December 25, 2024

Archives for 2009

TiVo, AppleTV, Boxee, and the future of HD television delivery

I don’t watch as much TV as I once did. Yet, I’m still paying Comcast every month, as they’re the only provider who will sell me HD service compatible with my TiVo-HD. Sadly, Comcast is far from ideal. I’m regularly frustrated at their inability to debug their signal quality problems. (My ABC-HD and PBS-HD signals are right on the edge, in terms of signal quality, so any slight degradation makes those channels unwatchable through the MPEG block errors, which seems to happen on an irregular basis.) Comcast customer service wants me to sit around all day waiting for a tech to come out when the problem has nothing whatsoever to do with my house. When I’ve attempted to report the signal strength measurements I’ve taken and how they vary from channel to channel, I’ve found I might as well be speaking to a brick wall.

Yes, I know I could put an old-school antenna on the roof and feed it into my TiVo. That would do pretty good for the local channels, but then why am I paying Comcast at all? Answer: for the handful of shows that we watch from cable channels. More than one person has asked me why I don’t just download these shows online and cut the cable. You can get Comedy Central programming from their web site. You can get all sorts of things from Hulu.com. All free and legal!

To that end, I’ve hacked my AppleTV with the latest patchstick, a remarkably painless process, and now my AppleTV, running Boxee, based on the open-source xbmc project, can play DVD rips from my file server (including DVD menus), just about anything I download from BitTorrent [see sidebar], and can get at content from a variety of streaming providers, including Comedy Central and Hulu.com, theoretically covering enough ground that I could legitimately consider dropping the Comcast subscription altogether.

In practice, the Internet TV experience was a let-down. I’ve got AT&T’s “Elite” DSL package (“up to 6Mb”, which is pretty close to what I see in practice), so I’ve got enough bandwidth for streaming. What I actually see is not utilizing that bandwidth. Comedy Central is not giving anywhere near 30 frames per second. It’s jumpy, unwatchable. Hulu has moments of greatness (i.e., higher resolution and quality relative to the non-HD channels that Comcast feeds me, but nowhere near broadcast HD) but Hulu also freezes up, sometimes for seconds at a time. If Boxee implemented TiVo-like Season Passes, they could download my shows in advance and yield a real winner of an experience. Or TiVo could implement Hulu support, as they already have batch downloads of Internet video content, mostly from Amazon, albeit with low SD quality and unacceptable self-destructing DRM.

Astute readers will note that I have several other options left to pursue. I could sign up for an unlimited Netflix subscription and have access to their streaming library (either to my TiVo or to my Boxee/AppleTV). I could also “subscribe” to the shows that I care about through Apple’s iTunes Store. (That’s how I’ve been watching Entourage, since I can’t otherwise justify the $20/month that I’d have to pay Comcast for HBO. See also the sidebar.)

Netflix doesn’t have the current TV shows that I want, and the iTunes store is pretty pricey. Those Entourage episodes are $2 each for 30 minutes of SD quality video. iTunes HD content, when available, is pretty much broadcast HD quality. Good stuff. iTunes SD content looks fine on an iPhone, but has a variety of problems on a proper HD set, most notably that any dark colors are pulled down to 100% black, presumably to improve compression. Very distracting. Regardless, friends I have with Netflix streaming seem to swear by it, and the iTunes Store clearly provides a good experience, albeit with high prices.

Clearly, Comcast is in deep trouble. Their product is expensive. Their customer service is lacking. Similar issues can be expected for other cable TV vendors, much less the satellite people. The Internet already has sufficient capacity to deliver the non-broadcast shows that I follow, directly to my TV. All the pieces are in place and they’re starting to work well together. The only missing piece is the business model for the future of online TV delivery. Hulu.com, for example, probably thinks they have to require video streaming so they can force you to watch ads. If you could download it, you could skip the ads and there goes their revenue.

I figure the one true hope in all of this is the ever-declining cost of serving up content. At some distant point in the future, the cost of delivering tens of megabits per second of video, for several hours every day, to all of the homes who might want it, will eventually be small enough to not matter any more. Once we get there, the people who make shows can sell them direct to the consumer, insert occasional and targeted ads, and still come out ahead. It could be a long wait.

