November 26, 2024

Posts Comments

Grokster Briefs: Toward a More Regulable Net

January 25, 2005 by

Many briefs were filed yesterday in Grokster, the upcoming Supreme Court case which has broad implications for technology developers. (Copies of the briefs are available from EFF.) There’s a lot to discuss in these briefs. Today I want to focus on two of the amicus briefs, one from the Solicitor General (who represents the U.S. government), and one from a group of anti-porn and police organizations.

The Solicitor General offers an odd discussion of P2P and the Internet’s history (pp. 2-3):

1. Peer-to-peer (P2P) computing technology enables users of a particular P2P network to access and copy files that are located on the computers of other users who are logged in to the network. Unlike traditional Internet transactions, in which a user’s computer obtains information from a specific website operated by a central computer “server,” P2P networking software gives users direct access to the computers of other users on the network. [Citation omitted.] P2P file-sharing software thus performs two principal functions: First, it searches for and locates files that are available on the various “peer” computers linked to the network, and second, it enables a user to retrieve and copy the desired files directly from such computers.

This history could hardly be more wrong. The ability to share files between any two computers on the network was an explicit goal of the Internet, from day one. The web is not a traditional aspect of the Internet, but a relatively recent development. And the web does not require or allow only large, centralized servers. Anybody can have a website – I have at least three. Searching for files and retrieving copies of files is a pretty good description of what the web does today.

What the Solitor General seems to want, really, is a net that is easier to regulate, a net that is more like broadcast, where content is dispensed from central servers.

The anti-porn amici come right out and say that that is what they want. Their brief uses some odd constructions (“Like any non-sentient, non-judgmental technology, peer-to-peer technology can be misused…”) and frequent recourse to the network fallacy.

Their main criticism of Grokster is for its “engineered ignorance of use and content” (p. 9; note that the quoted phrase is a reasonable definition of the end-to-end principle, which underlies much of the Internet’s design), for failing to register its users and monitor their activities (e.g., p. 13), for failing to limit itself to sharing only MP3 files as Napster did (really! p. 17), and for “engineer[ing] anonymous, decentralized, unsupervised, and unfiltered networks” (p. 18).

These arguments (as the lawyers say) prove too much, as they would apply equally to the Internet itself, which is ignorant of use and content, does not register most of its users or monitor their activities, does not limit the types of files that can be shared, and is generally anonymous, decentralized, unsupervised, and unfiltered.

What kind of net would make these amici happy? The Solicitor General speaks approvingly of LionShare, Penn State’s home-grown P2P system, which appears to register and log everything in sight. Of course, LionShare doesn’t fully exist yet, and even when it does exist it will not be available to the public (see LionShare FAQ, which says that the source code will be available to the public, but the public will not be allowed to share files with “authorized” academic users). For a member of the public who wants to share a legal, non-porn, non-infringing file with a wide audience, the Web, or Grokster, is a much better technology than LionShare.

These briefs are caught between nostalgia for a past that never existed, and false hope for future technologies that won’t do the job.

Filed Under: Uncategorized Tagged With:

Why Hasn't TiVo Improved?

January 21, 2005 by

The name TiVo was once synonymous with an entire product category, Digital Video Recorders. Now the vultures are starting to circle above TiVo, according to a New York Times story by Saul Hansell. What went wrong?

The answer is obvious: TiVo chose to cozy up to the TV networks rather than to its customers.

When my family bought a TiVo, it was a cutting-edge product (the TiVo, not the family; but come to think of it, the family was pretty cool too), delivering a customer experience that was hard to find elsewhere. Since then, eight years have passed – an eternity in the electronics business – and TiVo is still selling essentially the same product. Sure, they have added a few bells and whistles, but nothing that made us want to run out and buy a new box.

TiVo made a decision, early on, to cozy up to the TV networks, to stay within their comfort zone. But the networks’ comfort zone is awfully confining. ReplayTV took a different path, seizing the technological lead with new features that angered the networks; and the networks brought a lawsuit that ReplayTV couldn’t afford to defend. At the time, TiVo execs probably chuckled and congratulated themselves for their caution.

