Lessig

Hilary,

Will you be responding directly to any comments within the threads or will you simply be in lecture mode and stick to top-level posts the entire visit? I hope not as that would defeat the beauty of blogging...

Anyway, still curious if you read "Promises to Keep" and what you think of the idea of artists and consumers taking control of creations whilst using an attribution right and the Internet to trade, track, and count files in an automated compensation system.

No more costly middle man. That is, no more RIAA or MPAA - or at least, a wholly different meaning and purpose for those organizations. They would then become organizations with a mission to actually help artists as a whole - which they have not done at all. They have simply made a small minority rich and placed billions into the pockets of the organization's leaders and shareholders.

you mean 1998?

Peter Rock, Tom Poe, may we remind you that Ms Rosen is a GUEST here and deserves to be treated accordingly. show a little respect. (we would also like to point out that professor lessig very rarely participates in the threads he starts, and no one ever complains about it. not once has he responded directly to anything we have written and you don't see us crying about it.)

How much revenue are copyright owners foregoing by the current “licensing systems”? I’m guessing quite a bit.

point well taken rodander, but clearly it's not a uniform problem. jay kay, madonna, coldplay, and many other artists seem to be doing very well indeed under the existing market structure. brad pitt, tom hanks, sean penn, and johnny depp seem as well to have plenty of coin in their pockets.

lesser artists remain poor under the current structure because... well... maybe they suck.

Three Blind Mice: Who is the "we" and the "us" as if I or Peter is a "you" or "them"? Am I not part of the commentors group? What about Peter? Weird!

AxCx asked if I meant 1998. Actually, I was referring to Bruce Lehman in his position as chairman for undertaking the task of the Green Paper on Cyberights in 1993. At that point, I believe, and correct me if I'm wrong, we saw the formal recommendation to eliminate "Fair Use" issues from existence. To those who squealed like stuck pigs, he threw out the old let's go ahead, and in the interim, we'll do a study on the matter of how to bring "Fair Use" provisions back into existence at some later time. [cynical me]

in fact that is what is always so fascinating. the amount of people who face legal consequences for things like samples or parodies is so miniscule compared to the amount of their use. Music sample lawsuits, for example are really only done by successful artists against successful artists because it just isn�t worth it to pursue.

What? All you have to do is open Prof. Lessig's _Free Culture_ for counterexamples to your claim. Besides, the fact that the threat of a lawsuit exists is enough to keep non-wealthy artists from using samples without permission. The chance of being sued may be miniscule, but a lawsuit would be devastating.

poptones: Perhaps it is a limitation of the system, but it seems like we should not support overly zealous copyright laws just because they allow us to protect personal data such as tax returns and personal pictures. What we should do instead is refine the idea of "publication". Things that are not meant to be consumed by others, things which have not been published should be protected because they are private and things that have been published should be protected under copyright. Such a distinction would allow the two domains to get the different types of protection which they deserve.

So dividing the spheres creates difficulties. I do not see the problem with that since we have plenty of difficulties now, and this gets rid of a lot of them, in my opinion. I can think of a simplistic but probably salvagable solution to the labeling problem without much thought: something is published, protected under copyright, if you mark it as such. Otherwise, it is private. The picture scenario you bring up would be solved: it would be a private thing. Private things would be protected by stronger laws than things which are copyrighted but could not be used commercially.

As for people feeling towards their art as they do towards their children, there is nothing keeping them from making their art private. The difference between private and published should not be ones feelings towards them but how they are used (is the difference between commercial property and the property you build your home on the way you "feel" about the land itself or how you use it?).

And people do not really have the "right to be unreasonable". They have rights, which they may use unreasonably, but that is not the same. Oh, and please, please stop trying to make your point with emotional "what if"s.

Tom Poe, sorry for the confusion.
I didn't as you, I asked Hilary re her "story". i didn't even read your comment.

“Fair use” is obsolete

I agree to a certain extent.

I am from Australia and as you may know we do not have an open-ended fair use defence to copyright infringement like our American cousins. Rather copyright defence is segmented so the purpose of the use is only protected if it falls within specific categories: research and review, comedy etc. The doctrine cannot be extended by judicial considerations in Australia beyond those categories (No Sony here thank you very much).

I think the question of an open ended fair use doctrine can be put like this:-

What specific standard is used to determine whether a potential infringement is 'fair use'?

Well the standard in s 107 of the Copyright Act (US) says there has to be some 'fair use' purpose but leaves this open to new categories then states that we must consider four key topics:-

1. The purpose and the character of the use.
2. The nature of the work
3. The amount and proportion of copied work
4. The effect upon the potential market.

Now although this potential market may be different to the market debated above the relevance of the consideration would impact on the resulting decision in a similar way.

So to Tom Poe & Rodander and Co

Back off, market considerations and public policy are vital considerations to application of the Fair Use under the law. Take it up with your congressman.

At the same time I note to poptones

Fair use is vital and not obsolete. The limitation in the system is that it remains open ended and therefore open to further interpretations. The simple answer would be to get congress to make up thier minds about the true identity of fair use.

So lets get to the nub of it:-

Does Fair Use make the right of copyright devoid of value?

No, the act envisages the monopoly itself being subject to policy considerations.

Is there potential for the Fair Use doctrine to water down the monopoly granted under the Copyright Act?

Yes, certainly an open ended exception that is continually tested may come up with interpretations that limit an authors ability to establish an infringement against persons that reproduce thier works.

Does fair use cover reproduction by individuals?

No, every infringement that is not subject to fair use is actionable. Furthermore, the system used to infringe may also be liable (IE Grokster).

Now the biggie

Does Copyright Law inhibit Free Culture?

NO, Copyright law is a personal right which can be licenced or "waived". Free culture is the sum of the copyright material which is subject to this licencing and "waiving" combined with the material that is subject to "Fair Use" or any other copyright defence.

I do not see how this point is so hard to grasp. Why do you think you have a right to something that is not yours!!!!!

"Music sample lawsuits, for example are really only done by successful artists against successful artists because it just isn’t worth it to pursue."

That isn't an entirely fair picture. Successful artist's lawyers might not have authorization to pursue full-scale litigation against every sampler, but they can certainly send out a form "cease and desist or face litigation" letter, billing 1/10th of an hour to their client for the time it takes to address the envelope.

Those letters, in combination with the few highly publicized suits that DO get prosecuted, have just as much chilling effect on sampling as prosecuting every case to the full extent of the law would.

The RIAA knows this tactic well, in fact, it seems to have been your strategy when you started suing "judgement proof" college students for p2p use. Those kids settled for the entire contents of their college fund, which was less than the RIAA's legal costs I am sure. But having spent that money, you can now simply draft a threatening letter that refers to those cases and get the same effect for the price of a stamp.

This isn't an attack, I will admit for the purposes of this discussion that those people facilitated infringement, even though I strongly disagree with the severity of the individual punishments.

But I think the same process works to discourage fair use. People stopping the practice of sampling or parody out of fear of injurious prosecution proves that they "face legal consequences" for fair use. Public Enemy DID lose some of their creative mojo when lawyers forced a change in their practiced style of expression. (Of course Flava Flav going off the deep end didn't help either)

I don't want to be skeptical of the pull towards the middle exercised by the Commerce Department's "role" in the study of fair use... but I just can't help it. :)

But if you put your own tax return in your kazaa "share this junk with the world" folder then how can you call it "secret?" If you open your wallet to the world it may still be illegal for us to remove the cash from it, but you cannot blame us for peering inside when it was you who held it open for inspection.

