back to article Virus lab blogger collared by blundering copyright cop bot

A malware researcher's website was nobbled last week by an automated bot that accused her of breaching copyright law. Web storage biz MediaFire, which is used by Mila Parkour to host dozens of downloads for her Contagio blog, pulled the plug on her account because it contained three files that were flagged up for copyright …

COMMENTS

This topic is closed for new posts.
  1. IT Hack
    Pint

    Of course no one will take LeakID to court and crush them like the vermin they are.

    Sadly though it seems the DCMA is here to stay...and that really sucks. Hard. Like with rotten eggs. That are half developed. And no HP sauce to hand.

    Pint to whoever sorts this fucking mess out.

  2. heyrick Silver badge

    Hmm, she isn't so happy about filings from foreign robots. Fine, I'm sure we'll be happy to keep OUR laws outside of the US if the US agrees to reciprocate and recognise sovereign countries have their own non-US legal systems...

  3. Crisp
    Terminator

    Robots do not make for good law enforcement

    You've only got to watch the documentary RoboCop to see how badly things can go.

    ED 209, I'm looking at you.

  4. The BigYin

    Correct me if I am wrong, please

    But doesn't a DMCA take-down notice require the rights holder to attest under penalty of perjury that the request is legitimate? Seems to me that there is a case for the issuer to answer in the USA.

    Been far too many cases of the bots mis-firing and all it does is make people disrespect the entire system.

    1. Sam Liddicott

      You are wrong: Re: Correct me if I am wrong, please

      they assert under penalty of perjury that they are authorised to act on behalf of the rights holder.

      It's hard to know what that means when they don't identify the work or the rights holder.

      1. The BigYin

        Re: You are wrong: Correct me if I am wrong, please

        What I see is a bot war:

        DMCABot: Takedown XYZ or face the wrath of lawyerz!

        SiteBot: Asset right or license to enforce XYZ, please.

        DMCABot: XYZ right under license from ABC Productions Inc. Our signed public key, our signed rights-license key, or signed site authority.

        SiteBot: Accepted keys. We are asserting fair use under international copyright laws for review, critique or satirical purposes.

        DMCABot: Please assert rights to fair use with signed keys, included all files included in such assertion, their duration, time of upload and incorporating author(s)

        SiteBot: What...all of them?

        DMCABot: Yes! All of them dammit!

        SiteBot: Umm...this is a movie website; that's going to be a big list. A very big list.

        DMCABot: No matter. You must comply. Comply!

        SiteBot: Initiation 1TB metadata dump from TimeWarner, signed begins....

        Repeat ad nauseum. The only people who will win here are the lawyers and vendors or "IP" protection. Not that "IP" really exists anyway; it's three rather separate systems and they should not be conflated like that.

        I have no issue at all with rights holder asserting said rights. And I also accept that mistakes will happen. But the rights-holders must recompense for those mistakes and try to improve their detection. What is funny is that the more the rights-holders tighten their grip, the more it pushes people underground; never mind the exorbitant cost of such automated systems and the collateral damage they cause.

        So to avoid the counter suits, penalties and jail time; I have a proposal. Simply stop taking the fucking piss.

        See that DVD? I bought that DVD I did. I may wish to host it on my own media server for my own user (or transcode it or...). See that games CD? I bought it and would like to play the game without always needing the CD or an always-on connection. See that music CD? I bought that, I do not expect it to launch and attack on my PC. See that download? I bought it, why can't I copy it from one device to another? (Oh, and did you pay the artist the sales fee or the license fee? I bet you just paid the cheaper one, not the correct one.) See that recorded TV program? I pay for the sub to that channel, why can't I stream it to my PC? See that catch-up site? I pay the sub to the channel, why is it blocking content from me? See that Blu-ray? Well you can't because I don't own one for the simple reason your ass-hat restrictions make it hard for me to use. Not impossible, just more bother than it is worth.

