Internet Piracy, Plagiarism and the Security Professional

Friday, September 16, 2011

Craig S Wright


Internet Piracy, Contraband, Counterfeit Products, Plagiarism and Copyright and the “Security Professional”

It may often occur that works offered over the Internet, either by a service provider or its subscribers, is included within the copyright owned by a third party who has not sanctioned the works distribution.

In some instances, a service provider may be liable for a copyright infringement using its service and systems. Access to copyrighted material without license is illegal in itself. It is analogous to receiving stolen property.

The damage done through plagiarism and the deception it entails damages not just those involved, but also the entire information security community when it is one of our own.

Plagiarism can be no different to receiving stolen intellectual property

What has changed is the ease and distances associated with the distribution of copied materials. The global Internet allows people to copy and distribute copyrighted works almost instantaneously anywhere in the world be this on a one-to-one distribution or using a shared P2P network. Intermediaries are involved as both the storage sites and the conduit.

Plagiarism varies in its extent. It goes from simply rephrasing the ideas of another without referencing your sources right through to the literal block copy of paragraphs of text and the theft of entire passages.

This literal copying is a form of fraud and theft. In some cases, the aim is not an accidental unacknowledged phrase but deception. The author wants to use the works of another as their own. In this “uniquely secretive form of theft the author is asserting a level of skill, knowledge and expertise that they do not exhibit on their own. They are using the work and study of another to lift their own lack of ability.

Simon Caterson wrote [1] that “Plagiarists can only get away with stealing words while their victims remain in ignorance. As Christopher Ricks points outs, it is the intention to conceal that essentially distinguishes plagiarism from legitimate forms of literary appropriation, such as allusion: "the alluder hopes that the reader will recognise something, the plagiariser that the reader will not".”

Some, and this has been attributed to many individuals state that “to steal ideas from one person is plagiarism. To steal from many is research”.

This makes light of the damage that the fraud and deception of plagiarism causes, but more importantly, it detracts from real research. A good researcher uses the ideas of others, but also attributes the sources.

Further, plagiarism does not just hurt a nebulous idea of society and the copyright holder, it leads to liability for the hosting party in some instances. As a breach of copyright laws, the ICP [Internet Content Provider] or ISP can be found liable if they fail to act. This even extends to online journals and blogs.

For a party to be charged with a civil copyright infringement or media piracy in the US, the claimant needs to mutually prove each of the following:

  • show ownership of the copyright work, and
  • demonstrate that the other party "violated at least one exclusive right granted to copyright holders under 17 U.S.C. § 106".

What an intermediary needs to know is that simply making files available for download is equivalent to distribution. This was determined in the US case, Elektra v. Perez (Elektra v. Perez, D. Or. 6:05-cv-00931-AA). Intermediaries that provide storage and distribution services need to factor this into the contracts that they offer and the procedures they use in order to ensure that they are not hosting illegal content.

The problems in Information Security

Plagiarism by “security professionals” - and I use this term lightly in the wider sense as fraud is not professional - is of particular concern. It is one thing to forget to attribute an idea in a report that is written by the author and has not been simply block copied, but another altogether to pass the writings of another person off as your own.

The issue is that some people in the industry leverage the works of others coupled with external promotion to seem more than they are. We all suffer for this and in a field as critical as security, the costs can be disproportionate to the damage a single individual could seem to be able to create.

This topic is not new. Other writers have taken Gregory D. Evans, “author” of "World’s No. 1 Hacker" book to task for stealing vast blocks of other people’s work. Yet these people remain. Despite their frauds in passing off a level of expertise they do not actually possess, people trust these security doppelgangers.

Here in Australia, we have such a case as well. I wrote on this topic three years ago now. That did not stop this individual from promoting herself as more than she really is to the point where she has been awarded ICT professional of the year in Australia.

Ms Rattray in one example of her writings took the text of text from Erik Guldentops “Harnessing IT for Secure, Profitable Use” and block copied this into an article she professed to have written. This article was published in Insecure. An article by Jo Stewart-Rattray began on page 73 of issue 14. I had notified the publishers who had that article pulled as Ms Rattray had plagiarised it. The original copy is still available thanks to the nature of the web.

Ms Rattray’s feeble excuse for fraudulently stating the writings as her own was that she had planned to add a reference later. Really? Adding a reference when more than half the article has been stolen and fraudulently promoted as her own?

For that matter, would not the adding of a reference have been better justified before publication? If you have been published for three months and have not made an attempt to update a document, does that not seem as if you have basically intended to fraudulently promote it as your own?

Ms. Rattray did contact me. She stated; "My omission came about by rushing a piece of work to meet a deadline and cobbling it together and not thoroughly reviewing it before sending it off. This is my error one of omission only."

There are copyright issues with this level of plagiarism, but the true problem is the betrayal of trust. People such as Ms Rattray and Gregory D. Evans promote themselves as experts. People trust them in what they say and implement solutions and controls based on a level of knowledge that these individuals do not actually have.

In the end, we all suffer when frauds are allowed to flourish. This fraud is a sign of dishonesty.

In these cases, we have to ask the question, do we really want to trust a person who would steal the works of another and pass it off as their own. They are dishonest, how can we place our trust in them? Worse, in Ms Rattray’s case, she is a director of ISACA. In allowing her unethical behaviours, she tarnishes the reputations of all members of ISACA.

[1] “A plagiarism on them all” November 20, 2004 -

Possibly Related Articles:
Information Security
Intellectual Property Information Security Infosec Copyright Professional Plagiarism
Post Rating I Like this!
Pete Herzog Funny that you write this now as I was just in the process of writing a methodology for minimizing plagiarism and cheating in schools. But I have to concur, so many good works are stolen by so many "professionals". I see it all the time. I think the general public is really just becoming numb to such theft now.
J. Oquendo @Lance, I contacted Google about the clowns you mentioned as I stumbled on that crazy woman's page. I had them take them down within 24 hours.
J. Oquendo Seems like she just copy and pastes whatever floats her way. If need be let me know I have a cutting template/wording I use for crap like this ;)
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.