November 26, 2024

Posts Comments

Voluntary Collective Licensing and Extortion

April 25, 2008 by

Reihan Salam has a new piece at Slate about voluntary collective licensing of music (which was also the topic of an online symposium organized by our center at Princeton). I’m generally a fan of Reihan’s work, but this time I think he got it wrong. His piece starts like this:

What would you do if a bully—let’s call him “Joey Giggles”—kept snatching your ice-cream cone? OK, now what if Joey Giggles then told you, “If you pay me five bucks a month, I’ll stop snatching your ice cream.” Depending on how much you hate getting beaten up, and how much you love ice-cream cones, you might decide that caving in is the way to go. This is what’s called a protection racket. It’s also potentially the new model for how we’ll buy and listen to music.

[…]

Now Big Music is mulling the Joey Giggles approach. Warner Music Group is trying to rally the rest of the industry behind a plan to charge Internet service providers $5 per customer per month, an amount that would be added to your Internet bill. In exchange, music lovers would get all the online tunes they want, meaning that anyone who spends more than $60 a year on music will come out way ahead. Download whatever you want and pay nothing! No more DRM! Swap files to your heart’s content—we promise, we won’t sue you (or snatch your ice-cream cone)!

This idea, that collective licenses amount to extortion – pay us or we’ll sue you – is often heard, but I don’t think it’s a valid criticism of collective licenses. The reason is pretty simple: if this is extortion, then all of copyright is extortion. The basic mechanism of copyright is that the creator of a work gets certain exclusive rights in the work. Exclusive rights means that there are certain things that nobody else can do with the work, without the creator’s permission. “Nobody else can do X” is another way of saying that if somebody else does X, the creator can sue them. When you buy a licensed copy of a work instead of downloading it illegally, what you’re buying is an enforceable promise that you won’t be sued (plus the knowledge that you’re playing by the rules, but that is intimately connected to the lawsuit protection). So the basic mechanism of copyright involves people paying a copyright owner for a promise not to sue them.

To put it another way, if you accept our current copyright system at all – even if you accept only a streamlined, improved version of it – then you’ve already accepted the kind of “extortion” that would be used to sell voluntary collective licenses. The only alternative is a complete redesign of the system, more complete even than a voluntary collective license.

Reihan does recommend a redesign. He endorses Terry Fisher’s suggestion of a government tax on broadband access, with the revenue used to pay musicians based on the popularity of their songs. This system has its benefits (though on balance I don’t think it’s good policy). But if you start out worried about strong-arm extraction of money from citizens, a mandatory tax scheme is an odd place to end up.

This is the fundamental problem of copyright policy in the digital age. It’s easy for people to get copyrighted works without paying. So either you forgo payment entirely, or you give somebody the mandate to collect payment. Who would you prefer: record companies or the government?

Filed Under: Uncategorized Tagged With: ,

How can we require ID for voters?

April 17, 2008 by

Recently, HR 5036 was shot down in Congress.  That bill was to provide “emergency” money to help election administrators who wished to replace paperless voting systems with optically scanned paper ballots (or to add paper-printing attachments to existing electronic voting systems).  While the bill initially received strong bipartisan support, it was opposed at the last minute by the White House.  To the extent that I understand the political subtext of this, the Republicans wanted to attach a Voter ID requirement to the bill, and that gummed up the works.  (HR 5036 isn’t strictly dead, since it still has strong support, but it was originally fast tracked as a “non-controversial” bill, and it is now unlikely to gain the necessary 2/3 majority.)

I’ve been thinking for a while about this whole voter ID problem, and I have to say that I don’t really see a big problem with requiring that voters present ID so they can vote.  This kind of requirement is used in other countries like Mexico and it seems to work just fine.  The real issue is making sure that all people who might want to vote actually have IDs, which is a real problem for the apparently non-trivial number of current voters who lack normal ID cards (and, who we are led to believe, tend to vote in favor of Democrats).

The question then becomes how to get IDs for everybody.  One answer is to put election authorities in charge of issuing special voting ID cards.  This works in other countries, but nobody would ever support such a thing in the U.S. because it would be fantastically expensive and the last thing we need is yet another ID card.  The “obvious” solution is to use driver’s licenses or official state IDs (for non-drivers).  But, what if you’ve never had a driver’s license?

As an example, here are Texas’s list of requirements to get a driver’s license.  Notice how they also require you have proof of a social security number?  If you’ve somehow managed to make it through life without getting one, and I imagine many poor people could live without one, then that becomes a significant prerequisite for getting a driver’s license.  And it’s pretty difficult to get a SSN if you’re unemployed and don’t have a driver’s license (see the Social Security Administration’s rules).

