November 25, 2024

Posts Comments

Targeted Copyright Enforcement vs. Inaccurate Enforcement

November 12, 2009 by

Let’s continue our discussion about copyright enforcement against online infringers. I wrote last time about how targeted enforcement can deter many possible violators even if the enforcer can only punish a few violators. Clever targeting of enforcement can destroy the safety-in-numbers effect that might otherwise shelter a crowd of would-be violators.

In the online copyright context, the implication is that large copyright owners might be able to use lawsuit threats to deter a huge population of would-be infringers, even if they can only manage to sue a few infringers at a time. In my previous post, I floated some ideas for how they might do this.

Today I want to talk about the implications of this. Let’s assume, for the sake of argument, that copyright owners have better deterrence strategies available — strategies that can deter more users, more effectively, than they have managed so far. What would this imply for copyright policy?

The main implication, I think, is to shed doubt on the big copyright owners’ current arguments in favor or broader, less accurate enforcement. These proposed enforcement strategies go by various names, such as “three strikes” and “graduated response”. What defines them is that they reduce the cost of each enforcement action, while at the same time reducing the assurance that the party being punished is actually guilty.

Typically the main source of cost reduction is the elimination of due process for the accused. For example, “three strikes” policies typically cut off someone’s Internet connection if they are accused of infringement three times — the theory being that making three accusations is much cheaper than proving one.

There’s a hidden assumption underlying the case for cheap, inaccurate enforcement: that the only way to deter infringement is to launch a huge number of enforcement actions, so that most of the would-be violators will expect to face enforcement. The main point of my previous post is that this assumption is not necessarily true — that it’s possible, at least in principle, to deter many people with a moderate number of enforcement actions.

Indeed, one of the benefits of an accurate enforcement strategy — a strategy that enforces only against actual violators — is that the better it works, the cheaper it gets. If there are few violators, then few enforcement actions will be needed. A high-compliance, low-enforcement equilibrium is the best outcome for everybody.

Cheap, inaccurate enforcement can’t reach this happy state.

Let’s say there are 100 million users, and you’re using an enforcement strategy that punishes 50% of violators, and 1% of non-violators. If half of the people are violators, you’ll punish 25 million violators, and you’ll punish 500,000 non-violators. That might seem acceptable to you, if the punishments are small. (If you’re disconnecting 500,000 people from modern communications technology, that would be a different story.)

But now suppose that user behavior shifts, so that only 1% of users are violating. Then you’ll be punishing 500,000 violators (50% of the 1,000,000 violators) along with 990,000 non-violators (1% of the 99,000,000 non-violators). Most of the people you’ll be punishing are innocent, which is clearly unacceptable.

Any cheap, inaccurate enforcement scheme will face this dilemma: it can be accurate, or it can be fair, but it can’t be both. The better is works, the more unfair it gets. It can never reach the high-compliance, low-enforcement equilibrium that should be the goal of every enforcement strategy.

Filed Under: Uncategorized Tagged With:

Targeted Copyright Enforcement: Deterring Many Users with a Few Lawsuits

November 9, 2009 by

One reason the record industry’s strategy of suing online infringers ran into trouble is that there are too many infringers to sue. If the industry can only sue a tiny fraction of infringers, then any individual infringer will know that he is very unlikely to be sued, and deterrence will fail.

Or so it might seem — until you read The Dynamics of Deterrence, a recent paper by Mark Kleiman and Beau Kilmer that explains how to deter a great many violators despite limited enforcement capacity.

Consider the following hypothetical. There are 26 players, whom we’ll name A through Z. Each player can choose whether or not to “cheat”. Every player who cheats gets a dollar. There’s also an enforcer. The enforcer knows exactly who cheated, and can punish one (and only one) cheater by taking $10 from him. We’ll assume that players have no moral qualms about cheating — they’ll do whatever maximizes their expected profit.

This situation has two stable outcomes, one in which nobody cheats, and the other in which everybody cheats. The everybody-cheats outcome is stable because each player figures that he has only a 1/26 chance of facing enforcement, and a 1/26 chance of losing $10 is not enough to scare him away from the $1 he can get by cheating.

It might seem that deterrence doesn’t work because the cheaters have safety in numbers. It might seem that deterrence can only succeed by raising the penalty to more than $26. But here comes Kleiman and Kilmer’s clever trick.

The enforcer gets everyone together and says, “Listen up, A through Z. From now on, I’m going to punish the cheater who comes first in the alphabet.” Now A will stop cheating, because he knows he’ll face certain punishment if he cheats. B, knowing that A won’t cheat, will then realize that if he cheats, he’ll face certain punishment, so B will stop cheating. Now C, knowing that A and B won’t cheat, will reason that he had better stop cheating too. And so on … with the result that nobody will cheat.

Notice that the trick still works even if punishment is not certain. Suppose each cheater has an 80% chance of avoiding detection. Now A is still deterred, because even a 20% chance of being fined $10 outweighs the $1 benefit of cheating. And if A is deterred, then B is deterred for the same reason, and so on.