[Sidebar: BitTorrent is a brilliant system, from a technical perspective, but it was never designed to provide any anonymity to its users. If you join the torrent for, say, an HBO show, HBO can trivially observe that you (or, at least, your IP address) is there, giving them grounds to go after you in one form or another. From that perspective, you’d have to be insane to download a mainstream movie or TV show from BitTorrent, or you’d have to do something terribly anti-social, like tunnel your entire BitTorrent session through Tor, which Tor was never designed to handle, although there are several designs to improve Tor or anonymize BitTorrent. So then, what shows do I feel safe to download via BitTorrent? So far, only the latest episodes of the BBC’s Top Gear. They air in the U.K. six months to a year ahead of their appearance on BBC America and availability on the U.S. iTunes Store. If there were a way to get these shows in the U.S. simultaneous with their British release, I’d happily pay for the privilege, even the $2 rate at the iTunes Store, but I’m not given that option at any price.]

New Internet? No Thanks.

Yesterday’s New York Times ran a piece, “Do We Need a New Internet?” suggesting that the Internet has too many security problems and should therefore be rebuilt.

The piece has been widely criticized in the technical blogosphere, so there’s no need for me to pile on. Anyway, I have already written about the redesign-the-Net meme. (See Internet So Crowded, Nobody Goes There Anymore.)

But I do want to discuss two widespread misconceptions that found their way into the Times piece.

First is the notion that today’s security problems are caused by weaknesses in the network itself. In fact, the vast majority of our problems occur on, and are caused by weaknesses in, the endpoint devices: computers, mobile phones, and other widgets that connect to the Net. The problem is not that the Net is broken or malfunctioning, it’s that the endpoint devices are misbehaving — so the best solution is to secure the endpoint devices. To borrow an analogy from Gene Spafford, if people are getting mugged at bus stops, the solution is not to buy armored buses.

(Of course, there are some security issues with the network itself, such as vulnerability of routing protocols and DNS. We should work on fixing those. But they aren’t the problems people normally complain about — and they aren’t the ones mentioned in the Times piece.)

The second misconception is that the founders of the Internet had no plan for protecting against the security attacks we see today. Actually they did have a plan which was simple and, if executed flawlessly, would have been effective. The plan was that endpoint devices would not have remotely exploitable bugs.

This plan was plausible, but it turned out to be much harder to execute than the founders could have foreseen. It has become increasingly clear over time that developing complex Net-enabled software without exploitable bugs is well beyond the state of the art. The founders’ plan is not working perfectly. Maybe we need a new plan, or maybe we need to execute the original plan better, or maybe we should just muddle through. But let’s not forget that there was a plan, and it was reasonable in light of what was known at the time.

As I have said before, the Internet is important enough that it’s worthwhile having people think about how it might be redesigned, or how it might have been designed differently in the first place. The Net, like any large human-built institution, is far from perfect — but that doesn’t mean that we would be better off tearing it down and starting over.

Final version of Government Data and the Invisible Hand

Thanks to the hard work of our patient editors at the Yale Journal of Law and Technology, my coauthors and I can now share the final version of our paper about online transparency, Government Data and the Invisible Hand.

If you have read the first version, you know that our paper is informed by a deep disappointment with the current state of the federal government’s Internet presence. A naive viewer, like we once were, might look at the chaos of clunky sites in .gov and entertain doubts about the webmasters who run those sites. But that would be—was, on our part—a mistake. We’re happy to set the record straight today.

Barack Obama’s web team is certainly one of the best that has ever been assembled. His staff did a fantastic job on the campaign site, and produced an also excellent, if slightly less dynamic, transition site at Change.gov. On its way to the White House, however, a team comprised of many of the same people seemed to lose its mojo. The complaints about the new Whitehouse.gov site—slow to be updated, lacking in interactivity—are familiar to observers of other .gov sites throughout the government.

What happened? It’s not plausible to suppose that Obama’s staffers have somehow gotten worse as they have moved from campaign to transition to governance. Instead, they have faced an increasingly stringent and burdensome array of regulations as they have become progressively more official. The transition was a sort of intermediate phase in this respect, and the new team now faces the Presidential Records Act, the Paperwork Reduction Act, and a number of other pre-Internet statutory obligations. This experience teaches that the limitations of the federal web reflect the thicket of rules to which such sites are subject—not the hardworking people who labor under those rules.

