December 26, 2024

Archives for 2003

Most Door Locks Insecure

John Schwartz at the New York Times reports on a blockbuster piece of research by cryptographer Matt Blaze. Matt applied the principles of cryptography to good old fashioned door locks and keys, and what he found is pretty horrifying. Given a key to one of the locks in a building, and a small number of key blanks, there is a method by which you can make a master key that opens all of the locks in the building.

Apparently some locksmiths have known this was possible for a long time. The lock manufacturer Schlage has even taught locksmiths how to carry out a version of Blaze’s attack. Yet somehow they never bothered to tell their customers.

This is why we need independent analysis of security technologies. Manufacturers will keep important information from their customers, even information that impacts the basic security decisions of the customers. Bans on security analysis, or bans on the dissemination of results, just help manufacturers keep their customers in the dark. Thank goodness there is no DMCA for door locks.

Copyright and Rhetoric

In a much-acclaimed blog posting, Doc Searls writes that the limited-copyright folks are losing the rhetorical battle to the copyright expansionists.

I believe Hollywood won because they have successfully repositioned copyright as a property issue. In other words, they successfully urged the world to understand copyright in terms of property. Copyright = property may not be accurate in a strict legal sense, but it still makes common sense, even to the Supreme Court.

[…]

Watch the language. While the one side talks about licenses with verbs like copy, distribute, play, share and perform, the other side talks about rights with verbs like own, protect, safeguard, protect, secure, authorize, buy, sell, infringe, pirate, infringe, and steal.

I would go further and say that focusing on the role of the public domain is bad rhetorical strategy. It’s not that the public domain is unimportant. It’s just that public-domain arguments end up sounding like, “We want to use your stuff.” By making a public-domain argument, you’re inviting the accusation that you’re a freeloader trying to make money off the creativity of others. You’re saying, in effect, that certain ideas are the property of the public, and so you’re buying in, indirectly, to the concept of ideas as property.

A better rhetorical strategy is to focus on the entangling effects of copyright on everyday life, including ordinary creative work. The argument is simply that copyright has become a wide-ranging regulatory scheme that goes far beyond its proper role of protecting the legitimate rights of authors. A great example of this is the section of Lessig’s The Future of Ideas about the documentary filmmaker. The filmmaker isn’t trying to copy other people’s work. But because so many everyday objects are the subject of intellectual property claims, filming everyday life becomes problematic, with too many rights to be “cleared”. Expansionist IP claims entangle ordinary creativity, even when nobody is trying to copy anything.

Even the record companies complain about the difficulty of “clearing” rights to recorded music so that they can sell it online. When the big copyright owners find the system too onerous and complicated, that’s a rhetorical opportunity.

This strategy also exploits the ever-growing stock of copyright horror stories. When the Girl Scouts are worried about what they can sing around the campfire, or when the DMCA is being used to regulate garage door openers, you’re seeing the tentacles of copyright reaching into places where it doesn’t belong.

“Free the mouse” is a catchy slogan, but we would do better by talking more about our own freedom and less about Mickey’s.

Court Orders Verizon to Reveal Customer's Identity

U.S. District Court Judge John D. Bates has ordered Verizon to turn over to the RIAA the identity of a Verizon customer who allegedly used Verizon’s ISP service to infringe copyrights on recorded music. Verizon had argued that they should not be compelled to reveal this information.

More to come, once I have had a chance to read the opinion.

UPDATE (3:16 PM): The Court’s ruling depended on a detailed question about how to construe certain language in the DMCA. The DMCA created a special protocol whereby copyright owners could compel ISPs, via special subpoenas, to reveal the identity of ISP customers. The question was whether that special protocol applied to the facts of this case; the parties agreed that if it did apply then Verizon had to turn over the customer’s identity.

The Court ruled that the DMCA language did apply to these facts, so Verizon had to comply with the RIAA’s subpoena. The Court noted that Verizon had not raised any Constitutional issues, so the only issue before the Court was how to interpret the DMCA. The Court did say in passing, quoting the Supreme Court’s Eldred opinion, that it would be skeptical of any Constitutional challenges to the special subpoena protocol.

More on Court Tossing No-Reviews EULA Clause

The EFF has posted a copy of the New York state court’s ruling in the Network Associates case that I wrote about previously.

The court’s ruling makes three main points. (1) The contract clause, which forbids customers from reviewing the product or publishing the results of benchmarking it, is unenforceable. (The court doesn’t expand on why it is unenforceable.) (2) The clause was written in a way that tends to deceive customers into thinking that there are other legal “rules and regulations” outside the contract itself that ban unauthorized reviews; writing the clause this way is a deceptive business practice and thus illegal under New York law. (3) Network Associates must remove the clause from its contracts (which it says it has done already, though there is some evidence to the contrary); it must inform the New York Attorney General in advance before using any language that bans reviews; and further proceedings will be held to determine what if any fine to impose on it.

No-benchmark clauses are pretty common in licenses for database products. This has been a major impediment to database research. Several researchers have pondered challenging these clauses, but none have done so. Perhaps this ruling will help free database researchers to do quantitative work on commercial systems.

RIAA: ISPs Should Pay For File Sharing

A Reuters story quotes RIAA head Hilary Rosen as saying that ISPs should be held responsible for their users’ file sharing:

“We will hold ISPs more accountable,” said Hillary Rosen, chairman and CEO the Recording Industry Association of America (RIAA), in her keynote speech at the Midem music conference on the French Riviera.

“Let’s face it. They know there’s a lot of demand for broadband simply because of the availability (of file-sharing),” Rosen said.

[…]

Rosen suggested one possible scenario for recouping lost sales from online piracy would be to impose a type of fee on ISPs that could be passed on to their customers who frequent these file-swapping services.

Perhaps she is suggesting a compulsory license (users pay a flat fee, then get free access to copyrighted music), as others have suggested before. If the RIAA were supporting a compulsory license, that would be big news.

More likely, her plan is a lopsided one in which users pay a fee but don’t get free access to music, or anything else, in return. If so, the plan would probably only increase the number of users of file sharing systems. Many users already find ways to rationalize their use of file sharing. Imagine the user who, unlike many of his peers, has resisted the temptation to use file sharing; and then he learns that he is being forced to pay the RIAA anyway on the assumption that he is a file sharer. What are the odds that he’ll start using file sharing, since he’s paying for it whether he uses it or not? Pretty good, I’d say.

The RIAA’s biggest problem is the public’s fading respect for the legal limits on file sharing. A step that erodes that respect even further is exactly what the RIAA doesn’t need.