copies, because in a big emergency their computers (local mail/file servers or internet access to the cloud) are likely to be unavailable, power or internet access is likely to be disrupted.
Nope, no paper copies. In fact, many of the documents such as maps and drawings are not even provided on paper anymore at any stage of the process. It's all electronic. The engineering drawings, maps, reports, plans, everything's electronic copy now. If you want a copy to take to the field, you print one off and dispose of it when done unless you keep it in your personal storage (desk file drawer).
In a true emergency such as Loma Prieta, they are going to reach for the paper maps that were printed and saved for just this eventuality
Nope, the paper maps have been disposed of as they have become obsolete and replaced with electronic copy. It requires space to store all those documents. Space costs money. I'm being absolutely serious here. Not only are many of these municipalities no longer storing paper copies, they are storing them "in the cloud" that might become completely unreachable during an emergency. My jaw just about hit the floor when it was explained to me what one town in California was doing. Those people are going to be just about completely helpless in an emergency but they are doing it because they are running out of money. Pensions are eating that town alive. Their emergency drills do not include a loss of connectivity to the cloud.
CERT is a great program and will really help open your eyes to many types of emergency planning you probably haven't thought about. Plus, the more involved you are with CERT the more you are "known" to your local disaster management teams, and the better access you will have to them in the event of a major disaster.
I am talking here about the process internal to the government agency, not drills concerning the public. In case of an emergency where they are cut off from Google, that town government will have no email and no access to their documents. They have no other mechanism, they can't afford it. The days when a city could actually have contingency plans are just about over. Pensions are eating them up so badly, they are just barely able to function at all. I'm being dead serious. Larger cities such as San Jose have about 10 years left. The Mayor of SJC said that in about 12 years the city will not be able to provide any services whatsoever. Pensions will take 100% of city revenue. They have already started closing the libraries.
On 21/01/12 11:20 PM, George Bonser wrote:
This is what disaster simulations are for, to suss out these problems before a disaster and put in systems to avoid the mess.
In the real world, while a city might keep the digital documents "in the cloud" they would also (always) have paper copies, because in a big emergency their computers (local mail/file servers or internet access to the cloud) are likely to be unavailable, power or internet access is likely to be disrupted. Nope, no paper copies.
I personally know Lynn Brown, OES (Office of Emergency Services) Coordinator for the City of Mountain View, CA[1]. I asked Lynn about the status of the maps the MV EOC (Emergency Operations Center) uses. Here is the reply:
While we rely on electronic and digital information a lot more these days, the City of Mountain View still has printed maps on hand. I just updated the master map in our EOC, in fact.
The computerized maps are great but we also plan for the worst case scenario with no access to them.
I don't think paper will ever go away completely.
Lynn Brown OES Coordinator Mountain View Fire Department 650-903-6825 lynn(dot)brown(at)mountainview(dot)gov
If you believe that this is not the norm for EOCs across the country, I suggest you personally ask the OES Coordinator for whatever city you think is putting everything in the computer and no longer keeping any paper copies. You may be surprised to learn how well they have indeed thought this thru, and that they do maintain paper maps in the EOC, just as Mountain View does. jc [1] Given that Google has wired MV with free public WiFi, if there were ever a city that would be in a good position to use and rely on Google's cloud services for data storage, Mountain View would be it.
On 1/21/2012 12:19 PM, George Bonser wrote:
I agree, Mike. Problem is that the communications infrastructure that enables these sorts of options is generally so reliable people don't think about what will happen if something happens between them and their data that takes out their access to those services. Imagine a situation where several municipal governments in, say, Santa Cruz County, California are using such services and there is a repeat of the Loma Prieta quake. Their data survives in Santa Clara county, their city offices survive but there is considerable damage to infrastructure and structures in their jurisdiction. But the communications is cut off between them and their data and time to repair is unknown. The city is now without email service....
