August 31, 2016

Archives for November 2006


Duck Amuck and the Takedown Gun

I wrote last week (1, 2) about the CopyBot tool in Second Life, which can make an exact lookalike copy of any object, and the efforts of users to contain CopyBot’s social and economic effects. Attempts to stop CopyBot by technology will ultimately fail – in a virtual world, anything visible is copyable – so attention will turn, inevitably, to legal tactics.

One such tactic is the DMCA takedown notice. Second Life lets users keep the copyright in virtual objects they create, so the creator of a virtual object has a legal right to stop others from copying it (with standard exceptions such as fair use). The Digital Millennium Copyright Act (DMCA), among its other provisions, exempts service providers such as Second Life from liability for copyrighted stuff posted by users, provided that Second Life implements the DMCA’s notice and takedown procedure. Under this procedure, if you see an infringing copy of your material on Second Life, you can send a notice containing certain information to Second Life, and they have to respond by taking down the accused material. (For further details consult your neighborhood copyright lawyer.)

Let’s apply this to a specific example. Alice designs a spiffy new hot air balloon that everyone covets. Bob uses CopyBot to make his own replica of the balloon, which he starts riding around the skies. Alice discovers this and sends a takedown notice to Second Life. Bob’s balloon is then “taken down” – it disappears from the world, as in the classic cartoon Duck Amuck, where the animator’s eraser plays havoc with Daffy Duck’s world.

But surely Bob isn’t the only one riding in a copied balloon. Others may have CopyBotted their own balloons or bought a balloon copy from Bob. It’s tedious for Alice to write and send a takedown notice every time she sees a copied balloon.

What Alice needs is a takedown gun. When she sees an infringing balloon, she just points the takedown gun at it and pulls the trigger. The takedown gun does the rest, gathering the necessary information and sending a takedown notice, dooming the targeted balloon to eventual destruction. It’s perfectly feasible to create a takedown gun, thanks to Second Life’s rich tools for object creation. It’s a gun that shoots law rather than bullets.

For extra style points, Alice can program the gun so that it refuses to shoot at balloons that she herself built. To do this, she programs the gun, before it fires, to issue a cryptographic challenge to the balloon. Authorized balloons will know a secret key that allows them to respond correctly to the challenge. But unauthorized copies of the balloon won’t know the key, because the key is built into the object’s scripted behavior, which CopyBot can’t duplicate. (Exercise for computer security students: how exactly would this protocol work?)

But of course there is a small problem with abuse of takedown guns. To send a takedown notice, the law says you must be (or represent) the copyright owner and you must have a good faith belief that the targeted object is infringing. Alice might be careful to shoot the gun only at objects that appear to infringe her copyright; but others might not be so careful. Indiscriminate use of a takedown gun will get you in legal trouble for sending bogus takedown notices.

Initially, the management at Second Life pointed to takedown notices as a response to CopyBot-based infringement. More recently, they have shifted their position a bit, saying that infringement violates their Terms of Use and threatening to expel violators from Second Life. They still face the same problem, though. Presumably their enforcement actions will be driven by user complaints, which motivates Alice to make a complaint gun.

As the music industry has learned, when copying is easy, laws against copying are very hard to enforce.


DMCA Exemptions Granted

Last Wednesday afternoon the U.S. Copyright Office released its list of DMCA exemptions for the next three years. The timing is interesting: releasing news in the afternoon of the day before Thanksgiving is a near-optimal strategy if you want that news to escape notice and coverage in the U.S.

The purpose of these exemptions are to prevent harm to the public from overbreadth of the DMCA’s prohibition on circumventing technologies that control access to copyrighted works. Exemptions last three years.

The good news that that six exemptions were granted, the most ever:

  • Professors can make compilations of film and video material for research or teaching.
  • Archivists can preserve copies of old programs and computer games.
  • Anyone can work around broken hardware “dongles” that prevent access to software programs.
  • Blind people can use software to have e-books read aloud.
  • Wireless phone customers can switch their phones to a different wireless provider.
  • Anyone can study, test, or remove malware distributed on CDs.

(These are summaries; the exact scope of each exemption is detailed in the original document.)

I’m particularly happy about the last exemption, which was requested by Alex Halderman and me, with lots of help from Deirdre Mulligan and Aaron Perzanowski. The exemption is narrower than I would have liked – plenty of valuable research still raises legal issues – but it’s good to see official recognition that the DMCA has harmed research.

The not-so-good news is in some of the exemptions that were not granted. The exemption for censorware research was not renewed, mostly because its most effective advocates, such as Seth Finkelstein, got tired of re-requesting it. (Even if nothing has changed, each exemption must be rerequested every three years through the same bureaucratic process – one example of how the playing field is tilted against exemptions.)

