October 6, 2022

Archives for 2011

Wikipedia Banner Challenge

As you can tell from the banners appearing all over Wikipedia, their fundraiser is in full swing. Despite Wikipedia’s importance as a global resource, only about one in a thousand Wikipedia readers donate. One way to improve that would be better banners, and that’s why my research group is launching the Wikipedia Banner Challenge, a website to collect and prioritize banner ideas for Wikipedia. You can participate by voting on banners and suggesting new ones. It is quick, easy, and even a little fun.

The Wikipedia Banner Challenge builds on previous innovative efforts by Wikipedia to involve their community in the design of the fundraiser, especially during the 2010 fundraiser. In a continuation of that community-driven spirit, Wikipedia announced on their blog that they will be watching the results from the Wikipedia Banner Challenge closely and will use some of the most promising banners during the fundraiser. In other words, your banner could appear in front of Wikipedia users around the world.

In addition to building on previous efforts by Wikipedia, this project also furthers work by my research group on developing methods that enable communities to collect and prioritize information in a way that is democratic, open, and efficient. So far, our free and open source website, www.allourideas.org, has been used by governments and non-profit organizations around the world. The Wikipedia Banner Challenge provides an interesting test case for our methods, and we are excited to see the results. Wikipedians, if you want better banners for the fundraiser, give us your ideas.

Here are links to more information about:

Stopping SOPA's Anticircumvention

The House’s Stop Online Piracy Act is in Judiciary Committee Markup today. As numerous protests, open letters, and advocacy campaigns across the Web, this is a seriously flawed bill. Sen. Ron Wyden and Rep. Darell Issa’s proposed OPEN Act points out, by contrast, some of the procedural problems.

Here, I analyze just one of the problematic provisions of SOPA: a new “anticircumvention” provision (different from the still-problematic anti-circumvention of section 1201). SOPA’s anticircumvention authorizes injunctions against the provision of tools to bypass the court-ordered blocking of domains. Although it is apparently aimed at MAFIAAfire, the Firefox add-on that offered redirection for seized domains in the wake of ICE seizures, [1] the provision as drafted sweeps much more broadly. Ordinary security and connectivity tools could fall within its scope. If enacted, it would weaken Internet security and reduce the robustness and resilience of Internet connections.

The anticircumvention section, which is not present in the Senate’s companion PROTECT-IP measure, provides for injunctions, on the action of the Attorney General:

(ii)against any entity that knowingly and willfully provides or offers to provide a product or service designed or marketed by such entity or by another in concert with such entity for the circumvention or bypassing of measures described in paragraph (2) [blocking DNS responses, search query results, payments, or ads] and taken in response to a court order issued under this subsection, to enjoin such entity from interfering with the order by continuing to provide or offer to provide such product or service. § 102(c)(3)(A)(ii)

As an initial problem, the section is unclear. Could it cover someone who designs a tool for “the circumvention or bypassing of” DNS blockages in general — even if such a person did not specifically intend or market the tool to be used to frustrate court orders issued under SOPA? Resilience in the face of technological failure is a fundamental software design goal. As DNS experts Steve Crocker, et al. say in their Dec. 9 letter to the House and Senate Judiciary Chairs, “a secure application expecting a secure DNS answer will not give up after a timeout. It might retry the lookup, it might try a backup DNS server, it might even restart the lookup through a proxy service.” Would the providers of software that looked to a proxy for answers –products “designed” to be resilient to transient DNS lookup failures –be subject to injunction? Where the answer is unclear, developers might choose not to offer such lawful features rather than risking legal attack. Indeed, the statute as drafted might chill the development of anti-censorship tools funded by our State Department.

Some such tools are explicitly designed to circumvent censorship in repressive regimes whose authorities engage in DNS manipulation to prevent citizens from accessing sites with dissident messages, alternate sources of news, or human rights reporting. (See Rebecca MacKinnon’s NYT Op-Ed, Stop the Great Firewall of America. Censorship-circumvention tools include Psiphon, which describes itself as an “Open source web proxy designed to help Internet users affected by Internet censorship securely bypass content-filtering systems,” and The Tor Project.) These tools cannot distinguish between Chinese censorship of Tiananmen Square mentions and U.S. copyright protection where their impacts — blocking access to Web content — and their methods — local blocking of domain resolution — are the same.

Finally, the paragraph may encompass mere knowledge-transfer. Does telling someone about alternate DNS resolvers, or noting that a blocked domain can still be found at its IP address — a matter of historical record and necessary to third-party evaluation of the claims against that site — constitute willfully “providing a service designed … [for] bypassing” DNS-blocking? Archives of historic DNS information are often important information to legal or technical network investigations, but might become scarce if providers had to ascertain the reasons their information was being sought.

For these reasons among many others (such as those identified by my ISP colleague Nick), SOPA should be stopped.

Governor Genro tops President Obama on Citizen Feedback: "The Governer Asks" vs. "Open for Questions"

Something neat is happening in Porto Alegre, Brazil today. Governor Tarso Genro, of the state of Rio Grande do Sul, is meeting with some of his constituents. Of course, that’s pretty normal; governors meet with constituents all the time. What is neat is how those constituents were selected. They are not the ones with the most money or influence, they are the ones with the best ideas.

