At the suggestion of users we have cleaned up the domain list on the side of the Project DoD homepage.  Every ten minutes we will check our internal domain list and verify that the domains on the list are active in DNS, reside on our server, and are serving something other than the default index list.  So, if your domain has been removed from the list please make sure your domain is still active with a registrar, the domain points to our servers in DNS (foo.com -> www.dod.net), and you’ve uploaded some form of content other than using the default index.  Once you meet all the requirements your domain should be on the list within 10 minutes.

The list went from 156 domains to 100 domains as a result of this cleaning.  Please let us know if you find any problems.

This is video footage of the Tsunami created by the Chile earthquake last week.  A good fiend of mine, Damon Houk captured this footage outside his home in Hawaii.  You can view his upload here.

Imagine living in a world where the critics of a medical practice are silenced when speaking out about its scientific merit and potential risks. As it turns out, there is no need to imagine this world, because you’re living in it. The scientific process is what gives western medicine the ability to progress, adapt, and improve. This process, and indeed the entire marketplace of ideas, requires that all parties involved have equal access to entering a debate about the facts. Project DoD has been hosting refugees from the corporate hosting world for quite some time, and over the past 12 years one technique to disturb this balance reigns supreme.

Misrepresenting infringing work using DMCA 512 takedown provisions — that favor rapidity over accuracy — has become the most powerful tool an abuser can use to censor content on the web.  DMCA related censorship is a condition of hosting in the US these days, a fact that the international community should consider before adopting the Anti-Counterfeiting Trade Agreement (ACTA).  This post is a cautionary tale about the state of free speech on the Internet, the failures of provision 512 of the DMCA, and the risks to the entire Internet community if the ACTA takes hold.  We hope to demonstrate through example the burden placed on ISPs to comply with the takedown provisions of the DMCA and their disastrous consequences on free speech, and in this particular case, the scientific process and public safety.

The Problem Quick and Simple

A little over a year ago Project DoD, one of its users, and one of its upstream providers started receiving DMCA takedown notices from a group of individuals bent on silencing Advocates for Children in Therapy, an organization trying to stop the practice of attachment therapy. As it turned out, ACT had allegedly been chased around the Internet by Ronald S. Federici et al. based on a claim that ACT was violating his copyright and the copyright of his colleagues. ACT was bounced from both small and major hosting shops because of these DMCA 512 infringement notifications, and the organization was never once given the option to file a counter notice.

Other ISPs decisions to kick ACT presumably stem from the fact that the DMCA seeks to tie the ISP’s liability to the content upon notification of infringement. That is, a takedown notification is not simply a cease and desist against the user, but an implicit threat on behalf of the notifier that the ISP may be sued for its user’s content.  If a user files a counter notice, the ISP must continue to keep the content down for about 10 days, but may suffer further liability on behalf of its user if the content is not restored within 15 days. If the ISP jumps through all these hoops they may still suffer baseless threats from either party. Remember, there is no judicial oversight of this entire process. In order for either party to have their day in court, the DMCA has forced the ISP into the position of arbitrating this legal dance, which is at best time-consuming, and at worst a total blunder that leaves the ISP liable for damages to one party or both.  We’ve posted about this problem and its implications on free speech before, and that says nothing compared to what one might find on sites like the EFF, chilling effects, or simply by following #DMCA or #ACTA on Twitter.

As if to add insult to injury, the tool to prevent abuse by either party is provision 512(f), which allows the ISP to collect damages and attorney fees if either the notice or counter notice was misrepresented. This provision amounts to more lawyers, more time, more money, and as we’re finding out it’s often a huge battle simply to choose jurisdiction (which is likely to be a nightmare with the ACTA).  So as not to wave our hands at the magnitude of this problem in the abstract, we will share our specific experiences in more detail.

The Details

The violation in question was a page with a list of properly cited quotes, that were/are quite clearly fair-use. What’s more, our friends at the EFF, with their work on Lenz vs. Universal, had recently gotten a judge to state that fair use must be considered before takedown notices are sent. These findings go a long way to giving provision 512(f) teeth for any ISP willing to stand up against abusive takedown notices, but do not guarantee that an ISP is willing to go through the process of defending its users.  In fact, the deck is stacked so far against the ISP and its users that there have only been a handful of 512(f) claims filed in the last 10 years despite rampant abuse.

