Firefox scholar.
"SmartFox will enable users, with a single click, to grab a citation to a book, journal article, archival document, or museum object and store it in their browser. Researchers will then be able to take notes on the reference, link that reference to others, and organize both the metadata and annotations in ways that will greatly enhance the usefulness of, and the great investment of time and money in, the electronic collections of museums and libraries. All of the information SmartFox gathers and the researcher creates will be stored on the client's computer, not the institution's server (unlike commercial products like Amazon's toolbar), and will be fully searchable. The Web browser, the premier platform for research now and in the future, will achieve the kind of functionality that the users of libraries and museums would expect in an age of exponentially increasing digitization of their holdings."
Good idea.
Friday, November 25, 2005
The Patent Cold War
Quentin Stafford-Fraser on the Patent Cold War. Good stuff:
"The current patent system is something of a farce. Almost everybody involved in it knows this, but it's a game we all have to keep playing because nobody can afford to be the first one to stop...
And so we have the first major problem. The acquisition of patents, instead of being a means to an end, has become an end in itself...
And so this is problem number two: Lots of people have the ideas, but the wrong people are getting most of the patents...
And so we come to a very clichéd but nonetheless important problem number three: In the end, whether a patent is worth anything depends chiefly on how much you can afford to spend on lawyers. Even if you rightfully have the patent, you may not win...
And so we come to my last major concern, that a lot of the ideas for which patents are granted probably aren't very novel. So the system isn't really stimulating technological development by granting people 20-year monopolies on them..."
"The current patent system is something of a farce. Almost everybody involved in it knows this, but it's a game we all have to keep playing because nobody can afford to be the first one to stop...
And so we have the first major problem. The acquisition of patents, instead of being a means to an end, has become an end in itself...
And so this is problem number two: Lots of people have the ideas, but the wrong people are getting most of the patents...
And so we come to a very clichéd but nonetheless important problem number three: In the end, whether a patent is worth anything depends chiefly on how much you can afford to spend on lawyers. Even if you rightfully have the patent, you may not win...
And so we come to my last major concern, that a lot of the ideas for which patents are granted probably aren't very novel. So the system isn't really stimulating technological development by granting people 20-year monopolies on them..."
Verisign on Net CALEA compliance
Susan Crawford castigates Versign for their declaration that the FCC have not gone far enough in demanding that digital networks be architected for easy law enforcement interception.
"Within the last ten days or so, the key vendor of CALEA compliance services (VeriSign) has taken a very stern tone [pdf] with the FCC, saying that the Commission has read CALEA far too narrowly. VeriSign wants any SIP-using service to be part of the program, and suggests that interconnection with the traditional telephone network shouldn't necessarily be the standard for compliance. Translation: any possible multimedia application (whether connected to the phone network or not) and all connections to the internet should be designed in advance so as to be easily tappable by law enforcement.
(What's a SIP-based service? It's any service using the Session Initiation Protocol, an IETF signaling protocol that can be used in connection with any multimedia or voice or gaming application. GoogleTalk will use SIP; MSN Messenger already does; a host of VoIP applications already do. It's a very broadly used peer-to-peer protocol.)
VeriSign is also arguing that the rest of the world is moving smoothly along the vendor-assisted interception path, and that "the only impediment to implementation domestically principally lies in the Commission's actions" in the CALEA proceeding. We are ready, sayeth VeriSign (describing itself as a member of the "entrepreneurial and innovative global lawful interception industry") to provide these compliance services at minimal cost, but the Commission is getting in the way...
What's extraordinary about all this firmness on the part of the sole listener (DOJ) and the key vendor (VeriSign) is that the FCC has reached very far indeed to do their bidding already. By virtue of a less-than-weak reading of CALEA (which doesn't apply to "information services"), the Commission has gotten up the nerve to act like Congress and proclaim that a huge range of actors have to be CALEA compliant within 18 months, without saying what compliance means. Non-compliant firms will be subject to fines of $10,000 a day. So entities have to start complying without knowing what to do, and they won't even know whether they're covered -- because the FCC is sometimes flip about whether they are. Enormous, arbitrary, capricious, and aggressive confusion is in the air.
It's all pretty astonishing and pretty abusive...
But if you listen to VeriSign, we're all being silly, the world has moved on, and we should just shape up and get with the program. I feel sorry for the well-meaning professional staff at the Commission. They're under tremendous pressure."
"Within the last ten days or so, the key vendor of CALEA compliance services (VeriSign) has taken a very stern tone [pdf] with the FCC, saying that the Commission has read CALEA far too narrowly. VeriSign wants any SIP-using service to be part of the program, and suggests that interconnection with the traditional telephone network shouldn't necessarily be the standard for compliance. Translation: any possible multimedia application (whether connected to the phone network or not) and all connections to the internet should be designed in advance so as to be easily tappable by law enforcement.
(What's a SIP-based service? It's any service using the Session Initiation Protocol, an IETF signaling protocol that can be used in connection with any multimedia or voice or gaming application. GoogleTalk will use SIP; MSN Messenger already does; a host of VoIP applications already do. It's a very broadly used peer-to-peer protocol.)
VeriSign is also arguing that the rest of the world is moving smoothly along the vendor-assisted interception path, and that "the only impediment to implementation domestically principally lies in the Commission's actions" in the CALEA proceeding. We are ready, sayeth VeriSign (describing itself as a member of the "entrepreneurial and innovative global lawful interception industry") to provide these compliance services at minimal cost, but the Commission is getting in the way...
What's extraordinary about all this firmness on the part of the sole listener (DOJ) and the key vendor (VeriSign) is that the FCC has reached very far indeed to do their bidding already. By virtue of a less-than-weak reading of CALEA (which doesn't apply to "information services"), the Commission has gotten up the nerve to act like Congress and proclaim that a huge range of actors have to be CALEA compliant within 18 months, without saying what compliance means. Non-compliant firms will be subject to fines of $10,000 a day. So entities have to start complying without knowing what to do, and they won't even know whether they're covered -- because the FCC is sometimes flip about whether they are. Enormous, arbitrary, capricious, and aggressive confusion is in the air.
