Monday, September 20, 2004

Ideals and Idiots

At some point, the pundits fighting ideas like sender identification and digital rights management are going to wake up on the outside of the web mainstream looking in. Keep a list of the people who tell you that this is all a bad dream and YAGNI. It's a bad dream, yes, but you sure do need it if you plan to conduct business on the web.

The frictionless 'we are an independent nation' days of Internet engineering are over. Time to grow up and get used to the idea that items in transit, virtual or otherwise, are secured and so are the railways, highways, and information highways they run on.

The wild west was tamed when the man of law was backed up by the man of action. The WWW is no different but for too long it has been men of action ('just the right people') and people who 'talk too much and think too much' but don't have the stomach for the law and law enforcement. New business models will emerge, the cost of an MP3 will find a stable zone, and yes, the RIAA and others will continue to track and prosecute theft.

A lot of the pioneers of the Internet and the World Wide Web are supporters of open systems the way the cattle ranchers were supporters of open ranges. Freedom meant 'don't get in my way' but left little to the imagination of who would have free range and who would have rights. We may wish it were otherwise, but the surges in identity theft, theft of property, spamming and phishing make it important to find those who can combine law and action. If that means Microsoft steps up to the plate and '"git's it dun'", then they win marketshare. If the open sourcers and the free range supporters want to fight that, fine. Linux can die and take the open source movement with it. That's not a good thing, not a desirable outcome, but those who want a free range ecology have to understand the market is never sympathetic to "Sounds Good Maybe Later" when the foxes are taking eggs and the weasels are eating them.

Then there is the URL I received in the mail today. In the 'information space' of 'information resources', this one is a real hummer. It provides the names, photos and locations of agency employees and informants. It provides scans of sensitive documentation from public safety agencies. It proudly proclaims, 'If you have databases on us, we have databases on you.'

It is the most profoundly stupid website I've had to look at to date.

1) If those are real people in those photos and this is not a hoax, the site owner is signing death warrants.

2) Just as the lack of means to classify content by type got us PICS, this will get an even more invasive clampdown.

3) What happens if someone in a snit posts a picture of their freshly ex-domestic partner to that site?

So tell me, web pioneers, pundits of the let a thousand flowers bloom school, what should we do with this garden of poisoned poppies? Should the police agencies who do have some pretty powerful servers get Distributed Denial of Service Attack software and simply blow that site off the air? I can't say I would be bothered by that. It seems to be the tactic of choice when others get snarfled out there. Should they send sharply worded memos or their lawyers? Or should they log any traffic to that site? Can't be done? Couldn't catch the P2P thieves either, right? If you build it, they will listen, and they will react. Why? That is what you pay them to do and they are pretty good at it. Because of sites like this, it will be harder for undercover police to work, harder to turn informants, harder to make cases. Result: drug use in your neighborhood will go up, crime will go up, violence will go up. What will come down? The cost of your web service and your quality of life.

Quite an achievement...

Smart security sustains freedom. Otherwise, "freedom's just another word for nothing left to lose." To those who still want the web as it was in 1993, in the words of the Duke, "You talk too much. You think too much. Besides, you didn't kill Liberty...", you weaseled your way out of it, one stupid idea at a time.

10 comments:

Anonymous said...

Uh, if the web site you're talking about is breaking any laws, they should be charged and tried and if guilty shut down and if flagrant injunctioned down in the meantime, as with any other criminal activity. If they're not, they shouldn't be, because we in the civilized part of the world enjoy a government of laws not men. If what they're doing should be illegal but isn't, then we need legislation in place to cover the situation. Yes, getting there from here is slow and messy; democracy being, as the man said, the worst system imaginable aside from all the others.

The notion that issues of privacy and identity have anything to do with technology is silly. This is about policy and enforcement. Posting something on a web site is not qualitatively different from posting it on a billboard beside the highway. Doing either without getting caught is possible but difficult; fortunately there are smart people on the enforcement side too.

What am I missing? -Tim Bray

len said...

