September 29, 2022

Archives for January 2003

Wacky Biometrics

I heard a presentation today by an expert on biometric security devices. He mentioned two new biometric devices under development. The first one uses body odor, detecting the unique combination of chemicals by your body. The second one fits on a chair; you sit on it and it measures the unique shape and weight distribution of your rear end. What will they think of next?

Man vs. Machine

Chess whiz Garry Kasparov has started another match against an electronic opponent. Much has been made of the man vs. machine battle, with right-thinking humanists everywhere lining up on Kasparov’s side, supporting human intellect and determination against the cold, mechanical logic of the computer.

I’m rooting for the machine.

Kasparov’s performance at the chessboard is awe-inspiring – a true triumph of the intellect. You can’t help but admire what he represents.

But if you know much of anything about his opponent, you’ll realize that it too is a monument to human achievement. The computer, Deep Junior, was built and programmed by people, not machines. People, not machines, figured out how to make a computer play brilliant chess despite the computer’s pathetic inability to mimic Kasparov’s brain. Deep Junior is the culmination of decades of work by an army of anonymous engineers and researchers, each contributing a few brilliant ideas to the technological edifice that made Deep Junior possible. To me, that story is more exciting than Kasparov’s talent, and just as human.

The standard knock on chess computers is that they are brainless and succeed only by brute force. As a one-time computer chess researcher, I can assure you that that image is misleading. Computers lack Kasparov’s intuition about chess, so they have to look far into the possible sequences of moves and countermoves. But blind exploration of all possible move sequences fails miserably due to the exponentially large number of possibilities. Instead, the best computer chess players are fantastically clever about where to apply their limited knowledge, about which move sequences to explore and in which order to explore them. The authors of these programs have collectively invented a new way to think about chess, one that focuses not on seeing as deeply as Kasparov but on knowing where to look. Considered on its own terms, this is at least as impressive as what Kasparov has done.

If you knew the people who have worked all of this out, and if you had seen their struggle, you might just root for Deep Junior too.

Microsoft De-Names Palladium

Microsoft has renamed its controversial Palladium initiative, giving it the forgettable title “Next-Generation Secure Computing Base” (NGSCB). The official reason for this is the discovery that another company had trademarked “Palladium” and Microsoft didn’t want to be seen as bullying that company. A more likely explanation is that the name “Palladium” had accumulated too many negative connotations. (Many of them were undeserved but impossible to shake nonetheless.)

The new title is so awkward that nobody outside the marketing department will ever use it. My prediction is that everyone outside Microsoft will pronounce the new acronym NGSCB like this: “pal-AY-dee-um”.

More on Targeting File-Sharers

Seth Finkelstein suggests a follow-the-money approach to thinking about the RIAA’s strategy in enforcing against file sharers. He reaches the same conclusion as I do (though for a slightly different reason), that ISPs are the leverage point for enforcing against file sharers.

The reason for this, Seth says, is that ISPs have money and average file sharers don’t. He has a point here, but he also makes a bit of a simplification. Though the common image of file sharers is of kids, my guess is that the demographics of file sharers are pretty close to those of music buyers. Data on this point are pretty hard to come by, but Napster’s statistics showed more middle-aged users than expected, and I assume that hasn’t changed with the new systems. In my view, people are drawn to these systems as much because of their ease of use (at least compared to the record-company alternatives) as because they are free. So there will be at least some individual file sharers who have a lot to lose.

Another reason the RIAA might want ISPs to take care of enforcement is that whoever does the dirty work will end up looking, well, dirty. There are basically two enforcement strategies. The first is to make examples of a few file sharers. This means imposing large penalties on a few people – if the penalties aren’t disproportionate to the individual offense, then they won’t have the desired deterrent effect. Whoever initiates this kind of make-an-example enforcement will end up looking like a bully.

The alternative is to impose small penalties on many people. For example, ISPs might cut off the accounts of file sharers, either permanently or temporarily. The problem with this kind of enforcement is that the economics dictate that only a small amount of money can be spent on identifying each target, otherwise the cost of enforcement outweighs the benefit. In practice, this means that bots will be used to identify targets, with little human involvement. Mistakes will be made – outrageous, hilarious mistakes – and the enforcers will look like idiots. Either way, whoever is doing the enforcement will end up with egg on their face. If you’re the RIAA, you’d much rather have ISPs handle enforcement.

File Sharers Targeted Next?

Declan McCullagh, at CNet news.com, predicts that we will soon see criminal prosecutions of a few people who make extensive use of file sharing software. He cites RIAA rhetoric and congressional rhetoric supporting prosecution, and he reiterates the relevant laws, which dictate surprisingly stiff sentences for violations.

Orin Kerr, at the Volokh Conspiracy blog, disagrees. He points to his experience as a DOJ official, and says that decisions about whom to prosecute are typically made by Assistant U.S. Attorneys (and not centrally in Washington), and that most of the decisionmakers would rather spend their limited resources going after drug dealers, kidnappers, and the like.

The elephant in the closet here is the lack of civil lawsuits against file sharers by the recording industry. If I were a Federal prosecutor, I would be asking myself why I should spend tax dollars on prosecuting someone for file sharing, when none of the victims of that file sharing are willing to bring any civil suits against file sharers.

Why would the RIAA support criminal prosecutions but not civil suits? The obvious explanation is that they fear a backlash from their customers if they file aggressive lawsuits. But won’t the backlash be even larger if the FBI hauls somebody away in handcuffs at their behest? I’m sure they saw what happened to Adobe when it engineered the arrest of Dmitry Sklyarov.

My bet is on the theory expounded by Jonathan Zittrain, as quoted by Hiawatha Bray in yesterday’s Boston Globe. The RIAA will try to put pressure on ISPs to become enforcement agents, by putting on a DMCA squeeze. The DMCA gives ISPs a limited safe harbor from liability for their customers’ actions, but it also allows various legal strategems that the RIAA could use to pressure ISPs into compliance.

The RIAA still appears to be afraid to sue file sharers. This can’t bode well for their future. If your business model depends on people complying with a law, and you yourself have the power to enforce that law but are not willing to do so, you have a problem.