November 27, 2024

BSA To Ask For Expansion of ISP Liability

The Business Software Alliance (BSA), a software industry group, will ask Congress to expand the liability of ISPs for infringing traffic that goes across their networks, according to a Washington Post story by Jonathan Krim.

The campaign to modify the law is part of a broader effort by the BSA to address a variety of copyright and patent issues. In a report to be released today, the group outlines its concerns but offers no specifics on how the 1998 law should be changed. But in an interview, [Adobe chief Bruce] Chizen and BSA Executive Director Robert Holleyman said Internet service providers should no longer enjoy blanket immunity from liability for piracy by users.

The article doesn’t make clear what limits BSA would put on ISP liability. Making ISPs liable for everything that goes over their networks would be a death blow to ISPs, because there is no way to look at a file and tell what might be hidden in it. (Don’t believe me? Then tell me what is hidden in this file.) Actually, BSA members sell virtual private network software that hides messages from ISPs.

So the BSA must want something less than total liability. Perhaps they want to expand the DMCA subpoena-bot rule so that ISPs have to turn over a customer’s name on demand. The music industry once claimed that the existing DMCA rule requires that, but the courts disagreed. Congress could amend the DMCA to override that court decision.

Or perhaps they want to hold ISPs liable unless they deploy filtering and blocking technologies to try to stop certain files from circulating and certain protocols from being used. These technologies are only stopgap measures that would soon be overcome by P2P designers, so requiring their deployment seems like bad policy.

Most likely, this is just a tactic to put political pressure on ISPs, in the hope of extracting some concessions. I predict that either (a) this will go nowhere, or (b) ISPs will agree to allow an expansion of the subpoena-bot rule.

Predictions for 2005

Here is my list of twelve predictions for 2005.

(1) DRM technology, especially on PCs, will be seen increasingly as a security and privacy risk to end users.

(2) Vonage and other leading VoIP vendors will start to act like incumbents, welcoming regulation of their industry sector.

(3) Internet Explorer will face increasing competitive pressure from Mozilla Firefox. Microsoft’s response will be hamstrung by its desire to maintain the fiction that IE is an integral part of the operating system.

(4) As blogs continue to grow in prominence, we’ll see consolidation in the blog world, with major bloggers either teaming up with each other or affiliating with major news outlets or web sites.

(5) A TV show or movie that is distributed only on the net will become a cult hit.

(6) The Supreme Court’s Grokster decision won’t provide us with a broad, clear rule for evaluating future innovations, so the ball will be back in Congress’s court.

(7) Copyright issues will be stalemated in Congress.

(8) There will be no real progress on the spam, spyware, and desktop security problems.

(9) Congress will address the spyware problem by passing a harmless but ineffectual law, which critics will deride as the “CAN-SPY Act.”

(10) DRM technology will still fail to prevent widespread infringement. In a related development, pigs will still fail to fly.

(11) New P2P systems will marry swarming distribution (as in BitTorrent) with distributed indexing (as in Kazaa et al). Copyright owners will resort to active technical measures to try to corrupt the systems’ indices.

(12) X-ray vision technology will become more widely available (though not to the general public), spurring a privacy hoohah.

2004 Predictions Scorecard

A year ago, I offered seven predictions for 2004. Today, as penance for sins committed in 2004, it’s my duty to exhume these predictions and compare them to reality.

(1) Some public figure will be severely embarrassed by an image taken by somebody else’s picture-phone or an audio stream captured by somebody else’s pocket audio recorder. This will trigger a public debate about the privacy implications of personal surveillance devices.

The Abu Ghraib images seem to fit the bill here: pictures taken by a phonecam that severely embarass a public figure. When I made this prediction, I had in mind pictures or recordings of the public figure in question, but what the prediction as written wasn’t too far off.

Verdict: mostly right.

(2) The credibility of e-voting technologies will continue to leak away as more irregularities come to light. The Holt e-voting bill will get traction in Congress, posing a minor political dilemma for the president who will be caught between the bill’s supporters on one side and campaign contributors with e-voting ties on the other.

E-voting technologies did lose credibility as predicted. The Holt bill did gain some traction but was never close to passing. Republicans did feel some squeeze on this issue, and it became a bit of a partisan issue. (Now that the 2004 election is past, there is more hope for e-voting reform.)

Verdict: mostly right.

(3) A new generation of P2P tools that resist the recording industry’s technical countermeasures will grow in popularity. The recording industry will respond by devising new tactics to monitor and unmask P2P infringers.

