August 28, 2016

Archives for March 2004


Remixing Politics

Somebody over at the Bush-Cheney campaign had better figure out this Internet thingy pretty soon, or it’s going to be a long, unpleasant online campaign for them.

The first evidence of the campaign’s Net-cluelessness was the Bush-Cheney poster generator that came to be called “The Sloganator”. This was a web tool, on the campaign’s site, that let you create a Bush-Cheney campaign poster containing the slogan of your choice. On hearing about this, any Net-savvy person knew exactly what would happen next. Opponents would discover the site and create posters with disparaging slogans. Contests would be held, to see who could make the funniest poster. And the whole episode would be commemorated with an online slide show.

This week brings another “what were they thinking” moment, as the Bush campaign contemplates buying pop-up ads on websites. This would be a clever idea – if the ads said “Vote for Kerry”. It’s hard to think of a better way to alienate the Net community than to associate your cause with something as universally despised as popup ads. And the mistake of running popup ads would be compounded by the inevitable response, as people all over the Net started attaching spoofed popup ads to their own sites.

Bradley Rhodes at DocBug predicts more of this sort of thing, as the remix culture collides with politics. The MoveOn homebrew ads are only the beginning. Expect to see agenda-laden Flash games, spoofed websites and commercials, George Bush verbal blooper tapes, videos of John Kerry debating himself, and nasty-funny creations of all types, from supporters of both sides (or all three, if you count Nader). It looks like we’re in for an entertaining campaign.


Study: Filesharing Doesn’t Affect Record Sales

Felix Oberholzer and Koleman Strumpf, of Harvard and the University of North Carolina, respectively, have published an interesting study on the effect of file sharing on record sales. They looked at album sales, actual download traffic for individual songs, and several other variables. Their main conclusion that file sharing had little or no effect on sales, and they could not reject the statistical hypothesis that filesharing had no effect at all on sales. Though these effects are not statistically significant, the data suggests that file sharing may boost the sale of the most popular albums, and may depress the sales of less popular albums, with a near-zero net effect on sales.

How much should we trust these results? I don’t know. The authors look like respectable academics, but their methodology is complex enough that I am not qualified to evaluate it. Perhaps a more qualified reader will have something to say about the study’s methodology.


Improving the PIRATE Act

Senators Orrin Hatch and Patrick Leahy have introduced a new bill, the PIRATE Act, that would authorize the U.S. government to bring civil lawsuits against copyright infringers, and would create a $2 million fund to pay for such suits. (Copyfight has the details.) Rather than doing this, it would be more efficient simply to give copyright owners the $2 million in cash, and let them decide whom to sue, or not to file suits at all.

If spending $2 million on lawsuits will deter enough infringement to increase (the present value of) future copyright revenues by more than $2 million, then copyright owners will find it in their interest to file the suits themselves. If not, then the government has no business filing the suits, since doing so would burn $2 million of government money to create a benefit of less than $2 million. So let’s save ourselves the trouble, and just give the cash to the RIAA and MPAA.

Criminal enforcement by the government might make sense, since private parties can’t bring criminal actions. But civil suits brought by the government, on the same terms those suits could be brought by copyright owners, can only be inefficient.

Worst of all, asking the Department of Justice to spend its valuable time and attention on small-fry copyright suits carries a high opportunity cost. The DoJ has much more important things to do. Copyright infringement is bad, but it’s hardly the greatest threat we face.


Witty Worm Analysis

Peter Harsha at CRA points to an interesting analysis, by Colleen Shannon and David Moore of CAIDA, of the recent Witty worm.


Light Weight

Derek Slater discusses Fraunhofer’s new Light Weight DRM system. Derek is skeptical but states his opinion cautiously, not being a technologist. In any case, Derek gets it right.

It’s hard to see much that’s new in this proposal. If we ignore the newly coined LWDRM buzzword and the accompanying marketing spin, we’re left with a fairly standard looking DRM scheme, of the type I call mark-and-trace.

Mark-and-trace DRM schemes try to put a unique, indelible mark on each legitimate copy of a work, so that any infringing copies found later can be traced, with the aid of the mark, back to the legitimate copy from which they originated. Such schemes have fallen out of favor recently, because of two problems.