"What am I missing?" - Tim

That where laws have yet to be enacted for situations now possible by dint of emerging technology in the hands of those not willing to respect institutions, those who lead communities step up to call for right behavior. Where right behavior is a given, laws are seldom necessary or formalized. Common law is sufficient. Given the world wide nature of the Internet and the laissez-faire deployment of the web technologies, common law isn't sufficient, and formal law is too local.

If Microsoft does something you consider bad behavior even if perfectly legal, you castigate them, yes? In this case, the people who publish that page are endangering the lives of citizens and public safety officers. What is the greater danger, a closed document format or a closing coffin?

Do we need laws? Reckless endangerment comes to mind. Freedom of speech is not guaranteed where it threatens the safety of the public (you can't yell 'fire' in a crowded theatre). The problem is a law requires a remedy. What is the remedy to be obtained here?

We have to be very informed in some cases before implementing or castigating a technology. We have to know what are the uses to which it will be put. If we don't know, we have to watch carefully as it is applied.

It would be more fun to blast the servers but that isn't legal either.

len said...

"The notion that issues of privacy and identity have anything to do with technology is silly. This is about policy and enforcement." - T.B.

Technology isn't free of requirerments. Knowing those is essential to bidding and designing a system. In the public sector, this is particularly true. Privacy rights over health information, for example, are required to be implemented, see HIPAA. Contrary to popular belief, as web information resources are used for data mining, the public systems will have less restrictions than the government systems. Public systems widely disseminate, aggregate and sell personal information without securing the permission of the person so identified.

By contrast, the Markle Foundation report advises the 9/11 Commission that the government use of such information can have such consequences as to justify restricting their use of otherwise widely available public information through the use of such anonymizing technologies as one way hashing, masking, blind matching and so forth for link analysis. Only after a pattern has been identified should the agency then seek disposition as to whether the personal identification technology can be applied.

Policy and technology have to work hand in hand. As I point out in the next blog, that can be difficult to achieve, so going after simple solutions exclusively may not work when the customer has stricter requirements than the commercial sector.

Anonymous said...

I probably agree with you, since i make a living in the business of selling copyrighted content via the Internet, but...

I don't think (most) people oppose DRM, etc. because they really feel that the Internet should be wide open (i.e., all content as free as it yearns to be, any information can be made public with complete anonymity, and so on). The issue, i believe, is that current law is tending toward a model of centralized control that might place limits on how an individual can use the Internet. There won't be overt censorship, but rather a process of specifying precisely who owns what combined with a process of specifying the liability of the data carriers for transporting "stolen" or otherwise illegal content.

As you say, this might be absolutely necessary for the Internet to survive as a means of commerce. But i also think that virtually everything interesting that's come from the net has been the result of the fact that the Internet is architected to just convey bits (granted, that includes many bad things too). But if the Internet is nothing more than a more efficient marketplace, will it really matter anymore?

len said...

"The issue, i believe, is that current law is tending toward a model of centralized control that might place limits on how an individual can use the Internet... a process of specifying precisely who owns what combined with a process of specifying the liability of the data carriers for transporting "stolen" or otherwise illegal content."

1) The use of DRM or more generally, IRM (Information Resource Management) is to enable local declarations of use. In fact, centralization is exactly the problem. It can't be sustained and evidence for this shows up in the patent office problems, intelligence analysis, copyright enforcement, and so on. As to who is liable, that is a red herring of sorts with regards to transport on the Internet. As to hosting, that isn't as of yet. I think it might be but I think levels of responsibility and remedies is an area in need of much oversight. So as to DRM, distribution of declarative authority is necessary. As to oversight, so far the case for the industry governing itself is made but so far insufficient. Do you think it a good thing to put the plans for all public infrastructure on the web even if not illegal to do so? The first measure of sensible law should be how easy it is to tell right behavior from wrong behavior. These are context-sensitive, so where the law will go awry is in making generalized laws from specific cases. To me, it is easy to call the act of aggregating and providing a public data mart of informants and undercover agents a stupid act even if gathered from public sources. At some point, the law should be able to shut that down.

"As you say, this might be absolutely necessary for the Internet to survive as a means of commerce. But i also think that virtually everything interesting that's come from the net has been the result of the fact that the Internet is architected to just convey bits (granted, that includes many bad things too)."