But fortunately the data is also replicated in another data center nowhere near the quake, so once they pull out the mobile emergency operations center and aim the VSAT dish, they're back online with everything as it was moments before the quake hit... far superior to what formerly happened when the power or phone lines were down at their own facility, never mind what would have happened if their own facility with its infrequent backups to unreliable tape were destroyed. Matthew Kaufman
Well I have a question which is off the top of megaupload.com But it's regarding governments around the world using cloud services. Do we have others Canadians on this list who can confirm, what branches of the Canada Government are actively using public cloud services like google cloud services. or are in the process are currently setting it up. -----Original Message----- From: Matthew Kaufman Sent: Sunday, January 22, 2012 12:49 AM To: George Bonser Cc: nanog@nanog.org Subject: Re: Megaupload.com seized On 1/21/2012 12:19 PM, George Bonser wrote:
I agree, Mike. Problem is that the communications infrastructure that enables these sorts of options is generally so reliable people don't think about what will happen if something happens between them and their data that takes out their access to those services. Imagine a situation where several municipal governments in, say, Santa Cruz County, California are using such services and there is a repeat of the Loma Prieta quake. Their data survives in Santa Clara county, their city offices survive but there is considerable damage to infrastructure and structures in their jurisdiction. But the communications is cut off between them and their data and time to repair is unknown. The city is now without email service....
But fortunately the data is also replicated in another data center nowhere near the quake, so once they pull out the mobile emergency operations center and aim the VSAT dish, they're back online with everything as it was moments before the quake hit... far superior to what formerly happened when the power or phone lines were down at their own facility, never mind what would have happened if their own facility with its infrequent backups to unreliable tape were destroyed. Matthew Kaufman
-----Original Message----- From: James Smith
Well I have a question which is off the top of megaupload.com But it's regarding governments around the world using cloud services. Do we have others Canadians on this list who can confirm, what branches of the Canada Government are actively using public cloud services like google cloud services. or are in the process are currently setting it up.
I believe this is the product http://www.google.com/apps/intl/en/government/trust.html I'm not sure they offer it to Canadian governments. Here's the partial list they give on the web site, I don't see any non-US listed. http://www.google.com/apps/intl/en/customers/index.html#tab5
On 01/21/2012 12:19 PM, George Bonser wrote:
Sure, but balance that with podunk.usa's possibly incompetent IT staff? It costs a lot of money to run a state of the art shop, but only incrementally more as you add more and more instances of essentially identical shops. I guess I have more trust that Google is going to get the redundancy, etc right than your average IT operation.
Now whether you should *trust* Google with all of that information from a security standpoint is another kettle of fish.
Mike I agree, Mike. Problem is that the communications infrastructure that enables these sorts of options is generally so reliable people don't think about what will happen if something happens between them and their data that takes out their access to those services. Imagine a situation where several municipal governments in, say, Santa Cruz County, California are using such services and there is a repeat of the Loma Prieta quake. Their data survives in Santa Clara county, their city offices survive but there is considerable damage to infrastructure and structures in their jurisdiction. But the communications is cut off between them and their data and time to repair is unknown. The city is now without email service. Employees in one department can't communicate with other departments. Access to their files is gone. They can't get the maps that show where those gas lines are. The local file server that had all that information was retired after the documents were transferred to "the cloud" and the same happened to the local mail server. At this point they are "flying blind" or relying on people's memories or maybe a scattering of documents people had printed out or saved local copies of. It's going to be a mess.
The point is that "the cloud" seems like a great option but it relies on being able to reach that "cloud". Your data may be safe and sound and your office may have survived without much wear, but if something happens in between, you might be sunk. And out in "Podunk", there aren't often multiple paths. You are stuck with what you get.
Or your cloud provider might announce they are going out of that business next week.
The problem is that the local infrastructure might just as easily get taken out too. Here in SF, I'm sure that the entirety of the data center capabilities aren't, say, housed in city hall itself, so we're just as vulnerable to partition whether they run their own infrastructure as we would be if we hosted in the "cloud" too. The larger issue here is diversity and resilience. The internet is guaranteed to fail us at the worst possible time, full stop. We need to make certain that we keep at least _some_ terribly inefficient and thoroughly antiquated means of doing the same thing viable for critical tasks. When I was at Cisco, there was a push to getting emergency responders to coordinate their communication infrastructure both for cross coordination as well as of course cost down. Makes perfect sense... so long as the unthinkable doesn't happen (ie the internet failing us). That's why our new IP monoculture sort of gives me the creeps. Mike
On 1/21/12 11:38 , George Bonser wrote:
Not that I would not be a bit miffed if personal files disappeared, but that's one of the risks associated with using a cloud service for file storage. It could have been a fire, a virus erasing file, bankruptcy, malicious insider damage... Doesn't matter, you lost access to legit content in the crossfire.
There is always a risk of losing access to cloud resources. And for years, we always joked in my computer buddy circles, computers know when you don't have a backup.
It's your fault(not theirs) if that was your only copy.
Lyle Giese LCR Computer Services, Inc.
