Forwarded from: Russell Coker <[EMAIL PROTECTED]> On Wed, 24 Jul 2002 12:44, you wrote: > http://news.com.com/2100-1023-945923.html?tag=politech > > Could Hollywood hack your PC? > By Declan McCullagh > July 23, 2002, 4:45 PM PT > > WASHINGTON--Congress is about to consider an entertainment > industry proposal that would authorize copyright holders to disable > PCs used for illicit file trading. > > The legislation would immunize groups such as the Motion Picture > Association of America and the Recording Industry Association of > America from all state and federal laws if they disable, block or > otherwise impair a "publicly accessible peer-to-peer network." > > Anyone whose computer was damaged in the process must receive the > permission of the U.S. attorney general before filing a lawsuit, and a > suit could be filed only if the actual monetary loss was more than > $250.
This might allow some interesting situations. Imagine if a law enforcement agency had some undercover agents investigating illegal activity on the net (could be piracy or something else) and were participating in P2P file sharing. What happens when the RIAA launches a virus on them and takes out all their computers? How exactly do you determine when a non-profit organization such as a local police station has suffered $250 in damages? How would such a law deal with attacks (either deliberate or by mistake) on people and/or companies in other countries? Are the Americans trying to authorise attacks on servers in other countries? If so how should we respond to such illegal attacks? Firstly I think we need to setup a RBL service that lists all the IP addresses known to belong to criminal organizations (any organization that wants to attack my machines in breach or the relevant Dutch and Australian laws is a criminal organization) such as the MPAA and the RIAA. Any responsible ISP administrator has a duty to protect their customers from such criminals. Also this should probably be extended to organizations that support those criminals, of course some customers would complain that they want to access the web sites about new movies etc, so you would need to have two different categories of users with an automated method for users to change their settings as to whether they want to be protected from such attacks. The next issue is that of ingres filters. All responsible ISPs have filters setup so that (except in the rare cases of dual-homed customers) the customer can't use a source IP address other than the address that is assigned to them if they want their packets to go anywhere. This makes it easy to track customers who do bad things and discourages them from trying it. In the case of the RIAA, perhaps the ingres filters should not stop packets destined for those networks. After all if the RIAA is going to attack your customers it seems fair to allow them to retaliate. Russell Coker - ISN is currently hosted by Attrition.org To unsubscribe email [EMAIL PROTECTED] with 'unsubscribe isn' in the BODY of the mail.