Notice also that this trick might work even if some of the players don’t think things through. Suppose A through J are all smart enough not to cheat, but K is clueless and cheats anyway. K will get punished. If he cheats again, he’ll get punished again. K will learn quickly, by experience, that cheating doesn’t pay. And once K learns not to cheat, the next clueless player will be exposed and will start learning not to cheat. Eventually, all of the clueless players will learn not to cheat.

Finally, notice that there’s nothing special about using alphabetical order. The enforcer could use reverse alphabetical or any other order, and the same logic would apply. Any ordering will do, as long as each player knows where he is in the order.

Now let’s apply this trick to copyright deterrence. Suppose the RIAA announces that from now on they’re going to sue the violators who have the lowest U.S. IP addresses. Now users with low IP addresses will have a strong incentive to avoid infringing, which will give users with slightly higher IP addresses a stronger incentive to avoid infringing, and so on.

You might object that infringers aren’t certain to get caught, or that infringers might be clueless or irrational, or that IP address order is arbitrary. But I explained above why these objections aren’t necessarily showstoppers. Players might still be deterred even if detection is a probability rather than a certainty; clueless players might still learn by experience; and an arbitrary ordering can work perfectly well.

Alternatively, the industry could use time as an ordering, by announcing, for example, that starting at 8:00 PM Eastern time tomorrow evening, they will sue the first 1000 U.S. users they see infringing. This would make infringing at 8:00 PM much riskier than normal, which might keep some would-be infringers offline at that hour, which in turn would make infringing at 8:00 PM even riskier, and so on. The resulting media coverage (“I infringed at 8:02 and now I’m facing a lawsuit”) could make the tactic even more effective next time.

(While IP address or time ordering might work, many other orderings are infeasible. For example, they can’t use alphabetical ordering on the infringers’ names, because they don’t learn names until later in the process. The ideal ordering is one that can be applied very early in the investigative process, so that only cases at the beginning of the ordering need to be investigated. IP address and time ordering work well in this respect, as they are evident right away and are evident to would-be infringers.)

I’m not claiming that this trick will definitely work. Indeed, it would be silly to claim that it could drive online infringement to zero. But there’s a chance that it would deter more infringers, for longer, than the usual approach of seemingly random lawsuits has managed to do.

This approach has some interesting implications for copyright policy, as well. I’ll discuss those next time.

Filed Under: Uncategorized Tagged With:

New York AG Files Antitrust Suit Against Intel

November 5, 2009 by

Yesterday, New York’s state Attorney General filed what could turn out to be a major antitrust suit against Intel. The suit accuses Intel of taking illegal steps to exclude a competitor, AMD, from the market.

All we have so far is the NYAG’s complaint, which tells one side of the case. Intel will have ample opportunity to respond, and the NYAG will ultimately have the burden of backing up its allegations with proof — so caution is in order at this point. Still, the complaint lays out the shape of the NYAG’s case.

The case concerns the market for x86-compatible microprocessors, which are the “brains” of most personal computers. Intel dominates this market but a rival company, AMD, has long been trying to build market share. The complaint offers a long narrative of Intel’s (and AMD’s) relationships with major PC makers (“OEMs”, in the jargon) such as Dell, HP, and IBM — the customers who buy x86 processors from Intel and AMD.

The crux of the case is the allegation that Intel paid OEMs to not buy from AMD. This is reminiscent of one aspect of the big Microsoft antitrust case of 1998, in which one of the DOJ’s claims was that Microsoft had paid people not to do business with Netscape.

I’ll leave it to the experts to debate the economic niceties, but as I understand it there is a distinction between paying someone to buy more of your product (e.g. giving a volume discount) as opposed to paying someone to buy less of your rival’s product. The former is generally fine, but if you have monopoly power the latter is suspect.

As the NYAG tells it, Intel tried to pretend the payments were for something else, but the participants knew what was really going on: that the payments would stop if an OEM started buying more from AMD. The evidence on this point could turn out to be important. Does the NYAG have “smoking gun” emails in which Intel made this explicit? Does the evidence show that OEMs understood the arrangement as the NYAG claims? I assume there’s a huge trove of email evidence that both sides will be digesting.

It will be interesting to watch this case develop. Thanks to tools like RECAP, many of the case documents will be available to the public. Stay tuned for more improvements to RECAP that will provide even better access.

Filed Under: Uncategorized Tagged With: ,

DRM by any other name: The latest from Hollywood

October 28, 2009 by

Sunday’s New York Times had an article, Studios’ Quest for Life After DVDs. To nobody’s surprise, consumers want to have convenient access to “their” media, wherever they happen to be, without all the annoying restrictions that come into play when you add DRM to the picture. To many people’s surprise, sales of DVDs (much less Blu-ray) are in trouble.

In the third quarter, studios’ home entertainment divisions generated about $4 billion, down 3.2 percent from a year ago, according to the Digital Entertainment Group, a trade consortium. But digital distribution contributed just $420 million, an increase of 18 percent.