Now the time has come for TiVo to pay for its timidity. Its technology is no longer distinctive, and the rising tide of DRM threatens to cut TiVo’s products out of the TV delivery pipeline. (Remember, DRM is just another name for deliberate incompatibility.) It’s not clear what the company will have to offer future customers.

Which brings us to the key paragraph in the New York Times story:

Last week, TiVo announced that Mr. Ramsay was stepping down as chief executive but would remain as chairman. He said the change was his idea and had been under discussion for months. Several board members and others close to the board confirm that. But they also said that the board hoped to hire someone with less of Mr. Ramsay’s fierce belief in the power of TiVo’s technology. They said they preferred someone with an ability to repair TiVo’s relations with the big cable companies.

[italics added] As in so many organizations, TiVo’s response to crisis is to do more of what got them in trouble, rather than returning to the strategy that made them successful in the first place.

This is bad news for TiVo, which desperately needs new, distinctive technology if it wants to survive. It’s bad news for customers too.

UPDATE (2:00 PM): Matt Haughey has a nice response over at PVRblog.

Filed Under: Uncategorized Tagged With:

Network Monitoring: Harder Than It Looks

January 20, 2005 by

Proposals like the Cal-INDUCE bill often assume that it’s reasonably easy to monitor network traffic to block certain kinds of data from being transmitted. In fact, there are many simple countermeasures that users can (and do, if pressed) use to avoid monitoring.

As a simple example, here’s an interesting (and well known) technical trick. Suppose Alice has a message M that she wants to send to Bob. We’ll treat M as a number (bearing in mind that any digital message can be thought of as a number). Alice chooses a random number R which has the same number of digits as M. She sends the message R to Bob; then she computes X = M-R, and sends the message X to Bob. Obviously, Bob can add the two messages, R + (M-R), and the sum will be M – the message Alice originally wanted to send him.

[Details, for mathematical purists: all arithmetic is done modulo a large prime P; R is chosen randomly in [0, P-1]. When I say a value “looks random” I mean that it is indistinguishable (in the information-theoretic sense) from a random value.]

Now here’s the cool part: both of the messages that Alice sends look completely random. Obviously R looks random, because Alice generated it randomly. But it turns out that X looks random too. To be more precise: either message by itself looks completely random; only by combining the two messages can any information be extracted.

By this expedient, Alice can foil any network monitor who looks at network messages one at a time. Each individual message looks innocuous, and it is only by storing messages and combining them that a monitor can learn what Alice is really telling Bob. If Alice sends the two messages by different paths, then the monitor has to gather messages from multiple paths, and combine them, to learn what Alice is telling Bob.

It’s easy for Alice to extend this trick, to split her message M into any number of pieces. For example, Alice could split M into five pieces, by generating four random numbers, R1, R2, R3, and R4, and then computing X = M-(R1+R2+R3+R4). Given any four of these five pieces, nothing can be deduced. Only somebody who has all five pieces, and knows to combine them by addition, can extract information. So a monitor has to gather and compare many messages to see what Alice is up to, even though Alice isn’t using encryption.

There are many more technical tricks like this that are easy for Alice and Bob to adopt, but hard for network monitors to cope with. If the monitors want to engage in an arms race, they’ll lose.

Filed Under: Uncategorized Tagged With:

My Morning Pick-Me-Up

January 19, 2005 by

First thing this morning, I’m sitting in my bathrobe, scanning my inbox, when I’m jolted awake by the headline on a TechDirt story:

California Senator Wants to Throw Ed Felten in Jail

I guess I’ll take the time to read that story!

Kevin Murray, a California legislator, has introduced a bill that would fine, or imprison for up to one year, any person who “sells, offers for sale, advertises, distributes, disseminates, provides, or otherwise makes available” software that allows users to connect to networks that can share files, unless that person takes “reasonable care” to ensure that the software is not used illegally. TechDirt argues that my TinyP2P program would violate the proposed law.