Also, exemptions for space-shifting (e.g. downloading content into portable players like iPods) and backing up digital media were denied. As usual, the Copyright Office pretended not to know what everybody else seems to know, e.g. that digital media are fragile and need to be backed up.

On the other hand, they did seem to recognize the DMCA’s harm to public discourse. The exemptions for film scholarship, archiving, access by the blind, and malware research all address harms to public debate caused by the DMCA. Fair use is sometimes broken down into two categories: transformative uses such as scholarship, research and parody; and personal uses such as time-shifting and space-shifting. The Copyright Office now seems to recognize that the DMCA is harming transformative use.

But what they don’t yet see, apparently, is the harm to personal use – hence the denial of the space-shifting and backup requests. Worse yet, they didn’t even acknowledge that these personal uses are lawful in the first place. In short, the Copyright Office still isn’t willing to grapple with the issues of most direct interest to the public. Maybe they’ll catch on three years from now, or six. Or maybe the new Congress will act sooner and reform the DMCA.

(Derek Slater has a nice summary of some other commentary.)


Will It Copy?

In the spirit of the cult “Will It Blend?” videos, today’s question on Freedom to Tinker is “Will It Copy?” As we saw with the CopyBot in Second Life, when something becomes easily copyable, the economics of its production change: users benefit more from already-existing objects, but the incentive to make new objects decreases.

This is exactly what happened to the music industry when computers and the Internet suddenly made small files, including digitized music, easily copyable. In the case of music, we know that the business is changing, but we don’t know yet what will be the net effect on the availability of good music.

Like the music business, the software business is challenged by cheap copying. If you make software that runs on users’ computers, your software will be copied by at least some users. By contrast, if you provide an interactive service, delivered across the net but implemented on your own servers – a search engine, perhaps – then your product can’t be trivially copied. You have an inherent advantage over the sellers of packaged software.

A similar story holds for the Second Life CopyBot. Objects in Second Life can be described by shape, coloration, and behavior. Shape and coloration are duplicated perfectly by the CopyBot, but behavior (the script code describing what the object does) is not. So if your business makes beautiful but passive objects – clothing, perhaps– your objects can be copied perfectly and you have a problem. But if you make functional objects – a magic wand that does tricks in response to voice commands, perhaps – then the CopyBot won’t affect you much.

Second Life users are reportedly fighting back by building anti-CopyBot technologies, but this is ultimately futile. As long as shape and coloration are visible, it will be possible to observe and copy them. It will be easier to build a three-dimensional scanner-copier in Second Life than in real life. Copying of beautiful, nonfunctional objects will remain possible.

Eventually, this will happen in real life too. Tools for analyzing and replicating real objects will get better and better; knockoffs will get closer and closer to the real thing; and the time window when only the original is available will get shorter and shorter. Today, fashion flourishes despite relatively free copying. Indeed, some argue that the high-fashion world is so dynamic because of copying – always moving, to stay ahead of the masses. So it’s not a given that the fashion world will dry up, in real life or Second Life, if copying gets faster and more accurate.

Part of the fun of “Will It Blend?” is that the answer is almost always “yes”. Increasingly, the answer to “Will It Copy?” will be the same.


CopyBot Roils SecondLife Economy

Here’s one from the It-Was-Only-a-Matter-of-Time file. Somebody in SecondLife, a popular multiplayer virtual world, created a gadget called the CopyBot, which can make a perfect copy of any object in the SecondLife world. (Here’s a Reuters story.) This raises some interesting technical issues, but I want to focus today on how it effects SecondLife’s economy.

If you’re not familiar with virtual worlds, you might think the word “economy” is a stretch. But really it’s not. SecondLife has about 1.5 million residents. Residents are given a sophisticated toolset they can use to design complex objects, specifying the objects’ shape, appearance, and behavior. Objects can be sold for a currency called Linden Dollars. Linden Dollars are real money – they can be traded for U.S. dollars on currency exchange markets. Quite a few people make their living in SecondLife, running businesses that make Linden-Dollar profits, which are then cashed in for U.S. dollars. Most days, the SecondLife economy sees transactions worth a total of between $500,000 and $1,000,000 (real U.S. dollars). This is clearly a real economy.

To understand the possible impact of CopyBot, imagine such a thing existed in real life. Point this CopyGadget at any real-world object, push a button, and you get a perfect copy of that object. Want a new Lambourghini sportscar? Just find one in a parking lot and copy it. Like the lime sorbet at the local ice cream parlor? Buy a cup, take it home, and fill your freezer with copies. When you get down to the last cup in the freezer, just copy it again. You get the idea.

