[NEC] #2.12: The RIAA Succeeds Where the CypherPunks Failed (fwd from nec-admin@shirky.com)

Eugen Leitl eugen at leitl.org
Wed Dec 17 11:47:13 PST 2003


----- Forwarded message from nec-admin at shirky.com -----

From: nec-admin at shirky.com
Date: Wed, 17 Dec 2003 13:28:41 -0500
To: nec at shirky.com
Subject: [NEC] #2.12: The RIAA Succeeds Where the CypherPunks Failed
Reply-To: list-replies at shirky.com

NEC @ Shirky.com, a mailing list about Networks, Economics, and Culture 

           Published periodically / #2.12 / December 17, 2003 
               Subscribe at http://shirky.com/nec.html
			       Archived at http://shirky.com
          Social Software weblog at http://corante.com/many/

In this issue:

 - Introduction
 - Essay: The RIAA Succeeds Where the Cypherpunks Failed
     Also at http://www.shirky.com/writings/riaa_encryption.html
 - Worth Reading:
    - GrokLaw: MVP of the SCO Wars
    - Tom Coates Talks With A Slashdot Troller

* Introduction =======================================================

The end of another year. Thank you all for reading. See you in January.

-clay

* Essay ==============================================================

The RIAA Succeeds Where the Cypherpunks Failed
  http://www.shirky.com/writings/riaa_encryption.html

For years, the US Government has been terrified of losing surveillance
powers over digital communications generally, and one of their biggest
fears has been broad public adoption of encryption. If the average
user were to routinely encrypt their email, files, and instant
messages, whole swaths of public communication currently available to
law enforcement with a simple subpoena (at most) would become either
unreadable, or readable only at huge expense. 

The first broad attempt by the Government to deflect general adoption
of encryption came 10 years ago, in the form of the Clipper Chip
[http://www.epic.org/crypto/clipper/]. The Clipper Chip was part of a
proposal for a secure digital phone that would only work if the
encryption keys were held in such a way that the Government could get
to them. With a pair of Clipper phones, users could make phone calls
secure from everyone except the Government. 

Though opposition to Clipper by civil liberties groups was swift and
extreme [1] the thing that killed it was work by Matt Blaze, a Bell
Labs security researcher, showing that the phone's wiretap
capabilities could be easily defeated [2], allowing Clipper users to
make calls that even the Government couldn't decrypt. (Ironically, ATT
had designed the phones originally, and had a contract to sell them
before Blaze sunk the project.)

[2] http://cpsr.org/cpsr/privacy/crypto/clipper/clipper_nist_escrow_comments/
[3] http://www.interesting-people.org/archives/interesting-people/199406/msg00006.html

The Government's failure to get the Clipper implemented came at a
heady time for advocates of digital privacy -- the NSA was losing
control of cryptographic products, Phil Zimmerman had launched his
Pretty Good Privacy (PGP) email program, and the Cypherpunks, a merry
band of crypto-loving civil libertarians, were on the cover of
[http://www.wired.com/wired/archive/1.02/crypto.rebels.html] the
second issue of Wired. The floodgates were opening, leading to...

...pretty much nothing. Even after the death of Clipper and the launch
of PGP, the Government discovered that for the most part, users didn't
_want_ to encrypt their communications. The single biggest barrier to
the spread of encryption has turned out to be not control but apathy.
Though business users encrypt sensitive data to hide it from one
another, the use of encryption to hide private communications from the
Government has been limited mainly to techno-libertarians and a small
criminal class.

The reason for this is the obvious one: the average user has little to
hide, and so hides little. As a result, 10 years on, e-mail is still
sent as plain text, files are almost universally unsecured, and so
on. The Cypherpunk fantasy of a culture that routinely hides both
legal and illegal activities from the state has been defeated by a
giant distributed veto. Until now. 

It may be time to dust off that old issue of Wired, because the RIAA
is succeeding where 10 years of hectoring by the Cypherpunks failed.
When shutting down Napster turned out to have all the containing
effects of stomping on a tube of toothpaste, the RIAA switched to
suing users directly. This strategy has worked much better than
shutting down Napster did, convincing many users to stop using public
file sharing systems, and to delete MP3s from their hard drives.
However, to sue users, they had to serve a subpoena, and to do that,
they had to get their identities from the user's internet service
providers.

Identifying those users has had a second effect, and that's to
create a real-world version of the scenario that drove the invention
of user-controlled encryption in the first place. Whitfield Diffie,
inventor of public key encryption
[http://www.webopedia.com/TERM/P/public_key_cryptography.html], the
strategy that underlies most of today's cryptographic products, saw
the problem as a version of "Who will guard the guardians?" 