Of course, in a properly designed system your tax return would have a file marker indicating it was not for broadcast. Or the machine itself would be smart enough to know "hey, this file is not supposed to appear on the kazaa file search index" and so it would keep that file both invisible and protected from unauthorized eyes even when the operator was too forgetful or ignorant (or malicious) to treat it otherwise.

This is why my entire hard drive is encrypted. For a while I tried the "I'll just encrypt this stuff" approach but when you do that it is far too easy to forget and drag this "bad" file over to the "good place." In an instant all that encryption is for naught.

It has taken Hollywood almost a decade to pressure the technology industries into putting some serious effort into making the personal computer "smart" enough to know the difference between a tax return and baby's first steps - and to be able to act accordingly. If this had instead been left completely up to the John p barlows and the EFF we would still be waiting. I'n glad the EFF is there, but I'm not about to stand in the way of Hollywood's drive to foster a technology that will create an entirely new paradigm for the way we think of "data."

corey, you give us the impression of someone who is awed by technology. as engineers, we approach this from the point of view that technology is a tool to serve mankind - it is not a God that mankind must bow before.

"cryptofascism" dear sir can be as much a result of the hegemony of an uncontrolled technology over our lives as it can be a result of our attempts to control that technology. as george washington observed about fire, technology is a useful servant and a dangerous master.

in a democracy only anarchists would want to see technology subvert the will of the majority.

so put your guns away wild bill hickcock: civilisation is coming to the internet and there is nothing you can do to stop it.

in a democracy only anarchists would want to see technology subvert the will of the majority.

And Poptones glances around nervously...

Christian, on review, our apologies. yes, we were a bit unclear.

as poptones highlighted, we wrote:

in a democracy only anarchists would want to see technology subvert the will of the majority.

what we should have said is, in a democracy only anarchists would want to see technology subvert the rule of law.

Hey, ACS, why did you throw me under the same bus as Tom Poe regarding fair use?

I really don't have much of a problem with fair use as it is. (see my wrangling with Aaron in the previous thread). It seems too many here want to have fair use safe harbors that are defined in advance (no doubt, defined to cover exactly only their desired uses and nobody else's). Having a court sort out fair use in difficult cases, based on those facts, is not a bad result, IMHO. Nor is it a bad thing to have a "use at your own risk" default if you use someone else's work without permission.

At the risk of being repetitiously redundant, my only point so far in this thread was that there appears to be a practical snag in the market system for some rights that keeps some buyers and sellers (licensors and licensees) apart and that gets in the way of supply/demand pricing for certain rights. In this day of worldwide instant communication and ebay commerce, one would think that an online licensing marketplace could spring up.

But it is misguided to solve a problem of transaction logistics for conveying rights by eviscerating the rights themselves.

Tom Poe:

"Hilary doesn’t respond to “little people”. She’s a policy maker. Her role is to decide how the world should look. That role requires she not engage in discussion of issues outside of those “selected” for the final cut process."

Hi Tom. I understand where you are coming from but my understanding was that Hilary was no longer working as a voice for the corporations. Therefore, I thought there was a chance that she - as a human being unencumbered by corporate directives - would address my question (or at least say "No, I haven't read the book - not interested"). I realize there are some bigwigs out there who actually believe they are "big people" and pay little or no attention to "little people", but I really have no idea about Hilary. I've never conversed with her and do not know her at all. She might not fit the bigwig category - I'd like to give her that chance and find out. Like I said, I wouldn't have even bothered asking if she still worked for the RIAA as responding to my question in a positive manner could open her up for dismissal by the organization. Perhaps I'm living in a dream world, but I am quite impressed that she is on Lessig's blog so I figured that - just maybe - she is slowly shedding her biases and old alliances and looking at the whole issue of digital file transmission with a whole new mind. Then again, I'm probably fooling myself if I think that just because Hilary doesn't *officially* work for the RIAA anymore that she is completely free from their economic/political agendas. I guess we'll see in time. Can't hurt to find out...no?

To the 3 Mice:

I'm not sure what it is I wrote that you thought attacked Hilary Rosen's "guesthood" on this blog. Regardless, I'm sure she can handle herself by either ignoring or responding to any offensive comments. In fact, having "The Mice" stick up for her is about as offensive a manouvre as one can imagine as it simultaneously reeks of a very brown nose...

Will you be responding directly to any comments within the threads or will you simply be in lecture mode and stick to top-level posts the entire visit?

well Peter Rock, where we come from guests in our home are treated better than the host. you would not (and do not) speak like this to professor lessig.

In fact, having “The Mice” stick up for her is about as offensive a manouvre as one can imagine as it simultaneously reeks of a very brown nose…

*mice turn the other cheeks*

how sweet. sir, the anonymous voices of the three blind mice have no need to suck up to anyone. pray tell, what would be the point? unlike others who wish to draw attention to themselves, we don't post a URL, we don't post an e-mail address, and we provide no connection to the real person behind the words. we're totally anonymous. get it?

that being said, like it or not Peter Rock we are all members of this blog family and this is our collective home... our (yours and ours and everyone else's) commons if you will. one of the remarkable things about this commons is that those who visit are generally polite, occassionally intelligent, at times witty, all too infrequently funny, but almost always devoid of ad hominen intent. in the echo chambers of cyberspace, this is - you must agree - highly unusual.

we do ask (most kindly) that you refrain from littering the commons. keep the lessig blog beautiful. it makes for a more pleasant visit and creates a better enviroment for the exchange of ideas.

"why should the on-line community exist under a different legal regime than the real world? "

Oh, lets see... perhaps because the online community isn't really real, or perhaps because it is but it encompasses more people and cultures than any single legal regime including the Anglo-American one you would presumably adopt for us all.

"corey, you give us the impression of someone who is awed by technology."

No, actually I was an engineer for 8 years. There are things I helped develop inside your computer most likely. Many people get confused though, I have become somewhat of a techno-skeptic and resemble an anarchist.

"and like capitalism, more consistent with the principles and ideals of liberal democracy than is commons-ism."

There you go again, postulating the superiority of neoliberalism. By the way, all graphical browser software including IE can be traced back to Mosaic, which was a government/university project that was distributed for free.
Netscape and IE were "follow-ons" designed most obviously to extract property from something previously "common"

TBM, thankyou for your comments. Although I would agree with you that allot of innovation does occur in proprietary production methods, i believe you overstate the case that commons projects (especially FOSS projects such as Linux, or what we now know as the internet for that matter) would never have been possible without proprietary exclusion licenses in place. I don't really think this is a matter of opinion or argument, but of fact. (the body of literature on this point is rather extensive, prof. Lessig himself points this out in OPEN ARCHITECTURE AS COMMUNICATIONS POLICY, pgs 44-54)

Now, as far as "innovation" is concerned...one of, if not the primary advantage that commons production has over proprietary production (for the record, let me point out that I'm talking about digital/idea production, NOT material production) is that you do not have to expend resources on distributing labour. Labour distributes itself, people work on things that interest them...this has enormous concequences for both the innovation of technologies and long term effeciency.

TBM quoting me:

"Will you be responding directly to any comments within the threads or will you simply be in lecture mode and stick to top-level posts the entire visit?"

TBM:

"well Peter Rock, where we come from guests in our home are treated better than the host. you would not (and do not) speak like this to professor lessig."

Side question: How would you know how Larry and I communicate?

