Back in October, the Motion Picture Association of America (MPAA) sent letters to presidents of 25 major universities urging them to download their University Toolkit to “help” universities monitor illegal downloads on their network. As you might expect from the MPAA, this Toolkit seems more aptly categorized as spyware — complete with undocumented functions like phoning home to the MPAA for updates as well as exposing the host network to a possible attack vector by setting up its own Apache web server.
The Toolkit is based on Xubuntu (a derivative of Ubuntu), and as one commenter on Brian Krebs’ post said, “Kinda funny that they chose to use an open source OS and program/programs to do this with.” But the irony doesn’t end there. The comments that follow betray a growing realization that perhaps the MPAA included and republished GPL-licensed software without licensing the host application under a GPL-compatible license, as required.
Sure enough, much of the Toolkit’s sources remain secret and unpublished. Matthew Garrett, an Ubuntu developer, sent a DMCA takedown notice to the MPAA for violating the license — and forced them to remove the download. Parry, riposte.