P2P tools did evolve to resist technical countermeasures, for instance by using hashes to detect spoofed files. The recording industry is only now starting to change tactics. The big P2P technology of the year was BitTorrent, whose main innovation was in dispersing the bandwidth load required to distribute large files, rather than in evading countermeasures. Indeed, BitTorrent made possible a new set of countermeasures, which the copyright owners adopted near the end of the year.

Verdict: mostly right.

(4) Before the ink is dry on the FCC’s broadcast flag order, the studios will declare it insufficient and ask for a further mandate requiring watermark detectors in all analog-to-digital converters. The FCC will balk at the obvious technical and economic flaws in this proposal.

The studios did seem to want a watermark-based system to close the analog hole, but they were held back by its total infeasibility. My main error here was to misjudge the time scale.

Verdict: mostly wrong.

(5) DRM technology will still be ineffective and inflexible. A few people in the movie industry will wake up to the hopelessness of DRM, and will push the industry to try another approach. But they won’t be able to overcome the industry’s inertia ? at least not in 2004.

DRM technology was nearly useless, as predicted. We’re starting to hear faint rumblings within the movie industry that a different approach would be wise. But, as predicted, the industry isn’t paying much attention to them.

Verdict: right.

(6) Increasingly, WiFi will be provided as a free amenity rather than a paid service. This will catch on first in hotels and cafes, but by the end of the year free WiFi will be available in at least one major U.S. airport.

Even some New Jersey diners now offer free WiFi. The Pittsburgh airport has offered free WiFi for nearly a year. And some airline clubrooms offer free WiFi that is accessible from nearby terminal areas.

Verdict: right.

(7) Voice over IP (VoIP) companies like Vonage will be the darlings of the business press, but the most talked-about VoIP-related media stories will be contrarian pieces raising doubt about the security and reliability implications of relying on the Internet for phone service.

VoIP got plenty of attention, but these companies were not “darlings of the business press”. Security/reliability contrarian stories didn’t get much play. This prediction went too far.

Verdict: mostly wrong.

Overall score: two right, three mostly right, two mostly wrong, none wrong. I’m a bit surprised to have done so well. Obviously this year’s predictions need to be more outrageous. I’ll offer them later in the week.

[UPDATE (1:15 PM): I originally wrote that the first prediction was wrong. Then an anonymous commenter pointed out that Abu Ghraib would qualify. See also the incident in India referenced in the comments.]

Recording Industry Publishing Infected P2P Files?

The recording industry may be publishing spyware-infested copies of their songs on P2P networks, according to a PC World story by Andrew Brandt and Eric Dahl.

The files are encoded in a Microsoft file format. When the user plays such a file, the user’s browser is forced to visit a URL contained in the file. For the files at issue here, the page at that URL uses various spyware-insertion tricks to try to infect the user’s machine with standard spyware programs. Ben Edelman reports that when he clicked on one such page, “My computer quickly became contaminated with the most spyware programs I have ever received in a single sitting, including at least the following 31 programs…” Ed Bott notes that fully patched systems won’t catch spyware from this file unless the user foolishly accepts downloads; but Ben Edelman argues that the files try to mislead the user into accepting the downloads, and in any case we know that users often are fooled by such tricks.

Even more interesting, PC World reports that, for at least one such file, the spyware-distribution page is hosted by Overpeer, a company that does lots of business with the recording industry. (It’s not clear whether the particular file Ben Edelman studied had any relation to Overpeer.) Overpeer, for example, is paid by the recording industry to spread spoofed files on P2P networks, in the hope that P2P users will download the fake files rather than real (infringing) ones.

The really interesting angle here, to me at least, is who approved the release of these spyware-bearing audio files onto P2P nets. It sure looks like Overpeer created the files. Did Overpeer release them? That would seem likely.

If Overpeer did release these copyrighted songs onto P2P nets, did they have the permission of the record companies that own the copyrights on the songs? If not, then Overpeer is a P2P infringer. It seems unlikely that Overpeer would take this risk, especially since the files contain a URL that points right back to Overpeer.

So it seems more likely that the record companies gave permission. If so, is it fair to say that these particular files, which contain copyrighted music, are circulating on P2P nets with the copyright owners’ permission? And what does this say about the record industry’s incessant argument that P2P nets distribute spyware?

All of this is speculation, of course. We don’t know for sure who did or didn’t participate in the files’ release. But it’s hard to see a scenario that makes both Overpeer and the record industry look good. There’s a nice investigative reporting opportunity here.

[Updated at 1:40 PM to clarify that the file tested by Ben Edelman might not be one of the files related to Overpeer. Thanks to Ben for his comment pointing this out.]

[Read the comments on this post – they’re particularly good.]

Clip Blog

I now have a clip blog, at http://www.freedom-to-tinker.com/clips. There I’ll post quick links to things that I find interesting, with little or no commentary.