August 24, 2016

Archives for January 2005


Show Us the Numbers

Today brings yet another story about how Hollywood’s finances are better than ever. Ross Johnson’s story (“Video Sales Abroad Are Good News in Hollywood. Shhh.“) in today’s New York Times tells us that the studios are keeping their overseas DVD sales secret, so as not to interfere with the industry’s tradition of lowballing its revenue.

“For a long time, the film business was a single-digit business on investment return,” said Charles Roven, the producer of “Batman Begins” from Warner Brothers, a division of Time Warner. “Now, because of home video, it’s a low double-digit business, and the studios want to make sure it doesn’t go back into the single-digit business.”

In the past, lowballing has enabled the industry to limit its payouts to stars whose contracts call for a share of the profits. As the story reports, that battle goes on.

These days, of course, surging profits would be inconvenient in another way. They would undercut the industry’s rent-seeking in Washington, which relies on a narrative in which technology destroys the industry’s revenue stream. If the technology problem is really as bad as the industry says, then it ought to show up in the sales numbers.

The music industry has opened its books, reporting sales and revenue numbers that fell for several years before rebounding slightly in 2004. By all reports, the movie industry is still more profitable than ever.

It may turn out that the net effect of technology on the industry is neutral, or even positive. If so, then no expansion of copyright law is needed, and a mild contraction may even be in order. Remember, the goal of copyright is not to maximize the profits of any one industry, but to foster creativity by regulating just enough to ensure an adequate incentive to create. If the industry wants to argue that incentives are inadequate now, or will be in the future, then it will have to show us the numbers.

The stars fight lowballing by demanding a detailed audit of industry revenue reports. We should demand no less.


Review of MPAA's "Parent File Scan" Software

Yesterday the MPAA announced the availability of a new software tool called Parent File Scan. I decided to download it and try it out. Here’s my review.

According to an MPAA site,

Parent File Scan software helps consumers check whether their computers have peer-to-peer software and potentially infringing copies of motion pictures and other copyrighted material. Removing such material can help consumers avoid problems frequently caused by peer-to-peer software. The information generated by the software is made available only to the program’s user, and is not shared with or reported to the MPAA or another body.

In practice, if there are music files on a computer, no software tool can tell whether they’re legal or illegal, because there is no way to tell whether the files came from ripping the consumer’s own CDs (which is legal) or from infringing P2P downloading (which is illegal). Saying the music files on consumer computers are “potentially infringing” will probably cause some people to delete files that are perfectly legal. The implication that removing music files from your computer “can help [you] avoid problems frequently caused by peer-to-peer software” seems misleading. Of course, it’s totally correct that removing P2P apps will eliminate any problems caused by P2P apps.

The Parent File Scan software itself comes from a company called DtecNet. You download and install the software, click through a standard-looking EULA, and you’re ready to go. When you tell it to scan, it searches your hard drive for files in common audio or video formats, and for P2P apps. On my machine, it seemed to find all of the audio files (all legal). It failed to find any video files, which I think is correct. The only P2P app on my machine was an old version of Napster (which was never used to infringe). Parent File Scan failed to find Napster, but it’s worth noting that the old Napster version in question is now utterly useless.

At the end of the scan, if you have any P2P apps, Parent File Scan offers to remove them. Based on the documentation, it appears that the removal is done by invoking the P2P app’s own removal program; the documentation warns that there might not be a removal program, and it might not remove everything that came with the P2P app (i.e., spyware).

Parent File Scan also lists the audio and video files it found. It discloses very clearly (annoyingly often, in fact) that it has no way of knowing whether the files are legal or illegal. Here’s a typical message:

The program does not distinguish between legal and illegal copies. It is up to the user to determine whether the files found by the program have been acquired legally, or if the material should be deleted.

In the post-scan display, each audio/video file has a checkbox which you can check to designate the file for deletion. The default is to delete nothing. I deleted a few old files that I didn’t want anymore, and everything seemed to work correctly.

All in all, the program seems to do its job well. The user interface is clear and straightforward, and does not try to scare or mislead the user. Not everybody will want this a program like this, but those who do will probably be happy with Parent File Scan.

UPDATED (11:15 PM): Added the word “infringing” before “P2P” in the “In practice …” paragraph, to eliminate the (false) implication that all P2P downloading is illegal.