Regardless, we are now at 116 comments in threads and not one is Hilary's. I don't expect her to respond to everyone, but what is the point of blogging if you are going to be only passively and semi-responsive to your audience? Why is she here? Why not just go on television?

I want to know if she considers the future of digital culture for stakeholders (rather than simply shareholders as was her duty as president of the RIAA) and what it will mean for my children and her children and Lessig's children and Lasica's children and on and on and on...if we continue to use the entertainment industry (i.e. the movie and music corporations in their current form) as a vehicle for art when there could be a radically better way of pursuing and creating digital culture.

Perhaps the RIAA was necessary but technology has revolutionized the status quo. The problem is that the RIAA is interested in maximizing profit instead of looking after artists. They say they are looking out for the artists but they are not. At best, the RIAA is looking after their artists but not artists as a whole. A different approach by consumers (i.e. something resembling Fisher's ideas) and mission (i.e. something resembling a non-profit organization working to defend actual rights instead of privileges), I believe, is something important to pursue.

Peter Rock

Interesting story Hilary.
I must say that I recognize your "long used legislative tactic". It's often used as an excuse not to the legislative job proberly. DMCA and all it's spawn are no exceptions.
These laws deal with something they call "technological protection measures", but any computer scientist who is not trying to make money selling DRM would tell you that such a thing can not be made to work in software. Attempts will only create non-interoperability. You can make secure DRM systems with hardware, but the effect will be the same: incompatible systems.
In the end this quest to get DRM into everything will mean a goodbye to the one thing which made the PC and the Internet a success: That is is open systems. If Hollywood gets their way we will be back in the 1980's where all computersystems were closed, propritary and incompatible... which of course will result in a monopoly.

3BM:

"the internet will change. it is changing. there is no question about it. in countries such as china it isn’t the same internet as it is in america."

?!

For someone who just spoke on software layers in the next paragraph I'm surprised you would say such a thing. The Internet is not changing at all. It hasn't changed since its infancy. The Internet is exactly the same in China as it is anywhere in the world. This is why those in the Chinese government who wish to block access to information must have engineers write code at layers above the Internet protocols (e.g. the browser) in an attempt to stop the dissemination of bits. Or, they can strike deals with self-interested corporations like Microsoft and purchase software like MSN Spaces that are pre-packaged to block content linked to free speech and democratic issues.

See - http://news.ft.com/cms/s/d07011b8-d9d6-11d9-b071-00000e2511c8.html

It is precisely because the Internet is the same in China as it is everywhere else that deals like this and those surrounding DRM through Hollywood occur. The Internet's nature is to be free flowing. And unfortunately, organizations like the RIAA and MPAA are having a huge influence on how the technology (both hard and soft) develops over time when they really should have no say.

Yes, "no say".

You see, the RIAA and MPAA in their curent form are bound by law to seek policies and influence government in a way that maximize profit - not benefit the public. I'm not blaming anyone - that is just an indisputable fact. But the beauty is, the RIAA and MPAA are not people - so we can use "them" and then toss "them" into the garbage once we have a complete troubleshot system ready to be put in place and not feel as though we have hurt anyone in the process. Sure, we can look at some sort of gradual buy-out of these organizations - they need not be financially obliterated overnight...after all, there are people monetarily connected (i.e. shareholders and directors) to these corporations. But their control over culture is not needed anymore - in fact, their control is keeping the potential for the worldwide distribution of digitized culture at bay. That is, it is much of Hollywood's doing that the darknet exists.

I don't want my children or any children to have to go to the darknet in order to participate in culture. And with some imagination and a wholly different approach, I believe they wouldn't have to.

Peter Rock

p.s. Lasica's "Darknet" is a very informative book by the way. I bought it this summer and although I'm only about 3/4 of the way through it, I give it an early and high recommendation. "2 thumbs up" as Ebert would say.

If Hollywood gets their way we will be back in the 1980’s where all computersystems were closed, propritary and incompatible… which of course will result in a monopoly.

yeah, Peter Mogensen, just like GSM. which by the way STILL has more paying subscribers than the internet has users. think about that commons-ists. patent encumbered, proprietary, non-open GSM is the world's most important communication system. and also the most egalatarian.

as the Economist pointed out a few months ago, GSM also contributes more to the economic development in the 3rd world than the internet does. IWRC, the quote was "the real digitial divide is between nations that have GSM and those that do not." access to the internet (except for nigerian spammers) wasn't even an issue.

Peter Rock don't get all pedantic on us. to some people, internet means TCP/IP, to others it means the world wide web, and to us it means what happens when we launch a browser window. china is introducing the legality layer we talked about, as other countries will do the same independent of the others, this is what will create problems with interoperability.

Poptones:

"Your fears are not well founded at all, then. You see, Hollywood and DRM already have “no say” over that flow of information. DRM is itself built upon encryption, and all the encryption in the world will not reroute those packets or reidrect them from their destiny."

I understand what you are saying Poptones - I didn't make myself clear. In fact, I spotted my error. I meant (correction in bold) -

-----
organizations like the RIAA and MPAA are having a huge influence on how the technology that sits upon the internet (both hard, soft, and firm) develops over time when they really should have no say.
-----

We've seen Hollywood take down some software at the application level (e.g. Napster). With the "trusted computing" agreement, Non-free BIOSs on ROM chips has become an issue as consumers can be herded into buying particular hardware that will be compliant only with particular operating systems. That layer is now under attack. And at the processor level itself there is already speculation over Intel DRMing (i.e. more "trusted computing") their upcoming VIIV processor. Many are speculating whether or not the upcoming Mac move to Intel has something to do with this.

I agree on one level, Poptones, that all the DRM in the world will not stop packets from switching. But pragmatically, Hollywood is saying that we cannot live in a world of free (as in freedom - not price) software and expect to be a participant in much of our digital culture. The corporations are essentially saying - "Sure, you can do anything you want...anything that is, that we allow to have happen in your little free software prison cell." All the free software in the world won't help if the processors and ROM/BIOSs are controlled by the corporations and turned into black boxes.

You see, I want freedom - not free stuff. I have piles of legally purchased books, CDs and DVDs. I don't even have a p2p file sharing program currently installed on my GNU system at home. In fact, at home, less than 1% of my 500+ CD/DVD collection violates(?) copyright law (and that's only if you consider the unasked-for gifts I've received from friends who've 'burnt' stuff for me as 'illegal'). However, I have downloaded and kept entire "All Rights Reserved" works anonymously through the internet at work. But I must have this access at work and should not be told I need to buy from any particular software or hardware or firmware vendor. My rights to content are protected under fair use, but what is protecting my rights from having to buy from a particular motherboard vendor or a particular processor vendor and run a particular operating system in order to obtain digital culture?

Especially considering my work necessarily requires me to freely share in order to perform my function to the best of my abilities, I must have freedom and so too must those whom I share software and digital culture files with who number in the hundreds. This is why I am shocked when Mice squeak and claim that the creative commons supporters just want free (as in price) stuff.

Bottom line is - I need freedom in order to create the absolute best work environment.

Absurd. Ridiculous. I'm sorry, but no lesser adjectives describe this sort of FUD.

First, look at Apple's recent fiasco with the beta OSX/X86 systems... these have DRM components built right in and yet, miraculously, they run both Windows and linux! Those thinkpads Stallman was talking about, too, include TC components and yet, somehow, I have had no trouble getting them to boot, install, and run linux. There are even people (too few, sadly) working to incorporate those TC "hooks" into linux.