It's all pretty astonishing and pretty abusive...
But if you listen to VeriSign, we're all being silly, the world has moved on, and we should just shape up and get with the program. I feel sorry for the well-meaning professional staff at the Commission. They're under tremendous pressure."
WIPO meeting on copyright in education
IPKat also has a note about a WIPO meeting on copyright in education in the knowledge society.
"The digital environment presents enormous opportunities and challenges in terms of delivering educational materials in a sustainable manner, said Mrs. Rita Hayes, WIPO Deputy Director General in charge of copyright issues. "Today’s meeting was an excellent opportunity to look at the dissemination of teaching materials through balanced and effective copyright systems that meet the needs of all stakeholders; authors, publishers, libraries and educational services"
All stakeholders? Hmmm let's look at that list again - "authors, publishers, libraries and educational services." Nope I didn't miss them. Where were the readers or students?
But "delivering educational materials in a sustainable manner" is a nice idea, since sustainability, by definition, means protecting and cultivating and rich open-system (and I mean that in the purest thermodynamic sense, of course) source of open and renewable raw materials. Are WIPO promoting open access?
"The digital environment presents enormous opportunities and challenges in terms of delivering educational materials in a sustainable manner, said Mrs. Rita Hayes, WIPO Deputy Director General in charge of copyright issues. "Today’s meeting was an excellent opportunity to look at the dissemination of teaching materials through balanced and effective copyright systems that meet the needs of all stakeholders; authors, publishers, libraries and educational services"
All stakeholders? Hmmm let's look at that list again - "authors, publishers, libraries and educational services." Nope I didn't miss them. Where were the readers or students?
But "delivering educational materials in a sustainable manner" is a nice idea, since sustainability, by definition, means protecting and cultivating and rich open-system (and I mean that in the purest thermodynamic sense, of course) source of open and renewable raw materials. Are WIPO promoting open access?
Laws of physics muck up a patent application
I learn from IPKat that there's a novel decision from the Patent appeal court, where the judge threw out an appeal against the dismissal of a patent application. He reckoned that it was reasonable for the patent examiner to hold that the proposed invention was not only obvious but it broke the laws of physics, or more specifically the law of conservation of energy (also widely known by engineers as the first law of thermodynamics).
So the invention was obvious despite the fact that it breached a fundamental law of nature, which presumably means that that fundamental law is not obvious? Being the scientific stick in the mud that I am, I'd say that is more of a reflection of the basic lack of scientific understanding rather than that the first law of thermodynamics is something less than obvious. Which in turn leads to the question of what actually is obvious? But that strays into the realm of philosophy which goes beyond the boundaries of my scientific, technical, commercial and legal training...
No that's not good enough. Even young children know you can't generate energy out of nothing, so if it is obvious to them why isn't it obvious to the legal system and society more generally? Just another example of our ability to believe in things which are simple, obvious and wrong, I guess.
So the invention was obvious despite the fact that it breached a fundamental law of nature, which presumably means that that fundamental law is not obvious? Being the scientific stick in the mud that I am, I'd say that is more of a reflection of the basic lack of scientific understanding rather than that the first law of thermodynamics is something less than obvious. Which in turn leads to the question of what actually is obvious? But that strays into the realm of philosophy which goes beyond the boundaries of my scientific, technical, commercial and legal training...
No that's not good enough. Even young children know you can't generate energy out of nothing, so if it is obvious to them why isn't it obvious to the legal system and society more generally? Just another example of our ability to believe in things which are simple, obvious and wrong, I guess.
ID cards in historical perspective
Jon Agar of Cambridge University has produced a paper on Identity cards in Britain: past experience and policy implications. I've just had time to scan the executive summary but it looks well worth a read. The paper looks briefly at the two previous ID card systems in the UK in the 20th century and idenitfies some features which could inform the debate on the government's planned system. Extract from the executive summary:
"The first national register (1915-1919), and accompanying identity card, was a failure, and the second (1939-1952) a partial success. The success of the second system was secured by analysing the causes of the failure of the first.
Universal registration systems have repeatedly been proposed as solutions to short-lived moral panics. But there is little evidence that national registers effectively resolve such panics.
Public indifference or hostility to identity cards was managed by building 'parasitic vitality' into the second experience. In particular, the system of national registration was intimately connected to the system of food rationing. Without similar 'parasitic vitality', contemporary proposals can be expected to struggle to win acceptance.
However, such interconnection encourages the phenomenon of 'function creep': eventually the pattern of disclosure and use of personal information is markedly different from that originally declared."
He goes on to say in the body of the report:
" the administrative operation of - and public response to - the historical card systems reveal features that should make all parties in the contemporary debate pause for thought. For example, the relative technological simplicity of the old card systems made a considerable contribution to their effectiveness: the simplistic equation of technological sophistication with effectiveness should be resisted."
As I say to my students, we should look to use the best available technology, including pencils and paper.
"The first national register (1915-1919), and accompanying identity card, was a failure, and the second (1939-1952) a partial success. The success of the second system was secured by analysing the causes of the failure of the first.
Universal registration systems have repeatedly been proposed as solutions to short-lived moral panics. But there is little evidence that national registers effectively resolve such panics.
Public indifference or hostility to identity cards was managed by building 'parasitic vitality' into the second experience. In particular, the system of national registration was intimately connected to the system of food rationing. Without similar 'parasitic vitality', contemporary proposals can be expected to struggle to win acceptance.
However, such interconnection encourages the phenomenon of 'function creep': eventually the pattern of disclosure and use of personal information is markedly different from that originally declared."