In any system where a user's identity is in the hands of a third
party, that third party cannot be trusted. No matter who the third
party is, there will be at least hypothetical situations where the
user does not want his or her identity revealed, but the third party
chooses or is forced to disclose it anyway. (The first large scale
example of this happening was the compromise of anon.penet.fi, the
anonymous email service, in 1995
[http://www.mids.org/pay/mn/701/anon.html].) Seeing that this problem
was endemic to all systems where third parties had access to a user's
identity, Diffie set out to design a system that put control of
anonymity directly in the hands of the user.

Diffie published theoretical work on public key encryption in 1975,
and by the early 90s, practical implementations were being offered to
the users. However, the scenario Diffie envisioned had little obvious
relevance to users, who were fairly anonymous on the internet already.
Instead of worrying now about possible future dangers, most users'
privacy concerns centered on issues local to the PC, like hiding
downloaded pornography, rather than on encrypting network traffic.

However, Diffie's scenario, where legal intervention destroys the
users' de facto privacy wherever it is in the hands of commercial
entities, is now real. The RIAA's successful extraction of user
identity from internet service providers makes it vividly clear that
the veil of privacy enjoyed by the average internet user is diaphanous
at best, and that the obstacles to piercing that veil are much much
lower than for, say, allowing the police to search your home or read
your (physical) mail. Diffie's hypothetical problem is today's
reality. As a result, after years of apathy, his proposed solution is
being adopted as well.

In response to the RIAA's suits, users who want to share music files
are adopting tools like WINW (WINW Is Not WASTE)
[http://www.winw.org/] and BadBlue [http://www.badblue.com/], that
allow them to create encrypted spaces where they can share files and
converse with one another. As a result, all their communications in
these spaces, even messages with no more commercial content than
"BRITN3Y SUX!!!1!" are hidden from prying eyes. This is not because
such messages are sensitive, but rather because once a user starts
encrypting messages and files, it's often easier to encrypt everything
than to pick and choose. Note that the broadening adoption of
encryption is not because users have become libertarians, but because
they have become criminals; to a first approximation, every PC owner
under the age of 35 is now a felon. 

The obvious parallel here is with Prohibition. By making it
unconstitutional for an adult to have a drink in their own home,
Prohibition created a cat and mouse game between law enforcement and
millions of citizens engaged in an activity that was illegal but
popular. As with file sharing, the essence of the game was hidden
transactions -- you needed to be able to get into a speakeasy or buy
bootleg without being seen.

This requirement in turn created several long-term effects in American
society, everything from greatly increased skepticism of Government-
mandated morality to broad support for anyone who could arrange for
hidden transactions, including organized crime. Reversing the cause
did not reverse the effects; both the heightened skepticism and the
increased power of organized crime lasted decades after Prohibition
itself was reversed.

As with Prohibition, so with file sharing -- the direct effects from
the current conflict are going to be minor and over quickly, compared
to the shifts in society as a whole. New entertainment technology goes
from revolutionary to normal quite rapidly. There were dire
predictions made by the silent movie orchestras' union trying to kill
talkies, or film executives trying to kill television, or television
executives trying to kill the VCR. Once those technologies were in
place, however, it was hard to remember what all the fuss was
about. Though most of the writing about file sharing concentrates on
the effects on the music industry, whatever new bargain is struck
between musicians and listeners will almost certainly be unremarkable
five years from now. The long-term effects of file sharing are
elsewhere.

The music industry's attempts to force digital data to behave like
physical objects has had two profound effects, neither of them about
music. The first is the progressive development of decentralized
network models [], loosely bundled together under the rubric of
peer-to-peer. Though there were several version of such architectures
as early as the mid-90s such as ICQ and SETI at Home, it took Napster to
ignite general interest in this class of solutions.

And the second effect, of course, is the long-predicted and
oft-delayed spread of encryption. The RIAA is succeeding where the
Cypherpunks failed, convincing users to trade a broad but penetrable
privacy for unbreakable anonymity under their personal control. In
contrast to the Cypherpunks "eat your peas" approach, touting
encryption as a first-order service users should work to embrace,
encryption is now becoming a background feature of  collaborative
workspaces. Because encryption is becoming something that must run in
the background, there is now an incentive to make it's adoption as
easy and transparent to the user as possible. It's too early to say
how widely casual encryption use will spread, but it isn't too early
to see that the shift is both profound and irreversible.

People will differ on the value of this change, depending on their
feelings about privacy and their trust of the Government, but the
effects of the increased use of encryption, and the subsequent
difficulties for law enforcement in decrypting messages and files,
will last far longer than the current transition to digital music
delivery, and may in fact be the most important legacy of the current
legal crackdown.

-=-

* Worth Reading =======================================================

- GrokLaw: MVP of the SCO Wars

My colleague Elizabeth Lawley of RIT has convinced me that one of the
most profound effects of weblogs is the communal workings of those who
publish them, and that they contribute significant new value to
collaboration across disciplines and boundaries.

