December 27, 2024

Apple's File Labeling: An Effective Anticopying Tool?

Recently it was revealed that Apple’s new DRM-free iTunes tracks come with the buyer’s name encoded in their headers. Randy Picker suggested that this might be designed to deter copying – if you redistribute a file you bought, your name would be all over it. It would be easy for Apple, or a copyright owner, to identify the culprit. Or so the theory goes.

Fred von Lohmann responded, suggesting that Apple should have encrypted the information, to protect privacy while still allowing Apple to identify the original buyer if necessary. Randy responded that there was a benefit to letting third parties do enforcement.

More interesting than the lack of encryption is the apparent lack of integrity checks on the data. This makes it pretty easy to change the name in a file. Fred predicts that somebody will make a tool for changing the name to “Steve Jobs” or something. Worse yet, it would be easy to change the data in a file to frame an innocent person – which makes the name information pretty much useless for enforcement.

If you’re not a crypto person, you may not realize that there are different tools for keeping information secret than for detecting tampering – in the lingo, different tools for ensuring confidentiality than for ensuring integrity.

[UPDATE (June 7): I originally wrote that Apple had apparently not put integrity checks in the files. That now appears to be wrong, so I have rewritten this post a bit.]

Apple apparently used crypto to protect the integrity of the data. Done right, this would let Apple detect whether the name information in a file was accurate. (You might worry that somebody could transplant the name header from one file to another, but proper crypto will detect that.) Whether to use this kind of integrity check is a separate question from whether to encrypt the information – you can do either, or both, or neither.

From a security standpoint, the best way to do guarantee integrity in this case is to digitally sign the name data, using a key known only to Apple. There’s a separate key used for verifying that the data hasn’t been modified. Apple could choose to publish this verification key if they wanted to let third parties verify the name information in files.

But there’s another problem – and a pretty big one. All a digital signature can do is verify that a file is the same one that was sold to a particular customer. If a file is swiped from a customer’s machine and then distributed, you’ll know where the file came from but you won’t know who is at fault. This scenario is very plausible, given that as many as 10% of the machines on the Net contain bot software that could easily be directed to swipe iTunes files.

Which brings us to the usual problem with systems that try to label files and punish people whose labels appear on infringing files. If these people are punished severely, the result will be unfair and no prudent person will buy and keep the labeled files. If punishments are mild, then users might be willing to distribute their own files and claim innocence if they’re caught. It’s unlikely that we could reliably tell the difference between a scofflaw user and one victimized by malware, so there seems to be no escape from this problem.

What's the Biggest Impact of IT on Copyright?

On Saturday I gave a talk (“Rip, Mix, Burn, Sue: Technology, Politics, and the Fight to Control Digital Media”) for a Princeton alumni group in Seattle. The theme of the talk is that the rise of information technology is causing a “great earthquake” in media businesses.

Many people believe that the biggest impact of IT is that it allows easy copying and redistribution of all types of content. To some people, this is the only impact of IT.

But I argue in the talk that the copying issue is only one part of IT’s impact, and not necessarily the biggest part. The main impact of IT, I argue, is that computers are universal devices that can perform any operation on digital data (except those operations that are inherently undoable and therefore can’t be done by any device).

I stress universality over copying in the talk for two reasons. First, it’s a point that most people miss, especially non-techies. Second, it lets me hint at the most important tradeoff in copyright/tech policy, which is how copyright sometimes stands in the way of developing powerful technologies for creating and communicating. Most people are quick to see the advantages of strong copyright in the digital world, but slow to see the price we’re paying for it.

This debate – whether IT is primarily a copying machine, or a creative tool – seems to run deeply throughout the online copyright debate. Those who see copying as the main impact of IT don’t much mind restricting digital technologies to further their copyright aims. But those who see creativity as the main impact of IT aim to protect the vitality of the IT ecosystem.

I come down on the creative side. I think the biggest long-run effect of IT will be in changing how we communicate and express ourselves. This is not to say that copying doesn’t matter – it clearly does – but only that we need to take the creative effects of IT at least as seriously as we take copying.

As I say in the talk, if IT’s impact is like an earthquake, file sharing is not the Big One, it’s only the first tremor.