Needless to say, this would cause Big Trouble in the real-world economy. Lambourghini would have trouble selling cars. There would be no waiting at the ice cream parlor, even on the hottest summer night. Could these businesses survive? Could any business that provided goods survive?

A SecondLife business that designs and sells virtual objects faces the same challenge. If you design an object in SecondLife, the system lets you make copies of the object, but if you mark the object as uncopyable, the system won’t let other users copy it. So if you design a cool virtual widget, you can “manufacture” copies to sell to people, but your customers can’t re-copy the widgets they buy. Only you can make widgets, so people have to come to you to buy them. Like Lambourghinis and sorbet, manufactured virtual objects couldn’t easily be copied – until the CopyBot came along.

It’s too early to predict all of the impacts this will have. All we can say for sure is that it will be fascinating to watch. Already the story has several interesting facets, which I’ll write more about next week.


New Congress, Same Old Issues

With control of the House and Senate about to switch parties, everybody is wondering how the new management will affect their pet policy issues. Cameron Wilson has a nice forecast for tech policy issues such as competitiveness, globalization, privacy, DRM, and e-voting.

Most of these don’t break down as partisan issues – differences are larger within each party than between the two parties. So the shift in control won’t necessarily lead to any big change. But there are two factors that may shake things up.

The first factor is the acceleration of change that happens in any organization when new leadership comes in. The new boss wants to show that he differs from the old boss, especially if the old boss was fired. And the new boss gets a short grace period in which to be bold. If a policy or practice was stale and needed to be changed but the institutional ice floes were just stuck, new management may loosen them.

The second factor has to do with the individuals who will run the various committees. If you’re not a government geek, you may not realize how much the agenda on particular issues is set by House and Senate committees, and particularly by the committee chairs. For example, any e-voting legislation must pass through the House Administration Committee, so the chair of that committee can effectively block such legislation. As long as Bob Ney was chair of the committee, e-voting reform was stymied – that’s why the Holt e-voting bill could have more than half of the House members as co-sponsors without even reaching a vote. But Mr. Ney’s Abramoff problem and the change in party control will put Juanita Millender-McDonald in charge of the committee. Suddenly Ms. Millender-McDonald’s opinion on e-voting has gotten much more important.

The bottom line is that on most tech issues we don’t know what will happen. On some issues, such as the broad telecom/media/Internet reform discussion, the situation is at least as cloudy as before. Let the battles begin.


Microsoft to Pay Per-Processor License on Zune

Last week Universal Music Group (UMG), one of the major record companies, announced a deal with Microsoft, under which UMG would receive a royalty for every Zune music player Microsoft sells. (Zune is Microsoft’s new iPod competitor.)

This may be a first. Apple doesn’t pay a per-iPod fee to record companies; instead it pays a royalty for every song it sells at its iTunes Music Store. UM hailed the Zune deal as a breakthrough. Here’s Doug Morris, UMG’s CEO (quoted by Engadget): “We felt that any business that’s built on the bedrock of music we should share in.” The clear subtext is that UMG wanted a fee for the pirated UMG music that would inevitably end up on some Zunes.

There’s less here than meets the eye, I think. Microsoft needed to license UMG music to sell to Zune users. Microsoft could have paid UMG a per-song fee like Apple does. Instead, UMG presumably lowered the per-song fee in exchange for adding a per-Zune fee. Microsoft, in a weak bargaining position, had little choice but to go along. If there’s a precedent here, it’s that new entrants in the music player market may have to accept unwanted terms from record companies.

There’s an interesting echo here from Microsoft’s antitrust history. Once upon a time, Microsoft insisted that PC makers pay it a royalty for every PC they sold, whether or not that PC came with Windows. This was called a per-processor license. PC makers, in a weak bargaining position, went along. Microsoft said this was only fair, claiming that most non-Windows PCs ended up with pirated copies of Windows.

Eventually the government forced Microsoft to abandon this practice, because of its anticompetitive effect on other operating system vendors – users would be less likely to buy alternative operating systems if they were already paying for Windows.

To be sure, the parallel between the UMG and Windows per-processor licenses has its limits. For one thing, UMG doesn’t have nearly the lock on the recorded music market that Microsoft had on the OS market, so anticompetitive tactics are less available to UMG than they were to Microsoft. Also, the UMG license is partial, reducing per-song costs a bit in exchange for a relatively small per-processor royalty, where the Microsoft license was total, eliminating per-copy costs of Windows on covered PCs in exchange for a hefty per-processor royalty. Both factors make the UMG deal less of a market-restrictor than the Windows deals were.

My guess is that the UMG/Zune deal is not the start of a trend but just a concession extracted from one company that needed UMG more than UMG needed it.


Post-Election Review

How did e-voting technologies hold up in Tuesday’s election? It’s too early to tell for sure, but it looks as if there weren’t any major disasters.