One of the most exciting things about the new administration’s approach to online media is the way it seeks to enable federal webmasters to move beyond some of the limitations of dated policies, using their expertise to leverage government data online.

My coauthors and I look forward to continuing to work on these issues. We are humbled to recognize the remarkable reservoir of talent and energy that is being brought to bear on the problem, from both within and beyond government.

The Future of News: We're Lucky They Haven't Tried Macropayments

Regular readers will know that the newspaper industry is in dire shape: revenues off by 20% in just the last year, with more than 15,000 jobs lost in that period. This map tells the story better than any writing could. The market capitalizations of newspaper firms, which reflect investor expectations about future performance, have fallen even more precipitously. In short, it’s hard to exaggerate how dire the situation facing the industry is. If you were in charge of a newspaper, survival in any form possible would rationally be your all-consuming focus.

Walter Isaacson, the former editor of TIME magazine and current President of the Aspen Institute, wrote a column last week arguing that newspapers should squeeze revenue out of their web sites through “micropayments.” It’s an idea with a long, but not very successful, history: Isaacson himself points out that Ted Nelson, the inventor of hypertext, imagined micropayments for written content back in the early 1960s.

Small payments, on the order of a dollar, work well for some kinds of highly valued, contextualized content, like a book to your Kindle or a song to your iPod. But “micro” payments on the order of a nickel—the figure Isaacson mentions for a hypothetical news story—have never taken off. Transaction costs, caused by things like credit card processing, are usually cited as the reason, but I’ve never found that view persuasive: It’s not hard to set up a system in which micro transactions are aggregated into parcels of at least a few dollars before being channeled through our existing credit card infrastructure.

The Occam’s razor explanation for the persistent failure of micropayments is much simpler: People hate them. The niggling feeling of being charged a marginal amount for each little thing you do exacts a psychological cost that often suffices to undermine the pleasure of the good or service you receive on an a la carte basis. That’s why monthly gym memberships, pay-one-price amusement parks, and subscription services like Netflix or, come to think of it, regular cable are popular, even when a la carte options would be (financially) cheaper for consumers.

Michael Kinsley, the former editor of Slate, responded to Isaacson in a piece headlined You Can’t Sell News by the Slice. His basic message: We tried getting users to pay for content online—in Slate’s case, as an inexpensive annual subscription—and it didn’t work. One problem noted by both Isaacson and Kinsley is that readers have come to expect content to be free, and when individual papers have tried to start charging, they’ve failed.

What can the papers do? Isaacson is on to something when he says:

Another group that benefits from free journalism is Internet service providers. They get to charge customers $20 to $30 a month for access to the Web’s trove of free content and services. As a result, it is not in their interest to facilitate easy ways for media creators to charge for their content. Thus we have a world in which phone companies have accustomed kids to paying up to 20 cents when they send a text message but it seems technologically and psychologically impossible to get people to pay 10 cents for a magazine, newspaper or newscast.

If struggling news outlets were really bold—and grimly realistic about how little they have to lose, from a business point of view—they might decide to seek revenue at the ISP level. The plan: Begin segmenting site visitors by ISP, and charge ISPs for content. Under this plan, if your ISP has paid the news syndicate, you get to see the news. If you try to visit one of the participating sites and your ISP has not paid the syndicate, then you see a different page, possibly a page that urges you to call your ISP and demand access to the syndicated content. It’s the same model controversially adopted by ESPN360.com (go ahead, check and see if you have access or not). I imagine a hypothetical where a handful of top papers, such as the New York Times, Washington Post, and LA Times, jointly with TIME and Newsweek, form a syndicate that charges ISPs a fixed rate per user-month of access. ISPs, in other words, would make a small number of large (“macro”) payments to content providers, and these would be a primary source of revenue for these outlets, along with advertising.