(Thanks to Ed Lazowska, whose email exchange with me after the talk triggered this post.)

Is SafeMedia a Parody?

[UPDATE (Dec. 2011): I wrote the post below a few years ago. SafeMedia’s website and product offerings have changed since then. Please don’t interpret this post as a commentary on SafeMedia’s current products.]

Peter Eckersley at EFF wrote recently about a new network-filtering company called SafeMedia that claims it can block all copyrighted material in a network. We’ve seen companies like this before and they tend to have the warning signs of security snake oil.

But SafeMedia was new so I decided to look at their website. My reaction was: what a brilliant parody!

The biggest clue is that the company’s detection product is called Clouseau – named for a detective who is not only spectacularly incompetent but also fictional.

The next clue is the outlandish technical claims. Here’s an example:

Pirates are smart and innovative, and so is Clouseau. Our technology is dynamic, sees through all multi-layered encryptions, adaptively analyzes network patterns and constantly updates itself. Packet examinations are noninvasive and infallible. There are no false positives.

Sees through all encryption? Even our best intelligence agencies don’t make that claim. Perhaps that’s because the intelligence agencies know about provably unbreakable encryption.

Wait a minute, you may be saying. Perhaps SafeMedia was just making the usual exaggeration, implying that they can stop all bad traffic when what they really mean is that they can stop the most common, obvious kinds of bad traffic. Good guess – that’s the usual fallback position for companies like this – but SafeMedia doesn’t shrink from the most outlandish claims of infallibility:

What if illegal P2P no longer worked? What if, no matter how intelligent, devious, or well-funded an Internet pirate was, they absolutely could not transmit copyrighted material via P2P? SafeMedia’s goal was to create the technology that would achieve exactly this. And we succeeded.

Employing our new technology, Clouseau and Windows + Transport Control, makes illegal P2P transmission of copyrighted material impossible. IMPOSSIBLE. Not difficult and not improbable. IMPOSSIBLE!

The next clue that SafeMedia is a parody is the site’s blatant rent-seeking. There’s even a special page for lawmakers that starts with over-the-top rhetoric about P2P (“America is at war here at home within our own borders. And we are taking casualties. Women, men, and children.”) and ends by asking the U.S. government to act as SafeMedia’s marketing department:

We need the Congress to pass legislation appropriating funds for installing the technology on every Federally-supported computer network in the country, most importantly in educational institutions (schools, colleges, universities, libraries)…. We need the Department of Commerce to promote using the technology in all American businesses big and small, and to push for its international adoption. We need the Department of Education to insure that every educational institution in the USA, private and public, primary and secondary, college and university, is obeying the law.

You now have the right weapons. Let’s end the war!

Add up all this, plus the overdesigned home page that makes maddening fingers-on-a-blackboard noises when you mouse over its main menu area, and the verdict is clear: this is a parody.

Yet SafeMedia appears to be real. The CEO appears to be a real guy who has done a few e-commerce startups. The site has more detailed help-wanted ads than any parodist would bother with. According to the Internet Archive, the site has been around for a while. And most convincingly of all, an expensive DC law firm has registered as a lobbyist for SafeMedia.

So SafeMedia really exists and company management thought it a good idea to set up a parody-simulating website and name their product Clouseau. What an entertaining world we live in.

(Thanks to Peter Eckersley for sharing the results of his un-Clouseau-ish investigation of SafeMedia’s existence.)

Cablevision and Anti-Efficiency Policy

I wrote recently about the Cablevision decision, in which a judge appeared to draw a line between two kinds of Digital Video Recorder (DVR) technologies. (DVRs let home viewers record TV shows and play them later.) The judge found unlawful a Remote Storage DVR (RS-DVR) in which recorded shows are captured and stored in the cable TV company’s data center, but he apparently would have allowed a Set-Top Storage DVR (STS-DVR) in which shows are recorded on a device kept in the customer’s home.

Why should the law prefer that recorded shows be stored in the customer’s home? The judge’s reasoning was that the cable company is more involved in an activity if that activity happens in its data center. This appears to follow from the judge’s reasoning even if the alternative in-home STS-DVR is owned and controlled by the cable TV company. But I’m not asking what the law says; I’m asking instead what it should say. Why should the law prefer STS-DVRs over RS-DVRs?