The specifications for the TC platform are available on their website. A full command list and spec is linked right form their front page. Of course, like all trade organizations they have "members only" sections and all that sort of nonsense and we lowly "consumers" of their information have no say upon the direction or development of this technology.

But that is by our own folly. I've been pretty vocal on the ubuntu site about this as well, I finally gave up realizing that the FUD simply runs too deep to garner much support until someone in a leadership position picks up the ball, and it's unlikely Shuttleworth spends even a nanosecond reading posts there anyway.

Not that I'm picking on Shuttleworth... but he's the founder of ubuntu linux. and He's a Millionaire technologist with a political kink. I use ubuntu myself, so this is the first direction I head. But he's not alone; there's Linspire, and Redhat, and Novell, and a host of other smaller companies out there that could easily come up with the $50K/year "membership fee" that would put them on the voting board of the TCG. And TC is not incompatible with linux or with liberty - but until the leaders of this "free community" get over their hypocrisy and zealotry none of that is going to matter. If they truly demand a free hardware platform then one of these leaders needs to fire up the sourceforge and rally some meaningful support for the project. the doomsday scenario outlined in that article you linked already exists and has for some time.

When I install and run ubuntu I do not begin with the kernel source. I may have to recompile the kernel at some point, but even when I do so I am not beginning from a full source tree - most of it is linked from precompiled modules. I have an AMD system and so to even get decent graphics I have to similarly run a proprietary piece of software from them. yes, this is annoying; I bought my motherboard for the sound mixing features but am unable to use any of them because Nvidia refuses to add those features to the proprietary drivers for my motherboard.

So, I am already using proprietary software. and if you are using linux on a system of recent vintage then you are as well: intel, ATi and Nvidia ALL have "proprietary" features in their chipsets and, therefore, the "open" drivers available support only the most basic features. If your computer was made after about 1999 then it is presently impossible to escape this requirement of deploying some proprietary modules upon otherwise "open" linux systems - and yet linux based systems of recent vintage exist. They do their job and they do not betray the owner via backdoors. (To do this would be foolhardy, of course, as they would be found out and their customers would flee to those suppliers who do not betray them.)

There is nothing to prevent Mark Shuttleworth from sponsoring one or more technical members at the TCG, developing a trusted kernel module for ubuntu, and making ubuntu a trusted root authority. Would the module itself be "free?" No, no more than the Nvidia modules I already run on my linux machine. But Mark Shuttleworth has shown himself to be a friend of the community, and the corporation behind ubuntu linux is a bonafied (and, therefore, responsible) party that would surely qualify for membership within this organization (and were they denied such membership one can well imagine the press battle and the governmental antitrust investigations that would follow).

Would this make all linux systems TCPA compliant? No, it would only make those running ubuntu's kernel compliant. Nor would it make all the software run upon these systems "trusted." That does not, however, preclude anyone from choosing to develop software that would be trusted nor would it preclude anyone from choosing to run said software.

TCPA is, at its core, a very good thing for all of us. It builds robust encryption right into the platform which will increase performance. And the entire point of the platform is to allow the machine to keep individual processes segregated from one another, which means you can have "good" and "bad" software running at the same time - this is not a bad thing. It would dramatically increase the security of computing systems regardless of whether the owner of a system chose to link the machine to Hollywood's root authority.

And if you don't want to use that stuff then there's nothing to prevent you from opting out of all of it - as many parts of the world are likely to do. The internet does not begin and end in the US and most of the TCG work is being done right now with an eye toward deployment in the US. In order for it (or for a competing platform - which we are still quite free to develop) to succeed then it will have to offer real benefits to the consumer and it will have to work as advertised.

There are valid objections to this deployment. But DRM of some sort is coming - and it must if the internet (aka the web) is to ever live up to the hype. So long as there is no DRM, every person who uses the web for commerce will be a slave to the credit banks and, ultimately, the world bank and the will of the US.

You want to see creativity stifled? The Noriega factor is a greater hindrance to societal change and artistic expression than all the lawyers and lobbyists in Washington. And until a platform is made available to us all that will allow for the electronic equivalent of a trustworthy cash like system of exchange, JP Barlow's "declaration" amounts to nothing more than a utopian call to martyrdom.

Y'know, TBM, it's funny you mention the innovation Windows provided, considering how it started:

Microsoft shipped Windows on November 20 [1985], and two days later during Fall COMDEX (a huge industry trade show) in Las Vegas, Gates and Sculley signed a confidential, three-page agreement that granted Microsoft a "non-exclusive, worldwide, royalty-free, perpetual, nontransferable license to use these derivative works in present and future software programs, and to license them to and through third parties for use in their software programs." In other words, Apple got Microsoft's commitment to upgrade Word for Macintosh, delay Excel for Windows until October 1, 1986, plus an acknowledgement that "the visual displays in [Excel, Windows, Word, and Multiplan] are derivative works of the visual displays generated by Apple's Lisa and Macintosh graphic user interface programs." In other words, Microsoft got Apple's crown jewels, and Apple got shafted. Not since British Prime Minister Neville Chamberlain appeased Adolf Hitler with the Munich Pact of 1938 had the world seen such a fine demonstration of negotiation skills.

And DOS was bought by Bill and Co. from a company, and cleaned up from it.

Microsoft was built on the idea of (very slyly) taking software from other companies. There was actually a movie made a few years back that aired on TNT about Steve Jobs, Bill Gates, and the whole start of the computer age, called The Pirates of Silicon Valley (har har har). It's definitely recommended, I would really suggest watching it (everyone, really). In fact, this is great timing! The DVD of the film is about to be released on August 30th.

Of course, Xerox was the originator of the GUI and the mouse in the first place (with more visionary executives, we could be bitching about them today instead of Microsoft or Apple...heh).

TMB, you accused me of hyperbole in a prior post, but now I'm accusing you of simply slinging mud in directions that make no sense. I love a great deal of Creative Commons and indie music. Hell, I'm an artist, too, and my group is actually selling stuff (yay us!), in part because of (not despite) the fact that we're offering the whole works free online. Part of our music was taken from CC sources, and yet I haven't heard anyone accusing us of being unoriginal or mediocre. Sure, our style isn't for everyone, but we worked damn hard on the album. Not everything that is "proprietary" is somehow better than something that is borrowed or changed. Peter Jackson's imagining The Lord of the Rings trilogy is a great example of a derivative work being very powerful, very original, and very innovative. But, you argue, he paid for it (or, more accurately, New Line paid for it). But I've heard you complain on several occasions about non-proprietary somehow being worse (or at least that's the feeling I get from your posts). But does that only apply to free (legal) borrowing, and not bought-and-paid-for borrowing? You seem to equate free borrowing and free music (not "free" as in beer) as somehow lesser figures with fewer talents. I'd like to argue that this is absurd.

Like anything, monetizing something and placing huge backing behind it does create a lovely market. I'm kinda curious how well Tryad would do with a major label backing, actually.

But, I do think that CC is a great step to no longer needing those companies to promote and sell and distribute and market and control. I'm not saying, nor advocating, that they disappear, but just that they will no longer be an integral part of success...you see? And, more importantly, that something that just pops into someone's head is not necessarily better than something borrowed from someone else (especially if that borrowing is legal...or at least if you have a licensing agreement that really screws 'em over, am I right?).

I think you correctly point out that civil libertarians, whether they be free-content or anti-patriot act nazis, are terminally paranoid.