        All these are barriers to my use after I have given you my money. So what is a person to do? I see two options:

        1) Do not consume. Only buy from people/place you respect your rights as a consumer and do not treat you like a criminal; and/or

        2) Buy the legit copy/Subscribe to the legit service, but then use an infringing site because the standard of customer service is much better.

        Yes, I have no doubt that if the restrictions were lifted that infringement would sky-rocket and many studios go to the wall. So what? The economy will simply re-normalise with a new market dynamic, fair prices being paid but probably less "big players" (boo-hoo, my heart bleeds). You can bet the scribes were pretty pissed when the printing press came along. Same thing now.

        Having your sock-puppets pass laws so you can treat your paying customers like criminals and further entrench dying business models, create utter dross like "Total Recall" and hype it to death in a vain attempt to recoup the costs (because you know in a fair market it would die) is not the way to go at all. All it does is piss people off and look for ways around it because it prevents them making fair use of what they have bought.

        In point of fact, you are causing your customers to criminalise themselves!

        But, of course, it is much, much more serious than that. With the encroaching attempts to track people on-line and spy on what they are doing, you drive more onto the likes of the Darknet, TOR etc. You drive people to think of ways to completely obfuscate what they are up to. Tools that could be put to much more devious use by others with more malicious aims. Tools which only came about because you drove your customers into creating demand for them.

        Rant ends.

      2. Franklin

        Re: You are wrong: Correct me if I am wrong, please

        Yes. I've had to file many DMCA takedown requests myself when people copy parts of my Web site[1] (it's not just big globocorps that benefit from the DMCA; sometimes, just by accident, the law benefits little guys like me too). The process requires specifically naming the bit that's a violation of copyright and asserting under penalty of perjury that you're the rights holder (or authorized to act on behalf of the rights holder) and that you have reason to believe the material in question is a copyright infringement.

        It seems to me to be eminently reasonable that anyone who fails to fulfill these requirements should be arrested and tried for perjury. If we started arresting executives of copyright trolling firms and major movie or music labels when they abused the DMCA, we might actually find less abuse of the DMCA, which would suit me just fine. The notion of a bunch of trolls and record label execs in jail is not a bad cherry on top, too.

        [1] I publish a great deal of stuff under a Creative-Commons-like attribute/no commercial use license. And even in spite of that, you'd be amazed how many folks lift my work and then try to either claim they wrote it themselves, or sell it. I am still surprised by the number of folks willing to steal that which is available for free.

        1. The BigYin
          Thumb Up

          Re: You are wrong: Correct me if I am wrong, please

          @Franklin - I totally agree. Just like patents, it's not the DMCA or copyright per se that's the problem; it's the way it gets abused/extended/laws written all one-sided. The abuse devalues the whole system and simply leads people to disrespect it.

          I hope you tag your images etc to make you life easier, and good on your for using Create-Commons!

    2. Mectron

      Re: Correct me if I am wrong, please

      The Bot as not legal ground (or authority of any kind) and shouuld not be by regonise as a valid entity by anyone PERIOD.

  5. Gordon Pryra

    "all it does is make people disrespect the entire system"

    Only because the various legal systems are structured around allowing these sorts of industries to thrive in our society’s.

    Anything to do with any of the various parasite industries, legal, financial and copy write are never faced with any consequences, and scarily, are seemingly in the position where they can actually dictate the wording of the various laws.

    As the BigYin says, the person responsible for that "bot" should face perjury, ie jail time, but they wont.

    1. Destroy All Monsters Silver badge
      Big Brother

      Re: "all it does is make people disrespect the entire system"

      There is still a system to disrespect?

      Really, it's all down to "nearer the state makes right" anyway. Why care?

  6. Anonymous Coward
    Anonymous Coward

    So...

    ..is there a way to block the bot?

    I have no copyrighted content (except for that I have permission for, or my own), but I want to stop these lowlifes even trying.

    1. Anonymous Coward
      Anonymous Coward

      Re: So...