Given that DVDs are really a luxury good (versus, say, food or electricity), the 3.2 percent drop seems like Hollywood is getting off easy. The growth in digital distribution is clearly getting attention, though. What’s going on here? I imagine several things. People sometimes miss their shows. Maybe the cable went out. Maybe the TiVo crashed. Maybe they’re on the road. Drop $2 at the iTunes Store and you’re good to go. That’s attractive and it’s real money.

Still, the article goes on to talk about… yet more DRM.

Standing in the way are technology hurdles — how to let consumers play a video on various devices without letting them share it with 10,000 close friends on a pirate site — and the reluctance of studios to cooperate too closely with rivals for reasons of antitrust scrutiny and sheer competitiveness.

And piracy, at least conceptually, would be less of a worry. The technology [Disney’s Keychest] rests on cloud computing, in which huge troves of data are stored on remote servers so users have access from anywhere. Movies would be streamed from the cloud and never downloaded, making them harder to pirate.

Of course, this is baloney. If it’s going to work on my iPhone while I’m sitting in an airplane, the entire video needs to be stored there in advance. Furthermore, if the video is supposed to be “high definition,” that’s a bare minimum of 5 megabits/sec. (Broadcast HD is 20 megabits/sec and Blu-ray is 48 megabits/sec.) Most home DSL or cable modem connections either will never go that fast, or certainly cannot maintain those speeds without hiccups, particularly when sharing the line with other users. To do high quality video, you either have to have a real broadcast medium (cable, over-the-air, or satellite) or you have to download in advance and store on a hard drive.

And, of course, once you’ve stored the video, it’s just not that hard to extract it. And it always will be. The challenge for Hollywood is to change the incentives of the game. Maybe sell me a flat-rate subscription. Maybe bundle it with my DSL provider. But make the experience compelling enough and cheap enough, and I’ll do it. I regularly extract video from my TiVo and copy it to my iPhone via third-party software. It’s practically painless and it happens to yield files that I could share with the world, but I don’t. Why? Because there’s real downside (I’d rather not get sued, thanks), and no particular upside.

So, dearest Hollywood executive, consider that selling your content for a reduced price, with no DRM, is not the same thing as “giving it away.” If you allow third-parties to license your content and distribute it without DRM, you can still go after the “pirates”, yet you’ll allow normal people to enjoy your work without making them suffer for it. Yes, you may have kids copying content from one to the next, just like we used to do dubbing cassette tapes, but those incremental losses can and will be offset by the incremental gains of people enjoying your work and hitting the “buy” button.

Filed Under: Uncategorized Tagged With:

There’s anonymity on the Internet. Get over it.

October 27, 2009 by

In a recent interview prominent antivirus developer Eugene Kaspersky decried the role of anonymity in cybercrime. This is not a new claim – it is touched on in the Commission on Cybersecurity for the 44th Presidency Report and Cybersecurity Act of 2009, among others – but it misses the mark. Any Internet design would allow anonymity. What renders our Internet vulnerable is primarily weakness of software security and authentication, not anonymity.

Consider a hypothetical of three Internet users: Alice, Bob, and Charlie. If Alice wants to communicate anonymously with Charlie, she may relay her messages through Bob. While Charlie knows Bob is an intermediary, Charlie does not know with whom he is ultimately communicating. For even greater anonymity Alice can pass her messages through multiple Bobs, and by applying cryptography she can ensure no individual Bob can piece together that she is communicating with Charlie. This basic approach to anonymity is remarkable in its independence of the Internet’s design: it only requires that some Bob(s) can and do run intermediary software. Even on an Internet where users could verify each other’s identity this means of anonymity would remain viable.

The sad state of software security – the latest DHS weekly bulletin alone identified over 40 “high severity” vulnerabilities – is what enables malicious users to exploit the Internet’s indelible capacity for anonymity. Modifying the prior hypothetical, suppose Alice now wants to spam, phish, denial of service (DoS) attack, or hack Charlie. After compromising Bob’s computer with malicious software (malware), Alice can send emails, host websites, and launch DoS attacks from it; Charlie knows Bob is apparently misbehaving, but has no means of discovering Alice’s role. Nearly all spam, phishing, and DoS attacks are now perpetrated with networks of compromised computers like Bob’s (botnets). At the writing of a July 2009 private sector report, just five botnets sourced nearly 75% of spam. Worse yet, botnets are increasingly self-perpetuating: spam and phishing websites propagate malware that compromises new computers for the botnet.

Shortcomings in authentication, the means of proving one’s identity either when necessary or at all times, are a secondary contributor to the Internet’s ills. Most applications rely on passwords, which are easily guessed or divulged through deception – the very mechanisms of most phishing and account hijacking. There are potential technical solutions that would enable a user to authenticate themselves without the risk of compromising accounts. But any approach will be undermined by weaknesses in underlying software security when a malicious party can trivially compromise a user’s computer.

The policy community is already trending towards acceptance of Internet anonymity and refocusing on software security and authentication; the recent White House Cyberspace Policy Review in particular emphasizes both issues. To the remaining unpersuaded, I can only offer at last a truism: There’s anonymity on the Internet. Get over it.

Filed Under: Uncategorized Tagged With: , ,