November 24, 2024

Posts Comments

Intentia vs. Reuters: A (Slightly) Contrarian View

October 31, 2002 by

The recent dispute between Intentia and Reuters has gotten lots of online attention, most of it scornful of Intentia’s position. I think Intentia is wrong, but it’s a closer call than most online commentators seem to think.

Here’s the factual background, as far as I can tell: Intentia, a Swedish company, prepared their earnings report, and put that report on its web site, at a “hidden” URL to which there were no links anywhere. A Reuters reporter guessed the URL, accessed the earnings report, and published a story about it, all before Intentia intended for the information to be released. Now Intentia is suing Reuters in Swedish court, charging that Reuters accessed Intentia’s computers illegally and without authorization.

As a non-Swede and non-lawyer, I won’t opine on what Swedish law says about this. Anyway, the more interesting question is what what the law should say about this case. Or to put it another way, how should we draw the line between proper and improper access to a computer system?

Most people seem to feel that what Reuters did was legitimate. That’s my gut feeling too. But it’s not as easy as you might expect to explain why.

One common argument is that because Intentia put the file in a place where it was easily accessed, Intentia should have known that people would access it there, so Reuters cannot be faulted for doing so. This has intuitive appeal, but I don’t think it’s right to argue entirely from technical capabilities. That is, the mere fact that Reuters knew how to access the file cannot be enough to show that the access was proper.

Consider a hypothetical in which Intentia puts the file on its site, protected by a password. Is it proper for Reuters to guess the password and access the file? I don’t think so. I’m not comfortable with a rule that would legalize arbitrary file access via password-guessing.

Now from a technical standpoint, there is little difference between using a secret URL and using a secret password. Both rely on the user typing a secret text string; both send that string across an unencrypted HTTP connection; and both provide the requested file only if the string has been entered correctly. Both provide the same level of security. So if password guessing is improper, then why isn’t URL guessing improper?

The answer, I think, is that using a password sends different signals about Intentia’s intentions than using a URL. If a system challenges you to enter a password, it’s clear that the system’s owner is not authorizing you to continue. But if you just type a URL into a browser and the system supplies you with a file, the owner’s intentions are not clear. If, in fact, the URL was something obvious like “3rd_quarter_earnings.pdf,” then a reasonable person might have concluded that Intentia meant it to be accessed by the public.

Ultimately, this depends on the law recognizing social norms about the Net: that accessible files are by default meant to be accessed; that people use a password if they want to restrict access; and that the lack of a password mechanism is taken to imply that public access is allowed.

Filed Under: Uncategorized Tagged With:

Fritz's Real Hit List

October 30, 2002 by

Seth Finkelstein suggests that I should reexamine my “Fritz’s Hit List” feature in light of the “leeway” concept. Seth says, in effect, that it is possible, or at least it might be possible, to redefine the scope of the Hollings CBDTPA so that it covers “what 99.9% of the population uses for business or entertainment,” while not covering the items on Fritz’s Hit List.

I started Fritz’s Hit List to illustrate the extreme overbreadth of the Hollings CBDTPA. This can’t be fixed by making minor adjustments to the bill, or by relying on leeway to cover a few exceptional cases. The bill’s scope is far, far too broad. That’s the real point of Fritz’s Hit List.

This raises the obvious question of whether the bill can be fixed. Is it possible to redefine “digital media device” so that it is broad enough to cover the things it “needs” to cover, yet narrow enough to leave out dolls, dictaphones, and dog toys?

That’s harder than it sounds. I don’t know how to write such a definition. I haven’t seen anybody else offer a good definition either. The CBDTPA’s authors gave us a definition that is pretty far off.

So here is my challenge to the advocates of the Hollings CBDTPA: When you respond to Fritz’s Hit List, don’t just say, “That isn’t what we meant.” Tell us – specifically – what you did mean.

Filed Under: Uncategorized Tagged With: ,

Fritz's Hit List #28

October 30, 2002 by

Today on Fritz’s Hit List: cockpit voice recorders.

These devices, which are part of an airplane’s “black box,” record the sounds audible in an plane’s cockpit, for forensic use in case of an accident. Newer recorders use digital storage, so they qualify for regulation as “digital media devices” under the Hollings CBDTPA. If the CBDTPA passes, any newly manufactured cockpit voice recorders will have to incorporate government-approved copy restriction technology.

Fight piracy – regulate cockpit voice recorders!

[Thanks to Eric Bragg for suggesting this item.]

Filed Under: Uncategorized

Microsoft Decision Upcoming?

October 29, 2002 by

We’re still waiting for Judge Kollar-Kotelly to rule on the two outstanding issues in the Microsoft antitrust case: whether to approve the settlement between Microsoft, the DOJ, and the settling states; and what remedy to give the non-settling states. She is expected to rule simultaneously on both issues, and the ruling could come at any time.

The court has a mailing list, to which it sends updates about the case. (Click here if you want to subscribe.) The updates are simple text messages, typically announcing that some minor motion has been filed. Today, though, the list received an unusual test message, apparently testing out the court’s ability to send a PDF attachment to the list. It’s almost as if the court is expecting to send out a large PDF document soon.

Filed Under: Uncategorized Tagged With:

How Much Progress?

October 29, 2002 by

Dan Gillmor quotes Ray Kurzweil as saying that:

The rate of change … is accelerating exponentially. We are “doubling the paradigm shift rate” on a constant basis. This century will be the equivalent to 20,000 years of progress at today’s rate, and people don’t appreciate the implications of this.

I have to admit that this 20,000-years-of-progress claim sounded roughly plausible to me at first. Ted Shelton had the same reaction. But even a little bit of number-crunching shows that Kurzweil must be wildly wrong.

I’m not precisely sure what Kurzweil means by “progress,” but in light of the talk about paradigm shifts, it seems reasonable to assume that “progress” has something to do with the advancement of human knowledge, understanding, or well-being.

Kurzweil says that progress advances exponentially, which seems to be a reasonable assumption. But how fast does the exponential rise? Kurzweil’s “20,000 years” claim turns out, through the magic of logarithms, to imply a 7% annual growth rate, that is, 7% more progress each year than the year before, with the increases compounding over time. That translates to a doubling in human progress every ten years.

That just can’t be right. For one thing, it implies that the amount of human progress between 1,000,000 B.C. and 1992 A.D. is equal to the amount of progress between 1992 and 2002. By any reasonable definition of human progress, things can’t be advancing nearly as fast as Kurzweil claims.

It’s surprising that a guy as smart as Kurzweil made this kind of mistake. In retrospect, I’m surprised that the claim sounded plausible to me and Gillmor and Shelton. I guess people are not very good at thinking about exponentials.

Filed Under: Uncategorized