One way or another, you’re going to need your birth certificate.  Here’s how you get a copy of one in Texas.  If you don’t have any other form of ID, it’s pretty difficult to get your birth certificate as well.  You’ll either need an immediate relative with an ID to request your birth certificate on your behalf, or you’ll need utility bills in your name.  And if you’re older than 75, the state agency may not be able to help you, and who knows if the county where you were born has kept its older records properly.

It’s easy to see that somebody in this situation is going to find it difficult to navigate the bureaucratic maze.  If the only benefit they get, at the end of the day, is being allowed to vote, it’s pretty hard to justify the time and expense ($25 for the birth certificate, the social security card is free, and $15 plus hours waiting in line for the state ID card).  For potential voters who don’t have a permanent home address, this process seems even less reasonable.

The only way I could imagine a voter ID requirement being workable (i.e., having a neutral effect on partisan elections) is if there was a serious amount of money budgeted to help people without IDs to get them.  That boils down to an army of social workers digging around for historical birth records and whatever else, and that’s not going to be cheap.  However, I’m perfectly willing to accept a mandatory voter ID, as long as enough money is there to get one, for free, for anybody who wants one.  The government is willing to give you a $40 coupon to receive digital signals for an analog TV, as part of next year’s phase-out of analog broadcasts.  Why not help out with getting identification papers as part of phasing in an ID requirement?

[Sidebar: if you’re really concerned about people voting multiple times, the most effective solution has nothing to do with voter ID.  The simple, low-tech answer is to mark voters’ fingers with indelible ink.  It wears off after a while, it’s widely used throughout the world, and there’s no mistaking it for anything else.  I can’t wait for the day when I tune into my nightly newscast and see the anchor giving grief to the sportscaster because his thumb isn’t painted purple.]

Filed Under: Uncategorized Tagged With:

May 14-15: Future of News workshop

April 14, 2008 by

We’re excited to announce a workshop on “The Future of News“, to be held May 14 and 15 in Princeton. It’s sponsored by the Center for InfoTech Policy at Princeton.

Confirmed speakers include Kevin Anderson, David Blei, Steve Borriss, Dan Gillmor, Matthew Hurst, Markus Prior, David Robinson, Clay Shirky, Paul Starr, and more to come.

The Internet—whose greatest promise is its ability to distribute and manipulate information—is transforming the news media. What’s on offer, how it gets made, and how end users relate to it are all in flux. New tools and services allow people to be better informed and more instantly up to date than ever before, opening the door to an enhanced public life. But the same factors that make these developments possible are also undermining the institutional rationale and economic viability of traditional news outlets, leaving profound uncertainty about how the possibilities will play out.

Our tentative topics for panels are:

  • Data mining, visualization, and interactivity: To what extent will new tools for visualizing and artfully presenting large data sets reduce the need for human intermediaries between facts and news consumers? How can news be presented via simulation and interactive tools? What new kinds of questions can professional journalists ask and answer using digital technologies?
  • Economics of news: How will technology-driven changes in advertising markets reshape the news media landscape? Can traditional, high-cost methods of newsgathering support themselves through other means? To what extent will action-guiding business intelligence and other “private journalism”, designed to create information asymmetries among news consumers, supplant or merge with globally accessible news?
  • The people formerly known as the audience: How effectively can users collectively create and filter the stream of news information? How much of journalism can or will be “devolved” from professionals to networks of amateurs? What new challenges do these collective modes of news production create? Could informal flows of information in online social networks challenge the idea of “news” as we know it?
  • The medium’s new message: What are the effects of changing news consumption on political behavior? What does a public life populated by social media “producers” look like? How will people cope with the new information glut?

Registration: Registration, which is free, carries two benefits: We’ll have a nametag waiting for you when you arrive, and — this is the important part — we’ll feed you lunch on both days. To register, please contact CITP’s program assistant, Laura Cummings-Abdo, at . Include your name, affiliation and email address.

Filed Under: Uncategorized Tagged With: , , ,

Online Symposium: Voluntary Collective Licensing of Music

April 8, 2008 by

Today we’re kicking off an online symposium on voluntary collective licensing of music, over at the Center for InfoTech Policy site.

The symposium is motivated by recent movement in the music industry toward the possibility of licensing large music catalogs to consumers for a fixed monthly fee. For example, Warner Music, one of the major record companies, just hired Jim Griffin to explore such a system, in which Internet Service Providers would pay a per-user fee to record companies in exchange for allowing the ISPs’ customers to access music freely online. The industry had previously opposed collective licenses, making them politically non-viable, but the policy logjam may be about to break, making this a perfect time to discuss the pros and cons of various policy options.

