Thread: Kindle user says Amazon remotely wiped her whole library [UPDATED: see first post]
View Single Post
Old 11-17-2012, 12:05 PM   #374
Hellmark
Wizard
Hellmark ought to be getting tired of karma fortunes by now.Hellmark ought to be getting tired of karma fortunes by now.Hellmark ought to be getting tired of karma fortunes by now.Hellmark ought to be getting tired of karma fortunes by now.Hellmark ought to be getting tired of karma fortunes by now.Hellmark ought to be getting tired of karma fortunes by now.Hellmark ought to be getting tired of karma fortunes by now.Hellmark ought to be getting tired of karma fortunes by now.Hellmark ought to be getting tired of karma fortunes by now.Hellmark ought to be getting tired of karma fortunes by now.Hellmark ought to be getting tired of karma fortunes by now.
 
Hellmark's Avatar
 
Posts: 2,549
Karma: 3799999
Join Date: Jun 2009
Location: O'Fallon, Missouri, USA
Device: Nokia N800, PRS-505, Nook STR Glowlight, Kindle 3
Quote:
Originally Posted by BoldlyDubious View Post
Hi Hellmark. Welcome on board.
The points you make are reasonable, but have already been addressed in the preceding posts or are (the way I see things) non-issues. I'll try to explain... after all this thread is clearly on the tl;dr side! :-)
Welcome? I'm not exactly new to the forums, or even to this thread.

It isn't exactly a non-issue if it opens you to potentially millions of dollars in fines, and fees for copyright offenses. And in legal situations, it is holes like these that get exploited, or get the law ultimately thrown out.

Quote:
Originally Posted by BoldlyDubious View Post
About the "they copied the contents of my pendrive" scenario: this is the non-issue.
In my proposal, you get freedom in exchange for responsibility. Freedom to own your files and do whatever you want with them, in exchange for the responsibility of being careful about who gets them. So if you don't trust the people around you (other students, coworkers, ...) you should simply not leave your media files around, or encrypt/password protect them.
There are still scenarios that even when you take proper steps to safeguard your information, that it can still be lost.

Someone from one of my college classes, split from her boyfriend. He snuck in to her dorm, and copied pictures of her, of a sensitive nature from her computer. He knew here well enough he was able to guess her password, so no hacking or anything. He left, and she was none the wiser, till she found out the files were uploaded to the internet. Now, she knew it who it was that did it, but had no proof of it. In one of your clauses, you stipulate that the person is no longer responsible if they can identify the party that did it and they admit it. Problem is, you have the burden of proof. In this situation if she just makes the claim that he did it, without any proof, all he has to do is deny it, and she's fully on the hook. In the actual case of events, he denied it when asked by authorities. When the cops or school officials weren't around, he joked about it, but that couldn't ever be admitted in court, due to being hearsay, and as in many areas of the US, it could not be recorded without all parties being notified (at which point, he wouldn't freely admit his duplicity). Also this would be another case of where the involved parties were not aware of the files being distributed until after the fact.

Plus the whole admitting to it when questioned about someone's accusation also could get things thrown out on the basis of not being constitutional, as it would only work if someone willingly suspended their 5th amendment right of protection against self incrimination. He wasn't supposed to be in her dorm room, let alone her dorm building (my school has non coed dorms), so just his getting to where the files were was in violation of several rules or regulations, and reason enough to not admit it.

Quote:
Originally Posted by BoldlyDubious View Post
I introduced the "report theft to police" clause to cover the cases when you take all the reasonable precautions, but your files get in the wrong hands all the same. Say, because someone stole a piece of hardware of yours.
If something like that occurs, you usually notice it and can immediately notify the police.
if the "theft" is actually an unauthorized access to your PC, noticing is not so easy. So you can either (i) be very careful about security administration or (ii) avoid risks by keeping your media files password-protected, and possibly not physically on the PC (maybe in some cloud repository). The "digital part" of our lives gains increasing weight, and everyone of us has sensible data (personal or associated to other persons) on her/his PC: so security is an issue even if you don't have any media files, and a solution has to be found.
This also opens up another legal can of worms. You're offloading an immense amount of obligation onto the owner of the files, with very little means of protection, and even you admit that having knowledge of the event can be difficult. You can have very good security, and password protection, and still get your files ganked. It is much easier than you think. Also, how good is good enough? Say if you do take proper steps to ensure that you protected your files, and they get broken anyway. For most of legal law, a good faith argument will stand up, but with how you have things phrased and worded, it would not. Under copyright law as is, the only ones actually getting prosecuted (note, prosecution is not the same as a lawsuit, and goes through completely different courts), are the ones that show a willful action. For instance there are a few forms of password protection that are in widespread usage, but are extremely easy to break. For example, zip files support is built into all modern computer operating systems, but there are issues inherent with the zip encryption system, that means anyone who knows what they're doing can break into a zip file with in seconds. Even with more secure encryption as introduced as part of the NTFS partition system, I have a 120 gigabyte set of rainbow tables that will let me break into your file system within a couple minutes. Hell, and that's if I want to do things nondestructively. I have a program that is only a megabyte, that will let me force a new password of my choosing onto your system, letting me get all the files as if I were you. And this is just what I can do, being amateur who doesn't keep up on all the latest and greatest methods.

Also, your suggestion on using cloud based storage, is laughable, as that is just as vulnerable. Look at how many different online services have been hacked and had their customer's information stolen? I am particular about which companies I deal with out of some security paranoia, and I've still had it happen several times in the last couple years. Also, based on current US case law, if you use cloud storage, you relinquish your rights of ownership to the files when storing them with a third party. Should anything happen to the host, you're screwed. You don't get access to your files, but according to your scheme, you're still obligated as you're the registered original purchaser of the content.

Look at Megaupload. There were millions of users, and when the site was taken down because of some of their users were using it to share copyrighted files, everyone lost everything. There are a few companies suing because they are being denied access to the files they created. Their court cases have no been fairing well, and the government has been continually denying them access. And that isn't even one of the parts of that case that is related to the legally dubious actions of the US government (such as how Megaupload was a non US entity, that complied with DMCA take down requests, but still were taken down by the US, with evidence being illegally taken out of the country that it was originally in by the US government, following illegal surveillance operations by the US and New Zealand authorities, and despite Megaupload complying with the laws giving safe harbor protection to service providers in the even that their users do something illegal).

And all this isn't even taking into account the fringe cases, such as people who have to deal with files between multiple countries. Some countries, encryption is not legal, and it is illegal to have encryption or decryption tools. It hasn't been that long since France has relaxed its laws regarding cryptography. Or even the US, which it wasn't legal for encryption tools or information about cryptography to be "exported" out of the country. In China, you currently have to apply for and be approved for licenses to be able to use Encryption. China is a big enough country, where it isn't essentially unheard of for someone to have relations with people in that country, and you are obligated to follow the rules of both countries.

So you're right, security is an issue, but you cannot just allow things to wait till a solution is found, because of the legal implications for the meanwhile. Not only that, but there has never been a totally fool proof security system. There are ways around everything.

Quote:
Originally Posted by BoldlyDubious View Post
Next issue. You seem to think that (in my proposal) reporting a theft of media files to the police has the function of having them try to get your things back. It's not like that. The function of such a report (that can take the form of an email sent to an automatic logging system, for instance) is that of getting you off the hook if some of your files (that you bought before the time of your report) ever appear online somewhere.
(Of course if you file a report a week, someone could become suspicious...)
As far as the police report, I do not think that at all. Making a police report just notifies any appropriate parties that the item in question is no longer in your possession, such in the case that it is found, or that it is used in the commission in a crime, that you're absolved of any legal responsibility without the need of further investigation. I never said anything to the effect that filing a report required the police to look for my lost items. However, the paperwork required for the police to do in the missing item report is beyond what many want to do especially in the face of what one officer claimed as "real crime". Even with more serious crimes, police officers are loathed to do paperwork. Look at the example of when my house was broken into. The person who did it smashed in the back door, stole my dad's medicine, and then proceded to carefully lay out all of my mother's panties on the bed. The cops said it wasn't worth even doing the paperwork, and just jokingly called him the "panty bandit". We didn't really need the return of the medicine (by that point, he was in the hospital and any medicine he required was supplied there). We simply wanted a police report, so that should the medicine bottles be found, the claim could not be made that we sold the pills (which we made emphatically clear to the officers). On top of that, afterwards, the guy who broke in started stalking my mom, for a period of 3 years before we were able to move. During that time, he broke in several times, and each time the police refused to do paperwork. So goes back to my point of, if police refuse to file paperwork for more serious crimes, then how can you expect everyone to be able to file a simple missing item report?

Basically, there seems to be a lot of glaring legal issues with your plan as it stands. It requires everyone doing exactly what is expected of them, and being totally honest the entire time.
Hellmark is offline   Reply With Quote