Netizens-Digest Wednesday, April 2 2003 Volume 01 : Number 451 Netizens Association Discussion List Digest In this issue: Re: [netz] Can this be netizenship? Re: [netz] Can this be netizenship? Re: [netz] Can this be netizenship? Re: [netz] DMCA and Mini-DMCAs Re: [netz] DMCA and Mini-DMCAs Re: [netz] DMCA and Mini-DMCAs Re: Fwd: [netz] Many voices online and off Re: Fwd: [netz] Many voices online and off ---------------------------------------------------------------------- Date: Tue, 01 Apr 2003 16:33:34 -0500 From: "Howard C. Berkowitz" Subject: Re: [netz] Can this be netizenship? At 2:39 PM -0500 4/1/03, lindeman@bard.edu wrote: >Howard, > >> If the threat of hacktivism I quote below materializes, and I >> consider it credible because there have been similar attacks from the >> same country, is this activity "protected speech" within the context >> of Netizenship? Is it equivalent to a march that shuts down access, >> which may or may not be protected speech? > >Well, I don't think that a "march that shuts down access" would be protected >speech unless it's conducted in compliance with a permit. Its defenders might >call it nonviolent direct action, but I doubt they'd even claim that it is >protected speech. I may be being cynical, but I've heard that claim, but not based on established law but on revolutionary theory. One exposition of that theory says "force" is a justifiable, spontaneous, and popular response to perceived oppression -- while "violence" involves any countermeasures by authority. I first ran across this in the 1960-ish protests at UC Berkeley, where the Free Speech Movement took over the president's house in an act of "force", but bitterly complained that the authorities removed them by "violence." Somehow, that the activists had broken down doors and established barricades wasn't "violent," a distinction that escapes me. >Likewise, hacktivism isn't protected speech. > >> I claim it is not, and, indeed, is interference with the value of the >> net in the political process. If I am correct, at least at the policy >> level, how should Netizens react? > >It might depend on the action. Some time ago, some enterprising activists >hacked the site at www.godhatesfags.com, I believe to redirect to >godlovesgays.com. I don't endorse such attacks, but I can't honestly say that >I could muster any outrage over that one -- given (importantly) that the >original site was restored within a week in all its glory. (Regardless of the >merits, the motives in that instance are different than in the current case.) I'm of that school of thought that thinks the Klan should be able to march, peacefully...and draw a large crowd of people to ridicule them. My favorite criticism of a Klansman is someone who can be convinced to buy a $20 bedsheet for $100, the price difference being that someone cut arm and neck holes and made it "robes". In this case, I would act as strenuously against those activists as the Chinese. > >Is it possible to imagine a scenario in which a self-defined Netizen with >decent values might defend a DDOS attack? I suppose so. But I can't think of >a rationale plausible to _me_. As a matter of policy, methinks Netizens could >agree on cooperating to prevent these attacks (yes, including the site hack). Some hacktivists have proposed a philosophically interesting variant on highly distributed denial of service. I still think it's unconscionable interference with information flow, but it does have some level of ethics. "Classic" distributed denial of service exploits can be done by one person. That cracker breaks into a large number of machines and inserts attack "zombie" software, which does not start generating traffic until a command is received. When that comand execute, traffic flows from all machines, the owners of which are unaware of their role in the exploit. An alternative proposed is to coordinate the conscious cooperation of many individuals, so that each machine launches an individual, legal query, but the coordination is such that it overloads the target. The overload, under this principle, would not happen unless there were a large number of people with similar objections. I have as much problem with this sort of activism, as long as the attempt is to disrupt rather than debate. ------------------------------ Date: Tue, 01 Apr 2003 16:51:03 -0500 From: "Howard C. Berkowitz" Subject: Re: [netz] Can this be netizenship? At 4:06 PM -0500 4/1/03, Luis De Quesada wrote: >Hello Howard: I think in this case, if there are no means available,to prevent >such an attack by "hacktivists", like adequate anti-virus software Antivirus software and the like may very well protect the individual web host. Unfortunately, many denial of service attacks have additional consequences to innocent bystanders. I'll be setting up some websites soon for an assortment of purposes, from professional to social to even collaborating with my ex-wife on creating a campground for people with disabilities. As a networking professional, I have no