Actually, the bill would appear to apply to a wide range of general-purpose software:

“[P]eer-to-peer file sharing software” means software that once installed and launched, enables the user to connect his or her computer to a network of other computers on which the users of these computers have made available recording or audiovisual works for electronic dissemination to other users who are connected to the network. When a transaction is complete, the user has an identical copy of the file on his or her computer and may also then disseminate the file to other users connected to the network.

That definition clearly includes the web, and the Internet itself, so that any software that enabled a user to connect to the Internet would be covered. And note that it’s not just the author or seller of the software who is at risk, but also any advertiser or distributor. Would TechDirt be committing a crime by linking to my TinyP2P page? Would my ISP be committing a crime by hosting my site?

The bill provides a safe harbor if the person takes “reasonable care” to ensure that the software isn’t used illegally. What does this mean? Standard law dictionaries define “reasonable care” as the level of care that a “reasonable person” would take under the circumstances, which isn’t very helpful. (Larry Solum has a longer discussion, which is interesting but doesn’t help much in this case.) I would argue that trying to build content blocking software into a general-purpose network app is a fruitless exercise which a reasonable person would not attempt. Presumably Mr. Murray’s backers would argue otherwise. This kind of uncertain situation is ripe for intimidation and selective prosecution.

This bill is terrible public policy, especially for the state that leads the world in the creation of innovative network software.

Filed Under: Uncategorized Tagged With:

Enforceability and Steroids

January 18, 2005 by

Regular readers know that I am often skeptical about whether technology regulations can really be enforced. Often, a regulation that would make sense if it were (magically) enforceable, turns out to be a bad idea when coupled with a realistic enforcement strategy. A good illustrative example of this issue arises in Major League Baseball’s new anti-steroids program, as pointed out by David Pinto.

The program bars players from taking anabolic steroids, and imposes mandatory random testing, with serious public sanctions for players who test positive. A program like this helps the players, by eliminating the competitive pressure to take drugs that boost on-the-field performance but damage users’ health. Players are better off in a world where nobody takes steroids than in one where everybody does. But this is only true if drug tests can accurately tell who is taking steroids.

A common blood test for steroids measures T/E, the ratio of testosterone (T) to epitestosterone (E). T promotes the growth and regeneration of muscle, which is why steroids provide a competitive advantage. The body naturally makes E, and later converts it into T. Steroids are converted directly into T. So, all else being equal, a steroid user will have higher T/E ratio than a non-user. But of course all else isn’t equal. Some people naturally have higher T/E ratios than others.

The testing protocol will set some threshold level of T/E, above which the player will be said to have tested positive for steroids. What should the threshold be? An average value of T/E is about 1.0. About 1% of men naturally have T/E of 6.0 or above, so setting the threshold at that level would falsely accuse about 1% of major leaguers. (Or maybe more – if T makes you a better baseball player, then top players are likely to have unusually high natural levels of T.) That’s a pretty large number of false accusations, when you consider that these players will be punished, and publicly branded as steroid users. Even worse, nearly half of steroid users have T/E of less than 6.0, so setting the threshold there will give a violator a significant chance of evading detection. That may be enough incentive for a marginal player to risk taking steroids.

(Of course it’s possible to redo the test before accusing a player. But retesting only helps if the first test mismeasured the player’s true T/E level. If an innocent player’s T/E is naturally higher than 6.0, retesting will only seem to confirm the accusation.)

We can raise or lower the threshold for accusation, thereby trading off false positives (non-users punished) against false negatives (steroid users unpunished). But it may not be possible to have an acceptable false positive rate and an acceptable false negative rate at the same time. Worse yet, “strength consultants” may help players test themselves and develop their own customized drug regimens, to gain the advantages of steroids while evading detection by the official tests.

Taking these issues into account, it’s not at all clear that a steroid program helps the players. If many players can get away with using steroids, and some who don’t use are punished anyway, the program may actually be a lose-lose proposition for the players.

Are there better tests? Will a combination of multiple tests be more accurate? What tests will Baseball use? I don’t know. But I do know that these are the key questions to answer in evaluating Baseball’s steroids program. It’s not just a question of whether you oppose steroid use.

Filed Under: Uncategorized Tagged With: