RIAA chief calls for copyright filters on PCs
By deception or force if necessary
When is a virus not a virus? When it's sending your personal data to the Recording Industry Association of America, silly.
Internet advocacy website Public Knowledge has posted a highlight reel from the State of the Net Conference, where RIAA boss Cary Sherman suggests that internet filtering sorely lacks the personal touch of spyware.
While ISP-level filtering dragnets such as those proposed by AT&T have their way of catching the sloppier digital music thieves out there, the technology is more-or-less bypassed by basic file encryption.
That's why Sherman recommends finding a way to install filtering software directly onto people's home PCs.
"One could have a filter on the end-user's computer that would actually eliminate any benefit from encryption. Because if you want to hear it [the music], you would need to decrypt it. At that point the filter could work," said Sherman.
"Why would somebody want to put that on their machine? They wouldn't likely want to do that," mused Sherman.
Why indeed?
"They'd do that when it benefits them such as for viruses and so on and so forth. But that's the sort of thing that could be enforced whether at the modem or something that's put in by an ISP."
Ah, trickery. But perhaps you'll need some rationalization so it doesn't sound like your average run-of-the-mill nefarious spyware.
"I don't think you should underestimate the educational benefit of these kind of things. A lot of this is basically letting people know that what you're doing here is not OK."
Education. Perfect. If history is any judge, we're sure the RIAA's legal department will find a very reasonable and scholarly way of setting a person back on the straight and narrow. Meanwhile the vast majority who don't steal music will be happy knowing the RIAA is scanning every packet of their incoming data in the name of academia.
Catch the highlights here. Or see the full conference here (watching an hour of streaming Real Player video is done at your own risk). ®
COMMENTS
No point arguing..
It's not the RIAA bosses fault - from the stuff they come out with they are obviously complete techno-morons.
The real culprits are the yes-men lawyers behind them.
The last thing they want is a quick and reasonable solution, they need the arguments to go on as long as possible so they can keep raking in the fees!
I so look forward to them trying this
If any of this is tried, and it passes my gateway in any means, I will personally log this as "computer crimes" with the local police, and name each and every person on their board of directors. Since unlawful computer trespass is considered a serious crime in Europe, this is likely to mean an interpol-report + international warrant for arrest.
Even if some uncivilized countries regularly ignore international laws and international warrants for arrest, this means that when/if they visit a civilized country, they can be extradited, tried, and jailed.
Simple as that.
An American corporistic power trying to hack/penetrate the lot of computers in Europe will generally mean a LOT of those logs-at-police... I wonder how "1 million cases of computer trespass" would look on their CV?
//Svein
@AC w/r/t "Fritz Chip"
A name I hadn't heard, but which turns out refer to the Trusted Platform Module (TPM). It seems to me that this makes some of your assertions questionable (IMHO)
Quick whistlestop, the TPM provides three (count them) sets of functionality : Public key crypto functions (RSA, SHA-1, HMAC) , trusted boot, and initialisation and management.
Since the user (and there are GPL'd linux drivers available for the module) may define exactly what configuration is to be 'trusted', there is nothing on the 'Fritz' * chip to prevent me from booting linux, starting a VM, attaching a debugger and using this environment to host another OS.
Additionally, I can provide my VM with a virtual TPM (e.g. one in software) http://www.usenix.org/events/sec06/tech/full_papers/berger/berger_html/vtpm06.html
The utility of this is debatable, but the point is that I can set up an environment with a TPM enabled OS running in an environment that I control completely, including the internals of the TPM. (Whats that ? Newer OSs detect when they're virtualised ? That's an old, old arms race.)
There is NO way for the TPM to reject an OS, a system configuration, or a piece of hardware because it isn't certified by a third party, none, zip, zilch, nada, bugger all.
From the horses mouth :
https://www.trustedcomputinggroup.org/faq/TPMFAQ/
"Can the Trusted Platform Module control what software runs?
No. There is no ability to do this."
"Does TCG require that software be certified to run on a TCG-enabled platform?
The TCG design does not have any requirement that software be “certified” in order to use it."
Really, it just doesn't work like that. (Cue hysterical freetards shouting that TPM, and trusted computing in general are evil and that the sky is falling, t'aint so, increase Ritalin and drink less coffee)
Is it possible that you are getting the TPM mixed up with Microsoft's NGSCB (Next Generation Secured Computing Base), formerly known as Palladium, and which relies on a superset of the TPM hardware functionality, including things like Memory Curtaining, and which is indeed far more genuinely sinister ? Or maybe Intel TXT ? Or just possibly something else entirely ?