These 50 constituents were selected to meet with Governor Genro through a process called Governador Pergunta (The Governor Asks). The process started when citizens suggested 1,300 ideas related to five different aspects of health care (e.g., access to care, family health). Next, the Governor’s office launched a major public outreach campaign to encourage residents to prioritize these ideas through an online voting process. To broaden participation, there were public events and even a “voting van” packed with Internet-connected computers that drove around the state. In just 30 days, Governador Pergunta collected 120,000 votes, and these votes were used to select the top 10 ideas in each of the five categories.

To readers in the US, Governador Pergunta might sound like President Obama’s Open for Questions, and the two did have the same admirable goal: to increase public participation in government. But, there were important differences in their implementation that lead me to conclude that Governor Genro’s Governador Pergunta topped President Obama’s Open for Questions.

The first big difference between the two projects was their voting mechanisms. Here’s what they looked like:

Governador Pergunta

Open for Questions

Open for Questions used single-column, approval voting. Visitors to the site could find the items that they wanted and then vote for them. Governador Pergunta used pairwise comparison, meaning that voters were presented with two options and are asked to choose between them. These mechanism may seem similar, but the Governador Pergunta voting system is better than Open for Questions in important ways. (Disclaimer: Now is probably a good time to mention that I’ve been researching pairwise comparison voting mechanisms for several years, and that Governador Pergunta used open-source software developed by my research group. But, more on that later.)

One reason that the voting mechanism in Governador Pergunta is better is that voters made their decisions independently; they had no information about how others had voted. In Open for Questions, in contrast, voters made their decisions interdependently; items were sorted by popularity and this popularity was shown to voters (see screenshot above). This type of interdependent voting system, unfortunately, can lead to strong and unpredictable fads where some ideas get additional support mainly because they had been supported in the past. As I’ve shown in some earlier web-based experiments, the stronger the interdependence of decision-making, the weaker the relationship between underlying quality and ultimate success. In other words, interdependent voting systems are not good for finding the best ideas.

Further, the pairwise comparison voting mechanism used by Governador Pergunta is more manipulation resistant. Recall that in the approval voting system used in Open for Questions, the voters chose which items to consider. This feature makes it easy for a small group of people to rush to a single idea and push it to the top. This weakness was quickly discovered and exploited by the National Organization for the Reform of Marjuana Laws (NORML). In the midst of a financial crisis and national debate about health reform, many of the highest scoring items in Open for Questions were focused on the legalization of marijuana.

With a pairwise comparison voting mechanism, such as the one used by Governador Pergunta, it would have been much harder (but not impossible) for NORML, or any other group, to skew the results because a voter would have had to cast many, many votes before she would get a chance to vote for the idea she wanted to push to the top. Whatever you think about the fairness of marijuana laws in the US, having a system of public participation that is open to manipulation by a small group is clearly not ideal.

Finally, in addition to using a superior voting system, Governador Pergunta topped Open for Questions in another way: it was open-source. Just as black-box electronic voting machines threaten public confidence in elections, so to do black-box systems for other forms of public participation in democratic governance. Any effort to make government more open and transparent using processes that are not open and not transparent seems destined to fail. The source code for Governador Pergunta and the source code for the Pairwise API, developed by my research group and used by used Governador Pergunta, are both open-source. The Governor’s team and I hope that other public officials will build on our work to develop even better ways of making government more open, transparent, and effective.

CITP Call for 2012-2013 Visiting Fellows and Postdocs

The Center for Information Technology Policy is an interdisciplinary research center at Princeton University that studies the intersection of digital technologies and society. Each academic year, CITP issues a call for visiting fellows and postdoctoral researchers. Applications for the 2012-2013 academic year are due by February 1st, 2012.

CITP seeks candidates for Fellows positions from academia, industry, government, and civil society. These are one year appointments — usually from July 1st to June 30th. We are happy to hear from anyone who works at the intersection of digital technology and public life. In addition to our existing strengths in computer science and sociology, we are particularly interested in hearing from faculty members at other universities who have first-hand experience in public service in the technology policy area, engineers, economists, lawyers, civil servants and policy analysts whose research interests are complementary to our existing activities. Please see our current and past fellows to get a sense for the type of people we seek.

For more details, and to apply, visit:
http://citp.princeton.edu/about/join/fellowship-application/

The Latest in Nationwide Internet User Identification – Part 1 (The Ancient State Law "Pure Bill of Discovery")

Plaintiffs are engaging in aggressive and questionable new tactics in a growing wave of federal copyright “John Doe” lawsuits. In those lawsuits, the obvious objective of the plaintiffs is to discover from Internet Service Providers (ISPs) the personal identities of many of the ISPs’ subscribers. The plaintiffs typically present the ISPs with long lists of subscriber IP addresses that have allegedly been used in copyright infringement. Many of these plaintiffs have generated a business model around such suits and are often referred to as “copyright trolls“. The orders permitting “John Doe” discovery necessarily precede the naming of the defendants, and many if not most defendants are likely to settle rather than bear the expense of a defense (not to mention, in many cases, the embarrassment of association with pornographic works). Thus, at least for those defendants, the lawsuits effectively begin and end when their names and contact information are provided to the plaintiffs. Many of the copyright plaintiff attorneys would have it no other way – operating form-based lawsuit “factories” and harvesting settlements, and getting out without presenting any evidence at trial.