Give the owner of the computer knowledge about the endorsement key or make an “owner override” and this will actually be something you can trust.

That EFF article is ancient and it would seem you haven't even read the comments section where the foolhardiness of that notion was pointed out months ago.

By definition you cannot have a trusted system if that system contains backdoors that allow the owner of the machine to tell it to lie. Putting an "owner override" of the type called for in that article would mean anyone could disable any DRM components installed. In the scenario I am conveying, such a backdoor would be, literally, a license to print your own money. No one in their right mind would ever trust such a system.

Like I said: the point of this system is to allow components to exist in their own sandboxes. If you want to run edonkey no one is stopping you, but you won't be able to move the files you bought from itunes into that untrusted application. You can play your mp3s in itunes, but you can't play your itunes in xmms. If you truly care about free culture that won't matter to you anyway, since you'll only be buying fairly licensed music direct from the artists.

The "owner override" is called "deny root authority." No root authority is going to give you their private key any more than I would ever give you my own private PGP key. If you don't want to trust Hollywood's root authority, then lock them out and watch your Hollywood HD-DVDs with a $49 Apex like everyone else - or do like me, and don't watch them at all.

PE didn’t lose their “mojo.” Rather, they lost their primary musical instrument. That seems to be the part you are not getting. What you did is akin to smashing YoYoMa’s cello and then wondering where all the genius went. In a word, disingenuous.

well that's quite an analogy Dave W.

"what counts is that the rhymes
designed to fill your mind"

Public Enemy lost the rhymes and became irrelevant. loss of magic charm didn't have anything to do with it.

what about Spike Lee? do you think Spike Lee should have been able to sample "Fight the Power" without compensating Public Enemy in order to produce Do the Right Thing? it was just a little sample. less than one minute in a 2 1/2 hour film. sampling was essential to his artistic expression. right?

what about Spike Lee's freedom? what about his mojo?

maybe D.J. Lord and Chuck D would have been down with that, but we thinks Professor Griff and Flava Flav would have wanted their money. especially Flav.

I'm really enjoying these guest commentaries on Lessigs blog.
I love the creative commons,use the creative commons and I took my kids to the Napster Hearing back on April 1,2001.
They still have the dusty blue T-shirts,but the hearing went right over thier heads, they remember going, but not what it was about. Mom's crazy field trip was in vain, which is sad because we are all artists and the issues are important. In retrospect I should not have been surprized, afterall the other kids in matching t-shirts on field trips to Washington D.C probably did not understand all of the issues surrounding copyright, though that day I wished I could have steered them all into attending the hearing. So many gray areas, and a kind of us versus them partisanship, demanding that we choose sides.

@poptones

Which "comment section" ? Could you please point me to the argument you're making?

You cannot speak of trust without defining who can trust who. You're speaking of Hollywood trusting my computer, and I'm speaking of me trusting my computer.
Unfortunately you can't have both. If a third party can deny speaking to me unless I run the exact software which they have approved, I can be forced to use specific software or stay away. Unlike you I don't believe that it's always an option to just stay away. I might do fine without Hollywood DVDs , but there will come applications where I will be forced to run specific software. And not all software is available for all platforms, so I will also be forced to run a specific OS (at least on one computer).
What would stop a company requiring you run IE to access their website?

I can see from your arguments that you believe TC to be the solution to online cash. I don't ... I simply don't want to be dictated who I have to trust to trust my cash.

rodander, you said, "How much of one�s musical talent and artistry depends on choice of instrument?"

I think what Dave W. was getting at (and correct me if I'm wrong) was that people can be extremely talented on one instrument, but not so much on another. For instance, I played both trumpet and piano, but I was much better at piano, and took to it much quicker. If I did not have the piano to work with, I would still play as well on the trumpet, but wouldn't have nearly the ability. So, essentially, it's not a matter of choice of instrument, but talent on certain instruments and lack of ability on others.

At least that's how I've seen it to be.

Now, that's legality aside. From a legalistic standpoint, the arguments are much different (of course).

Jumping into the talent discussion:

I play the trumpet... and several other instruments. Though I do not play piano or guitar. I don't think it's a matter of diffent talents. I just haven't taken the time to learn the basics. I suspect than if I ever get around to learn guitar and relax when holding it (it hurts my fingers :) ) then I will be able to transfer what I know from other instruments. Of course, some instruments are easier than others. Brass instruments (like trumpet) require you to train your lips and keep them fit. A flute on the other hand is not a demanding to get a correct sound from.

Which “comment section” ? Could you please point me to the argument you’re making?

The comment section on the linked EFF artiicle. But it doesn't matter, I made the argument myself right in my post.

You cannot speak of trust without defining who can trust who. You’re speaking of Hollywood trusting my computer, and I’m speaking of me trusting my computer.

Why can you not trust your computer just because oyou agree to allow a third party to certify that parts of it work as advertised? What operating system do you use now? Who wrote it? Even if you use linux or a BSD derivative, did yu personally audit the Million or so lines that make up the core? Did you write the BIOS it runs when you boot the machine? Do you carefully checksum that contents every time it rebooted?

How do you know you can trust the operating system you use now? If you live in the US and the police even suspect you of having illicit ties they are empowered to enter your home when you are not there and covertly install keylogging software. This software doesn't even go onto the hard drive - it goes into the BIOS itself, and you would never know. As a matter of fact there are virii that run under windows that are able to do this even without a third party having physical access to the machine.

There is no trust in present day systems. I know how these machines are made, I know about the software that runs on them - and I know how very little they may be "trusted." I have the entire hard drive encrypted and yet a simple flick of the wrist at the wrong time can mean copying "private" data into a "public" space and I might never even know it - because the machine is too stupid to know what is "private" and what is not.

If this were a trusted platform, guess what? Even if root authority X wanted to access the data created by the software running under rtoot authority Y they couldn't because they are locked out just like everyone else. If you don't want to trust root authority X then don't use their software - just use the software from root authority Y, or RA Z, or generate your own RA key and don't trust any of them. Of course you won't be able to use the porograms (or data) locked to root authorities X, Y or Z - but that is your choice to make. If you feel locked out start up your own service and get other people to trust your root authority, then you can all live by whatever rules you agree.

Unfortunately you can’t have both. If a third party can deny speaking to me unless I run the exact software which they have approved, I can be forced to use specific software or stay away.

This already exists. Go to real.com and try to subscribe to the "24/7 broadcast" of Big Brother - or ABC news, or any of the other content they offer. Are you using a Mac? Linux? No Big brother for you.

How many websites have flash animations for navigation? I HATE those things and I dislike flash, so I generally cannot access those sites, either.

What about videogames? I have a copy of American McGee's Alice I bought back when I was still using Windows and, despite the fact Alice was written for Windows, I was never able to get it to work because I wasn't using the right Windows. Two years I've had that stupid disk. All I wanted to do was play with a gothic Alice in Wonderland and even the people who published it wouldn't help me unless I would agree to run Windows 98.

Those barriers you describe already exist and they have been part of computing as long as computers have existed. You could not run SCELBI BASIC on your KYM1 no matter how much you paid for the paper tape, and you cannot play a PSP movie DVD on your laptop - and I have yet to hear the first complaint about that.

What would stop a company requiring you run IE to access their website?

Plenty do already. Write them a nasty note. Or find the informatin elsewhere. It still wants to be free, you know.,.. and it will. if it matters.

I can see from your arguments that you believe TC to be the solution to online cash. I don’t …

And you know of a way to do this without DRM and without paying five to fifty percent of every transaction to a money changer?

