Re: [ISN] FC: Draft of Rep. Berman's bill authorizes anti-P2P hacking

From: InfoSec News (isnat_private)
Date: Thu Jul 25 2002 - 03:38:48 PDT

  • Next message: InfoSec News: "Re: [ISN] FC: Draft of Rep. Berman's bill authorizes anti-P2P hacking"

    Forwarded from: Russell Coker <russellat_private>
    
    On Wed, 24 Jul 2002 12:44, you wrote:
    > http://news.com.com/2100-1023-945923.html?tag=politech
    >
    >    Could Hollywood hack your PC?
    >    By Declan McCullagh
    >    July 23, 2002, 4:45 PM PT
    >
    >    WASHINGTON--Congress is about to consider an entertainment
    >    industry proposal that would authorize copyright holders to disable
    >    PCs used for illicit file trading.
    >
    >    The legislation would immunize groups such as the Motion Picture
    >    Association of America and the Recording Industry Association of
    >    America from all state and federal laws if they disable, block or
    >    otherwise impair a "publicly accessible peer-to-peer network."
    >
    >    Anyone whose computer was damaged in the process must receive the
    >    permission of the U.S. attorney general before filing a lawsuit, and a
    >    suit could be filed only if the actual monetary loss was more than
    >    $250.
    
    This might allow some interesting situations.
    
    Imagine if a law enforcement agency had some undercover agents
    investigating illegal activity on the net (could be piracy or
    something else) and were participating in P2P file sharing.  What
    happens when the RIAA launches a virus on them and takes out all their
    computers?  How exactly do you determine when a non-profit
    organization such as a local police station has suffered $250 in
    damages?
    
    How would such a law deal with attacks (either deliberate or by
    mistake) on people and/or companies in other countries?  Are the
    Americans trying to authorise attacks on servers in other countries?  
    If so how should we respond to such illegal attacks?
    
    
    Firstly I think we need to setup a RBL service that lists all the IP
    addresses known to belong to criminal organizations (any organization
    that wants to attack my machines in breach or the relevant Dutch and
    Australian laws is a criminal organization) such as the MPAA and the
    RIAA.  Any responsible ISP administrator has a duty to protect their
    customers from such criminals.  Also this should probably be extended
    to organizations that support those criminals, of course some
    customers would complain that they want to access the web sites about
    new movies etc, so you would need to have two different categories of
    users with an automated method for users to change their settings as
    to whether they want to be protected from such attacks.
    
    The next issue is that of ingres filters.  All responsible ISPs have
    filters setup so that (except in the rare cases of dual-homed
    customers) the customer can't use a source IP address other than the
    address that is assigned to them if they want their packets to go
    anywhere.  This makes it easy to track customers who do bad things and
    discourages them from trying it.  In the case of the RIAA, perhaps the
    ingres filters should not stop packets destined for those networks.  
    After all if the RIAA is going to attack your customers it seems fair
    to allow them to retaliate.
    
    
    Russell Coker
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Thu Jul 25 2002 - 06:26:01 PDT