March 29, 2024

Archives for July 2005

Encryption and Copying

Last week I criticized Richard Posner for saying that labeling content and adding filtering to P2P apps would do much to reduce infringement on P2P net. In responding to comments, Judge Posner unfortunately makes a very similar mistake:

Several pointed out correctly that tags on software files, indicating that the file is copyrighted, can probably be removed; and this suggests that only encryption, preventing copying, is likely to be effective in protecting the intellectual property rights of the owner of the copyright.

The error is rooted in the phrase “encryption, preventing copying”. Encryption does nothing to prevent copying – nor is it intended to. Encrypted data can be readily copied. Once decrypted, the plaintext data can again be readily copied. Encryption prevents one and only one thing – decryption without knowledge of the secret key.

It’s easy to see, then, why encryption has so little value in preventing infringement. You can ship content to customers in encrypted form, and the content won’t be decrypted in transit. But if you want to play the content, you have to decrypt it. And this means two things. First, the decrypted content will exist on the customer’s premises, where it can be readily copied. Second, the decryption key (and any other knowledge needed to decrypt) will exist on the customer’s premises, where it can be reverse-engineered. Either of these facts by itself would allow decrypted content to leak onto the Internet. So it’s not surprising that every significant encryption-based anticopying scheme has failed.

We need to recognize that these are not failures of implementation. Nor do they follow from the (incorrect) claim that every code can be broken. The problem is more fundamental: encryption does not stop copying.

Why do copyright owners keep building encryption-based systems? The answer is not technical but legal and economic. Encryption does not prevent infringement, but it does provide a basis for legal strategems. If content is encrypted, then anyone who wants to build a content-player device needs to know the decryption key. If you make the decryption key a trade secret, you can control entry to the market for players, by giving the key only to acceptable parties who will agree to your licensing terms. This ought to raise antitrust concerns in some cases, but the antitrust authorities have not shown much interest in scrutinizing such arrangements.

To his credit, Judge Posner recognizes the problems that result from anticompetitive use of encryption technology.

But this in turn presents the spectre of overprotection of [copyright owners’] rights. Copyright is limited in term and, more important (given the length of the term), is limited in other ways as well, such as by the right to make one copy for personal use and, in particular, the right of “fair use,” which permits a significant degree of unauthorized copying. To the extent that encryption creates an impenetrable wall to copying, it eliminates these limitations on copyright. In addition, encryption efforts generate countervailing circumvention efforts, touching off an arms race that may create more costs than benefits.

Once we recognize this landscape, we can get down to the hard work of defining a sensible policy.

RIAA Saber-Rattling against Antispoofing Technologies?

The RIAA has fired a shot across the bow of P2P companies whose products incorporate anti-spoofing technologies, according to a story (subscribers only) in Friday’s National Journal Tech Daily, by Sarah Lai Stirland. The statement came at a Washington panel on the implications of the Grokster decision.

“There’s definitely a lot of spoofing going on on the networks, and nobody thinks that that’s not fair game,” said Cary Sherman, president of the Recording Industry Association of America, on Friday. “Some networks actually put out some anti-spoofing filters to enable people to get around the spoofs, and that may well be a sign of intent.”

The comment came in answer to a question about the kinds of lawsuits that might be brought in the wake of the high court’s decision.

What Sherman is suggesting is that if a P2P vendor includes anti-spoofing technology in their product, that action demonstrates an intent to facilitate infringement, making the vendor liable as an indirect infringer under Grokster.

Perhaps Sherman is asserting that anti-spoofing technologies lack substantial noninfringing uses, and so do not qualify for the Sony Betamax safe harbor. This is wrong in general. It’s well known that some of the files on P2P systems are of low audio or video quality, or are mislabelled altogether. This is true of both infringing and non-infringing files. A technology that can predict which files will have low quality, or which users will be sources of low quality files, will help users find what they want. Spoof files are just low quality files that are inserted deliberately, so technologies that reject low-quality files will tend to reject spoof files, and vice versa.

Of course some particular vendor might introduce such a filter for bad reasons, because they want to abet infringement. But one cannot infer such intent merely from the presence of the filter.

One popular interpretation of Grokster is that the Court said a company’s overall business practices, rather than its technology, will determine its liability. That seems to follow from the Court’s refusal to revise the Sony Betamax rule. And yet Sherman’s complaint here is all about technology choices. Is this the precursor to lawsuits against undesired technologies?

Michigan Debuts Counterproductive Do-Not-Spam List for Kids

The state of Michigan has a new registry of kids’ email addresses in the state. Parents can put their kids’ addresses on the list. It’s illegal to send to addresses on the list any email solicitations for products that kids aren’t allowed to buy (alcohol, guns, gambling, vehicles, etc.). The site has been accepting registrations since July 1, and emailers must comply starting August 1.

This is a kids’ version of the Do-Not-Email list that the Federal Trade Commission considered last year. The FTC decided, wisely, not to proceed with its list. (Disclosure: I worked with the FTC as a consultant on this issue.) What bothered the FTC (and should have bothered Michigan) about this issue is the possibility that unscrupulous emailers will use the list as a source of addresses to target with spam. In the worst case, signing up for the list could make your spam problem worse, not better.

The Michigan system doesn’t just give the list to emailers – that would be a disaster – but instead provides a service that allows emailers to upload their mailing lists to a state-run server that sends the list back after removing any registered addresses. (Emailers who are sufficiently trusted by the state can apparently get a list of hashed addresses, allowing them to scrub their own lists.)

