December 24, 2024

Archives for 2002

Notes on Today's Berman-Coble Hearings

A House subcommittee held hearings this morning about the Berman-Coble peer-to-peer (p2p) hacking bill. I heard the first two hours, but then I had to go give a lecture.

The bill would give copyright owners new powers to employ self-help “hacking” measures aimed to prevent infringing file-trading on p2p networks. Everybody agreed that the self-help measures now being used are legal. One such measure is spoofing – providing dummy files that look like infringing material, to make it hard for people to find real infringing copies.

The big surprise for me was that the content-industry people seemed to have little idea what they would do with their new powers. When asked what they wanted to do that would be legalized by the bill, RIAA CEO Hilary Rosen said she didn’t know. She referred the question to Randy Saaf of MediaDefender.

Saaf could only come up with one desired measure that the bill would legalize. He called the measure “interdiction” and he described it as connecting to the offending user’s computer and downloading the offending file, in a way that prevented others from downloading. That sounds to me like a classic denial of service attack.

Everybody seemed to understand that the bill’s passage would escalate the technical arms race of measures and countermeasures between p2p designers and copyright owners. Nobody seemed to have any idea where that arms race would lead, or what its implications might be for the bill.

Congressman Boucher summed it up well when he said that Congress would be wise to wait until the copyright owners at least know what they want.

Misleading Term of the Week: "Standard"

A “standard” is a technical specification that allows systems to work together to make themselves more useful. Most people say, for good reasons, that they are in favor of technical standards. But increasingly, we are seeing the term “standard” misapplied to things that are really regulations in disguise.

True standards strive to make systems more useful, by providing a voluntary set of rules that allow systems to understand each other. For example, a standard called RFC822 describes a standardized way to format email messages. If my email-sending software creates RFC822-compliant messages, and your email-receiving software understands RFC822-compliant messages, then you can read the email messages that I send you. Compliance with such a standard makes our software more functional.

Crucially, standards like RFC822 are voluntary and nonexclusive. Nobody forces any email-software vendor to comply with RFC822, and there is nothing to stop a vendor’s product from complying simultaneously with both RFC822 and other standards.

Lately we have seen the word “standard” misapplied. For example, the Broadcast Protection Discussion Group (BPDG) calls its proposal a “standard,” though it is anything but. Unlike a real standard, BPDG is not voluntary. Unlike a real standard, it contains prohibitions rather than opportunities. Put the BPDG “standard” in front of experienced engineers, and they’ll tell you that it looks like a regulation, not like a standards document. BPDG is trying to make its restrictive regulations more palatable by wrapping them in the mantle of “standards.”

A more subtle misuse of “standard” arises in claims that we need to standardize on DRM technology. As I wrote previously:

In an attempt to sweep [the technical infeasibility of DRM] under the rug, the content industry has framed the issue cleverly as one of standardization. This presupposes that there is a menu of workable technologies, and the only issue is which of them to choose. They want us to ask which technology is best. But we should ask another question: Are any of these technologies workable in the first place? If not, then a standard for copy protection is as premature as a standard for teleportation.

Fritz's Hit List #4

Today on Fritz’s Hit List: auto navigation systems.

These systems, which display digital maps and compute driving directions, qualify for regulation as “digital media devices” under the Hollings CBDTPA. If the CBDTPA passes, any newly manufactured auto navigation systems will have to incorporate government-approved copy restriction technology.

Fight piracy – regulate navigation systems!

One More on Biometrics

Simson Garfinkel offers a practical perspective on biometrics, at CSO Magazine.

Washington Post on Biometrics

Today’s Washington Post has an article about the use of biometric technology, and civil-liberties resistance against it.

Interestingly, the article conflates two separate ideas: biometrics (the use of physical bodily characteristics to identify someone), and covert identification (identifying someone in a public place without their knowledge or consent). There are good civil-liberties arguments against covert identification. But the overt use of biometrics, especially in situations where identification already is expected and required, such as entry to an airplane, should be much less controversial.

There might even be ways of using biometrics that are more protective of privacy than existing identification measures are. Sometimes, you might be more comfortable having your face scanned than you would be revealing your name. Biometrics could give you that choice.

By implicitly assuming that biometric systems will be covert, the article, and apparently some of the sources it quotes, are missing the real potential of biometrics.

(Caveat: Biometrics aren’t worth much if they can’t reliably identify people, and there are good reasons to question the reliability of some biometrics.)