Entire governments in the US are using "cloud storage" for their documentation these days. It is my understanding (which is hearsay) that Google has an entire service aimed at small governments (county and municipal mostly) in Google Docs for just this purpose and I know of at least one city on California that is using Google for their document repository and their city email. In case of an emergency where Google is unreachable, they are in a world of hurt and won't even be able to send email from one department to another in city hall because all their mail and documents are now "in the cloud" which would then be inaccessible to them rather than on a server in their local data center. So ... and Earthquake in Santa Clara county might take out city governments in Monterey or Santa Cruz counties which might otherwise be perfectly able to conduct their business.
Point is, MANY people are using "the cloud" as their primary storage because it is marketed as being safe and secure (backed up and with better access security than they could manage themselves).
It may also be the case that your cloud service may be uncoupled from the fate of your geography which may will allow it to survive a regional failure that might otherwise render you inoperable. All eggs in one basket is to my mind a bigger problem than who's basket they're in. If your network is wiped out it may not matter where the data is from an availability perspective unless alternatives are in place.
On 01/21/2012 03:28 PM, Joel jaeggli wrote:
Entire governments in the US are using "cloud storage" for their documentation these days. It is my understanding (which is hearsay) that Google has an entire service aimed at small governments (county and municipal mostly) in Google Docs for just this purpose and I know of at least one city on California that is using Google for their document repository and their city email. In case of an emergency where Google is unreachable, they are in a world of hurt and won't even be able to send email from one department to another in city hall because all their mail and documents are now "in the cloud" which would then be inaccessible to them rather than on a server in their local data center. So ... and Earthquake in Santa Clara county might take out city governments in Monterey or Santa Cruz counties which might otherwise be perfectly able to conduct their business.
Point is, MANY people are using "the cloud" as their primary storage because it is marketed as being safe and secure (backed up and with better access security than they could manage themselves). It may also be the case that your cloud service may be uncoupled from
On 1/21/12 11:38 , George Bonser wrote: the fate of your geography which may will allow it to survive a regional failure that might otherwise render you inoperable.
All eggs in one basket is to my mind a bigger problem than who's basket they're in.
If your network is wiped out it may not matter where the data is from an availability perspective unless alternatives are in place.
I think that the larger issue here is resilience. If you're completely dependent on IP, then when IP fails you're hosed. We have a situation where that is becoming more and more true, however. When the last vestiges of TDM are rooted out of the telephony network, we will be less resilient than before. When paper record trails are replaced by the cloud, we are less resilient. It's sort of scarey in some ways how much of an information monoculture we're building: it's a huge strength and a glaring vulnerability. Mike
----- Original Message -----
From: "Lyle Giese" <lyle@lcrcomputer.net>
Not that I would not be a bit miffed if personal files disappeared, but that's one of the risks associated with using a cloud service for file storage. It could have been a fire, a virus erasing file, bankruptcy, malicious insider damage... Doesn't matter, you lost access to legit content in the crossfire.
I'm not sure this is actually true. The Law generally recognizes 'accident' as a means for relieving people of responsibility for criminal acts -- it can't *be* a criminal act without scienter on the part of the doer. In this case, the doer was negligent, rather than purposefully malicious, but we have solutions for that as well. I hope that we don't see a class-action lawsuit against the feds... I wanna see them have to defend each case individually. Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
On Jan 21, 2012, at 8:00 PM, Jay Ashworth wrote:
----- Original Message -----
From: "Lyle Giese" <lyle@lcrcomputer.net>
Not that I would not be a bit miffed if personal files disappeared, but that's one of the risks associated with using a cloud service for file storage. It could have been a fire, a virus erasing file, bankruptcy, malicious insider damage... Doesn't matter, you lost access to legit content in the crossfire.
I'm not sure this is actually true. The Law generally recognizes 'accident' as a means for relieving people of responsibility for criminal acts -- it can't *be* a criminal act without scienter on the part of the doer.
Actually, that's often not true in recent laws. There was an article in the Wall Street Journal a month or so ago that gave some glaring examples of not just laws but actual convictions.
In this case, the doer was negligent, rather than purposefully malicious, but we have solutions for that as well.
I'm not sure what you mean by "doer" here. http://opinion.latimes.com/opinionla/2012/01/copyrights-feds-push-novel-theo... has an interesting analysis. It presents a number of factual statements that are capable of multiple interpretations. This in turn means that much of the case is likely to turn on scienter, which in turn means heavy reliance on the seized emails. This will be an interesting case to watch. --Steve Bellovin, https://www.cs.columbia.edu/~smb
In article <596B74B410EE6B4CA8A30C3AF1A155EA09C8CDBA@RWC-MBX1.corp.seven.com>, George Bonser <gbonser@seven.com> writes
The problem is going to be the thousands of people who have now lost their legitimate files, research data, personal recordings, etc. that they were using Megaupload to share.