He goes on to say in the body of the report:
" the administrative operation of - and public response to - the historical card systems reveal features that should make all parties in the contemporary debate pause for thought. For example, the relative technological simplicity of the old card systems made a considerable contribution to their effectiveness: the simplistic equation of technological sophistication with effectiveness should be resisted."
As I say to my students, we should look to use the best available technology, including pencils and paper.
Thursday, November 24, 2005
LSE Prof on Government misrepresentation on ID cards
Professor Ian Angell of the London School of Economics Information Systems department is clearly getting irritated at the government's misrepresentation of the LSE research into the proposed ID cards scheme. In a letter to the Telegraph he says,
"Sir - What is going on with this so-called "debate" on ID cards? While appearing on the BBC's Hardtalk last week, immigration minister Tony McNulty claimed that, at a recent meeting in the House of Lords, the LSE had "admitted" that its estimate of the cost of ID cards was "hopelessly wrong". We made no such statement, and no one who attended that meeting could possibly make that inference.
This is typical of how debate over ID cards has degenerated into grand-standing and misrepresentation. With some minor adjustments, we stand by the figures we published in our June report. The reason our calculations differ from those of the Home Office is that we focused on the cost of implementing the scheme across government, while the Home Office estimated merely its own departmental costs.
It is the mission of the department of information systems at the LSE to be at the centre of academic research into any technological initiative that will have a major effect on the population. Having our position misrepresented by ministers will not deflect us from that position. So please, no more nonsense over figures. Let's get on with the real debate about the impact of this proposal on the nation, its effect on the lives of its citizens, and whether the systems stand any chance of functioning at an acceptable level."
"Sir - What is going on with this so-called "debate" on ID cards? While appearing on the BBC's Hardtalk last week, immigration minister Tony McNulty claimed that, at a recent meeting in the House of Lords, the LSE had "admitted" that its estimate of the cost of ID cards was "hopelessly wrong". We made no such statement, and no one who attended that meeting could possibly make that inference.
This is typical of how debate over ID cards has degenerated into grand-standing and misrepresentation. With some minor adjustments, we stand by the figures we published in our June report. The reason our calculations differ from those of the Home Office is that we focused on the cost of implementing the scheme across government, while the Home Office estimated merely its own departmental costs.
It is the mission of the department of information systems at the LSE to be at the centre of academic research into any technological initiative that will have a major effect on the population. Having our position misrepresented by ministers will not deflect us from that position. So please, no more nonsense over figures. Let's get on with the real debate about the impact of this proposal on the nation, its effect on the lives of its citizens, and whether the systems stand any chance of functioning at an acceptable level."
Entertainment industry opportunism
It seems as though the entertainment industry in the EU have taken a leaf out of their US brethen's handbook. Just as the industry in the US attempted (though fortunately failed) to have a provision slipped into the PATRIOT Act in the emotional aftermath of 9/11, to enable them to hack into people's computers, the Creative and Media Business Alliance (CMBA), (i.e. Sony BMG, Disney, EMI, IFPI, Motion Picture Association, Reed Elsevier, Universal and many others) want the EU data retention proposals to be tweaked to enable the trawling of personal communications data to detect and pursue copyright infringement.
Now there is an argument to be made that the security services require access to the best available technology and people in the pursuit of serious crime and a data retention and access process, in some form, may well be a part of that. (I happen to believe the that EU data retention proposals present more problems for the police, the security services, the communications service providers and their customers than they do for the instigators of serious crime but that is another story). But as Suw Charman says here,
"Whether or not you agree with the need to retain traffic data for fighting terrorism and serious crime, there can be no benefit to national security from allowing the creative industries to use this information for prosecuting simple “infringement” cases.
Copyright Criminals
Now tie this in with IPRED2, another nasty bit of legislation which criminalises all “intellectual property” infringement on a commercial scale and “aiding and abetting such infringement”, with very thin definitions of what “commercial scale” or “intellectual property” means. The two directives together become even more alarming.
IPRED2 mandates that the police work with rightsholders to pursue suspected cases of IP infringement - including patent infringements - or merely vocal encouragement of infringement. And the Data Retention directive provides them with reams of data they can mine for evidence against these suspected infringers.
At the latest IPRED2 hearing, that’s exactly what the CBMA’s parent organisation, the International Federation of the Phonographic Industry (IFPI), demanded.
This opens up a very ugly can of worms where entire industries can get unparalleled powers of investigation, provided at the taxpayer’s expense.
Moreover, if the CMBA get their way, the number of data retention enquiries that the telcos and ISPs will have to process will be far higher than if restricted to terrorism and serious crime. This will put far more pressure on the telcos and ISPs who will not only have to bear the cost of storing the data, but also of providing access to the information to the authorities."
Remember what I was saying about the gaffer tape and Sony CDs yesterday? You could become a copyright criminal by sticking some tape round the edge of a Sony CD in order to stop it damaging your computer. So if Sony suspect you may have tried this trick (they'll have your personal details which you had to hand over to get the software to allegedly uninstall the damaging code, the same software which did no such thing and actually caused you further security headaches), under the tweaked data retention and the IPRED2 regulations they can demand a police investigation into your activities; an investigation which would include your communications data for the previous six months (phone calls, web sites visited, emails etc.)
The spectre of the systemic effect of the combination of technology, special interests, politics and ignorance looms again.
Now there is an argument to be made that the security services require access to the best available technology and people in the pursuit of serious crime and a data retention and access process, in some form, may well be a part of that. (I happen to believe the that EU data retention proposals present more problems for the police, the security services, the communications service providers and their customers than they do for the instigators of serious crime but that is another story). But as Suw Charman says here,
"Whether or not you agree with the need to retain traffic data for fighting terrorism and serious crime, there can be no benefit to national security from allowing the creative industries to use this information for prosecuting simple “infringement” cases.
Copyright Criminals
Now tie this in with IPRED2, another nasty bit of legislation which criminalises all “intellectual property” infringement on a commercial scale and “aiding and abetting such infringement”, with very thin definitions of what “commercial scale” or “intellectual property” means. The two directives together become even more alarming.
IPRED2 mandates that the police work with rightsholders to pursue suspected cases of IP infringement - including patent infringements - or merely vocal encouragement of infringement. And the Data Retention directive provides them with reams of data they can mine for evidence against these suspected infringers.
At the latest IPRED2 hearing, that’s exactly what the CBMA’s parent organisation, the International Federation of the Phonographic Industry (IFPI), demanded.
This opens up a very ugly can of worms where entire industries can get unparalleled powers of investigation, provided at the taxpayer’s expense.
Moreover, if the CMBA get their way, the number of data retention enquiries that the telcos and ISPs will have to process will be far higher than if restricted to terrorism and serious crime. This will put far more pressure on the telcos and ISPs who will not only have to bear the cost of storing the data, but also of providing access to the information to the authorities."
Remember what I was saying about the gaffer tape and Sony CDs yesterday? You could become a copyright criminal by sticking some tape round the edge of a Sony CD in order to stop it damaging your computer. So if Sony suspect you may have tried this trick (they'll have your personal details which you had to hand over to get the software to allegedly uninstall the damaging code, the same software which did no such thing and actually caused you further security headaches), under the tweaked data retention and the IPRED2 regulations they can demand a police investigation into your activities; an investigation which would include your communications data for the previous six months (phone calls, web sites visited, emails etc.)
The spectre of the systemic effect of the combination of technology, special interests, politics and ignorance looms again.
The IP parable of the cigarette fire
Ian Clarke has come up with a lovely parable on the extremes of intellectual property.
"I was in the pub last night, and a guy asked me for a light for his cigarette. I suddenly realised that there was a demand here and money to be made, and so I agreed to light his cigarette for 10 pence, but I didnt actually give him a light, I sold him a license to burn his cigarette. My fire license restricted him from giving the light to anybody else, after all, that fire was my property. He was drunk, and dismissing me as a loony, but accepted my fire (and by implication the licence which governed its use) anyway.
Of course in a matter of minutes I noticed a friend of his asking him for a light and to my outrage he gave his cigarette to his friend and pirated my fire! I was furious..."
Matches (if you'll excuse the pun) nicely Thomas Jefferson's:
" It would be curious then, if an idea, the fugitive fermentation of an individual brain, could, of natural right, be claimed in exclusive and stable property. If nature has made any one thing less susceptible than all others of exclusive property, it is the action of the thinking power called an idea, which an individual may exclusively possess as long as he keeps it to himself; but the moment it is divulged, it forces itself into the possession of every one, and the receiver cannot dispossess himself of it. Its peculiar character, too, is that no one possesses the less, because every other possesses the whole of it. He who receives an idea from me, receives instruction himself without lessening mine; as he who lights his taper at mine, receives light without darkening me. That ideas should freely spread from one to another over the globe, for the moral and mutual instruction of man, and improvement of his condition, seems to have been peculiarly and benevolently designed by nature, when she made them, like fire, expansible over all space, without lessening their density in any point, and like the air in which we breathe, move, and have our physical being, incapable of confinement or exclusive appropriation."
"I was in the pub last night, and a guy asked me for a light for his cigarette. I suddenly realised that there was a demand here and money to be made, and so I agreed to light his cigarette for 10 pence, but I didnt actually give him a light, I sold him a license to burn his cigarette. My fire license restricted him from giving the light to anybody else, after all, that fire was my property. He was drunk, and dismissing me as a loony, but accepted my fire (and by implication the licence which governed its use) anyway.
Of course in a matter of minutes I noticed a friend of his asking him for a light and to my outrage he gave his cigarette to his friend and pirated my fire! I was furious..."
Matches (if you'll excuse the pun) nicely Thomas Jefferson's:
" It would be curious then, if an idea, the fugitive fermentation of an individual brain, could, of natural right, be claimed in exclusive and stable property. If nature has made any one thing less susceptible than all others of exclusive property, it is the action of the thinking power called an idea, which an individual may exclusively possess as long as he keeps it to himself; but the moment it is divulged, it forces itself into the possession of every one, and the receiver cannot dispossess himself of it. Its peculiar character, too, is that no one possesses the less, because every other possesses the whole of it. He who receives an idea from me, receives instruction himself without lessening mine; as he who lights his taper at mine, receives light without darkening me. That ideas should freely spread from one to another over the globe, for the moral and mutual instruction of man, and improvement of his condition, seems to have been peculiarly and benevolently designed by nature, when she made them, like fire, expansible over all space, without lessening their density in any point, and like the air in which we breathe, move, and have our physical being, incapable of confinement or exclusive appropriation."
Wednesday, November 23, 2005
ECJ blocks handover of EU passenger data to US
This is an important decision. The advocate general of the European Court of Justice has said that the handing over of airline passenger to the US security services should has no adequate legal basis.
In referring to the EU Commission and the Council of ministers decisions to approve the disclosure of passenger data to US security agencies, AG Phillipe Léger says
“Neither the council decision approving the agreement nor the commission decision holding that information to be sufficiently protected by the US have an adequate legal basis”
He goes on to explicitly advice the ECJ to annul both decisions.
In referring to the EU Commission and the Council of ministers decisions to approve the disclosure of passenger data to US security agencies, AG Phillipe Léger says
“Neither the council decision approving the agreement nor the commission decision holding that information to be sufficiently protected by the US have an adequate legal basis”
He goes on to explicitly advice the ECJ to annul both decisions.