First, the mark must really be indelible. If an adversary can remove the mark, the resulting “scrubbed” copy can be redistributed with impunity. Nobody has figured out how to make marks that can’t be removed from music or video. Past attempts to create indelible marks have failed miserably. A notable example is the SDMI watermarks that my colleagues and I showed were easily removed.

Second, blaming the buyer of an original for all copies (and copies of copies, etc.) made from it just isn’t practical. To see why, suppose Alice has a big collection of music on her laptop. Then her laptop is stolen, or somebody breaks into it electronically, and all of her songs end up on millions of computers all over the Net. What then? Do you take all of Alice’s earthly possessions to compensate for the millions of infringements that occurred? (And if that’s the policy, what sane person will buy music in the first place?) Or do you let Alice off the hook, and allow burglars to defeat your entire DRM scheme? Nobody has a plausible answer to this question; and the Fraunhofer people don’t offer one.


Utah Anti-Spyware Bill Becomes Law

Ben Edelman reports that Utah’s governor signed HB323 into law yesterday. That’s the anti-spyware law I discussed two weeks ago. I guess we’ll find out whether the bill’s opponents were right about its supposed burden on legitimate software businesses.


Used Hard Disks Packed with Confidential Information

Simson Garfinkel has an eye-opening piece in CSO magazine about the contents of used hard drives. Simson bought a pile of used hard drives and systematically examined them to see what could be recovered from them.

I took the drives home and started my own forensic analysis. Several of the drives had source code from high-tech companies. One drive had a confidential memorandum describing a biotech project; another had internal spreadsheets belonging to an international shipping company.

Since then, I have repeatedly indulged my habit for procuring and then analyzing secondhand hard drives. I bought recycled drives in Bellevue, Wash., that had internal Microsoft e-mail (somebody who was working from home, apparently). Drives that I found at an MIT swap meet had financial information on them from a Boston-area investment firm.

One of the drives once lived in an ATM. It contained a year’s worth of financial transactions


Lawyers, Lawyers Everywhere

Frank Field points to an upcoming symposium at Seton Hall on “Peer to Peer at the Crossroads: New Developments and New Directions for the Law and Business of Peer-to-Peer Networking”. Here’s a summary from the symposium announcement:

This Symposium will review recent developments in the law and business of peer-to-peer networks, with a view to determining where the law is going and where it should go. We will examine both the theoretical and practical implications of recent decisions and legislative initiatives, and will offer different perspectives on where the intersection between P2P technology and the law should lie. Our panelists include scholars and practitioners as well as representative from the U.S. Copyright Office.

This sounded pretty good. But reading the announcement more carefully, I noticied something odd: the speakers are all lawyers. If you’re having a conference whose scope includes business and technology, it seems reasonable to have at least some representation from the technology or business communities. Maybe on the panel about “Business Models, Technology, and Trends”?

Now I have nothing against lawyers. Some lawyers really understand technology. A few even understand it deeply. But if I were running a conference on law and technology, and I invited only technologists to speak, this would be seen, rightly, as a big problem. It wouldn’t be much of an excuse for me to say that those technologists know a lot about the law. If I’m inviting ten speakers for a conference on technology and the law, surely I have one slot for somebody whose primary expertise is in the law.

Yet the same argument, running in the other direction, seems not to apply sometimes. Why not?


Security Attacks on Security Software

A new computer worm infects PCs by attacking security software, according to a Brian Krebs story in Saturday’s Washington Post. The worm exploits flaws in two personal firewall products, made by Black Ice and Real Secure Internet. Just to be clear: the firewalls’ flaw is not that they fail to stop the worm, but that they actively create a hole that the worm exploits. People who didn’t buy these firewalls are safe from the worm.

This has to be really embarrassing for the vendor, ISS. The last thing a security product should do is to create more vulnerabilities.

This problem is not unique. Last week, another security product, Norton Internet Security, had a vulnerability reported.

Consumers are still better off, on balance, using PC security products. On the whole, these products close more holes than they open. But this is a useful reminder that all network software caries risks. Careful software engineering is needed everywhere, and especially for security products.


Gleick on the Naming Conundrum

James Gleick has an interesting piece in tomorrow’s New York Times Magazine, on the problems associated with naming online. If you’re already immersed in the ICANN/DNS/UDRP acronym complex, you won’t learn much; but if you’re not a naming wonk, you’ll find the piece a very nice introduction to the naming wars.