The problem is that an emailer can compare his initial list against the scrubbed version. Any address that is on the former but not the latter must be the address of a registered kid. By this trick the emailer can build a list of kids’ email addresses. The state may outlaw this, but it seems hard to stop it from happening, especially because the state appears to require emailers everywhere in the world to scrub their lists.

If I lived in Michigan, I wouldn’t register my kid’s address.

UPDATE (July 13): A commenter points out that the Michigan program imposes a charge of $0.007 per address on emailers. I missed this fact originally, and it changes the analysis significantly. See my later post for details.

Chess Computer Crushes Elite Human Player

Last week Hydra, a chess-playing computer, completed its rout of Michael Adams, the seventh-ranked human player in the world. Hydra won five of six games, and Adams barely escaped with a draw in the other game. ChessBase has the details, including a page where you can play through the six games.

It’s time to admit that computers play better chess than people.

This may seem inevitable in hindsight, but for the longest time people insisted that human chess players had something special which computers could never duplicate. That was true, up to a point. Computers have never succeeded at approaching chess the way people do. The best human players make subtle, intuitive judgments that are probably based on pattern-matching deep in their neural circuitry. Often an elite player cannot verbalize how he knows that one configuration of pieces is dangerous when another nearly identical configuration is not. He just knows. He does calculate in the “if he does this, I’ll do that, then he’ll do this, …” fashion, but only when necessary.

Every attempt to transplant human “intelligence” into a chess computer has failed miserably. Computers understand very little about chess. They rely instead on rudimentary judgment about chess positions, coupled with prodigious calculation, looking ahead at hundred of millions or billions of possible board positions.

Chess players classify game situations into two categories, “tactical” and “positional”. Tactical situations feature direct, violent clashes between pieces, and call mostly for calculation, with intuition as a backstop. Positional situations are slow and subtle, requiring deep judgments and long maneuvers. Everybody expected computers to excel at tactics. The big surprise is that the computer approach seems to work well in positional situations too. Somehow, calculation can substitute for judgment, even when conditions seem to require judgment.

This is not to say that it’s easy to create a chess computer that plays as well as Hydra. Quite the contrary. Great effort has been spent on perfecting computer chess algorithms. That effort has gone not to teaching computers about chess, but to improving the algorithms for deciding when to cut off calculations and when to calculate more deeply. Indeed, algorithmic improvements have been a much bigger factor even than Moore’s Law over the years.

Chess computers have succeeded by ignoring what human chessplayers do best, and doing instead what computers do best. And what computers do best is to run programs written by very clever human programmers.

Posner and Becker, Law and Economics

Richard Posner and Gary Becker turn their bloggic attention to the Grokster decision this week. Posner returns to the argument of his Aimster opinion. Becker is more cautious.

After reiterating the economic arguments for and against indirect liability, Posner concludes:

There is a possible middle way that should be considered, and that is to provide a safe harbor to potential contributory infringers who take all reasonable (cost-justified) measures to prevent the use of their product or service by infringers. The measures might be joint with the copyright owners. For example, copyright owners who wanted to be able to sue for contributory infringement might be required, as a condition of being permitted to sue, to place a nonremovable electronic tag on their CDs that a computer would read, identifying the CD or a file downloaded from it as containing copyrighted material. Software producers would be excused from liability for contributory infringement if they designed their software to prevent the copying of a tagged file. This seems a preferable approach to using the judicial system to make a case by case assessment of whether to impose liability for contributory infringement on Grokster-like enterprises.

It’s fascinating that Judge Posner, with his vast knowledge about the law and about economics, avoids a case-by-case law and economics approach and looks instead for a technical deus ex machina. Unfortunately, his knowledge of technology is shakier, and he endorses a technical approach that is already discredited. Nobody knows how to create the indelible marks he asks for, and in any case the system he suggests is easily defeated by encrypting or compressing the content – not to mention the problems with malicious placement of marks. In short, this approach is a non-starter.

Becker is right on the mark here:

But several things concern me about the issues raised by this and related court decisions. I basically do not trust the ability of judges, even those with the best of intentions and competence, to decide the economic future of an industry. Do we really want the courts determining when the fraction of the total value due to legal sales is high enough to exonerate manufacturers from contributory infringement? Neither the wisest courts nor wisest economists have enough knowledge to make that decision in a way that is likely to produce more benefits than harm. Does the fraction of legitimate value have to be higher than 50 per cent, 75 per cent, 10 per cent, or some other number? Courts should consider past trends in these percentages because new uses for say a software-legal or illegal- inevitably emerge over time as users become more familiar with its potential. Must courts have to speculate about future uses of software or other products, speculation likely to be dominated by dreams and hopes rather than firm knowledge?

One of the tenets of the law and economics movement is that decisions about legal regulation of economic behavior should be grounded in a deep understanding of economics. Sound economics can predict the effect of proposed legal rules; but bad economics leads to bad law. As luminaries of the law and economics movement, Posner and Becker understand this as well as anyone.

What is true of economics is equally true of computer science. Only by understanding computer science can we predict the impact of proposed regulations of technology. As we have seen so many times, bad computer science leads to bad law. Posner seems to miss this, but Becker’s stance shows appropriate caution.

One criticism of law and economics is that it works well in a seminar room but may lead to dangerous overconfidence if applied to a hard case by an overworked, generalist judge. One solution is to teach judges more economics, and economic seminars for judges have proliferated. Perhaps the time has come to run seminars in computer science for judges.