Opaque tape beats Sony drm rootkit
John Leyden in the Register reports that gaffer tape can be used to defeat the offending rootkit installing drm on Sony CDs (though I wouldn't recommend putting gaffer tape on CDs as the resulting loss of balance will probably lead to the CD getting scratched).
But since gaffer tape can be used for this purpose does that make it a technological protection measure (tpm) circumvention device. In which case does it breach the US Digital Millenium Copyright Act and the EU copyright directive?
So could someone be engaging in a criminal act by sticking a bit of tape on a CD to prevent that CD installing destructive code on their computer?
Given the precedent of the Hacker 2600 case (Corley v Universal), where a journalist was banned from linking to websites with DeCSS DVD security circumvention codes, could Leyden be in breach of the DMCA?
What about turning off of the autorun feature on Windows to prevent the Sony CD from automatically installing the destructive drm code? Could adjusting the default options on your own computer be a tpm circumvention mechanism?
Do I think the absurdities of music (and other copyrighted materials) protected by digital fences (drm), which in turn are protected by law with the threat of criminal sanctions, will now magically become clear?
Is that a flying pig I see over there?
But since gaffer tape can be used for this purpose does that make it a technological protection measure (tpm) circumvention device. In which case does it breach the US Digital Millenium Copyright Act and the EU copyright directive?
So could someone be engaging in a criminal act by sticking a bit of tape on a CD to prevent that CD installing destructive code on their computer?
Given the precedent of the Hacker 2600 case (Corley v Universal), where a journalist was banned from linking to websites with DeCSS DVD security circumvention codes, could Leyden be in breach of the DMCA?
What about turning off of the autorun feature on Windows to prevent the Sony CD from automatically installing the destructive drm code? Could adjusting the default options on your own computer be a tpm circumvention mechanism?
Do I think the absurdities of music (and other copyrighted materials) protected by digital fences (drm), which in turn are protected by law with the threat of criminal sanctions, will now magically become clear?
Is that a flying pig I see over there?
ID card costs
From the Register:
"The London School of Economics (LSE) has issued a statement clarifying its position on its National ID card research. The announcement follows press reports that project costs could go as high as £40bn. The LSE says that its original estimate of a £19.2bn high watermark stands and no other figure should be attributed to them."
"The London School of Economics (LSE) has issued a statement clarifying its position on its National ID card research. The announcement follows press reports that project costs could go as high as £40bn. The LSE says that its original estimate of a £19.2bn high watermark stands and no other figure should be attributed to them."
Schneier on the real story in the Sony drm fiasco
Bruce Schneier thinks the real story in the Sony drm disaster is
not Sony's rogue drm rootkit,
not that the drm acts as spyware,
not that attempts to get rid of it damage your Windows operating system
not that Sony stopped production on the destructive CDs
not that Sony recalled the destructive CDs
not that Sony secretly rolled out destructive drm
not that Sony after a lot of hassle and further privacy invasion offered a "fix" that not only didn't work appropriately but created more security problems
not that Sony lied about the privacy invading features of the drm
not that Sony said "Most people don't even know what a rootkit is, so why should they care about it?"
not that Sony's rootkit may have infringed on others' copyrights
not that Sony may have breached UK, US, Italian and other criminal codes
not that Sony probably won't be prosecuted in the US or the UK
but
"the collusion between big media companies who try to control what we do on our computers and computer-security companies who are supposed to be protecting us...
That all the big security companies, with over a year's lead time, would fail to notice or do anything about this Sony rootkit demonstrates incompetence at best, and lousy ethics at worst...
Who are the security companies really working for? It's unlikely that this Sony rootkit is the only example of a media company using this technology. Which security company has engineers looking for the others who might be doing it? And what will they do if they find one? What will they do the next time some multinational company decides that owning your computers is a good idea?
These questions are the real story, and we all deserve answers."
not Sony's rogue drm rootkit,
not that the drm acts as spyware,
not that attempts to get rid of it damage your Windows operating system
not that Sony stopped production on the destructive CDs
not that Sony recalled the destructive CDs
not that Sony secretly rolled out destructive drm
not that Sony after a lot of hassle and further privacy invasion offered a "fix" that not only didn't work appropriately but created more security problems
not that Sony lied about the privacy invading features of the drm
not that Sony said "Most people don't even know what a rootkit is, so why should they care about it?"
not that Sony's rootkit may have infringed on others' copyrights
not that Sony may have breached UK, US, Italian and other criminal codes
not that Sony probably won't be prosecuted in the US or the UK
but
"the collusion between big media companies who try to control what we do on our computers and computer-security companies who are supposed to be protecting us...
That all the big security companies, with over a year's lead time, would fail to notice or do anything about this Sony rootkit demonstrates incompetence at best, and lousy ethics at worst...
Who are the security companies really working for? It's unlikely that this Sony rootkit is the only example of a media company using this technology. Which security company has engineers looking for the others who might be doing it? And what will they do if they find one? What will they do the next time some multinational company decides that owning your computers is a good idea?
These questions are the real story, and we all deserve answers."
Tuesday, November 22, 2005
Did Sony's drm infringe copyrights?
Ed Felten is also asking if Sony's disastrous drm infringed copyright.
"The Sony copy protection debacle has so many angles that the mainstream press is having trouble keeping track of them all. The rootkit. The spyware. The other spyware. The big security hole. The other big security hole. It’s not surprising, then, that at least one important angle has gone nearly undiscussed in the mainstream press: the likelihood that the Sony/First4Internet XCP copy protection software itself infringes several copyrights. (Note to geeks: Slashdot doesn’t qualify as the mainstream press.)
Matti Nikki (a.k.a. Muzzy) and Sebastian Porst have done great work unearthing evidence pointing to infringement. They claim that the code file ECDPlayerControl.ocx, which ships as part of XCP, contains code from several copyrighted programs, including LAME, id3lib, mpglib, mpg123, FAAC, and most amusingly, DVD-Jon’s DRMS.