It’s an issue that evokes strong feelings – just look at the comments on David’s recent post.

We have a strong group of panelists:

  • Matt Earp is a graduate student in the i-school at UC Berkeley, studying the design and implementation of voluntary collective licensing systems.
  • Ari Feldman is a Ph.D. candidate in computer science at Princeton, studying computer security and information policy.
  • Ed Felten is a Professor of Computer Science and Public Affairs at Princeton.
  • Jon Healey is an editorial writer at the Los Angeles Times and writes the paper’s Bit Player blog, which focuses on how technology is changing the entertainment industry’s business models.
  • Samantha Murphy is an independent singer/songwriter and Founder of SMtvMusic.com.
  • David Robinson is Associate Director of the Center for InfoTech Policy at Princeton.
  • Fred von Lohmann is a Senior Staff Attorney at the Electronic Frontier Foundation, specializing in intellectual property matters.
  • Harlan Yu is a Ph.D. candidate in computer science at Princeton, working at the intersection of computer science and public policy.

Check it out!

Filed Under: Uncategorized Tagged With: , , , ,

Phorm's Harms Extend Beyond Privacy

April 7, 2008 by

Last week, I wrote about the privacy concerns surrounding Phorm, an online advertising company who has teamed up with British ISPs to track user Web behavior from within their networks. New technical details about its Webwise system have since emerged, and it’s not just privacy that now seems to be at risk. The report exposes a system that actively degrades user experience and alters the interaction with content providers. Even more importantly, the Webwise system is a clear violation of the sacred end-to-end principle that guides the core architectural design of the Internet.

Phorm’s system does more than just passively gain “access to customers’ browsing records” as previously suggested. Instead, they plan on installing a network switch at each participating ISP that actively interferes with the user’s browsing session by injecting multiple URL redirections before the user can retrieve the requested content. Sparing you most of the nitty-gritty technical details, the switch intercepts the initial HTTP request to the content server to check whether a Webwise cookie–containing the user’s randomly-assigned identifier (UID)– exists in the browser. It then impersonates the requested server to trick the browser into accepting a spoofed cookie (which I will explain later) that contains the same UID. Only then will the switch forward the request and return the actual content to the user. Basically, this amounts to a big technical hack by Phorm to set the cookies that track users as they browse the Web.

In all, a user’s initial request is redirected three times for each domain that is contacted. Though this may not seem like much, this extra layer of indirection harms the user by degrading the overall browsing experience. It imposes an unnecessary delay that will likely be noticeable by users.

The spoofed cookie that Phorm stores on the user’s browser during this process is also a highly questionable practice. Generally speaking, a cookie is specific to a particular domain and the browser typically ensures that a cookie can only be read and written by the domain it belongs to. For example, data in a yahoo.com cookie is only sent when you contact a yahoo.com server, and only a yahoo.com server can put data into that cookie.

But since Phorm controls the switch at the ISP, it can bypass this usual guarantee by impersonating the server to add cookies for other domains. To continue the example, the switch (1) intercepts the user’s request, (2) pretends to be a yahoo.com server, and (3) injects a new yahoo.com cookie that contains the Phorm UID. The browser, believing the cookie to actually be from yahoo.com, happily accepts and stores it. This cookie is used later by Phorm to identify the user whenever the user visits any page on yahoo.com.

Cookie spoofing is problematic because it can change the interaction between the user and the content-providing site. Suppose a site’s privacy policy promises the user that it does not use tracking cookies. But because of Phorm’s spoofing, the browser will store a cookie that (to the user) looks exactly like a tracking cookie from the site. Now, the switch typically strips out this tracking cookie before it reaches the site, but if the user moves to a non-Phorm ISP (say at work), the cookie will actually reach the site in violation of its stated privacy policy. The cookie can also cause other problems, such as a cookie collision if the site cookie inadvertently has the same name as the Phorm cookie.

Disruptive activities inside the network often create these sort of unexpected problems for both users and websites, which is why computer scientists are skeptical of ideas that violate the end-to-end principle. For the uninitiated, the principle, in short, states that system functionality should almost always be implemented at the end hosts of the network, with a few justifiable exceptions. For instance, almost all security functionality (such as data encryption and decryption) is done by end users and only rarely by machines inside the network.

The Webwise system has no business being inside the network and has no role in transporting packets from one end of the network to the other. The technical Internet community has been worried for years about the slow erosion of the end-to-end principle, particularly by ISPs who are looking to further monetize their networks. This principle is the one upon which the Internet is built and one which the ISPs must uphold. Phorm’s system, nearly in production, is a cogent realization of this erosion, and ISPs should keep Phorm outside the gate.

Filed Under: Uncategorized Tagged With: