November 21, 2024

Archives for August 2005

Recommended Reading: The Success of Open Source

It’s easy to construct arguments that open source software can’t succeed. Why would people work for free to make something that they could get paid for? Who will do the dirty work? Who will do tech support? How can customers trust a “vendor” that is so diffuse and loosely organized?

And yet, open source has had some important successes. Apache dominates the market for web server software. Linux and its kin are serious players in the server operating system market. Linux is even a factor in the desktop OS market. How can this be reconciled with what we know about economics and sociology?

Many articles and books have been written about this puzzle. To my mind, Steven Weber’s book “The Success of Open Source” is the best. Weber explores the open source puzzle systematically, breaking it down into interesting subquestions and exploring answers. One of the book’s virtues is that it doesn’t claim to have complete answers; but it does present and dissect partial answers and hints. This is a book that could merit a full book club discussion, if people are interested.

Recommended Reading: Crime-Facilitating Speech

Eugene Volokh has an interesting new paper about Crime-Facilitating Speech (abridged version): “speech [that] provides information that makes it easier to commit crimes, torts, or other harms”. He argues convincingly that many free-speech cases pertain to crime-facilitating speech. Somebody wants to prevent speech because it may facilitate crime, but others argue that the speech has beneficial effects too. When should such speech be allowed?

The paper is a long and detailed discussion of this issues, with many examples. In the end, he asserts that crime-facilitating speech should be allowed except where (a) “the speech is said to a few people who the speaker knows are likely to use it to commit a crime or to escape punishment”, (b) the speech “has virtually no noncriminal uses”, (c) “the speech facilitates extraordinarily serious harms, such as nuclear or biological attacks”. But don’t just read the end – if you have time it’s well worth the effort to understand how he got there.

What struck me is how many of the examples relate to computer security or copyright enforcement. Many security researchers feel that the applied side of the field has become a legal minefield. Papers like this illustrate how that happened. The paper’s recommendations, if followed, would go a long way toward making legitimate research and publication safer.

ICANN Challenged on .xxx Domain

The U.S. government has joined other governments and groups in asking ICANN to delay implementation of a new “.xxx” top-level domain, according to a BBC story.

Adding a .xxx domain would make little difference in web users’ experiences. Those who want to find porn can easily find it already; and those who want to avoid it can easily avoid it. It might seem at first that the domain will create more “space” for porn sites. But there’s already “space” on the web for any new site, of any type, that somebody wants to create. The issue here is not whether sites can exist, but what they can call themselves.

Adding .xxx won’t make much difference in how sites are named, either. I wouldn’t be happy to see a porn site at freedom-to-tinker.xxx; nor would the operator of that site be happy to see my site here at freedom-to-tinker.com. The duplication just causes confusion. Your serious profit-oriented porn purveyor will want to own both the .com and .xxx versions of his site’s URL; and there’s nothing to stop him from owning both.

Note also that the naming system does not provide an easy way for end users to get a catalog of all names that end in a particular suffix. Anybody can build an index of sites that fall into a particular category. Such indices surely exist for porn sites.

The main effect of adding .xxx would be to let sites signal that they have hard-core content. That’s reportedly the reason adult theaters started labeling their content “XXX” in the first place – so customers who wanted such content could learn where to find it.

That kind of signaling is a lousy reason to create a new top-level domain. There are plenty of other ways to signal. For example, sites that wanted to signal their XXX nature could offer their home page at xxx.sitename.com in addition to www.sitename.com. But ICANN has chosen to create .xxx anyway.

Which brings us to the governments’ objections. Perhaps they object to .xxx as legitimizing the existence of porn on the net. Or perhaps they object to the creation of a mechanism that will make it easier for people to find porn.

These objections aren’t totally frivolous. There’s no top-level domain for religious groups, or for science, or for civic associations. Why create one for porn? And surely the private sector can fill the need for porn-signaling technology. Why is ICANN doing this? (Governments haven’t objected to ICANN’s decisions before, even though those decisions often made no more sense than this decision does. But that doesn’t mean ICANN is managing the namespace well.)

And so ICANN’s seemingly arbitrary management of the naming system brings it into conflict with governments. This is a sticky situation for ICANN. ICANN is nominally in charge of Internet naming, but ICANN’s legitimacy as a “government” for the net has always been shaky, and it has to worry about losing what legitimacy it has if the U.S. joins the other governments who want to replace ICANN with some kind of consortium of nations.

