November 28, 2024

Apple Threatens Real

Pay attention now, ’cause this story gets kinda complicated.

See, Apple had this product called iPod that lets you listen to music. That sounds like a good idea. But Apple thought it would be better if the iPod could do less. So their engineers pulled a bunch of all-nighters to make sure that the iPod couldn’t play just any music a customer might have laying around. They called this DRM. I think that stands for Don’t Replay Music.

Now Apple had a competitor called Real. And Real was unhappy that Apple had made its product less useful. So Real’s engineers pulled a bunch of all-nighters, so that they could make Apple’s product better. They could’ve spent that time making their own product better, but that would have been a waste after all of the time they had already spent making their own product worse by making it do DRM too.

You still with me? Good.

Okay, so Apple was mighty ticked off that Real had made Apple’s product better, without even getting permission or anything. So Apple cried foul. Apple was shocked ‘n’ saddened that Real was trying to improve Apple’s product, like those hacker guys are always doing. So Apple drew a line in the sand, and swore to make its own product worse again.

I don’t know about you, but I find this all very confusing. I guess I just don’t have a head for business.

Blogiversary

Monday was the second anniversary of Freedom to Tinker. Two years seems like a long time, but I still enjoy doing this. Thanks to all of you for your attention, and for keeping me alert and honest with your comments and feedback.

Here are the obligatory statistics about the site: 604 posts; 1409 comments; 3.2 million visits; 5.2 million page views; 90 gigabytes of data transferred.

Wiretapping the Net

Another interesting day at the Meltdown conference. John Morris of CDT gave an eye-opening talk about online wiretapping and the policy debate over how to apply CALEA to VoIP services.

Let me explain the jargon. CALEA is the Communications Assistance to Law Enforcement Act of 1994, which says that telecommunications providers must design their networks so as to allow (properly authorized) government wiretapping. CALEA applies to “telecommunications” but not to “information services,” so Internet software has thus far been exempt. However, the FCC, which regulates telecom, has some power to expand the application of CALEA.

VoIP is Voice over IP, a term referring to services that transmit voice over the Internet. Some VoIP services can substitute for traditional phone service; others provide similar functions in different form, such as voice-enabled instant messaging; and some provide entirely new functions.

In March, law enforcement agencies asked the FCC, which regulates telecom, to apply CALEA to “IP-enabled services” such as VoIP. Conventional wisdom says that the FCC will issue some kind of regulation in this area. But what exactly?

It seems likely that the FCC will require VoIP providers to be ready to provide information to law enforcement. The key question is whether providers will only have to provide the information that they already gather or whether providers will be required to (re-)design their technology so that it can gather the information that law enforcement wants.

A “design for wiretapping” requirement would seem to rule out certain designs, particularly those that rely on open protocols and the end-to-end principle. Such designs leave too much control in the hands of end users, so that no vendor can be assured of having access to the information that they would be required to gather. On the other side, law enforcement will argue that CALEA is toothless without design requirements, and existing telecom providers would be happy to see open, end-to-end architectures outlawed.

Coincidentally, as I was writing the previous paragraph, sitting in my hotel room with the television on in the background, a commercial came on CNN, urging viewers to ask their legislators to “update our telecom laws.” Then I ran across today’s New York Times article on the telecom regulation battles.

This is definitely an issue to watch.

Too Much Spam, Not Enough Identification

Lots of good stuff yesterday at the Meltdown conference. Rather than summarize it all, let me give you two random observations about the discussion.

The security session descended into a series of rants about the evil of spam. Lately this seems to happen often in conference panels about security. This strikes me as odd, since spam is far from the worst security problem we face online. Don’t get me wrong; spam annoys me, just like everybody else. But I don’t think we’ll make much progress on the spam problem until we get a handle on more fundamental problems, such as how to protect ordinary machines from hijacking, and how to produce higher-quality commercial software.

Another interesting feature, noted by Michael Froomkin, was the central role of identification technologies in the day’s discussions, both in diagnoses of Internet policy problems, and in proposed solutions. When the topic was spam, people liked technologies that identify message senders; but on other topics, identification was considered harmful. I hope to see more discussion about identification at the conference. (I’ll have another posting on online identification later this week.)

[Susan Crawford has an interesting summary of yesterday’s discussion. She says I was “wise in the hallways”, whatever that means.]

PFIR "Internet Meltdown" Conference

From today through Wednesday, I’ll be at the PFIR Internet Meltdown conference. I’ll post reports on the conference here.