These are all open source programs. And of course open source is not the same as public domain. Open source programs are distributed with license agreements. If you copy and redistribute such a program, you’re a copyright infringer, unless you’re complying with the terms of the program’s license."
"The Sony copy protection debacle has so many angles that the mainstream press is having trouble keeping track of them all. The rootkit. The spyware. The other spyware. The big security hole. The other big security hole. It’s not surprising, then, that at least one important angle has gone nearly undiscussed in the mainstream press: the likelihood that the Sony/First4Internet XCP copy protection software itself infringes several copyrights. (Note to geeks: Slashdot doesn’t qualify as the mainstream press.)
Matti Nikki (a.k.a. Muzzy) and Sebastian Porst have done great work unearthing evidence pointing to infringement. They claim that the code file ECDPlayerControl.ocx, which ships as part of XCP, contains code from several copyrighted programs, including LAME, id3lib, mpglib, mpg123, FAAC, and most amusingly, DVD-Jon’s DRMS.
These are all open source programs. And of course open source is not the same as public domain. Open source programs are distributed with license agreements. If you copy and redistribute such a program, you’re a copyright infringer, unless you’re complying with the terms of the program’s license."
Felten on EFF v Sony
Ed Felten approves of the EFF's emphasis of the problems with Sony's MediaMax drm as spyware, in their lawsuit against the company.
"One interesting aspect of the EFF suit is its emphasis on MediaMax. Most of the other lawsuits have focused on Sony’s other copy protection technology, XCP. The EFF suit does talk about XCP, but only after getting through with MediaMax. Emphasizing MediaMax seems like a smart move — while Sony has issued an apology of sorts for XCP and has recalled XCP discs, the company is still stonewalling on MediaMax, even though MediaMax raises issues almost as serious as XCP...
It’s important to recognize that these problems are caused not by any flaws in SunnComm and Sony’s execution of their copy protection plan, but from the nature of the plan itself. If you want to try to stop music copying on a PC, you’re going to have to resort to these kinds of methods. You’re going to have to force users to use extra software that they don’t want. You’re going to have to invoke administrator privileges more often. You’re going to have to keep more software loaded and running. You’re going to have to erode users’ ability to monitor, control, and secure their systems. Once you set off down the road of copy protection, this is where you’re going to end up."
Which is why we should be avoiding the drm road completely.
"One interesting aspect of the EFF suit is its emphasis on MediaMax. Most of the other lawsuits have focused on Sony’s other copy protection technology, XCP. The EFF suit does talk about XCP, but only after getting through with MediaMax. Emphasizing MediaMax seems like a smart move — while Sony has issued an apology of sorts for XCP and has recalled XCP discs, the company is still stonewalling on MediaMax, even though MediaMax raises issues almost as serious as XCP...
It’s important to recognize that these problems are caused not by any flaws in SunnComm and Sony’s execution of their copy protection plan, but from the nature of the plan itself. If you want to try to stop music copying on a PC, you’re going to have to resort to these kinds of methods. You’re going to have to force users to use extra software that they don’t want. You’re going to have to invoke administrator privileges more often. You’re going to have to keep more software loaded and running. You’re going to have to erode users’ ability to monitor, control, and secure their systems. Once you set off down the road of copy protection, this is where you’re going to end up."
Which is why we should be avoiding the drm road completely.
People's willingness to give up other people's rights
There's a nice op ed in the San Francisco Chronicle from a last Monday, by a civil rights lawyer, Ben Rosenfeld, about why it is a bad idea to make common behaviour a criminal offence.
The origin of a police state in this country, I believe, is this: We gradually exchange a rights-based system, in which governmental power is limited by law, for a paternalistic one, in which we may all be arrested for one thing or another, but authorities forebear from doing so, or intruding in our lives, until they subjectively brand us "bad guys."...
Perhaps we will have to keep throwing away rights that matter more to other people for a time, until we realize that we are throwing away our own rights in the process. Only then will we start to create a society truly founded on principles of equal protection and mutual support."
The origin of a police state in this country, I believe, is this: We gradually exchange a rights-based system, in which governmental power is limited by law, for a paternalistic one, in which we may all be arrested for one thing or another, but authorities forebear from doing so, or intruding in our lives, until they subjectively brand us "bad guys."...
Perhaps we will have to keep throwing away rights that matter more to other people for a time, until we realize that we are throwing away our own rights in the process. Only then will we start to create a society truly founded on principles of equal protection and mutual support."
Rent a mum
David Bollier has been brooding on what it might be unhinkable to buy or sell.
Jonathan Rowe has been doing likewise.
Jonathan Rowe has been doing likewise.
EFF take class action lawsuit against Sony BMG
The EFF has filed a class action lawsuit against Sony BMG over the CD drm fiasco.
"Music fans shouldn't have to install potentially dangerous, privacy intrusive software on their computers just to listen to the music they've legitimately purchased," said EFF Legal Director Cindy Cohn. "Regular CDs have a proven track record -- no one has been exposed to viruses or spyware by playing a regular audio CD on a computer. Why should legitimate customers be guinea pigs for Sony BMG's experiments?"
Unintended consequences
The story of how NASA missed the detecting the hole in the earth's ozone layer is one of unintended consequences arising from the failure of an information system. NASA had a deployed a sophisticated ozone mapping spectrometer in a satellite called Nimbus-7, which relayed hundreds of data measurements to base on a daily basis. NASA didn't have enough people to process the mass of data and relied on summary indicators.
Unfortunately the spectrometer had been originally programmed to ignore unusually low ozone levels because they had "never happened" previously. The raw data went unchecked until scientists from the British Antartic Survey published details of measurements they had made detecting the thinning of the ozone layer, using old tried and tested instruments.