* Apparently, after US Senator Ernest Frederick "Fritz" Hollings, a sock puppet for the RIAA/MPAA and their pigopolist friends who lobbied, unsuccessfully, for a number of draconian anti copying measures which, had they been passed, would have made US consumer electronics manufacturers even less competitive with their Chinese, Malaysian, &c brethren than they are already. One of which was to include the TPM chip in all media devices. Presumably either he, or indeed the MPAA/RIAA had either misinterpreted the functions of the TPM, or had bought into MSFTs much more Machiavellian Palladium vision.
It's not about music theft
We know that this will not really prevent copyright theft but the record industry is prepared to push for this because they can believe it will. It serves another purpose. It gets legally required government spyware onto your computer. It will be illegal to remove it and difficult to get online if the ISP requires it. Government plans require them to gain more control of the average person. People who resist this and don't believe the hype are in a minority and easily identified. We are all breaking the law somewhere along the line and can have pressure put on us due to this. It's not about music copyrigh, that's a pretext, it's about control of free speech and freedom by the government. The music industries fears are just being used to push some laws through.
The poster who quoted Train Spotting gets it. Think of the Matrix where Neo should keep his head down and be a good little office worker. If you have nothing to hide you have nothing to fear.
It will all happen by stealth
Our governments will love this one... ISPs required to only pass signed packets so only signed "legitimate" apps can communicate over the Internet. It's perfect: No more terrorists or kiddiefiddlers using encryption or darknets. People can write whatever software they like but unless they're "legitimate" (that word again) corporations they won't be able to afford to pay for their code to be examined by a trusted (by the government) testing lab to get it signed so it won't be able to communicate anyway. Just think of all the commercial secrets MS could learn if they ran a signing service and smaller companies and individuals had to submit their code to be audited. If they didn't go that far it would make the spooks' jobs easier as they would know what app generated every packed and which ones need to be deep scanned.
Go ahead, write "Son of Bittorrent." You won't be able to use it to transfer information outside of your house unless you get it signed. I'm sure that any such signing mechanism would also allow keys to be revoked so the threat of "turning off" an application could be used against any developer in order to make them self-censor/include code to ensure "children are protected" or "copyrights are respected" (insert excuse of the week here.)
MIcrosoft and Apple will love this one too. It will effectively be impossible to have a piece of open source software communicate oner the net (or to ensure that any such software has its output examined) as it's not signed. Since the signing will cost money the distribution of software for no cost will be severely hampered (of course MS and Apple will have the right to self-sign so they're going to be OK.) Further more the code behind this will be covered by NDAs so publishing the source will be forbidden.
MS and Apple also get protection from antitrust lawsuits over this. "It was a legal requirement. You can't sue us for implementing it."
ISPs will love it. Let signed traffic through. Anything unsigned either gets blocked or throttled. No need to play cat and mouse with P2P developers who try to hide their traffic to prevent "management." You can tell that no web browser generated that fake SSL data. It's "future-proof" as new things that will eat bandwidth doing "illegal" things just never get signed or will get identified and turned off when the music/movie industry persuade the government that they're bad. The application that generated a packet can be immediately identified from the signature so prioritising traffic from people you like / throttling things you don't becomes easy with no need to decrypt data. The whole process becomes "noddy" when Cisco implement it in their routers.
Far more likely, this will all be introduced by stealth. There will be no big switch thrown that will lead to howls of protest from Linux users or anyone else. It will all begin innocently enough. iTunes suddenly starts working faster than it used to, nobody complains. Applications from big companies enjoy the benefits of prioritisation. Nothing gets blocked but the bandwidth pool available to unsigned apps gets smaller and smaller (or at least doesn't grow with demand) until transferring a file with an unsigned program becomes so slow that people stop and buy "all new FileFlash MegaPro" (which in reality is just an FTP or Bittorrent client that checks the files aren't "bad" and signs its packets so it gets to play in the fast lane).
Then there's some terrible crime committed and some politician starts banging on about kiddiefiddlers and terrorists using these unsigned apps and a law (sorry "voluntary agreement") gets passed requiring ISPs to block them in return for immunity from prosecution/lawsuits. This one may not happen but if the transfer rates on unsigned apps suck so bad that they're unusable people will use what works. In fact I'm surprised the R.I.Ass.A. hasn't already mounted a publicity offensive or leak alleging that Al Qaida are hiding coded messages from Osama bin Laden to terror cells (Yes, OMG, there may be one in YOUR town! Ban it quick!) in music/movie torrents in order to make banning them more wholesome and urgent. "When you use Bittorrent you are helping terrorists kill children!"
The spooks also love it because everything that's not "kosher" (in their eyes) gets blocked, flagged or throttled so the volume of data they need to examine is kept to a minimum.
Go on, You know it makes sense...
@Missing the point - You're bang on the money my friend.