And now that she's convinced me, I see the pattern everywhere. The
Dean campaign piece I posted earlier today exhibits much of that
pattern, and so does today's Groklaw piece on SCO. By way of
background, SCO, once a technology company, has become a company
devoted to a single legal strategy:

1. Assert rights to the Unix operating system
2. Assert infirnging contributions of Unix source code to Linux
3. Sue firms that sell or use Linux, especially deep-pocketed IBM
4. Profit!!!1! (or at least buyout by IBM, to save them the expense of
the suit.)

Much of the matter is in dispute, and IANAL, but what is clear is
this: a) many SCO employees contributed to the Linux kernel, back when
SCO was a tech company ("oldSCO"), with the approval of their bosses,
and b) the Groklaw is doing an astonishing, world-changing job of
finding, documenting and publicizing these occurrences (alongside much
other work on the case.)
                     
A recent GrokLaw entry reads: 

  Groklaw has reported before on contributions made to the Linux
  kernel by Christoph Hellwig while he was a Caldera employee.  We
  have also offered some evidence of contributions by oldSCO employees
  as well.  Alex Rosten decided to do some more digging about the
  contributions of one kernel coder, Tigran Aivazian.  
  [...]  
  This paper is a group effort.  Alex's research was shared with
  others in the Groklaw community, who honed, edited, and added
  further research.  Then the final draft was sent to Tigran himself,
  so he could correct and/or amplify, which he has done.  

  http://www.groklaw.net/article.php?story=20031210111235600

Look at that second graf: "This paper is a group effort." Everyone
always says that about complex work, but this is different. This is
the end of two-party law, where plaintiff and defendant duke it out in
an arms race of $350/hr laywers and "Take that" counter-motions.

Instead, we have a third party, Groklaw, acting as a proxy for
millions of Linux users, affecting the public perception of the case
(and the outcome SCO wants has to do with its stock price, not redress
in the courts.) Groklaw may also be affecting the case in the courts,
by helping IBM with a distributed discovery effort that they, IBM,
could never accomplish on their own, no matter how may lawyers they
throw at it.

There are two ways to change the amount of leverage you have. The
obvious one is to put more force on the lever, and this is what SCO
thought they were doing -- engaging IBM in a teeter-totter battle that
would make it cheaper for IBM to simply buy SCO than to fight it out
in the courts.

The other way to get more leverage is to move the fulcrum. Groklaw has
moved the fulcrum of this battle considerably closer to SCO, making it
easier for IBM to exert leverage, and harder for SCO to. I can't
predict how the current conflict will end, but the pattern Groklaw has
established, of acting on behalf of the people who will be adversely
affected by a two-party legal battle, has already been vindicated,
even if SCO avoids bankruptcy.

- Tom Coates talks with a Slashdot troller:

Tom Coates, who has been talking on EverythingInModeration.org about
his travails with a persistent troll on the Barbelith community and
his subsequent attempts to ban that user, has elicited a response,
which has now become a conversation, with a slashdot troller. This
troller, posting as 20721, is arguing that any hidden moderation
system helps stimulate an arms race:

  i believe that it takes a certain amount of hubris to assume that
  the people you want to exclude are, by their nature, not as smart as
  you. you may be right about the people you're trying to exclude; i
  defer to your judgement, i'm not a member of the communities you
  are; but where i come from, the best & the brightest are the ones
  being cast out. they're cast out from communities by the following
  chain of events:
 
  1) secretive backhanded moderation tactic by the admins is discovered
  2) someone alerts the community
  3) the most technically apt in the community are able to reproduce
  the backhanded moderation tactic and verify its existence
  4) these people call foul and are labelled "trolls" for doing so,
  leading to the institution of more of 1) (repeat).

  this is how i started down the road i'm on. i was one of the many
  people who discovered that the people at slashdot were secretly
  moderating the users' comments, and one day they moderated the same
  comment 800 times - and then they lied about it, and said anyone who
  told the truth about it was a "troll". hence i became what they
  called me.

More, much more, at
http://www.everythinginmoderation.org/2003/10/tagging_difficult_users_with_infectious_markers.shtml 

* End ====================================================================

This work is licensed under the Creative Commons Attribution License.
The licensor permits others to copy, distribute, display, and perform
the work.  In return, licensees must give the original author credit.

To view a copy of this license, visit 
http://creativecommons.org/licenses/by/1.0 

or send a letter to
Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA.

2003, Clay Shirky
_______________________________________________
NEC - Clay Shirky's distribution list on Networks, Economics & Culture 
NEC at shirky.com
http://shirky.com/nec.html

----- End forwarded message -----
-- Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07078, 11.61144            http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
http://moleculardevices.org         http://nanomachines.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://lair.xent.com/pipermail/fork/attachments/20031217/1268d2e7/attachment.pgp


More information about the FoRK mailing list