Neuromancer - A Hack into My Mind


Saturday, December 10, 2005

RIAA "The Day Music Died"

I was just reading about yet another court case the RIAA has pursued against a mother who "illegally" downloaded and shared music online. Her defense of "sampling" with no intention to keep the music was weak but this is one of many cases I have read in the past week. There was a case of someone who had died years ago being sued by the RIAA for sharing music, a grandmother who doesn't own a computer being sued and children as young as 7 being sued for copyright theft!

Has the RIAA gone insane? Are we going to buy the CD's they made using money from single mothers, grandparents and children they sued. There product is tainted with the fear, anger and exploitation of innocent people. The RIAA knows that a large proportion of the people they have been suing haven't done anything wrong yet they still pursue the cases because they want the money.

I am a computer security specialist in training and I can see the major problem with all of this. The RIAA sues people because an IP address associated with their internet connection was used to steal and share music. Some users have static IP addresses that never change, however this is normally an extra charge for people who want to run servers. The majority of home users have a dynamic IP address, this means it changes. If your on dial-up it changes every time you go online. If you have cable or DSL it will change when you reset your modem or router, although it changes less regularly than for dial-up users.

So what happens if you log on one day and your ISP assigns you an IP address that is associated with someone else's illegal music sharing? Yup the RIAA will sue you even though it wasn't you who did the file sharing. They base all there court cases upon just that, they aren't interested in proving if you even have illegally obtained music on your computer system.
(also the TCP/IP protocol is very weak in that IP addresses can be spoofed (faked))

In some cases they have hired computer security companies to break into peoples computer systems which breaks the Computer Fraud and Abuse Act of 1994 and the Economic Espionage Act of 1996 (if the target computer system has been used for inter-state commerce). These companies are hired to break into peoples computers and find out what they have stolen. Yet no one has argued the RIAA has broken the law by doing this because they are attempting to combat "copyright theft". Sure but the US cybercrime laws are there to protect us! Not just big business.

If they broke into my computer systems I would sue them and I can guarantee I know a hell of a lot more about computer crime law than their two bit lawyers. I would fight them to the Supreme Court if that's what it took to illicit change.

Now on to Sony. It has been discovered that yet another DRM (Digital Rights Management) program has been installing itself on users computer systems without their knowledge when they play certain Sony/BMG music CD's. And this one has been around longer and again introduces security holes in all Windows operating systems. They issued a patch and the patch fixes that hole and opens up yet another.

I am never buying CD's again, it's far too dangerous. And if I find I get infected with these programs I am finding myself a good lawyer.

What is the alternative if buying music CD's in dangerous from a computer security point of view? Well there is iTunes, rhapsody, Yahoo Music, AOL Music, Wal-Mart Online Music Store. These are all far SAFER. I support online music, the record companies can shove their overpriced, malware infected CD's where the sun doesn't shine.