The trust in the sophistication of the NASA technology combined with the lack of attention to the data generated led to a failure to detect major changes in the system being monitored and a defensive belief, at least initially until they went back and checked the raw data, that their sophisticated technology could not be wrong.
Blunkett, "impossible to fake" and biometric embedded ID cards come to mind, though Mr Blunkett is, of course, no longer in the driving seat on the scheme.
Unfortunately the spectrometer had been originally programmed to ignore unusually low ozone levels because they had "never happened" previously. The raw data went unchecked until scientists from the British Antartic Survey published details of measurements they had made detecting the thinning of the ozone layer, using old tried and tested instruments.
The trust in the sophistication of the NASA technology combined with the lack of attention to the data generated led to a failure to detect major changes in the system being monitored and a defensive belief, at least initially until they went back and checked the raw data, that their sophisticated technology could not be wrong.
Blunkett, "impossible to fake" and biometric embedded ID cards come to mind, though Mr Blunkett is, of course, no longer in the driving seat on the scheme.
Just a thought
Have you ever noticed that blind faith in technology is often strongest amongst people who have no understanding of the technology?
I've been thinking about the ID card system again and repeatedly come back to US journalist John Lawton's observation: "the irony of the information age is that it gives new respectability to uninformed opinion."
I've been thinking about the ID card system again and repeatedly come back to US journalist John Lawton's observation: "the irony of the information age is that it gives new respectability to uninformed opinion."
Doc Searls on saving the Net
Doc Searls recently posted an amazing essay on saving the Net.
"The carriers have been lobbying Congress for control of the Net since Bush the Elder was in office. Once they get what they want, they'll put up the toll booths, the truck scales, the customs checkpoints--all in a fresh new regulatory environment that formalizes the container cargo business we call packet transport. This new environment will be built to benefit the carriers and nobody else. The "consumers"? Oh ya, sure: they'll benefit too, by having "access" to all the good things that carriers ship them from content providers. Is there anything else? No.
Crocodile grins began to grow on the faces of carriers as soon as it became clear that everything we call "media" eventually would flow through their pipes. All that stuff we used to call TV, radio, newspapers and magazines will just be "content" moving through the transport layer of the pipe system they own and control. Think it's a cool thing that TV channels are going away? So do the carriers. The future à lá carte business of media will depend on one medium alone: the Net. And the Net is going to be theirs.
The Net's genie, which granted all those e-commerce wishes over the past ten years, won't just get shoved back in the bottle. No, that genie will be piped and priced by the packet. The owners of those pipes have a duty to their stockholders to make the most of the privileged position they've been waiting to claim ever since they got blind-sided, back in the 80s and 90s...
Does it matter that countless markets flourish in the wide spaces opened by agreements and protocols that thrive at the grace of carriage? Or that those markets are threatened by new limits, protections and costs imposed at the pipe level?
No.
Thus, the Era of Net Facilitation will end. The choke points are in the pipes, the permission is coming from the lawmakers and regulators, and the choking will be done. No more free rides, folks. Time to pay. It's called creating scarcity and charging for it. The Information Age may be here, but the Industrial Age is hardly over. In fact, there is no sign it will ever end...
The new carrier-based Net will work in the same asymmetrical few-to-many, top-down pyramidal way made familiar by TV, radio, newspapers, books, magazines and other Industrial Age media now being sucked into Information Age pipes. Movement still will go from producers to consumers, just like it always did. Meet the new boss, same as the old boss. Literally...
what matters most is Saving the Net--keeping it a free and open marketplace for everybody--while also making sure that carriers of all kinds can compete and succeed while providing much of the infrastructure on which that marketplace resides. That means we need to understand the Net as more than a bunch of pipes and business on the Net as more than transporting and selling "content".
This isn't a trivial issue. It's a matter of life and death for the Net itself. How are we going to fight?
Read on.
Scenario II: The Public Workaround
The deathblow comes from the muni Wi-Fi efforts. It doesn't matter whether they are viable or not--all they need do is give local connectivity the moral high ground and represent a grass roots effort that the legislature not only can't ignore but can embrace. --Bob Frankston
In ancient telco lingo, "bypass" is anything that works around the phone system itself. Susan Crawford wisely encourages bypassing not only the system but the whole notion of fixing it with "Network Neutrality" agreements or legislation. In response to the questions, "What, if any, version of common carriage rules should govern Internet communications platforms? More specifically, can some concept of Network Neutrality be defined and enforced proactively in the form of prescriptive regulations?", she answers,
Muni Wi-Fi is a form of bypass. So are other government-sponsored or assisted workarounds.
So are the private ones." (Like Google which is building its own network).
He quotes Susan Crawford again later in the piece asking a key question:
And goes on to supply an answer with his "Scenario III: Fight with Words and Not Just Deeds", where he goes on to describe the importance of the language of the debate. She who controls the language with the better metaphors will control the debate. "Stop piracy" beats "protect the commons" every time. Protect the what? "Piracy" in the intellectual property context used to be about illegal commercial enterprises copying an selling large numbers of counterfeit goods. Now it is about anyone copying anything on the Net.
"Advocating and saving the Net is not a partisan issue. Lawmakers and regulators aren't screwing up the Net because they're "Friends of Bush" or "Friends of Hollywood" or liberals or conservatives. They're doing it because one way of framing the Net--as a transport system for content--is winning over another way of framing the Net--as a place where markets and business and culture and governance can all thrive."
Read it all at Linux Journal. It's a long essay but well worth your time.
"The carriers have been lobbying Congress for control of the Net since Bush the Elder was in office. Once they get what they want, they'll put up the toll booths, the truck scales, the customs checkpoints--all in a fresh new regulatory environment that formalizes the container cargo business we call packet transport. This new environment will be built to benefit the carriers and nobody else. The "consumers"? Oh ya, sure: they'll benefit too, by having "access" to all the good things that carriers ship them from content providers. Is there anything else? No.
