April 18, 2014

avatar

Who Uses Peer-to-Peer?

If you listen to the rhetoric about peer-to-peer copyright infringement, you might conclude that most of that infringement takes place at universities. But at this week’s House hearings on “Peer-to-Peer Piracy on University Campuses,” committee chairman Rep. Lamar Smith reportedly cited statistics showing that 10% of P2P users are at educational institutions. That’s surprisingly low. Does anybody know where the other 90% are?

avatar

Berkeley DRM Workshop

It’s the second day of the Berkeley DRM Workshop, a wonderful conference. Donna points to live commentary from several bloggers.

I was on a panel with David Wagner, Hal Abelson, John Erickson, Joe Liu, and Larry Lessig. My quick presentation (here, in PowerPoint format) was about the (negative) impact of DRM and its companion regulations on a wide range of public policy debates. If you can’t learn about technology and you can’t talk about technology, then you can’t make good public policy decisions about technology.

avatar

Lexmark Gets Preliminary Injunction

A news.com story by David Becker reports that a Federal judge has granted a preliminary injunction against Static Control in the DMCA lawsuit brought by Lexmark.

To review, Lexmark makes printers, and Static Control makes replacement toner cartridges for Lexmark printers. Lexmark’s printers do a cryptographic handshake with Lexmark-brand toner cartridges, and Static Control cartridges do the same crypto handshake so that they will work in Lexmark printers. Lexmark filed a lawsuit, clai ming that the Static Control products violate the DMCA’s anti-circumvention rules.

The preliminary injunction prohibits Static Control from selling the challenged product. I haven’t seen any written opinion from the Court yet; I’ll add a pointer to the opinion if/when I get it.

avatar

Congressmen Tell Universities to Stop P2P

Declan McCullagh at CNet news.com reports on a congressional committee hearing today about P2P copyright infringement at universities. Some in Congress are turning up the rhetorical heat on universities, urging them to react to copyright infringement as energetically as they react to the most serious crimes.

Members of the House of Representatives subcommittee that oversees copyright law said at a hearing that peer-to-peer piracy was a crime under a 1997 federal law, but universities continued to treat file-swapping as a minor infraction of campus disciplinary codes.

“If on your campus you had an assault and battery or a murder, you’d go down to the district attorney’s office and deal with it that way,” said Rep. William Jenkins, R-Tenn.

All of this discussion seems to assume that it is easy to distinguish P2P traffic from other traffic. This may be true in the short run, but once P2P blocking starts to become popular, the P2P systems will evolve so that they blend in to non-P2P traffic. In the long run, blocking P2P traffic looks like a technically dubious approach.

Nonetheless, things will get increasingly unpleasant for universities.

(Disclaimer: I don’t speak for Princeton. When I write about “universities” I mean universities in general and not Princeton in particular.)

avatar

Berman Bill May Not Return

According to an article by Jon Healey in Friday’s Los Angeles Times, Rep. Howard Berman may not reintroduce his “peer-to-peer hacking” bill in the new Congress. The bill, you may recall, would authorize copyright owners to launch some types of targeted denial of service attacks against people who are offering infringing files via peer-to-peer systems like Kazaa, Gnutella, or the Web.

Berman had introduced the bill in the last Congress, but it died in committee. He had planned to reintroduce it, but is rethinking that after Hollywood expressed reservations about the bill.

This week, however, Berman said he may not revive the measure. For one thing, copyright holders may not need extra protection to combat file-sharing piracy, he said. And though Berman wasn’t deterred by complaints from consumer advocates, the concerns voiced by Hollywood studios – among the biggest beneficiaries of the bill, given their active anti-piracy efforts online – suggested that Berman was climbing out on a limb by himself.