      The material being your own sometimes doesn't make a difference. I got threatening emails from the RIAA for having my own music in mp3 format on my website (the URL of which, incidentally, ended in .uk). Of course, one can only guess what they would do with the money that they were trying to fraudulently obtain from me, to protect my rights.

      I will admit that I did them a response that not only outlined the particulars of the situation, but suggested that the entire organisation engage in a series of increasingly unhygienic and physically impossible activities. Oddly, I never did get a response.

      1. Oninoshiko
        Thumb Up

        Re: increasingly unhygienic and physically impossible activities

        I would thumbs you up twice if I should, this post made my day!

  7. Anonymous Coward
    Anonymous Coward

    Climbing up the walls

    So, Mila Parlour or Parkour? Make your mind up already :)

  8. J.G.Harston Silver badge
    FAIL

    "A bot that searches for copyrighted works". So, that's *ANYTHING* created in the last 70 years, INCLUDING THE BLOGGER'S OWN BLOGS.

    Presumably, the code is:

    if(_TRUE_) { report_content(); }

  9. mark l 2 Silver badge

    Can we not just build a big firewall around the USA and let them have their own private internet with as many laws as they like while the rest of the world can carry on as normal?

    1. Mectron

      better solution

      Physicly Destroyed all of the MPAA/RIAA asset (and all internartion branches) and jail for life everyone who ever worked or provided any service to them.

      The MPAA/RIAA is the ENEMY of envery single human on this planet.

  10. JimC
    Facepalm

    If you think about it

    This sort of thing is inevitable. Creators and their agents are required to take a whac-a-mole approach to copyright enforcement. This requires automated systems, and automated systems inevitably generate false positives. The way to stop this is to eliminate the need to play whac-a-mole.

    [cue downvotes]

    1. James 100
      FAIL

      Re: If you think about it

      No, the way to address this is to require and enforce consequences for false claims - which, looking at the "under penalty of perjury" stuff, seems to be exactly the original intent.

      If I stick an ISO of Windows 8 on my website, Microsoft's enforcement bots should go "aha, that's Windows 8, it's ours, it's coming down". If they can't positively identify a file as theirs, they should leave it alone.

      At the very least, there should be a manual check of each outgoing enforcement attempt - and compensation should be due to anyone falsely denied service because of such a mistake. In this case, claiming ownership of a piece of malware would seem either malicious or incredibly incompetent - or indeed defamatory, since they are claiming their client is a creator of malware!

      1. JimC

        Re: If you think about it

        > a manual check of each outgoing enforcement attempt.

        Sure, just so long as site owners have to do a manual check of every upload as well. Sauce for the goose is sauce for the gander isn't it?

  11. Fred 4

    encrypted?

    according to article, as I read it, the DL site was encrypted. How did the bot even 'see' the content??

    1. Dr. Vesselin Bontchev
      Boffin

      Re: encrypted?

      According to which article? ElReg's? Since when do you get technically correct information from such sources? Always follow the links to the original articles and read the text there, if you want to know what the truth is.

      The site being encrypted?! Don't make me laugh. It's just a blog with links to MediaFire. The links contain password-protected ZIP archives and the password is always one and the same and is mentioned in the blog posts. Of course, it is trivial for a human to obtain the contents of the archive. But it is trivial even for a bot to identify that contents - ZIP archives contain CRC-32 checksums of the uncompressed and unencrypted files.

      However, according to Mila, the bot checks just the file NAMES.

      1. diodesign (Written by Reg staff) Silver badge

        Re: Re: encrypted?

        The zip files are password protected, so it's highly likely the bot either was told the password, managed to grep the password from the blog or simply compared filenames and/or a hash.

        C.

  12. Dr. Vesselin Bontchev
    Boffin

    Copyright and malware

    While LeakID's claim is indeed utterly bogus (a FRENCH company trying to enforce a US law in SLOVENIA or where Mila is, and filing inappropriately the claim, at that), there IS a reason why we do these things differently in the anti-virus industry. (Mila isn't part of the AV industry. She's just a blogger who has a collection of mobile malware samples available for download. In fact, she rather takes exception when implied that he's part of the AV industry.)

