February 5, 2023

Archives for May 2004

Dare To Be Naive

Ernest Miller at CopyFight has an interesting response to my discussion yesterday of the Broadcast Flag. I wrote that the Flag is bad regulation, being poorly targeted at the goal of protecting TV broadcasts from Internet redistribution. Ernie replies that the Flag is actually well-targeted regulation, but for a different purpose:

[Y]ou’d have to be an idiot to think that the broadcast flag would prevent HDTV content from making it onto the internet. Since I don’t believe that the commissioners are that stupid, I can only conclude that the FCC is acting quite cynically in support of an important constituency of theirs, the broadcasters *cough*regulatorycapture*cough*.

In other words, the purported purpose of the broadcast flag (to prevent HDTV from getting onto the internet) is not the real purpose of the broadcast flag, which appears to be to give content providers more control over the average citizen’s ability to make use of media.

Ernie’s theory, that the movie industry and the FCC are using “content protection” as a smokescreen to further a secret agenda of controlling media technology, fits the facts pretty well. And quite a few experienced lobbyists seem to believe it. Still, I don’t think it’s right to argue against the Broadcast Flag on that basis.

First, even if you believe the theory, it’s often a useful debating tactic to pretend that the other side actually believes what they say they believe. It’s hard to prove that someone is lying about their own beliefs and motivations; it can be much easier to prove that their asserted beliefs don’t justify their conclusions. And proving that the official rationale for the Flag is wrong would do some good.

Second, if Ernie’s theory is right, the fix is in and there’s not much we can do about future Broadcast Flag type regulation. If we want to change things, we might as well act on the assumption that it matters whether the official rationale for the Flag is right.

And finally, I am convinced that at least some people in the movie industry, and at least some people at the FCC, actually believe the official rationale. I think this because of what these people say in private, after a few (literal or metaphorical) beers, and because of how they react when the official rationale for the Flag is challenged. Even in private, industry or FCC people often react to criticism of the official rationale with real passion and not just with platitudes. Either these (non-PR) people are extraordinarily good at staying on-message, or they really believe (as individuals) what they are saying.

So although Ernie’s theory is very plausible, I will dare to be na

Where Does Your Government Stand on the WIPO Broadcasting Treaty?

The Union for the Public Domain is asking for help in surveying national governments about their (the governments’) positions on the WIPO Broadcast Treaty. The UPD is looking for volunteers who are willing to contact the appropriate representatives of their national government, ask the representatives a series of questions provided by the UPD, record the answers, and submit them to the UPD. The UPD will collate the results and create a handy summary of where each government stands on the Treaty.

Regulating Stopgap Security

I wrote previously about stopgap security, a scenario in which there is no feasible long-term defense against a security threat, but instead one resorts to a sequence of measures that have only short-term efficacy. Today I want to close the loop on that topic, by discussing how government might regulate fields that rely on stopgap security. I’ll assume throughout that government has some reason (which may be wise or unwise) to regulate, and that the regulation is intended to support those deploying stopgap measures to defend their systems.

The first thing to note is that stopgap areas are inherently difficult to regulate, as stopgap security causes the technological landscape to change even faster than usual. The security strategy is to switch rapidly between short-term measures; and, because adversaries tend to defeat whole families of measures at once, the measures adopted tend to vary widely over time. It is very difficult for any regulatory scheme to keep up. In stopgap areas, regulation should be viewed with even more skepticism than usual.

If we must regulate stopgap areas, the regulation must strive to be technology-neutral. Regulation that mandates one technical approach, or even one family of approaches, is likely to block necessary adaptation. Even if no technology is mandated, regulations tend to encode technological assumptions, in their basic structure or in how they define terms; and these assumptions are likely to become invalid before long, making the regulatory scheme fit the defensive technology poorly.

One of the rules for stopgap security technology is to avoid approaches that impose a long-term cost in order to get a short-term benefit. The same is true for regulation. A regulatory approach should not impose long-term costs (such as compliance costs) in order to bolster a technical approach that offers only short-term benefits. Any regulation that requires all devices to do something, for the indefinite future, would therefore be suspect. Equally so, any regulation that creates compatibility barriers between compliant devices and non-compliant devices would be suspect, since the incompatibility would frustrate attempts to stop using the compliant technology once it becomes ineffective.

Finally, it is important not to shift the costs of a security strategy away from the people who decide whether to adopt that strategy. Stopgap measures carry an unusually high risk of having a disastrous cost-benefit ratio; in the worst case they impose significant long-term costs in exchange for limited, short-term benefit. If the party choosing which stopgap to use is also the party who has to absorb any long-term cost, then that party will be suitably cautious. But if regulation shifts the potential long-term cost onto somebody else, then the risk of disastrous technical choices gets much larger.

By this point, alert readers will be thinking “This sounds like an argument against the broadcast flag.” Indeed, the FCC’s broadcast flag violates most of these rules: it mandates one technical approach (providing flexibility only within that approach), it creates compatibility barriers between compliant and non-compliant devices, and it shifts the long-term cost of compliance onto technology makers. How can the FCC have made this mistake? My guess is that they didn’t, and still don’t, realize that the broadcast flag is only a short-term stopgap.