I Don't Want To Be A Nerd!

The blog of Nicholas Paul Sheppard
Archive for november 2013

Selling digital media: someone else's problem

2013-11-25 by Nick S., tagged as commerce, digital media, intellectual property

Some mis-communication of my views on Suelette Dreyfus' recent Conversation article about the effect of the Trans-Pacific Partnership on Internet server providers drew my attention to a false dichotomy that seems to exist in apportioning responsibility for combatting on-line copyright infringement. Dreyfus fears that the Trans-Pacific Partnership might make Internet service providers more or less completely responsible for the enforcement of copyright on-line. The proposed methods being draconian, she suggests that "the motion picture and music publishing industries should pay for and manage their own security." If Dreyfus' characterisation of the Trans-Pacific Partnership is correct, I suppose there are at least a few in the media industries who hold the view that the computer industry should pay for and manage the same security. As I discovered, an attempt to explore a middle view is prone being interpreted as a view from one of the poles.

Dreyfus goes on to trot out the hoary old suggestion that media industries "simply trial new models for making money." I suppose that the media industries could point out that monitoring network traffic for commercial material and charging for it is a new model for making money. But whatever merits such a model may or may not have, insisting on a dichotomy shuts down any innovation that requires the participation of both the computer and media insdustries.

I'm reminded of an interview in the film The Corporation (2003) in which the interviewee describes corporations as "externalising machines" that will take any opportunity to transfer the costs of their activity to someone else. (Economists call such costs "externalities"). In the context of on-line copyright enforcement, the computer industry would like to sell the Internet and have the media industries provide the wares that make the Internet desirable, while the media industries would like to distribute their wares across the Internet and have the computer industry pay for upholding the law that makes this financially rewarding. Bill Rosenblatt argues that some of the problems with digital rights management systems stem from the media industry's pursuit of exactly this kind of externalising, leading the computer industry to develop the cheapest protection technology that it can get away with.

Rosenblatt may have a point, but of course funding the development of copyright protection technology is only part of the process. Even if the media industries meet all the costs of developing and managing copyright protection technology, the computer industry controls the environment in which this technology must be deployed. Whoever funds the technology itself, it won't be of any use if the computer industry can't be convinced to deploy it in the appropriate places.

Anti-DRM commentators play to this dichotomy when they claim that they respect content creators' interests, but go on to reject any attempt to protect those interests because it interferes with users' sovereignty over their computers. Extreme proposals from the media industries are the other way around. Yet playing media on a computer necessarily intermingles media and computer, and on what basis could the media become owned by the computer, or the computer owned by the media?

On the structure of computing revolutions, part 2

2013-11-15 by Nick S., tagged as buzzwords

I was a little surprised to read that "P2P networks are yet another manifestation of the shift of information systems' control to individuals" in an article by Tom Kirkham and colleagues in the September/October 2013 issue of IEEE Security & Privacy (p. 14). Everywhere else, I read that information is moving to the cloud. Cloud enthusiasts might even point out (rightfully) that the series of examples of peer-to-peer social networks that follow the statement are rarely heard of outside technical circles, and do not appear to pose the slightest threat to Facebook or Google.

I suppose that Kirkham and colleagues are trying to leverage the enthusiasm for the "disintermediation" and "user-generated content" that made a buzz around 2000-2005, and live on as "social media" now. Cloud computing and disintermediation aren't necessarily incompatible: individuals can and do create their own content and store it in cloud-based services like web hosts, virtual worlds, Facebook and Twitter. (The particular proposal made by Kirkham et al., though, is very un-cloud-like.) I'll come back to this later.

The same issue of Security & Privacy has Gary T. Marx writing about the line between citizens assisting with law enforcement and citizens pursuing vigilantism (pp. 56-61). Despite the recent prominence of citizen journalism and success in apprehending suspects after the bombing of the Boston marathon, Marx observes that cooperation between law enforcement and the public is hardly new: governments have been encouraging citizens to report crimes for decades, and, in the more distant past, routinely employed citizens as auxiliary law enforcers.

All this had me groaning: is anything ever new? A moment's thought assured me that surely something is, since plenty of technology exists now that didn't exist a hundred years ago. My reaction to the claims of both Kirkham et al. and their opposites in the cloud computing camp is really a reaction to sweeping claims that computing is centralising, or de-centralising, or intermediating, or disintermediating, or converging, or diverging, or whatever. At any one time, surely some things might be de-centralising (like creation of web pages) while others are centralising (like hosting of the same web pages), depending on the most efficient and effective way of using the available technologies. To claim that there is any overall trend seems pretty bold, to say the least.

Whatever technology is doing, however, we remain human and we continue to struggle with rights vs responsibilities, privacy vs accountability, individuality vs community, and a hundred other tensions that likely existed before anyone ever rubbed two sticks together, let alone built a computer. Technology may change the means by which tensions like these are expressed and resolved, but it hasn't made us a whole new species with whole new needs and desires. Facebook may have appeared only ten years ago, for example, but it's hardly the first time anyone had a social network.

I've previously observed that commentators can generate a lot of nonsense by mistaking a change in one aspect of computing for a computing revolution. I should perhaps extend that observation to include mistaking a change in technology for a change in humanity.

The bad guys are the enemy of the good guys, and vice versa

2013-11-03 by Nick S., tagged as privacy

Recent articles on surveillance and privacy from Ashlin Lee and Peta Cook on The Conversation and John Leyden (quoting Art Coviello) on the The Register provoked some fairly predictable responses from anti-surveillance commenters. Said commenters insist that surveillance is self-evidently something that Big Bad Government does and should be stopped, and seem confused that anyone else would think otherwise.

Lee and Cook's argument, as I understand it, is that many of us like displaying certain aspects of ourselves to others, including people who we do not know beforehand, and that we therefore cannot simply reject all surveillance out-of-hand as "Orwellian". This idea, however, seems to be incomprehensible to commenters like Ben Marshall and Damien Hayden, who attempt to define the problem out of existence by insisting that "surveillance" refers only to watching someone without that person's permission, and that such a thing is self-evidently bad. We could, indeed, reserve the word "surveillance" only for whatever kinds of watching we don't like. But this won't eliminate our desire to express ourselves by exhibiting chosen characteristics, with the implication that we actually want people to pay attention to us when we do so.

Leyden reports the view of Art Coviello, the executive chair of RSA Security, that "anonymity is the enemy of privacy". Such a statement, of course, makes no sense to the classical security technologist's view that privacy is about never revealing anything, and that privacy and anonymity go hand-in-hand in protecting computer users from interference. Coviello's argument, as it is described in Leyden's article, isn't completely clear to me, but seems to be something like: anonymous miscreants are able to attack security systems with impunity, thus revealing the private data protected by said systems. Perhaps Coviello meant to say that anonymity is the enemy of security, and allude to the well-known tension between freedom and security that appears in nearly all debates on law enforcement.

While working in information security myself, I came to the view that security technologies can be used both by the good guys to protect themselves from the bad guys, and by the bad guys to protect themselves from the good guys. I therefore don't see much sense in making sweeping statements about the moral or political merits of anonymisation technologies, surveillance technologies, and other such things without reference to the context in which they are used. The statement attributed to Coviello is an example, and is difficult to interpret for this reason. But sweeping anti-surveillance statements are no more enlightening: how many people dress in ninja costumes whenever they're outside the house, lest others "surveil" what kind of t-shirts and haircuts they like to wear? And if people like to express themselves off-line, why wouldn't they want to do it on-line as well?