I think everything interesting about the net has come not from its architecture but from the ease of communicating globally and locating communities of interest. The rest is data plumbing.

"But if the Internet is nothing more than a more efficient marketplace, will it really matter anymore?"

A more efficient marketplace is precisely what some pre-web global hypermedia systems designers had in mind. That this is being achieved is quite laudable. For some, it was communications free of national barriers. That this has been achieved for many is quite laudable. For some, the creation of a new libary of Alexandria with cheap and free information resources was the goal. That this has been achieved is spectacular.

That all of these have been achieved with the same system, cheaply implemented over Cold War left-overs from DARPA and DoD was well worth the knighthood given to the inventor. But most of all, it means that as long as we can sustain the Internet and improve its operations with such inventions, it will always matter. I consider DRM and identity management to be innovation, not degradation. They emerge to solve certain problems that the abstractions of 'bits on the wire' don't.

Centralized control is not the problem. If by that you mean Microsoft, don't worry. They only capture markets when others aren't sharp enough to leverage advantages. If by that you mean our governments, they are learning that centralized control doesn't get them the results they are after.

If by that you mean the owner of the information being shared, then you are back to the problem of Liberty Valance. The cattle ranch owners wanted an open range and to remain a loosely governed territory so they could profit by it. That openness was part of their business model. They were willing to hire Liberty Valance to kill farmers to keep it. The farmer needed fences to protect crops and livestock from foraging animals. That was their business model but they had no means to protect it. The man of action works with the man of law and together, turn wilderness into a garden. Given local rights by law instead of individual skill, that can be a very good way to govern.

Anonymous said...

Thanks for your detailed response. Quite impressive.

By "centralized control" i meant, i guess, control by the government (plus Microsoft, the MPA, the RIAA). You know the old chestnut about how the Internet will route around censorship. I'm not sure that was ever true literally, but it seems somewhat more likely if the data carriers are simply competing for a share of the bit conveyance business. On the other hand, if laws are passed that require the data carrier to differentiate between legal content and illegal content, then everybody might pay more for data transport and the carriers have incentive to simply stop transporting anything that doesn't have clear ownership. A similar concern forms if the data carriers are penalized for transporting data that the FCC deems offensive.

So by expressing concern with "centralization" i'm not implying that i'm worried about having to ask microsoft.com or bigbrother.com if i may use the content i just acquired. Rather i'm concerned that regulation will freeze out legitimate file sharing, anonymous content that might be beneficial, and fringe material that might offend someone. True, this isn't a problem with DRM. Just to be clear: i've got no problem with a more efficient marketplace, i just don't want to give up the Library of Alexandria to get it.

Thanks,
-mike (mwm@cts.com)

len said...

See http://www.icannwatch.org/article.pl?sid=04/09/21/1812238&mode=thread

In the view of many smaller entities, the question is whether it will be governance by private concerns or whether a broad, inclusive and transparent form of governance emerges. It is isn't an issue of whether or not it will be governed. It already is.

There are very big problems with law when multiple semi-independent groups set precedents for limited jurisdictions that then must contract among themselves. The Seattle contract issue I mentioned in the later blog is an example. What must be watched carefully is which issues a broad governance group tries to tackle. Remedies without penalties make for toothless law and yet how does one legislate that without broad enforcement. There is definitely a devil and the deep blue sea aspect to that which the UN has wrestled with since its inception and very recently.

What is obvious though is that the laissez-faire days of anything goes on the web are coming to an end sooner or later. The page that I mentioned in the blog are evidence of why.

fantasy football draft said...

howdy - you hvae an interesting blog and I enjoyed reading it! I know I like it when people appreciate my work, so I thought I would give you some credit!

Thanks,

fantasy football draft

cheap hosting hostingcom web said...

Hey, just a quick hello from someone in Central America.
cheap hosting hostingcom web
Charles

poker web site tightpoker hosting said...

Just blogging for a while, found your site that also happens to be around poker web site tightpoker hosting, so just saying what's up.

Charles

Comment Policy

If you don't sign it, I won't post it. To quote an ancient source: "All your private property is target for your enemy. And your enemy is me."