There are plenty of businesses already that cannot use paypal or accept visa or mastercard because of religious doctrine based pressures upon the credit banks that do business in the US. This is not a "what if" and it's not causing some imaiginary "chilling effect" - it is legitimate entrepreneurs complying with local laws but being denied a competetive online presence solely becausethe US bank system objects to some aspect of their business. The only alternative for them is to use a barely reputable service like e-gold where buyers and sellers alike are charged ridiculously high transaction fees.

And the only reason for any of it is because you and I do not have any way of engaging in direct commerce save for me stuffing valid currency in an envelope and mailing it to you and me trusting you to deliver the goods as promised.

I simply don’t want to be dictated who I have to trust to trust my cash.

Who do you trust now? Visa? Paypal? They can (and do) change the rules at their whim and you have little chance of recovering the fees they add when they do. If you earn 100K a year that might not be a big deal but plenty of people do not earn that kind of cash. The people who could benefit the most from a system of direct ecommerce likely cannot even get credit and so are excluded from all of it.

There is no choice right now. If you participate in online commerce you are bound hand and foot by the credit banks and the agenda of whatever regime happens to rule the US.

If you don't want to trust root authoiry X then choose root authority Y. Or deny all root certificates except your own and live on an island. DRM doesnt mean the "information" that already exists in the clear is going away and you will always have that.

But it is undeniable the lack of trustowrthy DRM is directly responsible for less creative expression in this online world - both because of Hollywood presently opting out of participation and because of those artists who would love to participate but cannot because they are locked out of the world bank. I could give a shit less about Hollywood, but I want to hear what those people locked outside the system have to say.

Why can you not trust your computer just because oyou agree to allow a third party to certify that parts of it work as advertised?

Because, that third party might only want to certify specific programs for certain tasks, which remove the freedom I have now as a consumer to choose another program. Thus I might be forced to use programs I don't trust or complete refrain from using my computer for some tasks.
It doesn't matter if I have read every line of source code running on my computer. What matters is that I am free to choose software from who ever I trust to produce good software.
The third party might even only certify a specific version of some software, which will prevent me from fixing bugs.

How do you know you can trust the operating system you use now?
Doesn't matter. What matters is that if I loose trust, I can change my OS.

If you live in the US
Fortunately, I do not. Anyway... I would much rather have such powers reserved for the police than for some industrial consortium.

I know how these machines are made,...
So do I.

If this were a trusted platform,...
For the pusposes of securing your data so you can trust them, it would still be a trusted system if you owned the endorsement key. As I said in the beginning, trusted computing has its uses. The problem is who owns the keys.

If you don’t want to trust root authority X then don’t use their software - just use the software from root authority Y, or RA Z, or generate your own RA key and don’t trust any of them. Of course you won’t be able to use the porograms (or data) locked to root authorities X, Y or Z - but that is your choice to make. If you feel locked out start up your own service and get other people to trust your root authority, then you can all live by whatever rules you agree.

I'm glad we agree. This will be the effect of a TCG infrastructure.
Consumers will have to use the software they are told to use however bad, insecure, spyware-infested or bugged it may be - or - they can just choose not to use their computer for any copyright related acitivities on the Internet.
I find it very naive to believe that an alternative RA would survive in the market.

This already exists...
No. As long as reverse engineering is legal you always have the choice to make it work. You can't compare that to incompatibility protected by trusted computing.

Those barriers you describe already exist and they have been part of computing as long as computers have existed....
No... this is not the same and if you base your defense of TCG on this, we will never agree.
Until now reverse engineerig to achieve interoperability has been legal. Now we have DMCA, which for some vaguely defined class of systems makes it illegal, but with TCPA we will have a digital infrastructure where it is not only illegal, but also technical impossible (up the the strength of the cryptography and hardware) to make an interoperable system with the explicit permission of the RA.

About cashWho do you trust now?
I trust my directly or indirectly my government. This is the only place such an authority should be placed. Not with a self proclaimed insustry consortium. Actually in Denmark I suspect it would be illegal for such an enterprise to start using their TCPA infrastructure for cash. You need a special permission to run a banking operation.
If some bank abuses my trust, I can choose another. I will not be stuck with a specifik endorsement key in my hardware.

I don't buy your way of thinking.

You suggest two scenarios:
1) A world with TC where I wont be a Hollywood customer because I don't use the software they want me to.
1) A world without TC where I can't be a Hollywood customer, because they have "opted out".

I don't believe that 2 will happen, but either way, I would prefer 2 over 1 any time.

Somebody above wanted musicians to weigh in. I, myself, have written a few hundred songs, with the kind help of my band. FWIW then, I second what I said above about Terminatror X and YoYoMa.

Fur those that need further proof of my musical genius, please go to:
http://www.farceswannamo.homestead.com/download.html

BTW, my original comments on PE (in another recent thread) were occasioned by Ms. Rosen's query for examples where too much intellectual property had hurt art. Whatever else my analysis may prove or suggest policy-wise, it is still a valid answer to Ms. Rosen's original question.

@poptones

I agree with your view on the Apple situation.

How many times does this need to be thoroughly rebuked before you get it? Apple already is shipping DRM systems....

You haven't "thouroughly rebuked" anything. It's seems you don't want to listen to what I say. You can't compare the current situation of DRM (iTunes etc...) to a TC controlled infrastructure.
I completely agree that if a musician want to crippled his product in a way which makes it unusable it's his right.
That not my complaint. My complaint is that I in general will have to allow a third party to control my computer to participate in digital infrastructure.
I can do fine with out iTunes or Hollywood, though today it's actually still possible to enjoy digital culture without being dictated a specific computer product. Thnaks to DVD-Jon I can actually play the DVD's I buy and the songs on iTunes I can buy other places. In a TCPA world there's no guarantie that I will not be required to run specific "secure" software to - say pay tax or sign up for an education. As soon as the infrastructure is in place there's no guarantee what it will be used for.

If others wish to reward the musician who sells music no one will ever hear it is not your right to deny them their right.

I resent that suggestion. I'm not denying anyone their right to pay musicians. I'm advocating consumer political awareness of trusted computing. It might not be the case in the US, but in Denmark we actually have strong consumer protection. Consumers should not need to aquire detailed techincal knowledge about TCPA, they should be protected from abuse of their lack of knowledge when they buy computers.

Today copyright gives you the right to correct errors in software you buy. Unfortunately, with TCPA you migh end up in a situation where you have bought a lot of music only to find that the program needed to play it has a security flaw. Today you are allowed to fix it. With TCPA you'll have to wave goodbye to your music collection if you do.
Also... With TCPA you might be forced to re-purchase all you music if you want to change supplyer of software. Or if you want to play you music on a newly acquired gadget. I don't like that. I want musicians to be payed, but one a piece of music i s bought i don't want the musician to poke around in my private life deciding how I play it.

I do understand how TC works, but you don't seem to understand that I don't believe in your "take it or leave it" world.
Of course there can theoretically be more RAs. I could even set up my own, but who would trust it and what good would it do me. Ultimately trust originates in the endorsement key and that's not my key. I could of course generate it my self, but as the spec says - that would be of limited use outside my home.
In the end - regardless of the number of RA - the result will be that digital culture is reserved for those who obey a limited set of authorities (most likely one), and you say that if I don't like it I can just stay away.
You should know that that approach will not protect consumers. They have no chance of knowing the implications of the techincal details in a product. A good example is that for years the record industry has been selling defect CDs under the label "copy control" and most consumers don't know that it's not their playing equipment which is the problem, it's the "CDs" not being "CDs", but (as Philips but it) "silver discs that aren't".
This is absurd abuse of consumer rights (selling defect products), and of course consumers could just "stay away" ... but mostly they don't. Because they don't know what is happening.