Natali Helberger at INDICARE questions Microsoft’s new “playsforsure” campaign. Playsforsure is a logo that will be displayed by digital music and video stores, and media devices. The program has a cute logo:

According to the program’s website,

Look for the PlaysForSure logo if you’re shopping for a portable music or video device and you want to make sure the digital music and video you purchase will play back on it every time. Match the PlaysForSure logo on a large selection of leading devices and online music stores. If you see the logo you’ll know your digital music will play for sure.

So if I buy a product with the playsforsure logo on it, I can play any music I like on it. And if I buy a song from a playsforsure music store, I can play it on any device I like. Right? Maybe not. Elsewhere on the site, we find this:

When your device and music service are compatible with each other, all you have to do is choose the music that’s compatible with you.

Hmm, that doesn’t sound so good. But at least I’ll know that if my device, my music store, and my music all have the playsforsure logo, it’ll work, with no fine-print exceptions. Right? Maybe not.

Look on the back of the device box to see what type of media will play back on the device.

The checkmarks indicate if the device is capable of playing back audio and/or video that’s been downloaded from an online store. Additionally some devices will be able to play back media that has been purchased through an online store that offers subscription or rentals.

Well, at least I know that the engineers are doing everything they can to make their products compatible with each other. Maybe someday they’ll finish that MP3 standard and we’ll be able to play our music on any device we like.

[Ed’s assignment desk: Somebody with artistic talent (i.e., not me) should create a “playsmaybe” logo, perhaps depicting a square peg labled “playsmaybe” failing to fit into a round hole labeled “DRM in use”.]


Balancing Tests in the Grokster Briefs

The biggest issue in the Grokster case is whether the Supreme Court adjusts or clarifies its precedent from the Sony Betamax case. The fate of Grokster itself is much less important than what ground rules the Court imposes on future innovators.

The core of the Betamax opinion is this oft-quoted passage:

The staple article of commerce doctrine must strike a balance between a copyright holder’s legitimate demand for effective – not merely symbolic – protection of the statutory monopoly, and the rights of others freely to engage in substantially unrelated areas of commerce. Accordingly, the sale of copying equipment, like the sale of other articles of commerce, does not constitute contributory infringement if the product is widely used for legitimate, unobjectionable purposes. Indeed, it need merely be capable of substantial noninfringing uses.

There are two ideas here: the need to balance the interests of copyright holders against the interests of others, and, following from this need for balance, immunity from contributory infringement for devices sufficiently capable of noninfringing use. Grokster often argues from the immunity language. The studios often argue from the balance language, asserting that Grokster’s reading of the immunity language is inconsistent with the balance language. Many of the briefs filed on Monday take this latter angle.

What’s interesting is that most of those briefs, though relying heavily on balance arguments, seem to miss an important aspect of Betamax’s balance language. They do this by setting up a balancing test between the interests of copyright owners and the interests of Grokster. But that’s not quite the balance that Betamax is talking about.

The Betamax court would balance the interests of copyright holders against those of “others freely to engage in [noninfringing] areas of commerce.” Here “others” refers not only to the maker of the challenged product (here, Grokster) but to everybody who benefits from the product’s existence. This includes users who benefit from noninfringing uses of the product, musicians or publishers who use the product to disseminate their work, users who will benefit from not-yet-discovered uses of the product, developers of future noninfringing products who learn from seeing the product in operation, and so on. These benefits are often diverse, diffuse, and difficult to foresee, which is why the Betamax court was cautious about imposing liability for infant technologies.

I’ve read most of the briefs filed in Monday’s group. Of these, I’ve seen only three that seem to understand this point about what interests need to be balanced. These three come from the video store dealers; a group of professors (Kenneth Arrow et al.); and IEEE-USA. These briefs differ in their ultimate conclusions, which is not surprising. Understanding which interests need to be balanced is only a starting point for analysis.


Grokster Briefs: Toward a More Regulable Net

Many briefs were filed yesterday in Grokster, the upcoming Supreme Court case which has broad implications for technology developers. (Copies of the briefs are available from EFF.) There’s a lot to discuss in these briefs. Today I want to focus on two of the amicus briefs, one from the Solicitor General (who represents the U.S. government), and one from a group of anti-porn and police organizations.

The Solicitor General offers an odd discussion of P2P and the Internet’s history (pp. 2-3):

1. Peer-to-peer (P2P) computing technology enables users of a particular P2P network to access and copy files that are located on the computers of other users who are logged in to the network. Unlike traditional Internet transactions, in which a user’s computer obtains information from a specific website operated by a central computer “server,” P2P networking software gives users direct access to the computers of other users on the network. [Citation omitted.] P2P file-sharing software thus performs two principal functions: First, it searches for and locates files that are available on the various “peer” computers linked to the network, and second, it enables a user to retrieve and copy the desired files directly from such computers.