But that's an operational risk of using any commercial entity as a filestore. Thousands of people lost[1] a lot of work when fotopic.net collapsed: http://en.wikipedia.org/wiki/Fotopic.net [1] As it's getting on for a year since an apparent rescue attempt, and nothing has emerged, this seems a reasonable assumption. -- Roland Perry
I just made the brain melting mistake of trying to read the DMCA. The text which jumps out at me is: `(2) EXCEPTION- Paragraph (1) shall not apply with respect to material residing at the direction of a subscriber of the service provider on a system or network controlled or operated by or for the service provider that is removed, or to which access is disabled by the service provider, pursuant to a notice provided under subsection (c)(1)(C), unless the service provider-- `(A) takes reasonable steps promptly to notify the subscriber that it has removed or disabled access to the material; `(B) upon receipt of a counter notification described in paragraph (3), promptly provides the person who provided the notification under subsection (c)(1)(C) with a copy of the counter notification, and informs that person that it will replace the removed material or cease disabling access to it in 10 business days; and `(C) replaces the removed material and ceases disabling access to it not less than 10, nor more than 14, business days following receipt of the counter notice, unless its designated agent first receives notice from the person who submitted the notification under subsection (c)(1)(C) that such person has filed an action seeking a court order to restrain the subscriber from engaging in infringing activity relating to the material on the service provider's system or network. I'm about 90% sure that in a fair court, it would be concluded that disabling the reported URL qualifies as disabling access to the material. The court might then issue an injunction to, in the future, disable *all* *possible* access to the material, but that's not the current text of the law. YMMV Nick B On Sun, Jan 22, 2012 at 11:58 AM, Roland Perry < lists@internetpolicyagency.com> wrote:
In article <596B74B410EE6B4CA8A30C3AF1A15**5EA09C8CDBA@RWC-MBX1.corp.** seven.com<596B74B410EE6B4CA8A30C3AF1A155EA09C8CDBA@RWC-MBX1.corp.seven.com>>, George Bonser <gbonser@seven.com> writes
The problem is going to be the thousands of people who have now lost
their legitimate files, research data, personal recordings, etc. that they were using Megaupload to share.
But that's an operational risk of using any commercial entity as a filestore. Thousands of people lost[1] a lot of work when fotopic.netcollapsed: http://en.wikipedia.org/wiki/**Fotopic.net<http://en.wikipedia.org/wiki/Fotopic.net>
[1] As it's getting on for a year since an apparent rescue attempt, and nothing has emerged, this seems a reasonable assumption. -- Roland Perry
I would disagree, to me I would guess that the court would interpret the disabling of access or removal to refer to the material and not the url. The url is just a reference to the material in question. If you build a bashing system that does not let you comply with the law, that becomes your problem, not the courts. If you show good faith explain the issue and propose a reasonable timeline to resolve the issue or show financial hardship and appeal to the court for more time, then you can avoid, a lot of headaches. Nick B <nick@pelagiris.org> wrote: I just made the brain melting mistake of trying to read the DMCA. The text which jumps out at me is: `(2) EXCEPTION- Paragraph (1) shall not apply with respect to material residing at the direction of a subscriber of the service provider on a system or network controlled or operated by or for the service provider that is removed, or to which access is disabled by the service provider, pursuant to a notice provided under subsection (c)(1)(C), unless the service provider-- `(A) takes reasonable steps promptly to notify the subscriber that it has removed or disabled access to the material; `(B) upon receipt of a counter notification described in paragraph (3), promptly provides the person who provided the notification under subsection (c)(1)(C) with a copy of the counter notification, and informs that person that it will replace the removed material or cease disabling access to it in 10 business days; and `(C) replaces the removed material and ceases disabling access to it not less than 10, nor more than 14, business days following receipt of the counter notice, unless its designated agent first receives notice from the person who submitted the notification under subsection (c)(1)(C) that such person has filed an action seeking a court order to restrain the subscriber from engaging in infringing activity relating to the material on the service provider's system or network. I'm about 90% sure that in a fair court, it would be concluded that disabling the reported URL qualifies as disabling access to the material. The court might then issue an injunction to, in the future, disable *all* *possible* access to the material, but that's not the current text of the law. YMMV Nick B On Sun, Jan 22, 2012 at 11:58 AM, Roland Perry < lists@internetpolicyagency.com> wrote:
In article <596B74B410EE6B4CA8A30C3AF1A15**5EA09C8CDBA@RWC-MBX1.corp.** seven.com<596B74B410EE6B4CA8A30C3AF1A155EA09C8CDBA@RWC-MBX1.corp.seven.com>>, George Bonser <gbonser@seven.com> writes
The problem is going to be the thousands of people who have now lost
their legitimate files, research data, personal recordings, etc. that they were using Megaupload to share.