We saw the usual list of crashing, misbehaving, and non-functional machines. Some of these are just routine glitches or procedural problems. If somebody forgets to deliver power cords to the polling place, that’s just an isolated mistake. If a machine just won’t turn on in the morning, that’s probably just a maintenance issue.

But other kinds of “glitches” can indicate deeper problems. Experienced engineers know that certain behaviors, especially complex ones that are supposed to be impossible, are clues that something has gone badly wrong in the system’s internals. If the inside of your fridge is at room temperature, you probably have a simple problem. If the liquids in your fridge are boiling, you have an Engineering Issue.

The most alarming error report I saw from Tuesday’s election came from Avi Rubin, a respected computer scientist and e-voting expert who is a precinct worker in Maryland, where they use the Diebold AccuVote-TS, the same machine my colleagues and I recently studied. Here is Avi’s story:

So, while we were watching the last handful of voters cast their ballots … one of the chief judges came up to me and said that there was a “situation”. I was called over where a voter was explaining to one of the judges what had happened, and he repeated his story to me. The voter had made his selections and pressed the “cast ballot” button on the machine. The machine spit out his smartcard, as it is supposed to do, but his summary screen remained, and it did not appear that his vote had been cast. So, he pushed the smartcard back in, and it came out saying that he had already voted. But, he was still in the screen that showed he was in the process of voting. The voter then pressed the “cast ballot” again, and an error message appeared on the screen that said that he needs to call a judge for assistance. The voter was very patient, but was clearly taking this very seriously, as one would expect. After discussing the details about what happened with him very carefully, I believed that there was a glitch with his machine, and that it was in an unexpected state after it spit out the smartcard.

This is supposed to be impossible. Having examined a similar version of Diebold’s software, I know that when the Cast Vote button is pressed, the system is supposed to (1) invalidate the smartcard, then (2) record the vote, then (3) kill the voting screens, then (4) eject the smartcard. This voter saw Steps 1 and 4 happen, but not Step 3. (We don’t know whether Step 2, recording the vote, happened.) At least one voting screen was still there, and that screen was active: something happened when the Cast Vote button on that screen was pressed, but it wasn’t the something that would normally happen.

It’s hard to see how this can happen, absent a subtle, serious bug in this part of Diebold’s software. And by “this part” I mean the part that carries out the four-step procedure that includes recording the vote. Could this bug have affected vote recording for other voters? What other problems could it have caused? We don’t know. We could probably tell, given access to a Maryland voting machine.

Another thing we don’t know is how many times this bug showed up in Maryland on Tuesday. It’s hard to believe that the problem didn’t happen elsewhere too. If it were going to happen only once, what are the odds that that one occurrence would be in a precinct with an evoting-savvy computer scientist blogger election judge? Pretty slim.

Fortunately, Avi was there and was able to recognize the relevance of this particular machine misbehavior. How many other poll workers, not being experts in computer science, saw a similar problem and just shrugged it off as a routine glitch?


Unattended Voting Machines Already Showing Up

I was going about my business this morning when I was surprised to see some unattended electronic voting machines that had already been delivered to a polling place in advance of Tuesday’s election. I wasn’t looking for voting machines in this location, not knowing that it served as a polling place, but the machines were pretty hard to miss. They were Sequoia AVC Advantage machines, the most common model in New Jersey. I don’t know how long they had been sitting unprotected.

Here’s a photo, taken this morning, of me with one of the machines.


Cuyahoga County Possibly Exposed Election System to Computer Virus

The Election Science Institute just released a statement revealing that the memory cards that will be used to store votes on Election Day in Cuyahoga County, Ohio were stuck into ordinary laptop computers in September.

The release points to an online video shot by Cleveland-area filmmaker Jeffrey Kirkby, shows a group of election workers sitting at tables, each with a laptop computer. An official explains that these laptops were gathered from around the office, and some are the personal laptops of election workers. Each worker has a laptop and a stack of memory cards, and is inserting the memory cards one by one into the laptop.

Our e-voting study) showed that the memory cards used in Diebold touchscreen voting systems can carry computer viruses that can infect voting machines and steal votes on the infected machines.

The risk here is that one of the laptops is infected with malicious software that could infect a memory card that will eventually be inserted into a voting machine. Safe procedures call for memory cards to be inserted only into computers that are carefully secured and never connected to the Internet. Using ordinary laptop computers, borrowed from offices and homes, to process memory cards is dangerous.

Voting machine vendors and election officials often argue that rigorous procedures can compensate for the technical weaknesses of voting machines. Some jurisdictions implement such procedures well, but many do not. Talking about procedural controls is easy. Putting them into practice is much harder.