DMCA: We Can Run, but We Can't Hide
anon...@remailer.hastio.org
How BayTSP is Enforcing the Digital Millennium
By Robert X. Cringely
If you look at Mark Ishikawa's business card, you'll notice that it lists no street address for his company, BayTSP, just a
post office box. This is for good reason, since Ishikawa is one of the few Silicon Valley CEOs who regularly receives death
threats. Uninvited visitors are not welcome at BayTSP, which has a post office box in Los Gatos, CA, but could really be
anywhere in the Bay Area.
I certainly have no idea where the company lives, but I know why Ishikawa has so many enemies. It is because BayTSP acts as
the primary enforcer for the Digital Millennium Copyright Act (DMCA), a law that is widely reviled in the technical
community.
The DMCA, which was put in effect in 2000, was an attempt by the U.S. Government to bring copyright law into the cyber age.
But many people -- including, oddly, Mark Ishikawa -- think the DMCA goes too far by making it illegal for me to even tell
you how to circumvent encryption or copy protection technologies. It makes the very passing of knowledge against the law
whether or not that knowledge is ever used.
"It's a very flawed piece of legislation," says Ishikawa, who predicts that the government will rewrite the copyright law
again "in eight or nine years" to correct the mistakes in the DMCA. But until then, the DMCA is the law of the land, and
Mark Ishikawa is the Internet's top cop.
BayTSP is paid anywhere from $200 to $50,000 per month by owners of intellectual property -- primarily software companies,
movie studios, and record companies -- to find who is illegally copying, distributing, or helping to distribute without
permission their intellectual property. For example: Adobe Systems arranged to have Russian programmer Dmitry Sklyarov
arrested at the 2001 DefCon security conference in Las Vegas for violating the DMCA by showing how to circumvent copy
protection in Adobe's eBook software. The arrest was made on information supplied by BayTSP.
Now I am not in any way a fan of the DMCA. The purpose of this column this week is not to examine the DMCA, but rather, to
gain some understanding of how it is enforced. BayTSP is an interesting company, and coming to understand how it does what
it does can be very useful as you will shortly see. So please don't write to me complaining about the DMCA. Write to your
Congressional representatives.
Mark Ishikawa came to the data security business from the Dark Side, having been busted years ago for breaking into the
network at the Lawrence Livermore National Laboratory. Preferring employment to jail time, he became a security consultant
for the Lab and a lot of other places. Eventually, Ishikawa started a large ISP and web hosting company that he sold at a
profit. Now he runs BayTSP.
BayTSP's business falls into two areas -- law enforcement and anti-piracy -- and it uses the same tools for both businesses.
These tools are spider programs that scour the most traveled parts of the Internet looking for users who are offering to
others files that are either illegal to even own or at least illegal to share. An example of the former is child
pornography. BayTSP tracks for the FBI the global carriage of kiddy porn. When a big child pornography bust takes place, it
is generally on the basis of evidence gathered by BayTSP.
"There seems to be an increase in child abductions and murders in the U.S.," says Ishikawa, "and when the abductors are
caught and you look on their home computers, you inevitably find kiddy porn. So it is a precursor to this bad behavior, and
just as the Internet makes it easy to distribute child pornography, it effectively encourages these criminals. We are
working to end that."
BayTSP's spider programs use patented algorithms to scour public web sites looking for pictures, video, and music files.
"Our algorithms are adaptive," claims Ishikawa. "You can cut a picture in half and we'll still find it, matching the cut-
down version against a database of originals, effectively matching the electronic DNA of the target."
One thing BayTSP's spider programs don't do is sit at the Internet peering points sniffing all packets as they go by. "That
would be wiretapping, which is illegal," he says. "All we do is go to the same places any user could go, look at the same
files anyone else could look at, and we only probe the ports on your computer that you have made public."
