November 26, 2024

More Trouble for Network Monitors

A while back I wrote about a method (well known to cryptography nerds) to frustrate network monitoring. It works by breaking up a file into several shares, in such a way that any individual share, and indeed any partial subset of the shares, looks entirely random, but if you have all of the shares then you can add them together to get back the original file. Today I want to develop this idea a bit further.

The trick I discussed before sent the shares one at a time, perhaps interspersed with other traffic, so that a network monitor would have to gather and store all of the shares, and know that they were supposed to go together, in order to know what was really being transmitted. The network monitor couldn’t just look at one message at a time. In other words, the shares were transmitted from the same place, but at different times.

It turns out that you can also transmit the shares from different places. The idea is to divide a file into shares, and put one share on server A, another on server B, another on server C, and so on. Somebody who wanted the file (and who knew how it was distributed) would go to all of the servers and get one share from each, and then combine them. To figure out what was going on, a network monitor would have to be monitoring the traffic from all of the servers, and it would have to know how to put the seemingly random shares together. The network monitor would have to gather information from many places and bring it together. That’s difficult, especially if there are many servers involved.

If the network monitor did figure out what is going on, then it would know which servers are participating in the scheme. If Alice and Bob were both publishing shares of the file, then the network monitor would blame them both.

Congratulations on making it this far. Now here’s the cool part. Suppose that Alice is already publishing some file A that looks random. Now Bob wants to publish a file F using two-way splitting; so Bob publishes B = F-A, so that people can add A and B to get back F. Now suppose the network monitor notices that the two random-looking files A and B add up to F; so the network monitor tries to blame Alice and Bob. But Alice says no – she was just publishing the random-looking file A, and Bob came along later and published F-A. Alice is off the hook.

But note that Bob can use the same excuse. He can claim that he published the random-looking file B, and Alice came along later and published F-B. To the monitor, A and B look equally random. So the monitor can’t tell who is telling the truth. Both Alice and Bob have plausible deniability – Alice because she is actually innocent, and Bob because the network monitor can’t distinguish his situation from Alice’s. (Of course, this also works with more than two people. There could be many innocent Alices and one tricky Bob.)

Bob faces some difficulties in pulling off this trick. For example, the network monitor might notice that Alice published her file before Bob published his. Bob doesn’t have a foolproof scheme for distributing files anonymously – at least not yet. But stay tuned for my next post about this topic.

Show Us the Numbers

Today brings yet another story about how Hollywood’s finances are better than ever. Ross Johnson’s story (“Video Sales Abroad Are Good News in Hollywood. Shhh.“) in today’s New York Times tells us that the studios are keeping their overseas DVD sales secret, so as not to interfere with the industry’s tradition of lowballing its revenue.

“For a long time, the film business was a single-digit business on investment return,” said Charles Roven, the producer of “Batman Begins” from Warner Brothers, a division of Time Warner. “Now, because of home video, it’s a low double-digit business, and the studios want to make sure it doesn’t go back into the single-digit business.”

In the past, lowballing has enabled the industry to limit its payouts to stars whose contracts call for a share of the profits. As the story reports, that battle goes on.

These days, of course, surging profits would be inconvenient in another way. They would undercut the industry’s rent-seeking in Washington, which relies on a narrative in which technology destroys the industry’s revenue stream. If the technology problem is really as bad as the industry says, then it ought to show up in the sales numbers.

The music industry has opened its books, reporting sales and revenue numbers that fell for several years before rebounding slightly in 2004. By all reports, the movie industry is still more profitable than ever.

It may turn out that the net effect of technology on the industry is neutral, or even positive. If so, then no expansion of copyright law is needed, and a mild contraction may even be in order. Remember, the goal of copyright is not to maximize the profits of any one industry, but to foster creativity by regulating just enough to ensure an adequate incentive to create. If the industry wants to argue that incentives are inadequate now, or will be in the future, then it will have to show us the numbers.

The stars fight lowballing by demanding a detailed audit of industry revenue reports. We should demand no less.

Review of MPAA's "Parent File Scan" Software

Yesterday the MPAA announced the availability of a new software tool called Parent File Scan. I decided to download it and try it out. Here’s my review.

According to an MPAA site,

Parent File Scan software helps consumers check whether their computers have peer-to-peer software and potentially infringing copies of motion pictures and other copyrighted material. Removing such material can help consumers avoid problems frequently caused by peer-to-peer software. The information generated by the software is made available only to the program’s user, and is not shared with or reported to the MPAA or another body.

In practice, if there are music files on a computer, no software tool can tell whether they’re legal or illegal, because there is no way to tell whether the files came from ripping the consumer’s own CDs (which is legal) or from infringing P2P downloading (which is illegal). Saying the music files on consumer computers are “potentially infringing” will probably cause some people to delete files that are perfectly legal. The implication that removing music files from your computer “can help [you] avoid problems frequently caused by peer-to-peer software” seems misleading. Of course, it’s totally correct that removing P2P apps will eliminate any problems caused by P2P apps.

