Sony BMG hypocrisy when it comes to piracy

Sony BMG one of the Big Four music companies and one of the most fervent supporters of the antipiracy efforts of the RIAA and IFPI in their effort to stop piracy of movies\music, is now it's being sued for software piracy.

This all started with a support call by a Sony BMG IT staff member to a French software company. PointDev, is the maker of Windows administration tools including Ideal Migration. The Sony BMG employee supplied a pirated license code for Ideal Migration while on a call to their support center. PointDev was able to mandate a seizure of Sony BMG's assets. A subsequent raid of Sony BMG revealed that the software was illegally installed on four servers. This led to a lawsuit by PointDev which it is claiming over $475,000 in damages against Sony BMG.

This alone does not seem to be signs of larger scale piracy at Sony BMG but if you talk to the Business Software Alliance (BSA) they believe that up to 47% of all software installed on Sony BMG's computers could be pirated. The BSA is a trade group established to represent a number of the largest software makers in trying to stop software piracy. In the recent year they have focused their effort on audits of company to find pirated software running on their computers. They even offer a bounty for information of companies that run pirated software.

What makes this case so ironic is the fact that Sony BMG is so fervent in fighting piracy when it comes to the movie and music industry. One the best example of this is the Sony RootKit. Sony BMG included the software on about 100 music CDs. This software was automatically installed on to desktop computers when customers tried to play the CDs. This was done without alerting the user that this software was being installed. The software interfered with the way the operating system plays CDs, prevent any media player or ripper software from accessing the music tracks. The software had a second affect, it opened security holes that allowed viruses to in, and caused other problems. This was all done to stop piracy.

I hope the irony of this entire case is not lost on the lawyers for Sony BMG.

Comcast and Secret Policies

The FCC has finally commented on how they would deal with Comcast in the aftermath of their applications interference scandal. Federal Communications Commission chair, Kevin Martin on Friday told an audience at Stanford University that he had been troubled by Comcast's behavior. He had also stated that the agency is "ready, willing, and able" to deal with the problem. In my opinion the FCC should have acted weeks ago. They should immediately draw up new rules to govern the running of broadband. What is need is a clear set of rules to govern broadband internet services.

This controversy started back in January, with an Associated Press story that revealed that Comcast was interfering with Bit Torrent traffic by sending TCP "reset" packets to end users. In the very face of an amounting body of evidence, Comcast still denied allegations that it specifically targeted Bit Torrent and other applications. Vice president of Comcast, David Cohen even went as far as stating that the company's traffic control measures conform fully to the FCC's definition of "reasonable network management". Only after months of stonewalling did they admit to the truth, that they were not only using traffic shaping practices on P2P traffic but to Lotus Notes email services. This wasn’t the first time that Comcast was not up front. Last year it was reported that they had an Invisible Bandwidth Limit. They stated that it would shut down customers who went above what the company considered average use. The problem was they never gave a hard number for average use, making it difficult to know whether a user was in danger of being shutdown.

Comcast says that it needs to limit bandwidth-consumption of users to keep the quality of services. Their cable networks work by connecting homes up to local nodes, with every home on a particular node drawing from the same pool of bandwidth. The typical node servicing up to 450 homes as few as 15 high bandwidth users maxing out their connections, all 450 homes could see their network access impeded enough to be noticeable.

The problem with the Comcast traffic shaping is that nowhere in their license agreements or in any of their ads do they state that they’re using these measures. Comcast and all ISP have the right to limit user bandwidth but customers have the right to know that their service providers are doing it. That is why the FCC needs to make a bill of rights for consumers’ when it comes to the internet. The FCC should force all ISP to disclose full all bandwidth-caps and the use of packet shaping. I personally left Comcast for ATT mainly because of these unannounced policies. I just hope that ATT starts to use the “Comcastic” model of the internet.

YouTube, Pakistan and BGP

Late on the 24th of February 2008, YouTube became unreachable from almost the entire Internet world. A close look to where the internet traffic was heading showed that packets sent to YouTube were flowing to Pakistan. The interesting part was that the Pakistan government had just placed a ban on the popular online video site. What happened was that Pakistan Telecom placed an address block route to YouTube's servers in an attempt to "black hole" access to the service. Instead of just blocking the path to YouTube's servers for only users inside of Pakistan, it blocked all traffic to almost all users around. This event points out how we, as internet users, take for granted that the internet works and that these service problems could get worse.

On Sunday February 24th a Pakistan inter-ministerial committee ordered all Internet service providers to block the YouTube website for "blasphemous" content and materials that were offensive to Islam. In response the Pakistan Telecom decided to "black hole" YouTube. They simply advertised a different route to YouTube on to their top leave routers. The new route link did not go anywhere. This was a simple measure to filter access to the service from inside of Pakistan. Here is where thing took a bad turn, the routing information escaped from Pakistan Telecom to its ISP PCCW in Hong Kong. From PCCW it spared to the rest of the world. So any packets heading to YouTube would end up in Pakistan Telecom's black hole.

To see how this simple access block went so bad, you have to understand Border Gateway Protocol (BGP) and Classless Inter-Domain Routing (CIDR). BGP is the standard that is used to maintain the routing tables between top leave routers on the internet. CIDR is the way IP addresses are interpreted by the routers. It allows address blocks to be given out in powers of two blocks using a slash after the IP addresses. For example 256 =/24, 512=/23, 1024=/22. Using this system creates a side effect, an IP address can now fall within multiple address ranges. For example, a router could have both 10.0.0.0/8 and 10.10.0.0/16 in its routing table. So they use the longest match first, smallest address block, with the largest number after the slash, takes precedence. Pakistan Telecom advertised a route for 208.65.153.0/24 to its provider. This is a more specific route than the ones used by YouTube (208.65.152.0/22). Both routes were on the routing table but because the longest match first rule, most routers would choose to send traffic to Pakistan Telecom instead of YouTube's own network.

One of the ways that this could have been avoided is by having ISP (like PCCW) limit the BGP advertisements it will accept from a customer. Also BGP vulnerability has been known for a very long time, and until recently only smaller accidents have happen with any frequency. Efforts to make the BGP more robust against this type of accident\attack haven't produced any results. There are routing databases where network operators can register their IP address blocks for the use of generating filters automatically. The problem is, since it’s up to everyone to register their own address blocks, and most people don't, the filters generated from these databases often do more harm than good. The internet can be more fragile then people think. One of the oldest myths on the web is the internet is the US government design the internet to survive a nuclear attack. The truth is the ARPANET (for runner of the internet) was designed to survive network losses, but the reason was that the switching nodes and network links were not very reliable, even without nuclear attacks.

Pirate Bay vs. IFPI

The Pirate Bay, the world's largest Bit Torrent tracker, has lost a legal battle in Denmark, that could cause a ripple effect and drastically change the fate and happiness of hackers worldwide. Since the establishment of the Pirate Bay, it has been inevitable that a legality issue would surface. Many international organization have tried and failed to shutdown The Pirate Bay, in it's native Sweden. They have tried to fine them, block ISP's from accessing them and confiscating their servers. All these attempts have been defeated due to the fact that under Danish law, the Pirate Bay is a legal site and has done nothing wrong, in that it hosts no illicit content or material. The Pirate Bay has also made preparations so that even if the Danish government were to close down their serve, they would have back ups through out the world. The International Federation of the Phonographic Industry (IFPI) won it's lawsuit last week against Danish Internet service provider (ISP), Tele2. The Danish court has ordered Tele2 to block access to the site because it is used as a means to traffic copyrighted materials between users . It seems the ban is having the opposite affect that the IFPI had hoped for. The Pirate Bay is now getting record traffic from users in Denmark and has found ways of help Tele2 users to get around the ban.

The Pirate Bay started in Sweden as a way for users to find music, movies and other content using the Bit Torrent protocol. Bit Torrent is a way of distributing large amounts of data without the original distributor incurring the entire costs of hardware or bandwidth resources. When data is distributed each user supplies pieces of the data to newer users, reducing the burden on any given person. To share a file users first create a torrent file. This small file contains metadata which holds information about the files that are shared and about the tracker, the computer that coordinates the file distribution. Users who want to download these files get a torrent file for it, and connect to the specified tracker, which tells them which other users have the pieces of the file to download.

The interesting part of the law suit is that the Pirate Bay hosts no pirated content. It only hosts the torrent files needed to download the content. Also the Danish court singled out Tele2, making it the only ISP in the country blocking the site, while other ISPs were allowed to continue serving up Pirate Bay. This move signals a dangerous shift in the law, as ISPs could also be forced to censor sites that are providing to host illegal content. In oppressive countries the government is the one that decides what information the people can get and what should be censored. In this case IFPI, a private organization is deciding what content people should have access to.