Thursday, November 18, 2004

Ed Felten's recent Princeton President's Lecture, "Rip, Mix, Burn, Sue: Technology, Politics, and the Fight to Control Digital Media" is now online. He links to it from his Freedom-to Tinker blog.
Frank Field says Google are planning a new service for scientists and academic researchers.

"Google Scholar, which was scheduled to go online Wednesday evening at scholar.google.com, is a result of the company’s collaboration with a number of scientific and academic publishers and is intended as a first stop for researchers looking for scholarly literature like peer-reviewed papers, books, abstracts and technical reports.

Google executives declined to say how many additional documents and books had been indexed and made searchable through the service. While the great majority of recent scholarly papers and periodicals are indexed on the Web, many have not been easily accessible to the public."

Wednesday, November 17, 2004

Privacy International are of the dangers of the misuse of phone cameras.
Apparently nearly a thousand people have endorsed an online petition objecting to the implementation of a national identity card in the UK.
Poland have blocked the EU software patent directive.
The British Airports Authority have lost in their attempt to get control of the gatwick.com domain name. A WIPO UDRP arbitration panel decided that

"The Respondent has never used the Complainant’s trademark. His website content is controlled by him and his US associates as an independent business, operating separately from the Complainant’s airport business. Using his own proprietary rights, he is therefore providing a legitimate directory of services in the Gatwick sub-regional area. He receives an income from this business, which he has the right to operate.

There is no risk of consumers being misled into believing that his site is an official BAA website. It does not display the BAA name nor indicate to those searching the Internet that they have arrived at the Gatwick Airport site. The Complainant cannot prove that the Respondent deliberately selected the name with the sole intention of gaining Internet traffic intended for the Complainant. He has had honest and fair use of the website address for 8 years without opposition from the Complainant.

The Respondent is a software engineer who registered the disputed domain name to provide a directory for a large variety of businesses in the area, initially through emails and public information sites."

In addition the panel refused to pass any judgement on the claim by the owner of the domain, Bob Larkin, that BAA had engaged in a dirty tricks campaign to try and wrestle the domain from his control. They also said BAA has not registered the trademark in the Gatwick name until a number of years after Gatwick.com was registered as a domain name.
Seth Schoen uses the changes TiVo have embraced (ie drm) as a platform to explore the convergence of computers and consumer electronics devices, on Dave Farber's interesting people list.

"the smart cards and set-top boxes would decrypt the programming as it came into
your house and verify that you were authorized to receive it. But
then they would encrypt it again in order to enforce _copyright
holder_ policies about what you could do with it after you had
received it. That re-encryption makes the new generation of pay
TV services (after you've paid for them) different from free TV
services because the pay TV services can be subject to additional
controls after the point of lawful reception.

The FCC was asked to ban this re-encryption -- in a sense, to limit
the use of encryption under the 1996 Act to making sure that you
initially pay for pay TV, not to controlling what you do with it
afterward. In a decision in 2000, the Commission declined to do
this...


This decision was unfortunate in its implications because it vastly
increased the potential leverage that movie studios would have over
technology companies. If the FCC had forbidden re-encryption of
pay TV programming, companies like TiVo would not need to negotiate
with movie studios (or broadcast groups) in order to get lawful access
to pay TV...

And TiVo has chosen to do exactly that...

Of course, that negotiation has come at a corresponding cost: TiVo
implements digital rights management, takes steps (to date not very
strong steps) to control reverse engineering and aftermark
modifications, and generally implements a lot of restrictions on
recorded programming...

TiVo customers are obviously happy enough with this strategy that they
keep buying TiVos in large numbers, although there is a devoted
community of "TiVo hacking" enthusiasts who learn how to add
functionality to their TiVos -- and they have a very complicated
relationship with these restrictions...

There is an alternative -- if you only want to receive unencrypted
TV (free-to-air terrestrial broadcasting and basic-tier cable in
the U.S., and possibly these plus certain types of pay TV in Europe).
You can use a personal computer as a PVR by putting one or more TV
cards inside. Then you can run software that turns the PC into a PVR.
One of the most impressive programs along these lines is an open
source package called MythTV

http://www.mythtv.org/

which has already implemented functionality competitive with TiVo's
PVR functionality, plus features that TiVo won't touch...