This history could hardly be more wrong. The ability to share files between any two computers on the network was an explicit goal of the Internet, from day one. The web is not a traditional aspect of the Internet, but a relatively recent development. And the web does not require or allow only large, centralized servers. Anybody can have a website – I have at least three. Searching for files and retrieving copies of files is a pretty good description of what the web does today.

What the Solitor General seems to want, really, is a net that is easier to regulate, a net that is more like broadcast, where content is dispensed from central servers.

The anti-porn amici come right out and say that that is what they want. Their brief uses some odd constructions (“Like any non-sentient, non-judgmental technology, peer-to-peer technology can be misused…”) and frequent recourse to the network fallacy.

Their main criticism of Grokster is for its “engineered ignorance of use and content” (p. 9; note that the quoted phrase is a reasonable definition of the end-to-end principle, which underlies much of the Internet’s design), for failing to register its users and monitor their activities (e.g., p. 13), for failing to limit itself to sharing only MP3 files as Napster did (really! p. 17), and for “engineer[ing] anonymous, decentralized, unsupervised, and unfiltered networks” (p. 18).

These arguments (as the lawyers say) prove too much, as they would apply equally to the Internet itself, which is ignorant of use and content, does not register most of its users or monitor their activities, does not limit the types of files that can be shared, and is generally anonymous, decentralized, unsupervised, and unfiltered.

What kind of net would make these amici happy? The Solicitor General speaks approvingly of LionShare, Penn State’s home-grown P2P system, which appears to register and log everything in sight. Of course, LionShare doesn’t fully exist yet, and even when it does exist it will not be available to the public (see LionShare FAQ, which says that the source code will be available to the public, but the public will not be allowed to share files with “authorized” academic users). For a member of the public who wants to share a legal, non-porn, non-infringing file with a wide audience, the Web, or Grokster, is a much better technology than LionShare.

These briefs are caught between nostalgia for a past that never existed, and false hope for future technologies that won’t do the job.


Why Hasn't TiVo Improved?

The name TiVo was once synonymous with an entire product category, Digital Video Recorders. Now the vultures are starting to circle above TiVo, according to a New York Times story by Saul Hansell. What went wrong?

The answer is obvious: TiVo chose to cozy up to the TV networks rather than to its customers.

When my family bought a TiVo, it was a cutting-edge product (the TiVo, not the family; but come to think of it, the family was pretty cool too), delivering a customer experience that was hard to find elsewhere. Since then, eight years have passed – an eternity in the electronics business – and TiVo is still selling essentially the same product. Sure, they have added a few bells and whistles, but nothing that made us want to run out and buy a new box.

TiVo made a decision, early on, to cozy up to the TV networks, to stay within their comfort zone. But the networks’ comfort zone is awfully confining. ReplayTV took a different path, seizing the technological lead with new features that angered the networks; and the networks brought a lawsuit that ReplayTV couldn’t afford to defend. At the time, TiVo execs probably chuckled and congratulated themselves for their caution.

Now the time has come for TiVo to pay for its timidity. Its technology is no longer distinctive, and the rising tide of DRM threatens to cut TiVo’s products out of the TV delivery pipeline. (Remember, DRM is just another name for deliberate incompatibility.) It’s not clear what the company will have to offer future customers.

Which brings us to the key paragraph in the New York Times story:

Last week, TiVo announced that Mr. Ramsay was stepping down as chief executive but would remain as chairman. He said the change was his idea and had been under discussion for months. Several board members and others close to the board confirm that. But they also said that the board hoped to hire someone with less of Mr. Ramsay’s fierce belief in the power of TiVo’s technology. They said they preferred someone with an ability to repair TiVo’s relations with the big cable companies.

[italics added] As in so many organizations, TiVo’s response to crisis is to do more of what got them in trouble, rather than returning to the strategy that made them successful in the first place.

This is bad news for TiVo, which desperately needs new, distinctive technology if it wants to survive. It’s bad news for customers too.

UPDATE (2:00 PM): Matt Haughey has a nice response over at PVRblog.


Network Monitoring: Harder Than It Looks

Proposals like the Cal-INDUCE bill often assume that it’s reasonably easy to monitor network traffic to block certain kinds of data from being transmitted. In fact, there are many simple countermeasures that users can (and do, if pressed) use to avoid monitoring.