I am, as Paul Ohm might urge me to say, NAL (Not a Lawyer), but I suspect that such a syndicate might well pass antitrust scrutiny. The syndicate would certainly not make it hard to find news on the web: it would simply make it hard to find certain high quality sources. Participating publications might elect to offer free access to certain population segments, who cannot pay or would experience a concentrated public interest harm, such as users from developing countries. ESPN360, for example, reportedly gives free access to anyone who surfs in from a .edu domain. (No doubt this is also a marketing tactic.)

For some definitions of the term “net neutrality,” such a move by news providers would be a violation of net neutrality. Other definitions of the term would place this behavior outside of its scope. But no matter how you look at it, the substance of such a move would be troubling: it would amount to removing these great sources of journalism from the Internet proper, and placing them instead in a kind of walled garden. If that trend took off and became very widespread, it could amount to a return to the bad old days of walled garden services like AOL and Prodigy.

A second good argument that this situation would be undesirable is that it would force all users of a particular ISP to pay for content that only some users want to access. There’s a sense in which such cross-subsidies are already the norm: those who use their ISP subscriptions for email and web browsing subsidize the heavier network usage of video aficionados and other leading-edge consumers who are way out on the tail and use the lion’s share of the bandwidth. But this, in its deliberateness, would be a new and different level.

A third good argument against this idea is that it would introduce awkward relationships between news outlets and ISPs, in a manner that would impair news coverage of the Internet and telecommunications industries.

Fourthly, there’s the possibility that people will pirate the blocked content systematically by using systems like TOR to access the news content via approved endpoints. (My own thought is that this probably isn’t the strongest argument, since many users are uninterested in this sort of maneuver or even the easy Firefox plugin that would likely arise to enable it. Plus, the content syndicate would pool its resources toward aggressive litigation to stem this trend. Plus, the payments would be extracted from law abiding ISPs, not individual users.)

I can imagine a potentially compelling case being made that such behavior by content providers should be regulated or outlawed. But today I think it is neither. And given the news industry’s desperation, the fact that such a move would be unpopular could turn out to be moot if they can persuade ISPs to pay. If someone capable and hardworking set out to sell the idea to a group of newspaper and newsmagazine publishers, I fear they might prove quite persuasive.

Rethinking the voting system certification process

Lawsuits! Everybody’s filing lawsuits. Premier Election Systems (formerly Diebold) is suing SysTest, one of the EAC’s testing authorities (or, more properly, former testing authorities, now that the EAC is planning to suspend their accreditation). There’s also a lawsuit between the State of Ohio and Premier over whether or not Premier’s voting systems satisfy Ohio’s requirements. Likewise, ES&S is being sued by San Francisco, the State of California, and the state of Oregon. A Pennsylvania county won a judgment against Advanced Voting Systems, after AVS’s systems were decertified (and AVS never even bothered showing up in court to defend themselves). And that’s just scratching the surface.

What’s the real problem here? Electronic voting systems were “certified”, sold, deployed, and then turned out to have a variety of defects, ranging from “simple” bugs to a variety of significant security flaws. Needless to say, it takes time, effort, and money to build better voting machines, much less to push them through the certification process. And nobody really understands what the certification process even is anymore. In the bad old days, a “federally certified voting system” was tested by one of a handful of “independent testing authorities” (ITAs), accredited by the National Association of State Election Directors, against the government’s “voluntary voting system guidelines” (the 2002 edition, for the most part). This original process demonstrably failed to yield well-engineered, secure, or even particularly usable voting systems. So how have things improved?

Now, NASED has been pushed aside by the EAC, and the process has been glacial. So far as I can tell, no electronic voting system used in the November 2008 election had code that was in any way different from what was used in the November 2006 election.

Regardless of whether we jettison the DREs and move to optical scan, plenty of places will continue using DREs. And there will be demand for new features in both DREs and optical scanners. And bug fixes. The certification pipeline must be vigilant, yet it needs to get rolling again. In a hurry, but with great caution and care. (Doesn’t sound very feasible, I know.)

Okay, then let’s coerce vendors to build better products! Require the latest standards! While brilliant, in theory, such a process is doomed to continue the practical failures (and lawsuits) that we’re seeing today. The present standards are voluminous. They are also quite vague where it matters because there is no way to write a standard that’s both general-enough to apply to every possible voting system and specific-enough to adequately require good development practices. The present standards err, arguably correctly, on the vague side, which then requires the testing authorities to do some interpretation. Doing that properly requires competent testing labs and competent developers, working together.