The major movie
studios have persuaded the FCC to change the rules for unencrypted
digital television to apply DRM there, in the "broadcast flag" or
"digital broadcast content protection" proceeding. (That's why I
say that the FCC is unlikely to change the DRM requirement for
cable TV!) The result is that the equipment that makes a program
like MythTV work with U.S. digital television will be illegal to
manufacture here from July 1, 2005. If you want to use something
like MythTV for digital TV in the future, your best bet is to buy
the equipment before then. MythTV works well with the pcHDTV
HD-3000 card, which is finally shipping:

http://www.pchdtv.com/ ...

I would not get so worked up about any one action that TiVo takes.
We know their strategy, and it involves co-operating with movie
studios to impose restrictions on end users. The reasons why they
do this are not mysterious. If you want to criticize TiVo -- and
that's fine with me! -- the right place to start is much earlier in
the company's history.

But if you actually want to opt out of the DRM game, it seems to
me that the thing to do is to spread the remaining unrestricted
technologies as far and wide as possible while they're still legal...

I've often thought of writing an essay called "converging up,
converging down?" about the ambiguity of the "convergence" ideal.
PCs and consumer electronics (CE) devices have very different
characteristics -- beyond just the technical differences, veering
into cultural differences -- even though today they are usually
made out of the same chips. Among other things, PCs in the past
were friendlier to user innovation and third party innovation; you
could teach them to do more. CE devices in the past were much more
single-function and fixed-function, and upgrades (if available)
typically had to be provided by the manufacturer. Ultimately PCs
were much more under end user control and CE devices much more
under the manuacturer's control. Movie studios have appreciated
this distinction; they have better, older, and closer relationships
with the CE industries than with the PC industries...

If these device families actually do "converge", on whose terms
will they converge? Will the PC grow more like a DVD player (or
a TiVo), or will the PVR and cell phone grow more like PCs? And,
since "being like a PC" or "being like a CE box" is not just a
single dimension, in _which ways_ will they become more like one
another? Which particular characteristics will each now imitate...

In terms of end user control, there is an opportunity for CE devices
to converge up (enhancing customers' control) and a risk of PC
devices converging down (eroding it). I think the world the
entertainment companies have built is providing exactly the wrong
incentive at every point as this question is worked out."

Spread unrestricted technologies as far and wide as possible whilst they are still legal? Now where have I heard that before? Well Charles Nesson at the Berkman Center has taken this position the introduction of controls to the Internet - the message being don't waste your energy complaining about those terrible entities introducing restrictions for their own ends but rather get on with using the Net creatively and demonstrating to the world what potential it has.
Somebody has asked me if there is a quick way of understanding Larry Lessig's ideas on copyright. Well he's done lots of excellent public lectures and interviews, many available on the Internet, such as this KQED debate with intellectual property lawyer, Jeffrey Knowles.

Tuesday, November 16, 2004

Ernest Miller is dreaming about the server in the closet of every home.

"I remain enamored of a concept I think of as the "server in the closet." I believe that, eventually, every home will have a fairly sophisticated server as the locus of the many networked device in the home. Everything from the VoIP phone system, presence-enabled media (IM), multimedia (podcasts, broadcatch), etc., etc., etc. There will be fat and thin clients in the home, all of which can be (but not required to) coordinate through home's central server. More importantly, this "server in the closet" will be part of bi-directional communication with the rest of the world wide network, turning every home not only into a receiver, but a transmitter."

James Grimmelmann has some strong words about "Two Skirmishes in the DRM Wars: Half-Life 2 and Halo 2" over at Lawmeme:

"people who tried to log in to Microsoft's X-Box Live service to play Halo 2 with hacked X-Boxes have found their accounts suspended.

And on the other hand, copies of Half-Life 2 have started hitting retail shelves in advance of the "official" release date of November 16. Gamers who rush out to buy (sometimes extortionately priced) copies early, however, are finding themselves stymied: the game won't install without verification from Steam, the online platform Valve (Half-Life 2's creator) uses to deliver its games and coordinate online play. But Steam won't turn the game on until the 16th, per instructions from Vivendi (Half-Life 2's distributor).

