December 22, 2024

Archives for September 2002

Godwin Article on the "Right to Tinker"

Mike Godwin has a new article at law.com on “the right to tinker.” He mentions my upcoming book on the topic. (Thanks, Mike.)

Notes on Today's Berman-Coble Hearings

A House subcommittee held hearings this morning about the Berman-Coble peer-to-peer (p2p) hacking bill. I heard the first two hours, but then I had to go give a lecture.

The bill would give copyright owners new powers to employ self-help “hacking” measures aimed to prevent infringing file-trading on p2p networks. Everybody agreed that the self-help measures now being used are legal. One such measure is spoofing – providing dummy files that look like infringing material, to make it hard for people to find real infringing copies.

The big surprise for me was that the content-industry people seemed to have little idea what they would do with their new powers. When asked what they wanted to do that would be legalized by the bill, RIAA CEO Hilary Rosen said she didn’t know. She referred the question to Randy Saaf of MediaDefender.

Saaf could only come up with one desired measure that the bill would legalize. He called the measure “interdiction” and he described it as connecting to the offending user’s computer and downloading the offending file, in a way that prevented others from downloading. That sounds to me like a classic denial of service attack.

Everybody seemed to understand that the bill’s passage would escalate the technical arms race of measures and countermeasures between p2p designers and copyright owners. Nobody seemed to have any idea where that arms race would lead, or what its implications might be for the bill.

Congressman Boucher summed it up well when he said that Congress would be wise to wait until the copyright owners at least know what they want.

Misleading Term of the Week: "Standard"

A “standard” is a technical specification that allows systems to work together to make themselves more useful. Most people say, for good reasons, that they are in favor of technical standards. But increasingly, we are seeing the term “standard” misapplied to things that are really regulations in disguise.

True standards strive to make systems more useful, by providing a voluntary set of rules that allow systems to understand each other. For example, a standard called RFC822 describes a standardized way to format email messages. If my email-sending software creates RFC822-compliant messages, and your email-receiving software understands RFC822-compliant messages, then you can read the email messages that I send you. Compliance with such a standard makes our software more functional.

Crucially, standards like RFC822 are voluntary and nonexclusive. Nobody forces any email-software vendor to comply with RFC822, and there is nothing to stop a vendor’s product from complying simultaneously with both RFC822 and other standards.

Lately we have seen the word “standard” misapplied. For example, the Broadcast Protection Discussion Group (BPDG) calls its proposal a “standard,” though it is anything but. Unlike a real standard, BPDG is not voluntary. Unlike a real standard, it contains prohibitions rather than opportunities. Put the BPDG “standard” in front of experienced engineers, and they’ll tell you that it looks like a regulation, not like a standards document. BPDG is trying to make its restrictive regulations more palatable by wrapping them in the mantle of “standards.”

A more subtle misuse of “standard” arises in claims that we need to standardize on DRM technology. As I wrote previously:

In an attempt to sweep [the technical infeasibility of DRM] under the rug, the content industry has framed the issue cleverly as one of standardization. This presupposes that there is a menu of workable technologies, and the only issue is which of them to choose. They want us to ask which technology is best. But we should ask another question: Are any of these technologies workable in the first place? If not, then a standard for copy protection is as premature as a standard for teleportation.

Fritz's Hit List #4

Today on Fritz’s Hit List: auto navigation systems.

These systems, which display digital maps and compute driving directions, qualify for regulation as “digital media devices” under the Hollings CBDTPA. If the CBDTPA passes, any newly manufactured auto navigation systems will have to incorporate government-approved copy restriction technology.

Fight piracy – regulate navigation systems!

One More on Biometrics

Simson Garfinkel offers a practical perspective on biometrics, at CSO Magazine.