If the goal of the law is to protect copyrighted material – and remember that this was a copyright case – then you might expect it to favor solutions that are more controllable or more resistant to content ripping. But the court got the opposite result: Cablevision was liable because it had more control. The result will be more customer control, which is a benefit for many law-abiding customers.

The court’s ruling also has implications for technical efficiency. Central storage is arguably more efficient than set-top storage in the customer’s home, because of economies of scale in managing a central facility. The court’s decision pushes companies toward set-top storage, even though it is probably less efficient and offers virtually the same functionality as central storage.

It might seem at first glance that public policy should never try to increase the cost of a lawful activity, but in fact there are exceptions. It can sometimes make sense for policy to raise the cost of an activity, if that activity has benefits but can harm nonparticipants. Raising costs rather than banning the activity outright can prevent marginal uses while allowing those uses that provide greater benefit. Of course, if you want to argue that raising the cost of DVRs is good policy, you’ll have to make several assumptions about the costs and benefits of DVRs – assumptions that are very likely untrue.

Even before the suit was brought, Cablevision was already reducing the efficiency of its system in the hope of improving its legal position. For example, their storage facility had a separate storage area for each customer, even though it would have been much more efficient to use a single shared pool of storage. If 5000 customers asked to record last week’s episode of Lost, Cablevision would store 5000 identical copies of that episode, one in each customer’s areas. It would have been easy, and much more efficient, to store a single copy. The only sensible reason to keep redundant copies is that a system with individual storage areas might look to a judge more like a set-top DVR system, thereby bolstering the argument that the system is just like a (presumably lawful) STS-DVR. In other words, even before the recent ruling, legal factors were pushing Cablevision toward a less efficient implementation.

For the companies who filed the suit, the goal was not to serve the public but to maximize their own economic advantage. What they cared about, most likely, was simply establishing that one had better come to them for approval before doing anything new. By that standard, they must see the suit as a big success.

Viacom, YouTube, and Privacy

Yesterday’s top tech policy story was the copyright lawsuits filed by Viacom, the parent company of Comedy Central, MTV, and Paramount Pictures, against YouTube and its owner Google. Viacom’s complaint accuses YouTube of direct, contributory, and vicarious copyright infringement, and inducing infringement. The complaint tries to paint YouTube as a descendant of Napster and Grokster.

Viacom argues generally that YouTube should have done more to help it detect and stop infringement. Interestingly, Viacom points to the privacy features of YouTube as part of the problem, in paragraph 43 of the complaint:

In addition, YouTube is deliberately interfering with copyright owners’ ability to find infringing videos even after they are added to YouTube’s library. YouTube offers a feature that allows users to designate “friends” who are the only persons allowed to see videos they upload, preventing copyright owners from finding infringing videos with this limitation…. Thus, Plaintiffs cannot necessarily find all infringing videos to protect their rights through searching, even though that is the only avenue YouTube makes available to copyright owners. Moreover, YouTube still makes the hidden infringing videos available for viewing through YouTube features like the embed, share, and friends functions. For example, many users are sharing full-length copies of copyrighted works and stating plainly in the description “Add me as a friend to watch.”

Users have many good reasons to want to limit access to noninfringing uploaded videos, for example to make home movies available to family members but not to the general public. It would be a shame, and YouTube would be much less useful, if there were no way to limit access. Equivalently, if any copyright owner could override the limits, there would be no privacy anymore – remember that we’re all copyright owners.

Is Viacom really arguing that YouTube shouldn’t let people limit access to uploaded material? Viacom doesn’t say this directly, though it is one plausible reading of their argument. Another reading is that they think YouTube should have an extra obligation to police and/or filter material that isn’t viewable by the public.

Either way, it’s troubling to see YouTube’s privacy features used to attack the site’s legality, when we know those features have plenty of uses other than hiding infringement. Will future entrepreneurs shy away from providing private communication, out of fear that it will be used to brand them as infringers? If the courts aren’t careful, that will be one effect of Viacom’s suit.