Unfortunately, they don’t work together at all (never mind issues of competence). The current business model is that developers toil away, perhaps talking to their customers, but not interacting with the certification process at all until they’re “done,” after which they pitch the system over the wall, write a big check, and cross their fingers that everything goes smoothly. If the testing authority shoots it down, they need to sort out why and try again. Meanwhile, you’ve got the Great States of California and Ohio doing their own studies, with testers like yours truly who don’t particularly care what the standards say and are instead focused on whether the machines are robust in the face of a reasonable threat model. Were the problems we found outside of the standards’ requirements? We don’t care because they’re serious problems! Unfortunately, from the vendor’s perspective, they now need to address everything we found, and they have no idea whether or not they’ll get it right before they may or may not face another team of crack security ninjas.

What I want to see is a grand bargain. The voting system vendors open up their development processes to external scrutiny and regulation. In return, they get feedback from the certifying authorities that their designs are sound before they begin prototyping. Then they get feedback that their prototypes are sound before they flesh out all the details. This necessarily entails the vendors letting the analysts in on their bugs lists (one of the California Secretary of State’s recommendations to the EAC), further increasing transparency. Trusted auditors could even look at the long-term development roadmap and make judgments that incremental changes, available in the short term, are part of a coherent long-term plan to engineer a better system. Alternately, the auditors could declare the future plans to be a shambles and refuse to endorse even incremental improvements. Invasive auditing would give election authorities the ability to see each vendor’s future, and thus reach informed decisions about whether to support incremental updates or to dump a vendor entirely.

Where can we look for a a role model for this process? I initially thought I’d write something here about how the military procures weapon systems, but there are too many counter-examples where that process has gone wrong. Instead, let’s look at how houses are built (or, at least, how they should be built). You don’t just go out, buy the lumber and nails, hire people off the street, and get banging. Oh no! You start with blueprints. Those are checked off by the city zoning authorities, the neighborhood beauty and integrity committee, and so forth. Then you start getting permits. Demolition permits. Building permits. Electrical permits. At each stage of construction, city inspectors, the prospective owners, and even the holders of the construction loan, may want to come out and check it out. If, for example, there’s an electrical problem, it’s an order of magnitude easier to address it before you put up the interior walls.

For voting systems, then, who should do the scrutiny? Who should scrutinize the scrutineers? Where’s the money going to come from to pay for all this scrutiny? It’s unclear that any of the testing authorities have the deep skills necessary to do the job. It’s similarly unclear that you can continually recruit “dream teams” of the best security ninjas. Nonetheless, this is absolutely the right way to go. There are only a handful of major vendors in the e-voting space, so recruiting good talent to audit them, on a recurring part-time basis, is eminently feasible. Meta-scrutiny comes from public disclosure of the audit reports. To save some money, there are economies of scale to be gained from doing this at the Federal level, although it only takes a few large states to band together to achieve similar economies of scale.

At the end of the day, we want our voting systems to be the best they can be, regardless of what technology they happen to be using. I will argue that this ultimately means that we need vendors working more closely with auditors, whether we’re considering primitive optical scanners or sophisticated end-to-end cryptographic voting schemes. By pushing the adversarial review process deeper into the development pipeline, and increasing our transparency into how the development is proceeding, we can ensure that future products will be genuine improvements over present ones, and hopefully avoid all these messy lawsuits.

[Sidebar: what about protecting the vendors’ intellectual property? As I’ve argued before, this is what copyrights and patents are about. I offer no objection to vendors owning copyright on their code. Patents are a bit trickier. If the auditors decide that some particular feature should be mandatory and one vendor patents it, then every other vendor could potentially infringe the patent. This problem conceivably happens today, even without the presence of invasive auditors. Short of forbidding voting machine patents as a prerequisite for voting system certification, this issue will never go away entirely. The main thing that I want to do away with, in their entirety, are trade secrets. If you want to sell a voting machine, then you should completely waive any trade secret protection, ultimately yielding a radical improvement in election transparency.]