As a simple example, here’s an interesting (and well known) technical trick. Suppose Alice has a message M that she wants to send to Bob. We’ll treat M as a number (bearing in mind that any digital message can be thought of as a number). Alice chooses a random number R which has the same number of digits as M. She sends the message R to Bob; then she computes X = M-R, and sends the message X to Bob. Obviously, Bob can add the two messages, R + (M-R), and the sum will be M – the message Alice originally wanted to send him.

[Details, for mathematical purists: all arithmetic is done modulo a large prime P; R is chosen randomly in [0, P-1]. When I say a value “looks random” I mean that it is indistinguishable (in the information-theoretic sense) from a random value.]

Now here’s the cool part: both of the messages that Alice sends look completely random. Obviously R looks random, because Alice generated it randomly. But it turns out that X looks random too. To be more precise: either message by itself looks completely random; only by combining the two messages can any information be extracted.

By this expedient, Alice can foil any network monitor who looks at network messages one at a time. Each individual message looks innocuous, and it is only by storing messages and combining them that a monitor can learn what Alice is really telling Bob. If Alice sends the two messages by different paths, then the monitor has to gather messages from multiple paths, and combine them, to learn what Alice is telling Bob.

It’s easy for Alice to extend this trick, to split her message M into any number of pieces. For example, Alice could split M into five pieces, by generating four random numbers, R1, R2, R3, and R4, and then computing X = M-(R1+R2+R3+R4). Given any four of these five pieces, nothing can be deduced. Only somebody who has all five pieces, and knows to combine them by addition, can extract information. So a monitor has to gather and compare many messages to see what Alice is up to, even though Alice isn’t using encryption.

There are many more technical tricks like this that are easy for Alice and Bob to adopt, but hard for network monitors to cope with. If the monitors want to engage in an arms race, they’ll lose.


My Morning Pick-Me-Up

First thing this morning, I’m sitting in my bathrobe, scanning my inbox, when I’m jolted awake by the headline on a TechDirt story:

California Senator Wants to Throw Ed Felten in Jail

I guess I’ll take the time to read that story!

Kevin Murray, a California legislator, has introduced a bill that would fine, or imprison for up to one year, any person who “sells, offers for sale, advertises, distributes, disseminates, provides, or otherwise makes available” software that allows users to connect to networks that can share files, unless that person takes “reasonable care” to ensure that the software is not used illegally. TechDirt argues that my TinyP2P program would violate the proposed law.

Actually, the bill would appear to apply to a wide range of general-purpose software:

“[P]eer-to-peer file sharing software” means software that once installed and launched, enables the user to connect his or her computer to a network of other computers on which the users of these computers have made available recording or audiovisual works for electronic dissemination to other users who are connected to the network. When a transaction is complete, the user has an identical copy of the file on his or her computer and may also then disseminate the file to other users connected to the network.

That definition clearly includes the web, and the Internet itself, so that any software that enabled a user to connect to the Internet would be covered. And note that it’s not just the author or seller of the software who is at risk, but also any advertiser or distributor. Would TechDirt be committing a crime by linking to my TinyP2P page? Would my ISP be committing a crime by hosting my site?

The bill provides a safe harbor if the person takes “reasonable care” to ensure that the software isn’t used illegally. What does this mean? Standard law dictionaries define “reasonable care” as the level of care that a “reasonable person” would take under the circumstances, which isn’t very helpful. (Larry Solum has a longer discussion, which is interesting but doesn’t help much in this case.) I would argue that trying to build content blocking software into a general-purpose network app is a fruitless exercise which a reasonable person would not attempt. Presumably Mr. Murray’s backers would argue otherwise. This kind of uncertain situation is ripe for intimidation and selective prosecution.

This bill is terrible public policy, especially for the state that leads the world in the creation of innovative network software.


Enforceability and Steroids

Regular readers know that I am often skeptical about whether technology regulations can really be enforced. Often, a regulation that would make sense if it were (magically) enforceable, turns out to be a bad idea when coupled with a realistic enforcement strategy. A good illustrative example of this issue arises in Major League Baseball’s new anti-steroids program, as pointed out by David Pinto.

The program bars players from taking anabolic steroids, and imposes mandatory random testing, with serious public sanctions for players who test positive. A program like this helps the players, by eliminating the competitive pressure to take drugs that boost on-the-field performance but damage users’ health. Players are better off in a world where nobody takes steroids than in one where everybody does. But this is only true if drug tests can accurately tell who is taking steroids.