The response of the federal judges has been mixed. Many of them just grant the requested relief. In the interest of protecting privacy rights, a few judges have properly appointed attorneys ad litem to represent the unidentified Does. Some have decided that the joinder of numerous defendants in a single lawsuit is improper, and dismissed all the Does except for a single John or Jane. Others have required that the plaintiffs demonstrate a good faith belief that the subscriber-defendants reside in the forum and/or are otherwise subject to the personal jurisdiction of the court.

More recently, the copyright plaintiffs are turning to the state courts – an odd tactic given that copyright infringement claims may only be asserted in federal court. Remember, though, that these plaintiffs appear to be far more interested in the personally identifiable information of Internet subscribers (and coercing settlements), than in the actual pursuit of litigation. As such, they are simply motivated to seek, in the least number of lawsuits, as many Internet subscriber identifications for as many IP address/date/time stamps from as many ISPs as possible.

Consistent with such an objective, the plaintiffs’ lawyers have dusted off an ancient proceeding known as a “pure bill of discovery” – an equitable action that originated in the 19th century, before discovery was even available in legal proceedings under common law. As it turns out, this action is still available under a narrow set of circumstances in some states, including Florida, primarily where discovery is not otherwise obtainable and there is no adequate remedy at law.

Plaintiffs use this action to seek discovery in state court – presumably to avoid some of the same hurdles encountered in federal court. In Florida (the preferred jurisdiction so far), they contend that they should be permitted to file a “pure bill of discovery” for any alleged infringement, so long as they can somehow connect the alleged infringement to that jurisdiction (for example, because another alleged member of the same BitTorrent “swarm” – who could even be the plaintiff’s forensic investigator – was allegedly located in Florida).

But these plaintiffs aren’t using the “pure bill of discovery” the way it is supposed to work.

Because the “pure bill of discovery” is for the sole purpose of obtaining discovery, the “defendants” in such an action should be the person from whom the information is sought. Here, that would be the ISPs. However, suing dozens and dozens of ISPs located across the country in a Florida state court could be inconvenient and costly to the plaintiffs given that the ISPs would need to be served with process and a significant number of the ISPs would likely resist. In addition, if there were actual adversaries (i.e., ISP defendants), the plaintiffs would have to demonstrate their rights and convince the court that they are entitled to relief in an adversarial hearing before an order could be issued and before any subpoenas could be issued.

Preferring otherwise, the plaintiffs are suing the (unrepresented, unnamed, and defenseless) Doe defendants in their “pure bill of discovery” actions. That doesn’t make sense, you may say, because the plaintiffs are not seeking any discovery from the Does. True – in a “pure bill of discovery” action, the plaintiff has to be seeking discovery from the defendants in that action. To address this detail, the plaintiffs’ lawyers fictionally assert that they are seeking to require the Does to “confirm” that the identifying information to be provided by the ISPs is “accurate.” And, naturally, before the Doe defendants can “confirm” that they are who they are said to be, the plaintiffs need to uncover their names. So, after filing the lawsuit in a state court, the plaintiffs file an ex parte motion for discovery seeking to issue discovery requests to a long list of ISPs located across the nation (many beyond the state court’s jurisdiction), to obtain the personally identifiable information of hundreds of individual subscribers (i.e., the John Does). These ex parte motions actually get granted tout de suite.

Although the ISPs (much less the John Does) don’t have any opportunity to be heard beforehand, the ISPs can oppose the discovery requests once those requests are served on them. As a practical matter, though, most of the ISPs don’t; and those that do may simply be met with a voluntary dismissal by the plaintiff (as to those Does only), who would presumably rather not have the court actually hear the arguments made. Thus, the plaintiffs for the most part can readily obtain the necessary personally identifiable information to threaten to sue the alleged infringers (in federal court) and, in all likelihood, obtain quick settlement.

To the extent these plaintiffs get away with it, they have found a way to obtain a court order without opposition that permits nationwide identification of mass defendants in a single lawsuit. Assuming the Doe defendants settle, and anecdotal evidence suggests that many do, bothersome details such as service of process, personal jurisdiction, venue, joinder, and even advocacy in a court of law can be avoided entirely.

And why stop with seeking federal copyright claims? If these proceedings can actually be used in the way the plaintiffs are using them, there’s no reason why anyone couldn’t sue in Florida state court in order to get identifying subscriber information for subscribers located anywhere, from any ISP or other communications provider, under any legal theory. It seems to be the perfect tool of stealth and expedience, unless you happen to believe in the protection of fundamental individual rights and that the role of our judicial system is to resolve cases or controversies. It is hard to imagine that this antediluvian equitable action was intended to serve as a settlement weapon in abusive mass copyright litigation.