Crocodile grins began to grow on the faces of carriers as soon as it became clear that everything we call "media" eventually would flow through their pipes. All that stuff we used to call TV, radio, newspapers and magazines will just be "content" moving through the transport layer of the pipe system they own and control. Think it's a cool thing that TV channels are going away? So do the carriers. The future à lá carte business of media will depend on one medium alone: the Net. And the Net is going to be theirs.
The Net's genie, which granted all those e-commerce wishes over the past ten years, won't just get shoved back in the bottle. No, that genie will be piped and priced by the packet. The owners of those pipes have a duty to their stockholders to make the most of the privileged position they've been waiting to claim ever since they got blind-sided, back in the 80s and 90s...
Does it matter that countless markets flourish in the wide spaces opened by agreements and protocols that thrive at the grace of carriage? Or that those markets are threatened by new limits, protections and costs imposed at the pipe level?
No.
Thus, the Era of Net Facilitation will end. The choke points are in the pipes, the permission is coming from the lawmakers and regulators, and the choking will be done. No more free rides, folks. Time to pay. It's called creating scarcity and charging for it. The Information Age may be here, but the Industrial Age is hardly over. In fact, there is no sign it will ever end...
The new carrier-based Net will work in the same asymmetrical few-to-many, top-down pyramidal way made familiar by TV, radio, newspapers, books, magazines and other Industrial Age media now being sucked into Information Age pipes. Movement still will go from producers to consumers, just like it always did. Meet the new boss, same as the old boss. Literally...
what matters most is Saving the Net--keeping it a free and open marketplace for everybody--while also making sure that carriers of all kinds can compete and succeed while providing much of the infrastructure on which that marketplace resides. That means we need to understand the Net as more than a bunch of pipes and business on the Net as more than transporting and selling "content".
This isn't a trivial issue. It's a matter of life and death for the Net itself. How are we going to fight?
Read on.
Scenario II: The Public Workaround
The deathblow comes from the muni Wi-Fi efforts. It doesn't matter whether they are viable or not--all they need do is give local connectivity the moral high ground and represent a grass roots effort that the legislature not only can't ignore but can embrace. --Bob Frankston
In ancient telco lingo, "bypass" is anything that works around the phone system itself. Susan Crawford wisely encourages bypassing not only the system but the whole notion of fixing it with "Network Neutrality" agreements or legislation. In response to the questions, "What, if any, version of common carriage rules should govern Internet communications platforms? More specifically, can some concept of Network Neutrality be defined and enforced proactively in the form of prescriptive regulations?", she answers,
I think this is the wrong question. It assumes the limited world of online access providers we've got, makes them into "communications platforms," and then suggests we need to make rules about them. Not very imaginative. I have lost faith in our ability to write about code in words, and I'm confident that any attempt at writing down network neutrality will be so qualified, gutted, eviscerated, and emptied that it will end up being worse than useless...
The only way around this issue is to avoid it by encouraging the development of alternative online access methods, and being careful not to let the incumbents call them illegal. Let the dinosaurs huddle together in the snow, controlling and commoditizing to their hearts' content. We're made of better stuff. It should be no more illegal to have an open wireless network in your house than to practice the piano with the windows open. And having an open wireless network can lead to a community mesh network and a host of devices that open immediately to others, connecting us to the world.
If that's not possible, then the second best solution is structural separation, paying off the carriers for their stranded costs and moving to open utility platforms. BT seems to think that's a fine idea; why couldn't it work here?
Muni Wi-Fi is a form of bypass. So are other government-sponsored or assisted workarounds.
So are the private ones." (Like Google which is building its own network).
He quotes Susan Crawford again later in the piece asking a key question:
What happened to our leadership on internet policy? When did we lose the ability to walk and slide back into the sea? We experimented and tugged and pulled and came up with the idea of linking machines together with a common language, making it possible for humans to interact in unprecedented ways. Now we're turning those machines back into the machines we thought we were escaping--telephones, cable systems, and televisions--using insiders' language so that we can hide what's going on from the general public. What happened?
And goes on to supply an answer with his "Scenario III: Fight with Words and Not Just Deeds", where he goes on to describe the importance of the language of the debate. She who controls the language with the better metaphors will control the debate. "Stop piracy" beats "protect the commons" every time. Protect the what? "Piracy" in the intellectual property context used to be about illegal commercial enterprises copying an selling large numbers of counterfeit goods. Now it is about anyone copying anything on the Net.
"Advocating and saving the Net is not a partisan issue. Lawmakers and regulators aren't screwing up the Net because they're "Friends of Bush" or "Friends of Hollywood" or liberals or conservatives. They're doing it because one way of framing the Net--as a transport system for content--is winning over another way of framing the Net--as a place where markets and business and culture and governance can all thrive."
Read it all at Linux Journal. It's a long essay but well worth your time.
Monday, November 21, 2005
Geist on Sony drm disaster
Michael Geist has some sensible things to say about Sony's recent drm disaster.
New blog
Lilian Edwards of the AHRB Centre for the Study of Intellectual Property
and Technology Law at Edinburgh University has a new blog, BlogScript: Innovation, Technology and the Law.
Update: I should have said, Lilian's co-director of the AHRB, Andres Guadamuz, is a co contributor to the blog.
and Technology Law at Edinburgh University has a new blog, BlogScript: Innovation, Technology and the Law.
Update: I should have said, Lilian's co-director of the AHRB, Andres Guadamuz, is a co contributor to the blog.
Portillo thinks Brown will kill ID cards
Michael Portillo, a former candidate for the leadership of the main opposition Conservative party in the UK, thinks Gordon Brown will eventually kill the ID card plans will a simple cost benefit analysis.
Subscribe to:
Posts (Atom)