Let's call these schemes by their right name: these are both examples of digital rights management working as intended. This is the future of digital media, here today: your copy of the product checks in with home base to determine what you can and can't do with it. And when the company that runs home base decides that it doesn't like what you're doing (be it tampering with your device's hardware or trying--oh the temerity!--to play a game a few days early), it can cut you off at the knees and disable your access to the game. That's what DRM does. Hey, gamers: you're getting a taste of the treatment the music industry has planned for us all. Do you like it?

Now, not all DRM is created equal. Microsoft's choice here was reasonably fair, I think. You can do whatever you want to your 'Box, but don't expect to be able to use a modded 'Box to compete against people who are playing by the rules. I look at X-Box Live as a kind of virtual world; it's not unreasonable for Microsoft to act as a referee by insisting that everyone who enters that world enter it on the same terms...

...The Steam lockout is more frightening, though. First off, note why it is that Valve won't turn the key: a contractual dispute with Vivendi. In fact, Valve and Vivendi are locked in a fierce legal struggle over distribution terms, with Vivendi furious that Steam might undercut its revenues from store-based sales. That's right: your ability to play Half-Life 2 is being held hostage to a licensing fight between two corporations."

One of my students has reminded me that the November issue (12.11) of Wired magazine comes with a CD containing a collection of songs released under a creative commons license.
Microsoft have launched a global egovernment network, called the "Solutions Sharing Network" or SSN.

In the same spirit of sharing, the NHS National Programme for IT (NPFIT)will be rolling out the PR department next year to let people know about the new NHS IT systems and the implications regarding sharing of personal data. I wonder if they'll be referring to doctors concerns about the lack of security of records the new systems may be displaying? Sorry - cheap shot - but I couldn't resist it.
Sun are trying the open source business model with their new operating system, Solaris 10, which they are giving away free, in the hope that it will greatly expand the user base.
Cindy Cohn and Annalee Newitz at the EFF have written a very interesting and thoughtful paper on spam:
Noncommercial Email Lists:Collateral Damage in the Fight Against Spam, suggesting that non commercial mailing lists are suffering disproportionate "collateral damage" in the fight against spam.

My own organisation, the Open University, uses spam management filters and I'm grateful for these because I deal with tens of thousands of emails each year. The result of this avalanche of email is that unless an individual email gains my attention virtually immediately it gets deleted. And anything flagged by spam filters gets instantly deleted.

Cohn and Newitz are right to question the principles, processes and mechanics of spam filtering tools but just as we have information management systems in organisations to filter the right bits of paper and the right phone calls through to the most appropriate people we need information management systems in the electronic realm. How to square that with a sensitivity to be aware of and committment to avoid censorship and maintenance of the end to end architecture of the Net is a complex question to which there are no simple answers.

Monday, November 15, 2004

Bruce Schneier on electronic voting, essential reading.

"After 2000, voting machine problems made
international headlines. The government appropriated money to fix the
problems nationwide. Unfortunately, electronic voting machines --
although presented as the solution -- have largely made the problem
worse. This doesn't mean that these machines should be abandoned, but
they need to be designed to increase both their accuracy, and people's
trust in their accuracy. This is difficult, but not impossible...

...Computer security experts are unanimous on what to do. (Some voting
experts disagree, but I think we're all much better off listening to
the computer security experts. The problems here are with the
computer, not with the fact that the computer is being used in a voting
application.) And they have two recommendations:

1. DRE machines must have a voter-verifiable paper audit trails
(sometimes called a voter-verified paper ballot). This is a paper
ballot printed out by the voting machine, which the voter is allowed to
look at and verify. He doesn't take it home with him. Either he looks
at it on the machine behind a glass screen, or he takes the paper and
puts it into a ballot box. The point of this is twofold. One, it
allows the voter to confirm that his vote was recorded in the manner he
intended. And two, it provides the mechanism for a recount if there
are problems with the machine.