Project DoD’s involvement with this case started when Ronald S. Federici sent an incomplete takedown notice for a list of properly cited quotes. We honored the initial takedown notice, but realized it was incomplete when ACT expressed their intention to file a counter notice.  We apologized to all parties and requested clarification on the elements of notification from Federici, while restoring ACT’s content.  We now strongly suggest that all ISPs possess a full understanding of what elements of notification are required by a takedown notice, and request clarification for incomplete notices.  While Federici insisted that we shut down their entire website, the elements of notification define the exact content that is claimed to be infringing.  What’s more it provides key conditions that may be contested by either the user or the ISP in a counter notice or 512(f) claim.

At this point Mr. Federici put together the proper elements of notification, which we forwarded on to ACT.   The content was removed from advocatesforchildrenintherapy.org, and ACT filed a counter notice maintaining that their use of the content was fair.  In order for Project DoD to comply with the safe-harbor conditions of the DMCA we were then statutorily required to keep the content down for 10 days.  This, in our opinion, is one of the worse possible requirements of the DMCA.  Without any judicial oversight someone can send a takedown notice to an ISP, and in order for the ISP to not be liable — even if the user contests the notification — they must keep the content down for 10 days.  In the computer security world we call this a Denial of Service (DoS) attack.

After DoSing ACT’s content for 10 days, Project DoD started to receive takedown notices from other people listed on ACT’s site that followed the same template as the Federici notices.  It appeared clear to us that there was collusion behind the scenes, and all said and done we received six other takedown notices from individuals listed on the childrenintherapy.org homepage.  Like the Federici takedown notice we requested clarification on the elements of notification where necessary, and took ACT’s content down for each 512 notice received.  For a full month there was some part of the ACT site that had the words “redacted” written all over it because of this abuse.

While the content was down, Project DoD and its upstream provider, Silicon Valley Web Host, received harassing communications threatening further legal action if the content was restored as required by the statute.  The process of dealing with every complaint was time consuming to say the least, and these individuals were sending additional complaints via email on a daily basis that we needed to forward to our counsel for review.  What’s more they severely strained our relationship with our upstream provider, and nearly had every site we host go dark as a result.

We cannot demonstrate with more clarity what it means to be a member of a hosting collective that puts its mission and members above profit.  In the end we survived the assault and moved on to pursue technological solutions that would help prevent attacks on free speech in the future.  Unfortunately, about six months later we received another takedown notice from Federici for the same exact content, but this time the communication came through his attorney.

Again both Project DoD and our upstream provider were assaulted, and again the content was exactly the same, save the consolidation of the domain name, from advocatesforchildrenintherapy.org to childrenintherapy.org.  ACT, controls both domains, but they had put in a redirect for the advocates domain to the shorter childrenintherapy domain.

Enough was enough!  Project DoD’s members consulted with the EFF to discussed what options we had at our disposal, and the conclusion was obvious: provision 512(f).  The EFF backed our upstream provider, while Project DoD’s attorneys Tiffany Rad and Craig Dorais found two litigating attorneys, Robert Mittel and Rufus Brown, to assist with the case.

From this point forward the matter is public record, but I have uploaded the arguments for peer review and comment under the “Court Documents” section of this post.  As anyone can see by the title of this article, our case was dismissed in Maine based on Maine’s lack of personal jurisdiction over Mr. Federici.  As somewhat of a surprise to us, Eric Goldman, Associate Professor at Santa Clara University School of Law and Director of the High Tech Law Institute posted this analysis of our case.

While our case is by no means over, we believe it’s instructive for those dealing with provision 512 abuse in the US, and a severe warning to the international community about the looming threat of the ACTA.

Conclusions

I’m feeding a wood fire stove on a small island off the coast of Maine, there is snow on the ground and it’s about an hour before midnight on New Years Eve.  Tomorrow ushers in the 10th year anniversary of the DMCA, which proponents of free speech are still fighting passionately to correct.  I have passed up a night of celebration to write this post.  Disturbingly, if the injustice of the DMCA goes on unnoticed, the international community now faces the looming threat of the ACTA.