A common blood test for steroids measures T/E, the ratio of testosterone (T) to epitestosterone (E). T promotes the growth and regeneration of muscle, which is why steroids provide a competitive advantage. The body naturally makes E, and later converts it into T. Steroids are converted directly into T. So, all else being equal, a steroid user will have higher T/E ratio than a non-user. But of course all else isn’t equal. Some people naturally have higher T/E ratios than others.

The testing protocol will set some threshold level of T/E, above which the player will be said to have tested positive for steroids. What should the threshold be? An average value of T/E is about 1.0. About 1% of men naturally have T/E of 6.0 or above, so setting the threshold at that level would falsely accuse about 1% of major leaguers. (Or maybe more – if T makes you a better baseball player, then top players are likely to have unusually high natural levels of T.) That’s a pretty large number of false accusations, when you consider that these players will be punished, and publicly branded as steroid users. Even worse, nearly half of steroid users have T/E of less than 6.0, so setting the threshold there will give a violator a significant chance of evading detection. That may be enough incentive for a marginal player to risk taking steroids.

(Of course it’s possible to redo the test before accusing a player. But retesting only helps if the first test mismeasured the player’s true T/E level. If an innocent player’s T/E is naturally higher than 6.0, retesting will only seem to confirm the accusation.)

We can raise or lower the threshold for accusation, thereby trading off false positives (non-users punished) against false negatives (steroid users unpunished). But it may not be possible to have an acceptable false positive rate and an acceptable false negative rate at the same time. Worse yet, “strength consultants” may help players test themselves and develop their own customized drug regimens, to gain the advantages of steroids while evading detection by the official tests.

Taking these issues into account, it’s not at all clear that a steroid program helps the players. If many players can get away with using steroids, and some who don’t use are punished anyway, the program may actually be a lose-lose proposition for the players.

Are there better tests? Will a combination of multiple tests be more accurate? What tests will Baseball use? I don’t know. But I do know that these are the key questions to answer in evaluating Baseball’s steroids program. It’s not just a question of whether you oppose steroid use.


CBS Tries DRM to Block Criticism of Rathergate Report

Last week the panel investigating CBS’s botched reporting about President Bush’s military service released its report. The report was offered on the net in PDF format by CBS and its law firm. CBS was rightly commended for its openness in facing up to its past misbehavior and publicizing the report. Many bloggers, in commenting on the report and events that led to it, included quotes from the report.

Yesterday, Ernest Miller noticed that he could no longer copy and paste material from the report PDF into other documents. Seth Finkelstein confirmed that the version of the report on the CBS and law firm websites had been modified. The contents were the same but an Adobe DRM (Digital Restrictions Management) technology had been enabled, to prevent copying and pasting from the report. Apparently CBS (or its lawyers) wanted to make it harder for people to quote from the report.

This is yet another use of DRM that has nothing to do with copyright infringement. Nobody who wanted to copy the report as a whole would do so by copying and pasting – the report is enormous and the whole thing is available for free online anyway. The only plausible use of copy-and-paste is to quote from the report in order to comment, which is almost certainly fair use.

(CBS might reasonably have wanted to prevent modifications to the report file itself. They could have done this, within Adobe’s DRM system, without taking away the ability to copy-and-paste material from the file. But they chose instead to ban both modification and copy-and-paste.)

This sort of thing should not be a public policy problem; but the DMCA makes it one. If the law were neutral about DRM, we could just let the technology take its course. Unfortunately, U.S. law favors the publishers of DRMed material over would-be users of that material. For example, circumventing the DRM on the CBS report, in order to engage in fair-use commentary, may well violate the DMCA. (The DMCA has no fair-use exception, and courts have ruled that a DMCA violation can occur even if there is no copyright infringement.)

Worse yet, the DMCA may ban the tools needed to defeat this DRM technology. Dmitry Sklyarov was famously jailed by the FBI for writing a software tool that defeated this very same DRM technology; and his employer, Elcomsoft, was tried on criminal charges for selling fewer than ten copies of that tool.

As it turns out, the DRM can apparently be defeated easily by using Adobe’s own products. A commenter on Seth’s site (David L.) notes that he was able to turn off the restrictions using Adobe Acrobat: “The properties showed it set to password security. I was goofin around and changed it to No Security adn it turned off the security settings. I then saved the pdf and reopened it and the security was gone…. Apparently forging documents is not all that CBS sucks at.”

UPDATED (12:35 PM) to clarify: changed “cut-and-paste” to “copy-and-paste”, and added the parenthesized paragraph.