2. Software used on DRE machines must be open to public
scrutiny. This also has two functions. One, it allows any interested
party to examine the software and find bugs, which can then be
corrected. This public analysis improves security. And two, it
increases public confidence in the voting process. If the software is
public, no one can insinuate that the voting system has unfairness
built into the code. (Companies that make these machines regularly
argue that they need to keep their software secret for security
reasons. Don't believe them. In this instance, secrecy has nothing to
do with security.)...


...Proponents of DREs often point to successful elections as "proof" that
the systems work. That completely misses the point. The fear is that
errors in the software -- either accidental or deliberately introduced
-- can undetectably alter the final tallies. An election without any
detected problems is no more a proof the system is reliable and secure
than a night that no one broke into your house is proof that your door
locks work. Maybe no one tried, or maybe someone tried and
succeeded...and you don't know it.

Even if we get the technology right, we still won't be done. If the
goal of a voting system is to accurately translate voter intent into a
final tally, the voting machine is only one part of the overall
system. In the 2004 U.S. election, problems with voter registration,
untrained poll workers, ballot design, and procedures for handling
problems resulted in far more votes not being counted than problems
with the technology. But if we're going to spend money on new voting
technology, it makes sense to spend it on technology that makes the
problem easier instead of harder."
It's a subscription only sevice but the Wall Street Journal is reporting that the cross jurisdictional Gutnick v Dow Jones internet defamation case has been settled out of court. Dow Jones lost their fight to have the Australian courts declare that the case should have been heard in the US. Interesting timing in the light of the UK Court of Appeal decision in the Don King v Lennox Lewis case last week.

Coincidentally, a Canadian archaeologist was awarded large damages in another Net libel case last week. The report claims there has been very little case law in the area of Internet defamation but actually there have been quite a few cases in the US streching back to Cubby v Compuserve in the early 1990s, Stratton v Prodigy and a string of others since. In Autralia Gutnick v Dow Jones has been the precendent setter and in the UK it was Godfrey v Demon. So there are plenty of legal arguments available for Canadian judges to peruse on matters of principle and law, albeit from different juridictions.
Rohde to Srebrenica is a human rights case study project of the Columbia Graduate School of
Journalism, based on David Rohde’s reporting on mass graves in Bosnia.
Computer loophole hits hi-tech NHS trial says the Sunday Times. Apparently there are security problems with the appointments booking system, which gives all doctors access to all GPs' patient records and the facility to edit them.

Also from Sunday, Dan Gillmor laments Microsoft's ability to buy its way out of trouble.

"Microsoft's $536 million settlement with Novell, which had sued on antitrust claims, was big money for Novell. It was less than pocket change for Microsoft, which at last count had nearly $65 billion in cash and short-term investments -- and not a dime of debt.

In a slew of financial settlements with companies Microsoft has trampled over the years, the payout for wrongdoing is roughly $3 billion to date. That represents about three months of profit for a company that literally can't spend its cash fast enough, and is giving shareholders a one-time bonus of $3 a share early next month. That payout will put only a temporary dent in the cash hoard.

What does all this mean? Simple. When governments fail to enforce the rules of capitalism, monopoly profits can buy one's way out of almost any kind of trouble...

...n a report last week about Microsoft's new search technology, for example, the Wall Street Journal observed: ``Microsoft brings a big wallet and a track record of coming from behind in areas that it deems critical. The company belatedly recognized the importance of the Internet and ultimately steamrolled Netscape Communications in Web browser software.''

You'll note there's not even a hint here that one of Microsoft's most essential tactics in achieving that browser dominance was breaking the law. Even the best and most important business newspaper in the world can't be bothered to remember history."

Not Microsoft's biggest fan.
According to the Washington Post, the US Transportation Security Administration has ordered 72 airlines to hand over passenger data to test their new screening program Secure Flight.

The reporter worries that "Any U.S. carrier that shared information with the TSA about European passengers on flights overseas could be placed in a legal bind between the two continents", so presumably is not aware of EU Commissioner Bolkestein's agreement with the US on airline pasenger data sharing. OF course that agreement is currently being challenged by the EU parliament in the European Court of Justice, so her cocerns may well become substantive if the Court does eventually outlaw the agreement.