I’m sure that, like us, you’re wondering how it is that a handful of large media corporations have the power to control the laws that dictate your right to free speech, and your access to information.  All we can say is take heart.  You’re not alone in this battle.  Spread the word about the DMCA, the ACTA, and their potential abuses.  Talk about this new era of censorship, about the dangers of silencing free speech, about the dangers of silencing debate over science and medicine, and about the danger to our liberty when the rich and powerful design laws where the effectiveness of the gag they hold in one hand is only surpassed by the blindfold they wield in the other.  Fight to be in control of your own speech, insist that you be in control of your actions, and that you are the one accountable for those actions.  Fight against a law that forces internet service providers, primarily concerned with profit, to share liability for your content.  If the last decade has taught us anything, it’s that this state of affairs fails to serve the interest of the ISP, the user, or free speech.

I’m reminded of the 1960’s Free Speech Movement in Berkeley, and the words of Mario Savio:

There comes a time when the operation of the machine becomes so odious, makes you so sick at heart, that you can’t take part, you can’t even passively take part, and you’ve got to put your bodies upon the gears and upon the wheels, upon all the apparatus, and you’ve got to make it stop. And you’ve got to indicate to the people who run it, the people who own it, that unless you’re free, the machine will be prevented from working at all.

Fight censorship, fight silence, and don’t give in!

Happy New Year from Project Defense of Dissent

Further Reading

In previous posts we have talked about DMCA Abuse and the Changing Service Landscape, while the EFF has also discussed the problem in their No Downtime for Free Speech Campaign article.  If you have a related article please feel free to post it in the comments.

Help Project DoD

Project DoD is a 501(c)(3) charitable nonprofit and your donations are tax deductible in the United States.  If you can, please make a donation to Project DoD today.  If you’re interested in assisting us to build a more censorship resistant global infrastructure, you can spark up a conversation on irc.dod.net in #dod.  We may be available to answer questions for members of the press, or to speak on this topic.  Please call if you have questions or would like us to speak: 207-450-2332.

Court Documents

Complaint as filed Part 1

Memorandum in Support of Motion to Dismiss

Motion to Dismiss

Plaintiff’s Opposition Memo

Recommneded Decision

Looks like our DEFCON 17 talk on “Enhancing the World of Warcraft API” was posted.  If you want to watch it again, or for the fist time you can see it on the DEFCON 17 archive page!  Note that the video is not streamed, which means you must wait to download the entire thing.  Also listed on the DEFCON site are the slides and audio files for the talk.

Again, we have walked away from this project.  But if you would like to learn more about how our code works, or simply download the latest version that the community is working on you can go to the BTP page.  You can also read about our talk in the MIT Technology Review, and read about the official Blizzard’s response.  Unfortunately, it was not what we had hoped for, but was more in-line with what we expected.

If any of you were thinking of buying one of these Apple Time Capsules: don’t! They are way underpowered, and while I can’t tell you if this is an I/O or CPU problem, I can tell you about the design failures I’ve found.

First off, any time a user starts a backup the latency over the wireless network goes up to anywhere between one and ten seconds, and this is not because of the traffic created over the wireless network.  That is, if on plugs directly into the time capsule over ethernet, it still chokes out the device.  Large transfers over the network don’t slow the wireless network down, but if Time Machine starts to write to the disk, in fact if any process starts to write to the disk, the network collapses. You can still browse web pages, and you can still download, but if you expect to do anything that requires interactive access: forget it. This means that any remote SSH sessions, interactive chats, or online games are almost unusable.

To reproduce this you are likely going to have trouble testing it out of the box, which is why I assume this passed Apple’s testers without notice. In short, you need to have been using the time capsule for a month or so, which should be enough time to build up a fairly large sparesebundle. My assumption is that the time it takes to work with this large sparsebundle, reading all the band files, destroys either the I/O or the CPU of the device. If you already have a large image to back up, and you do it once, the next time you do a backup you should be able to reproduce this.

