On 2005-10-19T10:37:55-0700, Declan McCullagh wrote: > Previous Politech message: > http://www.politechbot.com/2005/10/17/barney-lawyer-recommends/
> Responses: > http://www.politechbot.com/2005/10/19/more-on-barney/ Some of the first-round responses mentioned the iniquities involved in attacking hosted sites, but what if the site that appears to be involved in copyright infringement isn't? There is no assurance that the suspect IP address isn't forwarding illegal (outgoing) traffic from some other machine, or that it doesn't forward incoming traffic to some other machine. Suppose someone has a wireless firewall appliance set up to forward a number of common ports to an interior server. Attacking a suspect IP results in an attack on an uninvolved interior server. The copyright violation might be some unauthorized person connecting through a wireless gateway, so the owner of the interior server might not be in any way connected to the copyright violation. Suppose someone is running a web proxy. An attack on a suspect IP address results in an attack on the machine running the web proxy. An open web proxy, while it may violate an ISP contract, is not illegal, and by itself the proxy is not connected to any illegal activity (except maybe in China, etc.). Suppose someone is involved in copyright infringement, but forwards all incoming connections on certain ports [while dropping traffic to the rest...] to an IP address associated with the Chinese Embassy. Is it clear who's responsible when a copyright holder ends up attacking a Chinese computer? Even if the person who set up the port forwarding is responsible for _connections_ to the Chinese Embassy made as a result, does that make him responsible for willful attacks conducted by copyright holders? If copyright hackers get immunity as long as they attack the public IP address that appears to be distributing copyrighted material, the consequences will be much worse than those of DMCA take-down provisions. ISPs everywhere would police their own networks with a vengeance to mitigate the risk that some copyright holder would find something first, attack the ISP, and cause major damage (not to mention subsequent loss of customers). At least with the DMCA, ISPs get notified and have a chance to act before something bad happens, which generally means low levels of in-house policing.