September 23, 2020

"Hacktivism" by Artists

A debate has started over the suggestion by Harvard Law prof Charles Nesson that artists respond to file-sharing of their work with “hacktivism,” by launching targeted denial-of-service attacks on people who redistribute their work. The reaction in blogworld has been negative.

This is probably illegal, but Derek Slater writes that Prof. Nesson is looking for ways to “support its legality.” Perhaps he would resurrect the Berman-Coble bill, which died in Congress last year . That bill would have legalized such attacks, if carried out on behalf of copyright owners.

Discussion has focused on the short-term effects of allowing targeted DoS attacks, for example on the possibility of mistaken attacks on innocent people.

If we look instead at the long term, the picture becomes even clearer. I wrote about this in the written testimony I submitted last year to a House hearing on the Berman-Coble bill:

The designers of peer-to-peer software will not simply accept this situation, but will respond by modifying their software to thwart such targeted denial of service attacks. They might do this, for example, by eliminating the self-imposed limit on the number of connections the peer-to-peer program will accept. These countermeasures will start an “arms race” between copyright owners [or artists, in Nesson’s version] and peer-to-peer system designers, with copyright owners [or artists] devising new types of targeted denial of service attacks, and peer-to-peer designers revising their software to dodge these targeted attacks.

Computer security analysis can often predict the result of such technical arms races. For example, analysis of the arms race between virus writers and antivirus companies leads to the prediction that antivirus products will be able to cope almost perfectly with known virus strains but will be largely helpless against novel viruses. This is indeed what we observe.

A similar analysis can be applied to the arms race, under the Berman Bill’s rules [which presumably are similar to the rules Nesson would choose], between peer-to-peer authors and copyright owners. In my view, the peer-to-peer authors have a natural advantage in this arms race, and they will be able to stay a step ahead of the copyright owners. Copyright owners will be forced either to give up on the strategy of narrowly targeted denial of service attacks, or to escalate to a more severe form of denial of service, such as one that crashes the target computer or jams completely its Internet connection. I understand that these more severe attacks are currently illegal, and would not be legalized by the Berman Bill, so such an escalation would not be possible within the law even if the Berman Bill is enacted. I conclude that the Berman Bill as written is unlikely to do copyright holders much good in the end.

Derek Slater put it much more succinctly when he wrote that “A technological arms race can only have one result: going nuclear. “

Comments

  1. Derek Slater says:

    Great post. Your testimony was one place that solidified my thinking about the “arms race” idea, so I’ve added a cite in my post accordingly.

  2. Arn’t the P2P companies well placed to have an “active response” to any attempts to attack file sharer’s computers? A new version of the P2P software could include intrusion/scanning detection (like “snort”) and a co-ordinated DDoS response.

  3. Cypherpunk says:

    My first comment is that it may be useful to read the actual proposal. Apparently it was posted to a private list but quoted here:
    [Quote]

    Suppose the following service is offered to artists as a means to protect at least a portion of the commercial value of their new releases… The service:
    watches the peer-to-peer networks on behalf of the artist-client who wants to protect a new release to catch the first appearance of a copy of the new release illegally posted to an open network;
    finds it fast enough to enable the service to get in queue to download it before anyone else;
    downloads the copy of the new release from the infringer in a manner that effectively competes with others trying to get it;
    at the same time causes a notice to be posted in the infringer’s traffic window politely requesting the infringer to remove the work from the publicly shared folder.

    [End quote]
    It is an oversimplification to call this a targeted denial of service attack. The other components are just as important, such as notification to the provider of the file that its creator is begging them not to undercut their livelihood by giving the file away without permission.
    The most important element is in fact not the DOS aspect but rather the personal appeal from the artist. Too many file sharers comfort themselves with the thought that only bureaucratic entities like the RIAA object to file sharing. If they are brought face to face with an appeal by the artist herself, it will be much harder for them to pretend that they are only ripping off big corporations.

  4. Cypherpunk says:

    My second comment is with regard to the idea of “going nuclear” in an “arms race”. I believe that, in a sense, this is exactly what we need: a technological arms race between those who wish to protect copyright and those who are trying to break it. Let both sides “go nuclear” by using all the technology that is available to win their battles.

    The idea is to try to find out what the technological realities are regarding whether copyright protection is ultimately possible. On the one hand is the claim that copyright ultimately cannot succeed, that any system can be broken, that whatever can be viewed or heard can be shared. On the other side we have fears that Palladium and similar DRM technologies will succeed in removing free content from the net and usher in a corporate-controlled dystopia where every bit is metered and charged.

    It’s really not clear which side is going to win, at present. And if it does turn out that copyright can’t be protected, that the technologists will build impregnable networks which allow massive-scale file sharing but somehow shield the participants from liability, then there is a follow-on question as to whether music and movies as we know them will still be produced, and at what scale. All of these are important questions that we would benefit from knowing the answers to. And the best way to get those answers is to let the copyright wars continue at a high level.

    When we try to legislate matters that are contrary to the fundamental realities of the universe, there is an inherent difficulty. Trying to legislate copyright in a world where it is inherently impossible to enforce is only going to cause problems. Until we have a better handle on what is technically possible in terms of content protection, we are working in the dark when crafting legislative remedies.

    And contrary to partisans on both sides, we really don’t know the answers yet. It remains to be seen how effective technology can be at preventing sharing of protected information. The final answers are not yet in.

    These battles have only been joined on a large scale for a few years. The big push-back by the content companies, Trusted Computing technology like Microsoft’s Palladium, won’t be released for another year or more. I guarantee that whatever the situation looks like today, it will be far more complex and very different in another five years. At that point we will have a much better understanding of what is and is not possible in this fast-moving area.