The Parent File Scan software itself comes from a company called DtecNet. You download and install the software, click through a standard-looking EULA, and you’re ready to go. When you tell it to scan, it searches your hard drive for files in common audio or video formats, and for P2P apps. On my machine, it seemed to find all of the audio files (all legal). It failed to find any video files, which I think is correct. The only P2P app on my machine was an old version of Napster (which was never used to infringe). Parent File Scan failed to find Napster, but it’s worth noting that the old Napster version in question is now utterly useless.

At the end of the scan, if you have any P2P apps, Parent File Scan offers to remove them. Based on the documentation, it appears that the removal is done by invoking the P2P app’s own removal program; the documentation warns that there might not be a removal program, and it might not remove everything that came with the P2P app (i.e., spyware).

Parent File Scan also lists the audio and video files it found. It discloses very clearly (annoyingly often, in fact) that it has no way of knowing whether the files are legal or illegal. Here’s a typical message:

The program does not distinguish between legal and illegal copies. It is up to the user to determine whether the files found by the program have been acquired legally, or if the material should be deleted.

In the post-scan display, each audio/video file has a checkbox which you can check to designate the file for deletion. The default is to delete nothing. I deleted a few old files that I didn’t want anymore, and everything seemed to work correctly.

All in all, the program seems to do its job well. The user interface is clear and straightforward, and does not try to scare or mislead the user. Not everybody will want this a program like this, but those who do will probably be happy with Parent File Scan.

UPDATED (11:15 PM): Added the word “infringing” before “P2P” in the “In practice …” paragraph, to eliminate the (false) implication that all P2P downloading is illegal.

PlaysMaybe

Natali Helberger at INDICARE questions Microsoft’s new “playsforsure” campaign. Playsforsure is a logo that will be displayed by digital music and video stores, and media devices. The program has a cute logo:

According to the program’s website,

Look for the PlaysForSure logo if you’re shopping for a portable music or video device and you want to make sure the digital music and video you purchase will play back on it every time. Match the PlaysForSure logo on a large selection of leading devices and online music stores. If you see the logo you’ll know your digital music will play for sure.

So if I buy a product with the playsforsure logo on it, I can play any music I like on it. And if I buy a song from a playsforsure music store, I can play it on any device I like. Right? Maybe not. Elsewhere on the site, we find this:

When your device and music service are compatible with each other, all you have to do is choose the music that’s compatible with you.

Hmm, that doesn’t sound so good. But at least I’ll know that if my device, my music store, and my music all have the playsforsure logo, it’ll work, with no fine-print exceptions. Right? Maybe not.

Look on the back of the device box to see what type of media will play back on the device.

The checkmarks indicate if the device is capable of playing back audio and/or video that’s been downloaded from an online store. Additionally some devices will be able to play back media that has been purchased through an online store that offers subscription or rentals.

Well, at least I know that the engineers are doing everything they can to make their products compatible with each other. Maybe someday they’ll finish that MP3 standard and we’ll be able to play our music on any device we like.


[Ed’s assignment desk: Somebody with artistic talent (i.e., not me) should create a “playsmaybe” logo, perhaps depicting a square peg labled “playsmaybe” failing to fit into a round hole labeled “DRM in use”.]

Balancing Tests in the Grokster Briefs

The biggest issue in the Grokster case is whether the Supreme Court adjusts or clarifies its precedent from the Sony Betamax case. The fate of Grokster itself is much less important than what ground rules the Court imposes on future innovators.

The core of the Betamax opinion is this oft-quoted passage:

The staple article of commerce doctrine must strike a balance between a copyright holder’s legitimate demand for effective – not merely symbolic – protection of the statutory monopoly, and the rights of others freely to engage in substantially unrelated areas of commerce. Accordingly, the sale of copying equipment, like the sale of other articles of commerce, does not constitute contributory infringement if the product is widely used for legitimate, unobjectionable purposes. Indeed, it need merely be capable of substantial noninfringing uses.

There are two ideas here: the need to balance the interests of copyright holders against the interests of others, and, following from this need for balance, immunity from contributory infringement for devices sufficiently capable of noninfringing use. Grokster often argues from the immunity language. The studios often argue from the balance language, asserting that Grokster’s reading of the immunity language is inconsistent with the balance language. Many of the briefs filed on Monday take this latter angle.

What’s interesting is that most of those briefs, though relying heavily on balance arguments, seem to miss an important aspect of Betamax’s balance language. They do this by setting up a balancing test between the interests of copyright owners and the interests of Grokster. But that’s not quite the balance that Betamax is talking about.

The Betamax court would balance the interests of copyright holders against those of “others freely to engage in [noninfringing] areas of commerce.” Here “others” refers not only to the maker of the challenged product (here, Grokster) but to everybody who benefits from the product’s existence. This includes users who benefit from noninfringing uses of the product, musicians or publishers who use the product to disseminate their work, users who will benefit from not-yet-discovered uses of the product, developers of future noninfringing products who learn from seeing the product in operation, and so on. These benefits are often diverse, diffuse, and difficult to foresee, which is why the Betamax court was cautious about imposing liability for infant technologies.

I’ve read most of the briefs filed in Monday’s group. Of these, I’ve seen only three that seem to understand this point about what interests need to be balanced. These three come from the video store dealers; a group of professors (Kenneth Arrow et al.); and IEEE-USA. These briefs differ in their ultimate conclusions, which is not surprising. Understanding which interests need to be balanced is only a starting point for analysis.