intention of implementing these on individual computers at home. For an assortment of reasons including backup, economy of scale, administrative cost, and availability of high bandwidth, I will use a commercial web hosting service for the actual domains and servers. Let's examine a typical hosting service, with some hypothetical numbers. With recent improvements in the Hypertext Transfer Protocol (HTTP, the underlying Web application protocol), there is no longer a need to tie a web server to an individual IP address, or have only one IP address per machine. Believe me, these are good improvements for the general health of the Internet. So, a hosting company might host 1000 domains/websites. Those domains, however, would run on a much smaller number of computers --- assume 100, which is high -- depending on the workload associated with each website. The data center where those hosts reside, in turn, would have a small number of very high speed lines connecting it to the Internet -- probably well under ten. A determined denial of service attack against one website, therefore, can overload the computer on which it resides, bringing down 99 completely unrelated websites as a consequence. This sort of attack would involve a high rate of queries to the specific URL. Alternatively, a different attack might just attack the computer with the IP address associated with the website, even though that address represents many websites, Attacks of this sort, such as SYN flooding and Ping of Death affect everything on that machine. Some types of attacks (e.g., smurf, fraggle) are directed technically at consuming bandwidth on the communication lines rather than attacking a specific host or website. To hit the one website in question, they may bring down all 1000 at the hosting center. >and as you very >well say that their government may even encourage these attacks and >to go a step >further, perhaps even secretly sponsor them, I think the only >recourse netizens >have is to condemn through communications such an attack. I once attended a military electronics warfare symposium, just after the Yom Kippur war. An Israeli general was asked how they defeated various Soviet radars, with the questioner assuming that the answer would be what is called a "soft kill" mechanism involving electronic jamming or deception. The general, however, observed that a 500-kilogram bomb on the antenna -- a hard kill -- was the most reliable method. Hard kill on an electronic mechanism at an unknown location, or that uses unwitting proxies as the actual attackers, isn't very practical. We already have problems of Internet governance with the relatively simple name management issues with which ICANN and other organizations flounder. I don't have a simple technical solution here, especially to the sorts of attacks that disable intermediate shared resources before ever hitting the actual target. Lots of research is ongoing, and there are some technical strategies. But one of the keys is that the destructive cracker relies on anonymity to avoid countermeasures. At the same time, very legitimate political communications needs privacy to avoid oppressive reactions. It's a very very complex situation--at least we can start discussing it. ------------------------------ Date: Tue, 1 Apr 2003 17:12:47 -0500 (EST) From: lindeman@bard.edu Subject: Re: [netz] Can this be netizenship? Howard, > > [ML] Well, I don't think that a "march that shuts down access" would be > protected > >speech unless it's conducted in compliance with a permit. Its defenders > might > >call it nonviolent direct action, but I doubt they'd even claim that it is > >protected speech. > > I may be being cynical, but I've heard that claim, but not based on > established law but on revolutionary theory. One exposition of that > theory says "force" is a justifiable, spontaneous, and popular > response to perceived oppression -- while "violence" involves any > countermeasures by authority. I think it's correct, and in no way cynical, that claims about "nonviolent direct action" don't seek justification in established law. I'm sure it's also correct that some distinctions between "force" and "violence" are self- serving. Many folks understand "violence" to mean harm to people -- which means that property damage can be violent, but typically only indirectly. [Obviously, if someone blows up a building with people inside, it is at best a quibble whether the violence is direct; that's not the sort of scenario I have in mind.] Even if we concede that an act can plausibly be defined as "nonviolent," that obviously doesn't settle whether it is justifiable. > I first ran across this in the 1960-ish > protests at UC Berkeley, where the Free Speech Movement took over the > president's house in an act of "force", but bitterly complained that > the authorities removed them by "violence." Somehow, that the > activists had broken down doors and established barricades wasn't > "violent," a distinction that escapes me. Well, if the authorities