What’s more, I’ve been backing up my Macbook Pro on the Time Capsule and about a month ago all of my backups started to fail. Now I’m a busy person, and having my backups fail was not high on my list of things to fix. In fact, I dropped about $500.00 US on this thing so that I wouldn’t have to worry about my backups. After being unable to use the backup for a month and finding no other solution online, I decided I had no other option than to remove the sparsebundle file and start my backup over. So I opened finder and tried to delete the sparsebundle, but after a few hours the delete failed.

Now I believe the steps above would have exhausted almost all options for a normal user, but I had a few more tricks up my sleeve. Using Terminal I wandered onto my Time Capsule and found out that the sparsebundle files are a lot like MAC applications in that they are a directory structure with a bunch of meta information and data inside. Each band file that made up the sparsebundle was about eight megabytes in size, which — for large volumes — is far too small a chunk size. As a result, over a few short months, time machine had made enough small files to hit the maximum file limit of 65,535, which is why I was unable to delete the backup image from finder.

… some time passes …

I was planning on telling people how to fix this band size problem by resizing the band files, but a few days ago my time capsule’s power supply died. As a result, I no longer care about this post. So, In summary, don’t try to fix the band size problem since the time capsule will just fail; backing up over ethernet may reduce the time it takes to backup, but during that time you will experience unbelievable lag; and if you have one of these things get ready to register it at http://www.timecapsuledead.org/.  If you do not have one of these things, then congratulations you’ve saved $500.00.

Cheers

That’s right, Project DoD Inc. has achieved its financial goals for 2009.  We would like to thank everyone who generously donated, even in this tough economy.  Rest assured that your donations are being put to good use.   Not only have we completed our 12th year of service to the community, but we may have enough money to look at a cluster of modest servers to start building a more stable and censorship resistant infrastructure.

These last few years the Internet community has seen a marked increase in DMCA abuse.  As a result dod.net has seen a similar increase in refugees from the corporate hosting world.  We are standing up for people’s right to free speech, and speaking out against the DMCA and the new International ACTA, being drafted behind closed doors.  In addition to providing a new home for victims of fraudulent DMCA takedown notices, we are also standing up for our users in court.  We will release more information on our DMCA court case as we can.

Again, a big thank you to everyone involved with Project DoD.  Let’s make 2010 our best year yet.  Oh, and remember, “talk hard!”

We just updated the dod.net wildcard certs for  subdomains (e.g. foobar.dod.net), IRC, account manager, and the rest of our web content.  It costs us $600.00 a year, so please enjoy your collective SSL.

This post is directed at my friends/co-workers/acquaintances who are interested in checking out the talks at DEFCON 17 this year.  I just got the DVD-ROM set, which consists of a bunch of Quicktime media files for each of the talks this year.  It was a very good year for computer security, and those of you I see from day-to-day should feel free to borrow any of the disks you’re interested in.  I’ve posted a session listing of the contents for those of you that are interested.  You can find out more information on the contents of each talk on the DEFCON 17 speaker page.

It’s getting bad out there.  Over the last year many of Project DoD’s new users have been refugees from hosting providers that caved to DMCA takedown notices.  These people are not given the chance to respond with a counter notice — a provision of the DMCA that let’s one challenge the claim — and with increasing regularity they are not even being shown the original notice.  From mom-and-pop hosts to the Goliath hosting shops something has changed.  We’ve personally seen Network Solutions, BlueHost, and WordPress kick users without letting them even read the claims of their accuser.  It seems the almighty Terms of Service clause that allows “us to kick anyone for any reason at any time” reigns supreme.  But don’t disparage just the big guys, we’ve seen the same sort of reaction from mom-and-pop shops as well.

So why the shift in attitudes amongst these providers?  We have an old theory dusted off and shined up for the twenty-first century (sensory): when profit is a consideration above human rights, society suffers a dehumanizing loss of liberties.  Remember, governments may recognize the right to free speech as fundamental, but corporations have neither made that concession, nor suffer legal bindings to uphold it.  But why does the DMCA put profit above human rights?