In particular, Hollywood’s enthusiasm for the bill was dimmed by Berman’s insistence on imposing new liabilities on copyright holders that go too far in attacking pirates. “And if they’re not for it,” Berman asked, “where am I going?”

avatar

E-Voting Victory (Probably)

Santa Clara County, California, located in the heart of Silicon Valley, has decided that their new electronic voting machines must offer voter-checkable audit records. An AP story at the New York Times reports that the vendor, Sequoia Voting Systems, will add paper receipt printers to their machines to accomodate the county.

This looks like a victory for the campaign by computer scientists against e-voting systems that don’t offer such paper records. Now we’ll see what we can do here in Mercer County, New Jersey.

UPDATE (7:30 PM): Kim Alexander at the California Voter Foundation offers a more detailed (and nuanced) description of Santa Clara County’s decision. (Thanks to Jim Tyre for the pointer.)

avatar

Another Attempted Suppression of Security Research

Researchers at Cambridge University published information on a flaw in banks’ procedures that rogue bank employees may have been using to learn the PINs from many customers’ ATM cards. It has always been easy to forge ATM cards, so knowing the PIN allows criminals to steal money easily from customers’ accounts. Now some banks are apparently trying to suppress the research.

Kuro5hin has the details.

The interesting twist here is that the banks sometimes bring legal actions against customers who they accuse of overdrawing their accounts by making excessive ATM withdrawals. The customers’ defense is often that they didn’t make the withdrawals. The banks argue that their security mechanisms prevent fraud, so if the withdrawals were made, it must have been the customers who made them. Because of this, the security of the banks’ systems and procedures are a central issue in such cases, and the availability of evidence on such issues is important to ensure that the accused customers can mount a proper defense.

avatar

“Accidental Privacy Spills”

Don’t miss James Grimmelmann’s essay of that title over at LawMeme. The essay tells the story of how an email that journalist Laurie Garrett sent to a few friends leaked out gradually onto the Internet, and reflects on the implications of this kind of leak.

avatar

Free Storage

Dan Gillmor’s Sunday column points out that hard-disk data storage now costs less than one dollar per gigabyte. Thanks to Moore’s law, the cost of storage is asymptotically approaching zero. It’s interesting to stop and think about what happens as storage becomes essentially free.

Traditionally, storing data has been expensive, so we spent time sorting through our stored data to see what we could discard. We only kept something if we really needed it.

If storage is nearly free, though, the traditional cost equation inverts – it becomes much cheaper to keep information than to worry about whether to delete it. Why go to the trouble and expense to sort through your old stuff, when instead you can just keep it forever?

If storage is free, then the only reason to delete a record is because it might embarrass you, or because it might put you in a bad legal position somehow. In such a world, the very fact that you deleted something would arouse suspicion.

The same logic applies to information that you’re not recording now. If it’s free to store information, then you might as well record it, just in case it turns out to be useful. Even if you’re not sure how it might be useful, the cheap and easy course will be to record everything. You don’t have to be a conspiracy theorist to see why it might occasionally be useful to store, say, photographs of everybody you meet, or a continuous video recording of the street outside your house.

All of this has serious implications for privacy. People will avoid excessive recording of their own activities, but the temptation to record others, just in case the recording might be useful, will be strong. If cost is no longer a barrier to surveillance by our neighbors, some new barrier has to arise. What will it be?

avatar

Another Palladium Article

The Chronicle of Higher Education offers a disappointing article on Microsoft’s Palladium. Like many Palladium articles, this one seems to look for conflict and disagreement rather than an explanation of what is really at stake.

We hear about fair use, which in my view is not the main problem posed by Palladium. And we hear that Palladium will “[deter] 98 to 99 percent of all hackers,” which can’t be right – even Microsoft marketing people don’t make such extravagant claims.

For what it’s worth, I get the lead quote: “If Palladium is adopted, and if other technology vendors exploit it fully to restrict access to copyrighted works, education and research will suffer.” When I said this, I was trying to make the point that the main harms that might arise from Palladium would come not from Microsoft but from what other vendors might do with Palladium’s features. But the article spins it as an anti-Microsoft comment.

This is good motivation to spend more time working on that “Understanding Palladium” article….