The U.S. government is asking ICANN to delay implementation of .xxx so it can study the issue. We all know what that means. Expect .xxx to fade away quietly as the study period never ends.

DMCA, and Disrupting the Darknet

Fred von Lohmann’s paper argues that the DMCA has failed to keep infringing copies of copyrighted works from reaching the masses. Fred argues that the DMCA has not prevented “protected” files from being ripped, and that once those files are ripped they appear on the darknet where they are available to everyone. I think Fred is right that the DMCA and the DRM (anti-copying) technologies it supports have failed utterly to keep material off the darknet.

Over at the Picker MobBlog, several people have suggested an alternate rationale for the DMCA: that it might help raise the cost and difficulty of using the darknet. The argument is that even if the DMCA doesn’t help keep content from reaching the darknet, it may help stop material on the darknet from reaching end users.

I don’t think this rationale works. Certainly, copyright owners using lawsuits and technical attacks in an attempt to disrupt the darknet. They have sued many end users and a few makers of technologies used for darknet filesharing. They have launched technical attacks including monitoring, spoofing, and perhaps even limited denial of service attacks. The disruption campaign is having a nonzero effect. But as far as I can tell, the DMCA plays no role in this campaign and does nothing to bolster it.

Why? Because nobody on the darknet is violating the DMCA. Files arrive on the darknet having already been stripped of any technical protection measures (TPMs, in the DMCA lingo). TPMs just aren’t present on the darknet. And you can’t circumvent a TPM that isn’t there.

To be sure, many darknet users break the law, and some makers of darknet technologies apparently break the law too. But they don’t break the DMCA; and indeed the legal attacks on the darknet have all been based on old-fashioned direct copyright infringement by end users, and contributory or vicarious infringement by technology makers. Even if there were no DMCA, the same legal and technical arms race would be going on, with the same results.

Though it has little if anything to do with the DMCA, the darknet technology arms race is an interesting topic in itself. In fact, I’m currently writing a paper about it, with my students Alex Halderman and Harlan Yu.

DMCA: An Avoidable Failure

In his new paper, Fred von Lohmann argues that the Digital Millennium Copyright Act of 1998, when evaluated on its own terms, is a failure. Its advocates said it would prevent widespread online copyright infringement; and it has not done so.

Fred is right on target in diagnosing the DMCA’s failure to do what its advocates predicted. What Fred doesn’t say, though, is that this failure should have been utterly predictable – it should have been obvious when the DMCA was grinding through Congress that things would end up like this.

Let’s look at the three assumptions that underlie the darknet argument [quoting Fred]:

  1. Any widely distributed object will be available to some fraction of users in a form that permits copying.
  2. Users will copy objects if it is possible and interesting to do so.
  3. Users are connected by high-bandwidth channels.

When the DMCA passed in 1998, #1 was obviously true, and #3 was about to become true. #2 was the least certain; but if #2 turned out to be false then no DMCA-like law would be necessary anyway. So why didn’t people see this failure coming in advance?

The answer is that many people did, but Congress ignored them. The failure scenario Fred describes was already conventional wisdom among independent computer security experts by 1998. Within the community, conversations about the DMCA were not about whether it would work – everybody knew it wouldn’t – but about why Washington couldn’t see what seemed obvious to us.

When the Darknet paper was published in 2001, people in the community cheered. Not because the paper had much to say to the security community – the paper’s main argument had long been conventional wisdom – but because the paper made the argument in a clear and accessible way, and because, most of all, the authors worked for a big IT company.

For quite a while, employees of big IT companies had privately denigrated DRM and the DMCA, but had been unwilling to say so in public. Put a microphone in front of them and they would dodge questions, change the subject, or say what their employer’s official policy was. But catch them in the hotel bar afterward and they would tell a different story. Everybody knew that dissenting from the corporate line was a bad career move; and nobody wanted to be the first to do it.

And so the Darknet paper caused quite a stir outside the security community, catalyzing a valuable conversation, to which Fred’s paper is a valuable contribution. It’s an interesting intellectual exercise to weigh the consequences of the DMCA in an alternate universe where it actually prevents online infringement; but if we restrict ourselves to the facts on the ground, Fred has a very strong argument.

The DMCA has failed to prevent online infringement; and that failure should have been predictable. To me, the most interesting question is how our policymakers can avoid making this kind of mistake again.