The DMCA puts liability for user content directly on the shoulders of hosting providers, regardless of whether or not that content is infringing.  In order to be safe from this liability, hosting providers must take the appropriate steps to remove said content when notified of its existence.  Since there is no judicial oversight of the original claim, and it would be an enormous burden to put that determination on the service provider, this statutory requirement of the DMCA is easily abused.  But wait, someone thought of this when they crafted the DMCA right?  Can’t the user file a counter notice?

Correct, someone did put their twentieth century thinking cap on to create provisions to help prevent this abuse.  The user that controls the content can fight the claim if they file a counter notice (again with no judicial oversight).  This counter notice subjects the service provider to further liability by requiring that the provider put the content back up within fifteen days of the original takedown date to further maintain their safe-harbor.  What’s more — and this is the part that is very twentieth century — the DMCA requires the content stay down for at least ten days.  Presumably, this provision is in the DMCA to allow the plaintiff — if we can even call them that yet — time to get a court order to keep the content down.  In the twenty-first century where these simple complaints can be shotgunned at providers with alarming speed and no judicial oversight, this provision amounts to the best denial of service attack an abuser can mount against another Internet user’s website.

Add some increased liability, mix in a whole lot of extra work for the service provider, a dash of the DMCA, and society has lost that precious freedom of speech.  There is plenty of finger pointing to go around, and if this sounds like we’re trumping up the charges to be sensationalist, or get you to switch to a not-for-profit provider, consider this: in the time it took me to write this article another user has come to us because their host WordPress took down their site for unknown ToS violations.  The site is http://childtorture.wordpress.com/, and they were not told what specific ToS provision they violated.  All that was said was:

On Sat, Aug 22, 2009 at 4:33 AM, [Someone at WordPress wrote]:
Hi,
Your blog is as close as it gets to being permanently suspended.

If I am standing up for your rights to say what you wish within the law than I expect you to listen to what I request and then do it. It’s only fair.
Free speech is one thing but breaking our rules is entirely different.

Please remove from the entire blog ANY use of the words ‘attachment therapist’ against ANY person.
There are no exceptions to this.
Please do this today.

And if it is requested to change any part of the blog please do so. You have no idea of the continual complaints that are coming in and I expect you to help me to keep your blog going.

If you have a problem with this please arrange to move your blog elsewhere.

For the unfortunate users that were unable to read this post before the end of the day Sat, Aug 22, 2009 and click the link: the site was taken down before this user had a chance to comply.  For the record, we’ve been around longer than most hosting providers on the Internet (1998) and aside from compliance with court orders and the DMCA, service providers have no liability that would require them to make such a demand.  So where do we go from here?

Enough is enough!  Unofficially, DoD’s Hosing Project took up hosting the Internet’s rejects years ago.  Today we would like to officially say: refugees welcome! Our organization is well positioned to draw a line in the sand, and we will no longer suffer abuses of the DMCA that compromise fundamental human rights.  If you believe in what we do then please support us.  We are actively approaching the problem from both a legal and technical direction, and we need your help.  Please check back soon for developments, but until then: “talk hard!”

That’s right, version 3.2.01.01 of the BTP code is now posted on the BTP download page.  The code is also now up on Launchpad, so create an account, branch, and start making contributions.

Two problems with the previous version of the code were: helpers following eachother, and helpers following AFK honor farmers.  This latest version of the code chooses to follow people that do better on the damage meters in battlegrounds, thus making it more likely that two helpers will not follow eachother or AFK players.  For an added bit of fun — and to tip our hat to Blizzard for all their hard work — we also made the helpers mark players as AFK if their damage or healing does not move for 5 minutes.  Yes, we love the irony, and we also thought this would help reduce the AFK farming problem in battlegrounds.

There may still be some bugs in the code because we no longer have accounts to test on, and this last version of the code was given a much shorter test run than normal for release.  As most of you know, we are now walking away from the project: so if you find bugs, join launchpad and report them (or branch and fix them).  Also, we’re looking for someone to take over merging changes into trunk.  If you’re interested join IRC chat and let us know.

Thank you everyone, and enjoy!