In much the same way most consumers will run the software they are told because they don't know better and when it starts misbehaving they won't have any choice.

Peter Mogensen:

"What makes you think that big companies with certified “trusted” applications would not include features which qualify as spyware?"

Good question.

www.ecourier.co.uk

DRM is inevitable. Contrary to what you seem to believe, DRM doesn't have to mean proprietary.

You fight code with code as well. And the best scenario for that is FLOSS (Free/Libre Open Source Software). Let the world take care of you - not “the corporation you can trust!”

Then get busy and help pressure those FLOSS corporations to make sure "the open community" doesn't get locked out of the future.

Sitting on your hands and holding your breath like an angry three year old is the surest way to make exactly that happen. It is time for "this community" to grow up.

Don't say you weren't warned.

CM, I do not know of any services like that because it is presently impossible for them to exist. Any such platform depends entirely upon a trusted hardware platform, and at present we do not have one.

And the sad truth, as should be obvious now, is that we will never have access to such a platform so long as "The Free Community" and it's "leaders" remain so blinded by these petty disagreements over copyright. If one were a conspiratorial sort one might think the RIAA and the MPAA are suing girl scouts in order to distract everyone's attention from the greater issues surrounding the coming of DRM and how its infrastructure will play to the vested corporate interests.

Hmmmmm....

If we do not embrace DRM and take strong leadership roles in its development we will forever remain sharecroppers on the virtual plantation.

Yes, but poptones, you'd think someone, somewhere, would be in development of this if it was feasible. But, there always has to be someone doing the actual transaction backend, which would be the DRM service.

I'm not sure how trusted computing would, in any meaningful way, create such a system. TC is built on verifying hardware and software and things, but since DRM as a whole is so easy to get around, even with TC, I'm not sure this is even possible.

So what we're left with is another monopolizing agent, namely whomever would be doing the monetary transactions.

Which leads to another question: If you're freed from banks and the like, how is the money stored? Is the access viable from ATMs? Who issues cards? Where does the money come from? Does this mean everyone would be their own bank in a way?

I'm sorry, I just don't see that happening. I'm not sure its even possible to do something like that. There would have to be whole institutions setup to transact money and credit cards and check processing systems. To this I, again, ask the question: Why do you believe the DRM authority would be any more reliable or secure or trustworthy than, say, Paypal, or a bank, or what have you?

Even if this were possible, you'd still be left with the issue of how to process money. There would have to be intermediaries, which would likely begin as monopolies themselves, and be little to no different from current systems already in place (like Paypal, traditional banks, etc).

Am I misreading what you're saying? I just don't see your idea of what TC will bring at all possible, let alone likely.

CM, you ask the best questions. Thanks.

I do know Mr Clark of Freenet fame (and his cohorts) have been working on a means of "distributed trust" and I do believe something like that will work - once we have in place a means of wrapping up code behind encryption locks.

Again, I don't believe people are quite clear on how TCPA is envisioned. When one says "root authority" that is not "root" like "root user" - it is "root" like administrator only of a portion of the whole. It is "root" like the root of a tree, but every computer will be home to an entire forest. Microsoft will be a root authority and Apple and (if they get on the ball and do the right thing) Novell and Redhat and Ubuntu - but also Real and Macromedia and Adobe will be root authorities. They will have their sections of software under their control - and how Photoshop interacts with an image imported from Windows Media Player will be up to the terms negotiated between Adobe and Microsoft. Microsft may, for example, say "you can import 500 frames of video into Premiere from a protected film but you may not save it unless it is transformed in some way" whereas an untrusted application may be allowed only to capture a number of individual frames, or perhaps be allowed those same 500 frames but only bearing a watermark.

So, locking out "Hollywood" may mean locking out Real, and Macromedia, and Adobe, and Microsoft and Apple. All these entities will be competing to provide you the most compelling list of features they can negotiate with the studios. "Root authority" does not just mean one corporation (although it will mean only two operating systems if we do not get some Free software representation on the TCG voting board).

So, let's pretend the community really does get its act together and establish some meaningful presence in the TCG and we are able to run at least a couple of "trusted" linux distributions. So long as the kernel remains intact and able to perform its audits as required it can provide the secure path from keyboard to disk to screen and sound (as all these are kernel modules). Does this mean the entire desktop is trusted? No, absolutely not - but it doesn't have to be.

More importantly, though, we can use these tools just as the corporate entities do. One can expect this to be another area of competition - for example each userspace can easily be protected behind an encryption key, and within those spaces one can just as easily say "do not let the data from folder X be copied or read without confirming with me first via password verification."

And, because these are applications and data we own those other appications won't care - it's our data, after all, and it would be stupid from a business sense for Adobe to not allow us to edit our own files.

So, there is nothing to prevent us from creating applications which we may share with others - like protected chat clients, secure file sharing applications (ala WASTE), etc. We can employ all those hooks to the secure infrastructure just like everyone else and it is up to others to decide for themselves whether or not to trust us.

At that point there is nothing at all to prevent us from developing peer to peer applications that carry with them their own root authority. That is, I (or my community) generate the application and share it with you; as soon as your machine negotiates a secure connection with mine the application is transferred into your machine.

Your machine is linked only to my private key; the first time it is run it generates its own root CA, and any friends who trust you then download the application keyed only to your key. My machine does not have the "authority" to to deny any machines keyed from yours. And, likewise, and machines keyed to your friend's machines will not acknowledge your machine as root authority.

In this way, no one person can "turn off the network." The way you protect the network is via distributed trust. If you make part of the code itself a ranking mechanism - perhaps like the system ebay has on its site - then every individual carries with them their own online "credit history..

How exactly one creates that distributed authority is still being devised. As I said, much of it depends on having machines that can be trusted, and we don't yet have that. It can be modeled, but the only project I have heard of (so far) is the distributed trust model the freenet folks are toying with. Now, I am no authority on cryptography or randum numbers and genetic algorithms, but I am very confident some method or devising this distributed web of trust is possible.

So, that leaves the details of commerce.. and that's easy.

I have sold on ebay computers, clothing, and most recently a Beatles 45. In return I was transferred paypal dollars. Now, because I had a bad expeience with them long ago (it took them two years to finally send me a check for a measly twenty bucks) I do not "trust" paypal to link them to my bank account. That means when I get money from an ebay sale I have to either spend it on other ebay crap or wait until I have enough money in my account it is worthwhile to get them to send me a check.

Paypal, for me, is terribly inconvenient. But I participate because there is no other choice.

Now, what is to stop one of my friends, who may plan to make an ebay purchase in the near future, from just "cashing" my paypal money? To paypal it's just another transfer - I send my buddy $200 paypal plus a small sum to cover his paypal recipient fee, and my buddy gives me a stack of twenties.

You can do the same thing with a p2p "wallet." Because the computing infrastructure is now trusted you carry your money. You "install" an empty wallet and then you set about filling it up.

How do you fill it up? You start with whatever currency you can find - whether you get an email transfer from paypal, or perhaps a meatspace friend will transfer you some money from his wallet in exchange, or maybe you set about it the honest way and earn it by selling music, porn, programming services - or maybe you just hit up your friends in IRC and panhandle it. It doesn't matter how you do it, and whatever you have to offer is given value based upon the old fashion system of "whatever you and I can agree it's worth."

