November 24, 2024

Fritz's Hit List #5

Today on Fritz’s Hit List: the Sony Aibo robot dog.

This product, which sends, receives, and digitally processes audio, qualifies for regulation as a “digital media device” under the Hollings CBDTPA. If the CBDTPA passes, any newly manufactured Aibos will have to incorporate government-approved copy restriction technology.

Fight piracy – regulate robot pets!

NYT: Software Diverts Referral Commissions

Today’s NYT discusses software that horns in on referral commissions (like those from Amazon’s affiliates program) meant for others.

Based on the article’s description, it looks like the software lurks quietly, waiting until the user’s browser is going to place an order that could generate a commission. Then the software inserts its distributor’s ID into the request, so as to capture the commission. Apparently the software even puts its own ID in place of another party’s ID, meaning that it captures commissions “meant” for others.

This software comes bundled into programs that a user downloads for free. The user “consents” to the commission-grabbing software’s behavior via vague language inserted into the enclosing product’s click-through agreement.

This seems like a pretty slimy thing to do. Maybe the lawyers out there can tell us whether it’s legal.

Godwin Article on the "Right to Tinker"

Mike Godwin has a new article at law.com on “the right to tinker.” He mentions my upcoming book on the topic. (Thanks, Mike.)

Notes on Today's Berman-Coble Hearings

A House subcommittee held hearings this morning about the Berman-Coble peer-to-peer (p2p) hacking bill. I heard the first two hours, but then I had to go give a lecture.

The bill would give copyright owners new powers to employ self-help “hacking” measures aimed to prevent infringing file-trading on p2p networks. Everybody agreed that the self-help measures now being used are legal. One such measure is spoofing – providing dummy files that look like infringing material, to make it hard for people to find real infringing copies.

The big surprise for me was that the content-industry people seemed to have little idea what they would do with their new powers. When asked what they wanted to do that would be legalized by the bill, RIAA CEO Hilary Rosen said she didn’t know. She referred the question to Randy Saaf of MediaDefender.

Saaf could only come up with one desired measure that the bill would legalize. He called the measure “interdiction” and he described it as connecting to the offending user’s computer and downloading the offending file, in a way that prevented others from downloading. That sounds to me like a classic denial of service attack.

Everybody seemed to understand that the bill’s passage would escalate the technical arms race of measures and countermeasures between p2p designers and copyright owners. Nobody seemed to have any idea where that arms race would lead, or what its implications might be for the bill.

Congressman Boucher summed it up well when he said that Congress would be wise to wait until the copyright owners at least know what they want.

Misleading Term of the Week: "Standard"

A “standard” is a technical specification that allows systems to work together to make themselves more useful. Most people say, for good reasons, that they are in favor of technical standards. But increasingly, we are seeing the term “standard” misapplied to things that are really regulations in disguise.

True standards strive to make systems more useful, by providing a voluntary set of rules that allow systems to understand each other. For example, a standard called RFC822 describes a standardized way to format email messages. If my email-sending software creates RFC822-compliant messages, and your email-receiving software understands RFC822-compliant messages, then you can read the email messages that I send you. Compliance with such a standard makes our software more functional.

Crucially, standards like RFC822 are voluntary and nonexclusive. Nobody forces any email-software vendor to comply with RFC822, and there is nothing to stop a vendor’s product from complying simultaneously with both RFC822 and other standards.

Lately we have seen the word “standard” misapplied. For example, the Broadcast Protection Discussion Group (BPDG) calls its proposal a “standard,” though it is anything but. Unlike a real standard, BPDG is not voluntary. Unlike a real standard, it contains prohibitions rather than opportunities. Put the BPDG “standard” in front of experienced engineers, and they’ll tell you that it looks like a regulation, not like a standards document. BPDG is trying to make its restrictive regulations more palatable by wrapping them in the mantle of “standards.”

A more subtle misuse of “standard” arises in claims that we need to standardize on DRM technology. As I wrote previously:

In an attempt to sweep [the technical infeasibility of DRM] under the rug, the content industry has framed the issue cleverly as one of standardization. This presupposes that there is a menu of workable technologies, and the only issue is which of them to choose. They want us to ask which technology is best. But we should ask another question: Are any of these technologies workable in the first place? If not, then a standard for copy protection is as premature as a standard for teleportation.