But that's an operational risk of using any commercial entity as a filestore. Thousands of people lost[1] a lot of work when fotopic.netcollapsed: http://en.wikipedia.org/wiki/**Fotopic.net<http://en.wikipedia.org/wiki/Fotopic.net>;
[1] As it's getting on for a year since an apparent rescue attempt, and nothing has emerged, this seems a reasonable assumption. -- Roland Perry
Nick B <nick@pelagiris.org> wrote:
I'm about 90% sure that in a fair court, it would be concluded that disabling the reported URL qualifies as disabling access to the material. The court might then issue an injunction to, in the future, disable *all* *possible* access to the material, but that's not the current text of the law. YMMV
The crux of the issue is whether a single DMCA take down notice refers only to the content itemized in the notice, or to _all_ content that matches the identification in the notice. It is a *significant* difference, because the former requires the _complainant_ to identify all the 'infringing' items, while the latter requires the notice _recipient_ to search out all other content that matches the notice. Obviously, each side would rather have the other guy do all the work.`
----- Original Message -----
From: "Nick B" <nick@pelagiris.org>
I'm about 90% sure that in a fair court, it would be concluded that disabling the reported URL qualifies as disabling access to the material. The court might then issue an injunction to, in the future, disable *all* *possible* access to the material, but that's not the current text of the law. YMMV
I believe we're all conflating 2 separate and, really, disparate things: 1) what does the law actually require and is that realistic? 2) how were MU actually behaving, and does that relieve The Law of cutting them any slack? The former isn't really affected by the latter; it can still be unreasonable, even if that is *not* the reason why MU proper won't be getting cut any slack which might exist. Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
On Jan 21, 2012, at 6:11 AM, Rich Kulawiec wrote:
On Fri, Jan 20, 2012 at 03:06:04PM -0500, Ricky Beam wrote:
Upon receiving notice a file is infinging, they know that *file* is illegal, and must now remove all the links to it, not just the one that was reported.
But what -- *exactly* -- is an "illegal file"?
As Leo Bicknell astutely pointed out in this thread:
"Also, when using a hashed file store, it's possible that some uses are infringing and some are not."
This is a personal anecdote, and I'm not really trying to take sides in this. But I think what Megaupload's problem was that when they were told that a specific file was not authorized to be distributed at all, they claimed they couldn't stop their users from reuploading it, could only prevent distribution of the file if you were somehow able to give them a list of all their URLs that held identical copies, etc. We had a client that had some data stolen - a laptop was physically stolen, and data from it uploaded to Megaupload. She jumped through the DMCA hoops to get them to take it down, they took more than 72 hours to finally remove it, and less than an hour later the same data was uploaded again. Another 72 hour wait to get them to remove it, rinse, repeat. We finally contacted someone there directly on our client's behalf, who insisted they had no ability to block specific files/hashes/etc -OR- locate additional identical copies on their system. If they didn't have this ability, it was because they were specifically trying not to, since they admitted elsewhere they hash everything that comes in to save space/time on their side, and writing something to block based on a hash they were already making would fall under pretty trivial work. Which may have been the MPAA/RIAA/etc's issue with them as opposed to Dropbox/etc. With Megaupload it was like playing whack-a-mole trying to get something removed, they kept trying to say with a straight face they couldn't stop it from happening, and actually paid uploaders of popular files to keep doing it. I'm not defending the practices of the copyright nazis, but Megaupload was frustratingly difficult to deal with in what should have been a very simple "The owner/creator of this file has not authorized it to be distributed anywhere, don't allow it on your service again" request.
aka "deduplication". In Viacom vs. YouTube it was pretty successfully argued that there was no way for YT to know that *every* instance of a work was illegally uploaded. However they *were* able to produce 'smoking gun' evidence of Viacom agents uploading material. j On Fri, Jan 20, 2012 at 2:37 PM, Paul Graydon <paul@paulgraydon.co.uk>wrote:
From what I understand about MegaUpload's approach, they created a hash of every file that they stored. If they'd already got a copy of the file that was to be uploaded they'd just put an appropriate link in a users space, saving them storage space, and bandwidth for both parties. Fairly straight forward. Whenever they received a DMCA take-down they would remove the link, not the underlying file, so even though they knew that a file was illegally hosted, they never actually removed it. That comes up for some argument about the ways the company should be practically enforcing a DMCA take-down notice, whether each take-down should apply to just an individual user's link to a file or whether the file itself should be removed. That could be different from circumstance to circumstance.
Paul
-- --------------------------------------------------------------- Joly MacFie 218 565 9365 Skype:punkcast WWWhatsup NYC - http://wwwhatsup.com http://pinstand.com - http://punkcast.com VP (Admin) - ISOC-NY - http://isoc-ny.org -------------------------------------------------------------- -
Incidentally, some traffic stats on http://gigaom.com/2012/01/20/follow-the-traffic-what-megauploads-downfall-di... MegaUpload was indeed one of the more popular sites on the web for storing
and sharing content. It ranked as .98 percent of the total web traffic in the U.S. and 11.39 of the total web traffic in Brazil. It garnered 1.95 percent of the traffic in Asia-Pac and a less substantial .86 percent in Europe.
-- --------------------------------------------------------------- Joly MacFie 218 565 9365 Skype:punkcast WWWhatsup NYC - http://wwwhatsup.com http://pinstand.com - http://punkcast.com VP (Admin) - ISOC-NY - http://isoc-ny.org -------------------------------------------------------------- -
From: Joly MacFie [mailto:joly@punkcast.com]
Incidentally, some traffic stats on
downfall-did-to-the-web/<http://gigaom.com/2012/01/20/follow-the-traffic-what-megauploads-downfall-did-to-the-web/>
MegaUpload was indeed one of the more popular sites on the web for
storing
and sharing content. It ranked as .98 percent of the total web
traffic
in the U.S. and 11.39 of the total web traffic in Brazil. It garnered
1.95 percent of the traffic in Asia-Pac and a less substantial .86
percent in Europe.
Our (Sandvine) report<http://www.sandvine.com/news/global_broadband_trends.asp> shows the amounts of traffic for various storage and backup sites such as megaupload, rapidshare, etc. In the US residential ISP traffic megaupload was ~1% of downstream. Other sites are starting to 'voluntarily' shut down access to the US (e.g. filesonic), and you can see the fairly sharp cut-off as below image. [note the chart doesn't give you an absolute sense since you know neither the number of customers nor the amount of the total bandwidth used, but it gives you a relative view. In this particular chart, there was approximately 10Gbps of traffic from all protocols present, yielding the ~1% for Megaupload] Given that filesonic cut off sharing, but still allows users to fetch links they themself posted, one could make the assumption from the below that there was negligible traffic due to people re-fetching their own content. [cid:image001.png@01CCD9A8.2AB2B630] Some more stats on http://www.betterbroadbandblog.com/2012/01/megaupload-gets-shut-down/ --don
On Mon, 23 Jan 2012 13:28:49 GMT, Don Bowman said:
Given that filesonic cut off sharing, but still allows users to fetch links they themself posted, one could make the assumption from the below that there was negligible traffic due to people re-fetching their own content.
Note that the filesonic cutoff appears to have happened around 18:00 last night in whatever timezone the graph was made. There's a good chance that most of the customers don't *know* yet about the cutoff - what happens tonight once the news has spread will be indicative.
participants (37)
-
Administrator -
Alec Muffett -
bmanning@vacation.karoshi.com -
Carsten Bormann -
Don Bowman -
Donald Eastlake -
George Bonser -
Jacob Taylor -
James Smith -
Jay Ashworth -
JC Dill -
Jeroen van Aart -
Joel jaeggli -
Joly MacFie -
Joseph Snyder -
Kevin Day -
Leo Bicknell -
Lyle Giese -
Mark Andrews -
Marshall Eubanks -
Matthew Kaufman -
Michael Painter -
Michael Thomas -
Nick B -
Owen DeLong -
Paul Graydon -
Rich Kulawiec -
Ricky Beam -
Robert Bonomi -
Rodrick Brown -
Roland Perry -
Steven Bellovin -
Suresh Ramasubramanian -
Tei -
Tony McCrory -
Vadim Antonov -
Valdis.Kletnieks@vt.edu