used gratuitous physical force, the distinction could be justified -- whether or not you sympathized with the protestors in consequence. A further distinction: activists in the Gandhian tradition typically would try to treat the authorities with respect (a more stringent interpretation of nonviolence); others, perhaps not. Apparently a Bard student was recently arrested, and roughed up a bit, after yelling an obscenity at a police officer. I think they're both wrong. In other cases, I'm more sympathetic to one side or the other. But these nuances probably don't have much to do with the main thread. > I'm of that school of thought that thinks the Klan should be able to > march, peacefully...and draw a large crowd of people to ridicule > them. My favorite criticism of a Klansman is someone who can be > convinced to buy a $20 bedsheet for $100, the price difference being > that someone cut arm and neck holes and made it "robes". > > In this case, I would act as strenuously against those activists as > the Chinese. It's actually possible that I agree with you; I don't know whether the hackers had to be coerced to let go of the site. Assuming not, the mitigating circumstance is that they didn't actually prevent the other side from speaking and being heard. It's a safe bet that both sites saw higher traffic afterwards. Again, this doesn't mean that I support the action, just that I see it as a less dire violation of Netizen norms than some others. That's a matter of abstract judgment; as to action, I have no obvious means of acting strenuously against any of these folks. > Some hacktivists have proposed a philosophically interesting variant > on highly distributed denial of service. I still think it's > unconscionable interference with information flow, but it does have > some level of ethics.[...] > > An alternative proposed is to coordinate the conscious cooperation of > many individuals, so that each machine launches an individual, legal > query, but the coordination is such that it overloads the target. > The overload, under this principle, would not happen unless there > were a large number of people with similar objections. > > I have as much problem with this sort of activism, as long as the > attempt is to disrupt rather than debate. That's an interesting scenario, and like you, I don't really find it any more defensible -- although I grasp why some people might. Mark Lindeman ------------------------------ Date: Tue, 1 Apr 2003 12:58:18 +0200 From: Dan Duris Subject: Re: [netz] DMCA and Mini-DMCAs HCB> concerned on restrictions that would prevent me, as a legal HCB> purchaser, from: HCB> -- copying software onto a larger/faster disk drive that is practical HCB> to administer, rather than needing a DVD drive for each product, HCB> -- permitting me to make fair-use backup copies so I can continue operating HCB> if the purchased disk fails. There are always some good hackers who'll find out solution. And from what I know they already did. So, just forget about one-zone DVD players, there are many different open ones on the market, just browse through E-bay auctions to see DVD players that doesn't have one-zone limitation. The same trick works for computer DVD-ROMs or you can always try to look for patch or hack (warez soft to break one-zone limit). Try: http://astalavista.box.sk or some other security-oriented search engine dan - -------------------------- email: dusoft@staznosti.sk ICQ: 17932727 *- "ye shall not rob from the house i have built" thief1 -* ------------------------------ Date: Wed, 2 Apr 2003 12:26:20 +0300 (EET DST) From: tnu@chania.di.uoa.gr Subject: Re: [netz] DMCA and Mini-DMCAs Date: 01.04.03 Sender: Dan Duris Time: 12:58 > HCB> concerned on restrictions that would prevent me, as a legal > HCB> purchaser, from: > HCB> -- copying software onto a larger/faster disk drive that is practical > HCB> to administer, rather than needing a DVD drive for each product, > HCB> -- permitting me to make fair-use backup copies so I can continue operating > HCB> if the purchased disk fails. > > There are always some good hackers who'll find out solution. Sure. But the question is *why* somebody should be taken as "criminal" for doing some innocent thing like listening to a non-pirated Audio CD or keeping a backup of a non-pirated DVD movie. Regards, tnu@chania.di.uoa.gr ------------------------------ Date: Wed, 2 Apr 2003 12:26:20 +0300 (EET DST) From: tnu@chania.di.uoa.gr Subject: Re: [netz] DMCA and Mini-DMCAs Date: 01.04.03 Sender: Dan Duris Time: 12:58 > HCB> concerned on restrictions that would prevent me, as a legal > HCB> purchaser, from: > HCB> -- copying software onto a larger/faster disk drive that is practical > HCB> to administer, rather than needing a DVD drive for each product, > HCB> -- permitting me to make fair-use backup copies so I can continue operating > HCB> if the purchased disk fails. > > There are always some good hackers who'll find out solution. Sure. But the question is *why* somebody should be taken as "criminal" for