November 10, 2003
Volume 2, Issue 6
An Army of One P2P Videogame
Forbes Coverage
The U.S. Army could spend $12 million making and distributing CD copies of a new videogame recruiting tool. Or it could spend virtually nothing and distribute the game on a peer-to-peer (P2P) file-sharing service better known for downloads of music.
Tough call? Not for the Army, which is distributing the game on Gnutella file-sharing network LimeWire. The Army's Colonel Casey Wardynski insists Gnutella is just fine, while acknowledging the anarchy of file-sharing. "It might be that our game is also on KaZaA," he shrugged. "That I'm not sure of."
For LimeWire, isn't this like the Post Office legitimizing Santa Claus in Miracle on 34th Street? "Sure," says Greg Bildson , LimeWire's chief technology officer: "But we feel legitimate all the time."
Report from CEO Marty Lafferty
We have made excellent progress gathering high quality input from music sector leaders on the second-of-three business models that DCIA intends to bring forth shortly for industry consideration.
Thanks to all who are participating on a confidential basis in this process. This week we will continue one-on-one private meetings with music labels and publishers to ensure that our final product is fully responsive to key issues.
Meanwhile, it is also important to reflect on related activities in Congress. We have commented previously in DCINFO on House bills supported by opponents of the distributed computing industry, with our intention to provide legislators balanced feedback.
The pattern of wrongly singling out P2P from other Internet applications for sanctions has resurfaced in HR 3159, the Government Network Security Act of 2003, as it has in prior bills addressing issues ranging from copyright infringement to distribution of criminally obscene content.
By ignoring much greater vulnerabilities, however, such proposed legislation not only confuses a promising new technology with unfortunate abuses of it, but also fails to adequately or appropriately protect federal agencies from the specter of a "Digital 9/11."
The US Department of Homeland Security (DHS) recently released a list of the top 20 most commonly exploited Windows, UNIX and Linux flaws. At a minimum, these should be addressed, ranked in DHS priority order, by HR 3159.
For Windows based systems, the top ten vulnerabilities identified by DHS were: Internet Information Services (IIS); Microsoft SQL Server (MSSQL); Windows authentication, Internet Explorer; Windows Remote Access Services, Microsoft Data Access Components (MDAC); Windows Scripting Host (WSH); Microsoft Outlook - Microsoft Express; Windows peer-to-peer file sharing (P2P); Simple Network Management Protocol (SNMP).
For Unix/Linux Systems the top vulnerabilities were: BIND - Domain Name Systems; Remote procedure calls (RPC); Apache Web server; General Unix authentication - accounts with no passwords or weak passwords; clear text services; sendmail; Simple Network Management Protocol (SNMP); Secure Shell (SSH); Misconfiguration of enterprise services (NIS/NFS); and Open Secure Sockets Layer (SSL).
As these lists indicate, P2P is not the major weakness that might be exploited in a cyber-terrorist attack: it is ranked 9 out of 10 for Windows -- for a business software application -- and is not included at all in the top 10 for Unix/Linux systems.
Because government computers contain vital national security, defense, law enforcement, economic, public health, and environmental information, best efforts should be employed in protecting them. A mere review of risks that may arise from P2P, as this bill requires, is not nearly enough to protect against threats to national security.
A far more rigorous defense against computer terrorism and the disclosure of sensitive national security information is called for. P2P is just one means, and neither the most likely nor potentially damaging, that a cyber-terrorist might utilize to attack the government of the United States via the Internet.
In order to be of real value, the scope of HR 3159 should be expanded to address security breaches arising from broadband connectivity and from generally deployed software such as e-mail, instant messaging, and web browsers, as well as from P2P applications. The DCIA would be pleased to work with those responsible to complete a thorough redrafting of this potentially important piece of legislation.
P2P All the Way to the Supreme Court?
Hollywood Reporter Coverage
File-sharing may drive the US Supreme Court to reconsider issues of copyright and fair use as it did 19 years ago in the Betamax case over home videotaping. In a dry run of that likely showdown, litigators last week argued before 50 of their peers at a luncheon sponsored by the Beverly Hills Bar Association.
"The fact that Justice Rehnquist was on the dissenting opinion in the Betamax case and now he's the chief justice is a very telling, potentially portending fact," said Breton Bocchieri, a leading Internet piracy attorney. "The technological arguments aside, there is another issue of whether or not the law of copyright will be clarified or expanded."
The cases in question are the 1984 Betamax decision that passed by a narrow 5-4 margin and an April ruling by US District Court Judge Stephen Wilson which held that Grokster and Morpheus were not liable for their customers' file trading. Major record labels have appealed Wilson 's ruling, and oral arguments in federal appeals court should take place in January or February.
RIAA attorney Matt Oppenheim said the companies that designed Grokster and related software are clearly liable because they have a proven ability to shut down and hence control their systems.
"These are companies whose sole business is to make money off of other copyright holders," he argued, adding that it was the prime reason music sales have fallen 31% in the past three years.
EFF attorney Fred von Lohmann said the majority decision in the Betamax case examined the potential dangers to commerce if issues of secondary liability were allowed to impact technological development based on the potential infringing uses of a specific device.
"As we know with the VCR case itself, the proportion of uses -- infringing and non-infringing -- obviously changes over time," he noted. "I think it's quite plain that the major motion picture studios ultimately relented on their cartel threat never to release a prerecorded videocassette of any movie -- and that changed the predominant use for VCRs."
Matt countered that the studios had no issue with a VCR's play button, rather its recording function and Fred responded that both technology and entertainment would suffer if manufacturers were held liable for the way people use their electronic devices.
"In the long run, it is precisely innovations in technology that are the fuel of the copyright industry," he said. "Technology and copyright, for a hundred years, have been complementary products, notwithstanding the fact that this complaint is brought up each and every time a disruptive new technology arises."
|