Now we get to the part I find especially interesting, and where I think there is a lot of confusion among users. This has to
do with how BayTSP finds out who is distributing kiddy porn or pirated music files. If you think your activities on the
Internet are anonymous, you are wrong. When BayTSP finds an IP address that appears to be the source of child pornography or
pirated music or video files, under the DMCA, it can subpoena ISP logs. These logs can directly connect even dynamic IP
addresses to user accounts, making it clear very quickly who owns the offending account. Every ISP keeps these http logs,
and even products for so-called anonymous surfing aren't effective in circumventing the technique.
"We have 100 percent coverage of peer-to-peer file sharing," Ishikawa claims. "If you are illegally sharing copyrighted
materials, we know who you are."
Then why aren't there more arrests? In part, this is because the intellectual property holder who is paying BayTSP gets to
set its own comfort threshold for exactly how much file sharing is too much, and how BayTSP should deal with offenders.
"Adobe only wants to send out cease and desist orders, while some movie studios want to put people in jail," Ishikawa says.
"There are people on the Net offering 50,000 to 60,000 files at a time for sharing. These people will get busted for sure."
For lesser offenders, under the DMCA an intellectual property holder can make your ISP remove the offending content from its
servers. So while you may not go to jail, you might find that your Gnutella songs are no longer available. Repeat offenders
lose their accounts completely. One issue is how quickly ISPs remove the offending material. "Sony wants it gone in an hour,
but Uunet takes two weeks," says Ishikawa.
According to Ishikawa, we'll see major arrests in October of people who have been illegally (and flagrantly) sharing movies.
With the evidence already gathered, the game is afoot, meaning this week is too late to stop sharing those movies and expect
to get away with it. This might be a good time to get a lawyer.
Not even Osama bin Laden can escape the gaze of BayTSP. According to Ishikawa, the FBI thinks terrorists are sharing
information by hiding it in images posted on eBay using a process called steganography. Doesn't that sound a little too
sophisticated for al-Qaida? Can that picture of a dented Ford F-150 pickup with a For Sale sign really be saying, "Bomb the
infidel Cringely's house?" Maybe, maybe not.
"The FBI has us looking for certain specific things," says Ishikawa, "but we haven't found anything yet."
David E. Siegel
<snip>
> "There seems to be an increase in child abductions and murders in the U.S.," says Ishikawa, "and when the abductors are
> caught and you look on their home computers, you inevitably find kiddy porn. So it is a precursor to this bad behavior, and
> just as the Internet makes it easy to distribute child pornography, it effectively encourages these criminals. We are
> working to end that."
>
A clear case of faulty reasoning, specificially post hoc, ergo propter
hoc. Most of their computers probablyu contained Windows notpad, too,
so there is even better evidence that Microsoft software predicts
criminal actions.
-DES
Louann Miller
The missing information needed to evaluate the proposed correlation is
how many people have such material on their hard drives but _don't_
harm anyone, vs the number of people who have and do.
Where we used to live there was a neighborhood feud about some local
teens who were accused (accurately, for all I know) of killing and
dismembering a stray emu. (Long story.) Given that many serial killers
were once animal-harmers, does it follow that all animal-harmers will
go on to be serial killers?
--
Mozilla 1.1 is free and has a built in pop-up killer.
Just uncheck "open unrequested windows" under "advanced" under preferences.
http://www.mozilla.org
Mary Kay Kare
Not to mention absolute incorrect facts. Crimes against persons,
including children, have been in decline for years. In spite of the
recent highly publicized cases, stranger abductions are roughly half
what they were this time last year.
MKK--it's all the media's fault, no, really
--
"Words are the hands of the mind"
Graydon Saunders on rec. arts.sf.fandom
David Eppstein
sie...@acm.org (David E. Siegel) wrote:
> > "There seems to be an increase in child abductions and murders in the
> > U.S.," says Ishikawa, "and when the abductors are
> > caught and you look on their home computers, you inevitably find kiddy
> > porn. So it is a precursor to this bad behavior, and
> > just as the Internet makes it easy to distribute child pornography, it
> > effectively encourages these criminals. We are
> > working to end that."
> >
>
> A clear case of faulty reasoning, specificially post hoc, ergo propter
> hoc. Most of their computers probablyu contained Windows notpad, too,
> so there is even better evidence that Microsoft software predicts
> criminal actions.
The other fault in the reasoning is that the statistics I've seen
(sorry, don't have refs avail offhand) show that child abductions and
murders have actually been decreasing. What has been increasing is
media attention to same.
--
David Eppstein UC Irvine Dept. of Information & Computer Science
epps...@ics.uci.edu http://www.ics.uci.edu/~eppstein/
Giles
"David E. Siegel" <sie...@acm.org> wrote in message
news:dbdfe7e0.02092...@posting.google.com...
From Wired just recently
(http://www.wired.com/wired/archive/10.10/kidporn.html?pg=5&topic=&topic_set
=)
Last year, the Crimes Against Children Research Center, funded in part by
the Department of Justice, completed a study that revealed that rates of
reported child sex abuse in the US have dropped by 30 percent in the past 10
years. The center's director, David Finkelhor, attributes this to effective
public education, a general improvement in such child-welfare indicators as
teen pregnancy and child poverty, and aggressive prosecution and treatment
of those who abuse. Although he expresses concern that in certain people
easy access to child porn might help develop the proclivity to abuse, or
reduce the inhibitions against acting on those impulses, he says flatly,
"There is no evidence that the Internet is fueling an explosion of child
sexual abuse." He adds that "pornography is not one of the major causal
factors" in the abuse of kids.
lcs Mixmaster Remailer
>We Can Run, but We Can't Hide
>How BayTSP is Enforcing the Digital Millennium
>
>By Robert X. Cringely
>
snip
>"It's a very flawed piece of legislation," says Ishikawa, who predicts that the government will rewrite the copyright law
>again "in eight or nine years" to correct the mistakes in the DMCA. But until then, the DMCA is the law of the land, and
>Mark Ishikawa is the Internet's top cop.
>
#And a hypocrite to boot.
>BayTSP is paid anywhere from $200 to $50,000 per month by owners of intellectual property -- primarily software companies,
>movie studios, and record companies -- to find who is illegally copying, distributing, or helping to distribute without
>permission their intellectual property. For example: Adobe Systems arranged to have Russian programmer Dmitry Sklyarov
>arrested at the 2001 DefCon security conference in Las Vegas for violating the DMCA by showing how to circumvent copy
>protection in Adobe's eBook software. The arrest was made on information supplied by BayTSP.
>
So basically the guy has sold his soul to the devil for a couple of bucks.
>
>Mark Ishikawa came to the data security business from the Dark Side, having been busted years ago for breaking into the
>network at the Lawrence Livermore National Laboratory. Preferring employment to jail time, he became a security consultant
>for the Lab and a lot of other places. Eventually, Ishikawa started a large ISP and web hosting company that he sold at a
>profit. Now he runs BayTSP.
>
Poacher turned game-keeper. The lowest of the low.
No wonder he gets death threats !
lcs Mixmaster Remailer
>We Can Run, but We Can't Hide
>How BayTSP is Enforcing the Digital Millennium
>
>By Robert X. Cringely
>
>If you look at Mark Ishikawa's business card, you'll notice that it lists no street address for his company, BayTSP, just a
>post office box. This is for good reason, since Ishikawa is one of the few Silicon Valley CEOs who regularly receives death
>threats. Uninvited visitors are not welcome at BayTSP, which has a post office box in Los Gatos, CA, but could really be
>anywhere in the Bay Area.
>
>I certainly have no idea where the company lives, but I know why Ishikawa has so many enemies. It is because BayTSP acts as
>the primary enforcer for the Digital Millennium Copyright Act (DMCA), a law that is widely reviled in the technical
>community.
>
>The DMCA, which was put in effect in 2000, was an attempt by the U.S. Government to bring copyright law into the cyber age.
>But many people -- including, oddly, Mark Ishikawa -- think the DMCA goes too far by making it illegal for me to even tell
>you how to circumvent encryption or copy protection technologies. It makes the very passing of knowledge against the law
>whether or not that knowledge is ever used.
>
>"It's a very flawed piece of legislation," says Ishikawa, who predicts that the government will rewrite the copyright law
>again "in eight or nine years" to correct the mistakes in the DMCA. But until then, the DMCA is the law of the land, and
>Mark Ishikawa is the Internet's top cop.
>
>BayTSP is paid anywhere from $200 to $50,000 per month by owners of intellectual property -- primarily software companies,
>movie studios, and record companies -- to find who is illegally copying, distributing, or helping to distribute without
>permission their intellectual property. For example: Adobe Systems arranged to have Russian programmer Dmitry Sklyarov
>arrested at the 2001 DefCon security conference in Las Vegas for violating the DMCA by showing how to circumvent copy
>protection in Adobe's eBook software. The arrest was made on information supplied by BayTSP.
>
>Now I am not in any way a fan of the DMCA. The purpose of this column this week is not to examine the DMCA, but rather, to
>gain some understanding of how it is enforced. BayTSP is an interesting company, and coming to understand how it does what
>it does can be very useful as you will shortly see. So please don't write to me complaining about the DMCA. Write to your
>Congressional representatives.
>
>Mark Ishikawa came to the data security business from the Dark Side, having been busted years ago for breaking into the
>network at the Lawrence Livermore National Laboratory. Preferring employment to jail time, he became a security consultant
>for the Lab and a lot of other places. Eventually, Ishikawa started a large ISP and web hosting company that he sold at a
>profit. Now he runs BayTSP.
>
>BayTSP's business falls into two areas -- law enforcement and anti-piracy -- and it uses the same tools for both businesses.
>These tools are spider programs that scour the most traveled parts of the Internet looking for users who are offering to
>others files that are either illegal to even own or at least illegal to share. An example of the former is child
>pornography. BayTSP tracks for the FBI the global carriage of kiddy porn. When a big child pornography bust takes place, it
>is generally on the basis of evidence gathered by BayTSP.
>
>"There seems to be an increase in child abductions and murders in the U.S.," says Ishikawa, "and when the abductors are
>caught and you look on their home computers, you inevitably find kiddy porn. So it is a precursor to this bad behavior, and
>just as the Internet makes it easy to distribute child pornography, it effectively encourages these criminals. We are
>working to end that."
>
>BayTSP's spider programs use patented algorithms to scour public web sites looking for pictures, video, and music files.
>"Our algorithms are adaptive," claims Ishikawa. "You can cut a picture in half and we'll still find it, matching the cut-
>down version against a database of originals, effectively matching the electronic DNA of the target."
>
>One thing BayTSP's spider programs don't do is sit at the Internet peering points sniffing all packets as they go by. "That
>would be wiretapping, which is illegal," he says. "All we do is go to the same places any user could go, look at the same
>files anyone else could look at, and we only probe the ports on your computer that you have made public."
>
>Now we get to the part I find especially interesting, and where I think there is a lot of confusion among users. This has to
>do with how BayTSP finds out who is distributing kiddy porn or pirated music files. If you think your activities on the
>Internet are anonymous, you are wrong. When BayTSP finds an IP address that appears to be the source of child pornography or
>pirated music or video files, under the DMCA, it can subpoena ISP logs. These logs can directly connect even dynamic IP
>addresses to user accounts, making it clear very quickly who owns the offending account. Every ISP keeps these http logs,
>and even products for so-called anonymous surfing aren't effective in circumventing the technique.
>
>"We have 100 percent coverage of peer-to-peer file sharing," Ishikawa claims. "If you are illegally sharing copyrighted
>materials, we know who you are."
>
BayTSB will be in the dark without a flashlight when the next generation of file sharing software comes out with encryption
to encrypt files enroute to their users. They will most likely will use "privacy" as a reason for using it. Without the keys
all you have are a bunch of garbage files worth nothing to packet sniffers and Internet cops. The digital war will go on.
But the users always seem to be a step ahead in this digital domain.
Kiddy porn users deserve to go to jail. I don't think that the number of abuductions has risen too much. Just the number
going on the public news. There are thousands of kids reported missing every week. Has been this way for years, well before
the net. So stop blaming P2P.