doing some innocent thing like listening to a non-pirated Audio CD or keeping a backup of a non-pirated DVD movie. Regards, tnu@chania.di.uoa.gr ------------------------------ Date: Wed, 2 Apr 2003 10:45:03 -0500 (EST) From: Ronda Hauben Subject: Re: Fwd: [netz] Many voices online and off Sorry not to have gotten to answer Larry earlier. His post was about whether we have any power to influence government. This war shows how hard it is to have such power for the common folk in the UN and around the world. The trouble about how to have such power is a matter of concern for many years for many people. Can the Internet make a difference and if so how? That is a critical question of our times. The fact that the attack against Iraq has occurred with the US President saying that he doesn't see how "focus groups" can affect policy is a stark reminder that the "consent of the governed" in the US is called "focus groups" and that they shouldn't influence policy. This problem, the problem of how to affect political decisions - -- how the people can be heard -- and how the people can speak with each other is critical now and in the future. Ronda ------------------------------ Date: Wed, 02 Apr 2003 11:19:59 -0500 From: "Howard C. Berkowitz" Subject: Re: Fwd: [netz] Many voices online and off Ronda wrote, >Sorry not to have gotten to answer Larry earlier. > >His post was about whether we have any power to influence government. > >This war shows how hard it is to have such power for the common folk >in the UN and around the world. > >The trouble about how to have such power is a matter of concern >for many years for many people. Exactly what do you mean by power? I'm being completely sincere as not following whether you are describing veto power on actions already taken, influencing the process of policy formation (and accepting, although continuing to comment, that the elected policy formers may make a decision that doesn't agree with yours), or influencing the election of representatives? All or some of the above? The veto/protest part is the only one that comes through. Do you expect the common folk to present specific, implementable proposals, perhaps through ad hoc coalitions including the appropriate specialists, or are the common folk limited to "I'm fed up and I won't take this any more?" I have to admit that too much emphasis on "power" makes discussions come across as...well...radical, from either end of the spectrum. Consider phrasing things in terms of social contracts, potential evolution of the classic social contracts and constitutional principles, and then how the Internet might help realize desirable social contracts. Think Jean-Jacques Rousseau as the baseline, not Franz Fanon -- if the view of a non-radicalized technical person counts. You like to go back to Licklider as the fount of Internet knowledge -- if that's relevant, than why not consider Bentham, Hobbes, Jefferson, etc.? Even Hegel, Nietzsche, Marx (Karl, not Groucho) are more internally consistent, if mind-numbingly boring, than some of the radical theorists whose words I hear echoing. > >Can the Internet make a difference and if so how? > >That is a critical question of our times. > >The fact that the attack against Iraq Ronda, again -- this is not the only issue facing Netizens. I honestly believe you would get more reasoned discussion if you used a less immediate and heated focal point -- the tendency is for the discussion of such things to deal with policies regarding the issue itself rather than the broader process. For that reason, I have carefully refrained from bringing up my views pro or con Iraq and general Mideast/Central Asian policy -- but I will say they are much less binary than pro- or anti-. When I've talked about Internet-enabled "open intelligence," I have only referred to Iraq in very focused examples, such as how to correlate news photos with maps. I am having a more detailed discussion of developing independent intelligence analysis capability on several newsgroups, which contain other experts on the relevant methodologies. >has occurred with the US >President saying that he doesn't see how "focus groups" can >affect policy is a stark reminder that the "consent of the governed" >in the US is called "focus groups" and that they shouldn't influence >policy. I'm really not clear what you are saying in the above reference. Between elections, are not focus groups one reasonable means -- not to say the only one -- of obtaining in-depth opinions? Somehow, I am hearing a message that other means of eliciting information, including polling, focus groups, other types of survey research, organized distributed lobbying, etc., are all somehow inferior to what I'll loosely call "protest"/ > >This problem, the problem of how to affect political decisions >-- how the people can be heard -- and how the people can speak >with each other is critical now and in the future. > >Ronda ------------------------------ End of Netizens-Digest V1 #451 ******************************