Don’t miss Declan McCullagh’s column this week, in which he offers a particularly astute view of how to address the spam problem. In a nutshell, he argues that we need to change the economic incentives for the spammers, and he discusses some practical ways to do that.
Reputation
May 7, 2003 by
Big copyright owners have apparently had some degree of success in their efforts to flood file-sharing networks with decoy files, thereby frustrating users’ attempts to find copyrighted works. Conventional wisdom is that file-sharing systems will institute some kind of reputation-feedback system to help their users determine which sources tend to offer real files and which tend to offer decoys.
Reputation systems try to mimic the dynamics of real-life reputations, which are a powerful mechanism for inducing cooperative behavior, as anyone who has lived in a small town can attest. The best-known reputation technology is EBay’s, which allows everyone who transacts business with you to give you a score, and which aggregates those scores into a concise summary. EBay users are willing to pay more for an item when it is offered by a seller who has built up a good reputation over time. This system has generally worked pretty well.
If file-sharers had the same incentives as EBay users, we could be pretty confident that reputation systems would work for file-sharing vendors too. But the incentives differ in important ways.
For example, an EBay vendor wants to engage in more transactions, because he profits on each one. A file-sharer, though, doesn’t want to upload too many files, because each upload uses up part of his network resources. A file-sharer suffers if his reputation gets too good, so a reputation system may create a perverse incentive to behave poorly sometimes. Indeed, a group of friends might conspire to trash their own reputations, so as to ensure themselves unimpeded access to each others’ files.
There is also the question of who will do the record-keeping for a file-sharing reputation system. EBay is happy to keep track of the reputation reports for their users, because it boosts EBay’s business. The vendor of a file-sharing system may worry that keeping any kind of record of each transaction between users, and giving any kind of recommendation to users about where to get files, might bring the vendor one step closer to the kind of active participation in infringing transactions that got Napster in trouble.
Despite this, my prediction is that at least some file-sharing vendors will try adopting reputation systems, and that after a few false starts they will find a way to make those systems at least modestly successful to combating decoy tactics. But that’s only a guess – I won’t stake my reputation on it.
Trade Agreement
May 7, 2003 by
Donna Wentworth at Copyfight reports that the U.S. has signed a trade agreement with Singapore that requires the U.S. to refrain from repealing the anti-circumvention provisions of the Digital Millennium Copyright Act. This looks suspiciously like an end-run around the legislative process.
One complaint about the DMCA has been that it holds back the development of technology in the U.S., and thereby weakens our competitive position against other countries’ technology industries. The obvious solution to this kind of self-inflicted competitiveness problem is to repeal the offending law. It looks like our trade representatives have hit upon another plan: convince other countries to hold back their technology industries too.
RIAA Hackathon Not Likely
May 6, 2003 by
Andrew Ross Sorkin’s much-discussed article in Saturday’s New York Times details planning by the record industry to launch aggressive cyber-attacks against suspected copyright infringers.
Some of the world’s biggest record companies, facing rampant online piracy, are quietly financing the development and testing of software programs that would sabotage the computers and Internet connections of people who download pirated music, according to industry executives.
The record companies are exploring options on new countermeasures, which some experts say have varying degrees of legality, to deter online theft: from attacking personal Internet connections so as to slow or halt downloads of pirated music to overwhelming the distribution networks with potentially malicious programs that masquerade as music files.
Some of the programs described are unethical and probably illegal to use. An example is a program that “locks up a computer system for a certain duration — minutes or possibly even hours — risking the loss of data that was unsaved if the computer is restarted.”
It’s not surprising that a few people are asking “what if” questions about technological measures that are theoretically available to the music industry. I of all people am not going to criticize somebody for thinking about the technical implications of security attacks that they would never imagine actually carrying out. What is surprising is that some industry people are talking to the press about the possibility of carrying out these attacks.
The music industry has carefully positioned itself as a bulwark against the depredations of a scofflaw techno-rabble. Articles like this only tarnish that carefully cultivated image. So: who is talking to the Times about this?
A close reading of the article seems to reveal that there is less here than meets the eye. The RIAA distances itself:
[RIAA President Cary Sherman] said that while his organization often briefs recording companies on legal issues related to what he calls “self help” measures, “the companies deal with this stuff on their own.”
And as for the more extreme approaches, he said, “It is not uncommon for engineers to think up new programs and code them. There are a lot of tantalizing ideas out there — some in the gray area and some illegal — but it doesn’t mean they will be used.”
The five major record companies are similarly closed-mouthed:
The music industry’s five “majors” … have all financed the development of counterpiracy programs, according to executives, but none would discuss the details publicly. Warner Music issued a statement saying: “We do everything we feel is appropriate, within the law, in order to protect our copyrights.” A spokeswoman for Universal Music said that the company “is engaging in legal technical measures.”
Nothing in these statements indicates that the majors are considering illegal or borderline-legal actions.
The main sources for the article appear to be two companies, Overpeer and MediaDefender, who have reason to tout their techno-capabilities to the industry, along with anonymous “industry executives.” My guess is that the extreme measures discussed in the article represent the fantasies of a few people in the industry, rather than an organized plan that has any chance of becoming reality.
RIAA-Student Lawsuits Settle
May 2, 2003 by
The RIAA has settled its lawsuits against four college students, dropping the suits in exchange for a payment of between $12,000 and $17,500 from each student. The settlements did not require the students to admit any wrongdoing.
The students had been accused of direct infringement (for allegedly offering copyrighted files directly from their own computers) and of contributory infringement (for allegedly running search engines that others used to find infringing files).
The RIAA spin appears to be that the students’ decision to settle on these terms indicates that the students expected to lose on the contributory infringement claim. This spin is, to say the least, implausible. Getting out of this lawsuit for $15,000 or so was a great deal for the students, considering the legal expenses involved in going to trial, and the very real possibility that the direct infringement claim alone would have led to a judgment for tens of millions of dollars.
In my view, these lawsuits tell us nothing new about the legal status of the kinds of general-purpose search engines these students were running. The lessons of these suits are simpler: (1) don’t be a direct infringer, and (2) getting sued by the RIAA is expensive.