    No self-respecting AV company will ever make their malware collection publicly available for download. There are several perfectly valid copyright violation cases that can arise if this is done, as I have tried to explain her in the comments to her blog message. Plus, of course, there is the responsibility issue.

    1. The BigYin

      Re: Copyright and malware

      there is the responsibility issue.

      What responsibility issue? The bad guys already know how to do it.

      1. Dr. Vesselin Bontchev
        Boffin

        Re: Copyright and malware

        1) Are you able to assert credibly that ALL the bad guys already know how to do it? In the past, present and future? Have you thought that somebody who isn't a "bad guy" right now because he has no clue how to "do it" might become one if he gets ready-to-use malware from a public distribution site?

        2) We in the AV industry are already fed up fielding idiotic claims that it is we who make and release all this malware, so that we can sell our AV programs. Can you imagine what will happen if one of us actually started a public malware distribution site?

  13. Dave Perry

    Malware authors should have no copyright claim against their work

    That is all

    1. Vic

      Re: Malware authors should have no copyright claim against their work

      Yes they should. All original works of copyrightable material should be afforded the protection of copyright law.

      The interesting thing, of course, is what happens when a malware author tries to enforce that copyright :-)

      Vic.

  14. Herby

    Malware copyright?

    If the malware people DO copyright code, don't they have to register it to do enforcement action? If they DO register it, then we know WHO they are and can counter them in a "trespass" type action.

    It kinda goes into the "Go ahead, make my day" style of stupidity!

    1. Oninoshiko

      Re: Malware copyright?

      No. All code is automatically copyrighted (what's the proper past-tense for this word when used as a verb? I shouldn't be copywritten, as the base word is copyright not copywrite, or maybe this shouldn't be used as a verb at all. "The creation of a copyright protected work" is kinda wordy though.) in all berne-convention countries.

      1. Anonymous Coward
        Anonymous Coward

        Re: Malware copyright?

        "what's the proper past-tense for this word when used as a verb?"

        copiedright?

        1. nuked

          Re: Malware copyright?

          copyrighted

      2. Allan George Dyer
        Pint

        Re: Malware copyright?

        Malware is copyright, fine. So, the infringer has to pay the commercial value as compensation, right?

        But what is the value of malware? Surely, it's NEGATIVE - it harms the legitimate users (normally called "victims") and the author would be legally liable for the damage caused.

        So, get the identity of the author, admit the copyright infringement and take all their money by "paying" the negative compensation!

        Warning: I am not a lawyer, this argument probably works best when the judge is drunk.

    2. Anonymous Coward
      Anonymous Coward

      Re: Malware copyright?

      "If the malware people DO copyright code,"

      The "copy right" is, as its name implies, a right that you enjoy automatically by virtue of a) creating a work, and b) being subject to a jurisdiction that recognises copyright (which I suspect is most of them, at least nominally). So yes, malware *is* copyrighted--whether such copyright is enforceable is for a learned person, not me, to comment on.

      "don't they have to register it to do enforcement action?"

      You can register your work with your local intellectual property office if you so wish, but that mostly helps in cases of plagiarism (e.g., I've done this with my theses--which wasn't particularly appreciated by my tutors, but that's another story).

      1. Ian Prickett

        Re: Malware copyright?

        " I've done this with my theses--which wasn't particularly appreciated by my tutors, but that's another story"

        Which I for one would be interested in hearing :)

  15. Mectron

    What's not illegal in every aspect of LeakID business?

    Invasion of another country

    Illegal Breaking and entering

    Bybass a complete justice system to get instant punishment for something that IS NOT A CRIME

    USA illegal interferance in a fogeign country

    Arrassaement

    Extortion

This topic is closed for new posts.

Other stories you might like