Because the system is distributed peer to peer, everyone competes with each other to establish that value. It is not at all hard to envision entire "virtual eschanges" building up around this - day traders who spend their days in high pressure chatrooms trading egold and paypal and warcraft assets... an entire virtual stock exchange could spring up completely outside the bounds of any single government.

The key is getting the trusted infrastructure in place. Until we have that, none of the rest of it is possible.

the general recurrent theme is however clear: there are some who believe that the centuries old ideas of intellectual property rights and protections spur innovation and that absolute freedom bounded by infringement is an optimal compromise. there are others who believe that these ideas are no longer valid in the 21st century, that intellectual property rights are an anachronism when bandwidth is large and reproduction costs approach zero.

TBM, I think that this may be true at the extremes, but I feel that it is possible to be legitimately concerned about DRM without believing that intellectual property is an anachronism (and implicitly that content should be free). In my mind, the issue is primarily one of control.

Currently, once I buy a CD, it is mine. I can do with it what I like. Now, I agree that there are some uses that are and should be illegal and immoral: I can't make copies of the CD to resell, I can't stand on a streetcorner (real or virtual) giving away copies of the music, I can't use the music from the CD as the soundtrack to a movie (or at least, not if I intend to distribute the movie). However, there are many things I can do that are important parts of my rights as a content-user: I can make a copy of the CD for my car, I can rip the tracks from the CD to listen to on my iPod, I can back up the CD in case my original gets scratched, lost, or stolen, I can use a few tracks from the CD in a mix CD that I burn for a friend.

Now, some of these things may not be technically legal (particularly the last one), but I hope that we would all agree here that they are relatively harmless and not done with the intent to defraud the content creator of money. Content creators should have pretty good control over the content the create, but they shouldn't have perfect control. Not only does that stifle fair-use, but it distorts the traditional balance between users and creators.

Certainly, I agree that something needs to be done to fix the current situation -- content creators have so little control that it clearly is stifling the distribution of high quality content online. But what worries me about DRM schemes is that there is the potential for them to shift the current system, where we pay once for the content and then can use it how we like, to a system where content users have to pay once for each use of the content, i.e., I can buy a music track online to listen to on my computer, but I have to buy another copy for my iPod and another copy for my car and another copy for my work computer. It seems clear to me, based on past actions, that some organizations that control the content would like to create that sort of regime, where we only rent content, never own it. So while I agree that DRM could be useful and important for spurring content distribution online, how do we prevent a future where rights holders can dictate how, when, and where we enjoy content we legitimately purchases (a future, I might add, we are quickly sliding towards)? Trusted computing seems, to me, to give far too much control to the content creators, thus hastening our slide towards this future. In particular, trusted computing could be a very powerful form of software lock-in, if the ability to play legally purchased content depends on using a particular piece of software. DRM could potentially function as a kind of proprietary format, preventing competition in software media players, which as more and more content moves to the computer, can only be a bad thing for the consumer.

I might add that the future where all content is available illegally online, rights-holders have no control over the distribution of their content, and content production slowly dwindles as rewards for creating decline is also not a future I want to see come about., so I'm not arguing for some sort of anarchist free-for-all. I just think we need to be careful about giving anyone the means to exert near-perfect control over content.

In case anyone's curious, a fascinating discussion occurred about DRM over at Dan Myrick's website for his online series.

A good presentation of issues.

Yeah, I'd have to agree that the "perfect copy" argument doesn't really hold water.

Here's why:

1. Despite all the DRM in the world, all it takes is one copy, and the entire structure of DRM is vanquished. The problem here is the internet, not DRM. And, of course, you can't get rid of the internet.

2. I've been researching something besides DVD rips: Theater camera copies. That's where someone sits in a theater and records the movie with a camcorder.

Now, this is hardly a "perfect copy," but there are some spectacular cam screenings. One, of War of the Worlds, came from Russia (at least I'd imagine, since the opening credits were in Russian). There was a direct audio line into the camera (meaning the audio was not recorded by the camera mic), and it was setup from the projection booth (at least it appeared to be, since it was an audio line into it).

At first, I was convinced it must be an early DVD rip, but it wasn't. So all this talk of perfect copies is...well, not really relevant. An MP3 is not a perfect copy, nor is a rip from a TV show. Compression causes degredation, even though every copy after that is a perfect digital copy.

But, the point is that, as long as you can point a camera at a screen and record it (and, despite all the pandering of the industry, this will always be possible), there's no stopping the recording.

3. When presented with the choice of a perfect, unprotected file vs. a file with protection, people will always prefer the unprotected file. Not only that, but a lack of an unprotected file causes quite a few people to simply not buy anything at all (Source: “[t]hirty-six per cent [of people to say DRM] influenced them not to pay for downloadable music”).

That's a huge percentage. So, it's all something to consider.

Mind you, I'm not saying DRM should be banned, only that the law should allow for technology to work this out itself. If DRM is effective, there's really no need for a law. And if DRM is not effective, then there were already laws in place to stop copyright infringement.

poptones:

It's all well and good to envisage a utopia environment like that. But, personally, I think we'd do just as well with licensing terms set out in a license without the need to encode it.

Also, such a wallet/soundclip/whatever DRM system is not currently in development. DRM works by encoding the whole file, not parts that make it up. A massive infrastructure and programming interface would have to be created for sound editing programs, not to mention the commerce systems that would have to be built around it. The development costs would be...well, quite impressive.

Is it possible? Well, maybe. But even Hollywood doesn't much care about the ability to remix or recreate, let alone investing in a system to do it. So who is investing? Are you part of technology group doing this? Has anyone considered it?

Besides that, I'm not sure I'm comfortable with a world in which everything is so carefully tracked and catalogued. The last thing I want are more outside entities intruding on my computer, let alone individual artists.

It's a nice idea, but I don't think it's very feasible.

Also, such a wallet/soundclip/whatever DRM system is not currently in development.

This is where you are very mistaken. it is in development, and it has been for years. And when it arrives within Longhorn and no one within the free community has stepped up to participate in its development, the "free community" will have directly contributed to the realising exactly the scenario you all most fear.

DRM works by encoding the whole file, not parts that make it up.

Wrong. DRM works by embedding rights within the file and encrypting it as a means of protecting those rights. How the software that interacts with it is entirely up to the programmers and those who define it.

A massive infrastructure and programming interface would have to be created for sound editing programs, not to mention the commerce systems that would have to be built around it. The development costs would be…well, quite impressive.

The development costs of Linux would be... well, quite impressive.

Making excuses accomplishes nothing. None of this is imposssible or even particularly difficult once the hardware arrives. But if we do not participate in its specification we will be locked out of that hardware and it will be a hundred times harder to reclaim the ground lost by us sitting on our hands and screaming "go away." to the inevitable.

...and if a DRM scheme cannot meet that requirement, it is better to have no DRM than “too much” DRM, so to speak.

Except we do not have that option. Our only decision to make in this matter is whether we will own the technology, or the technology will own us.

Linux did not "come from unix." Linux "came from" minix which was a "mini unix" kernel. Linux has not spawned from unix, it is a re-interpretation of it. There is some legacy code in there but it is a tiny part of the whole.

"Trust" may be the point of some within the crowd but what about that 'freedom" stuff? what about the empowerment the internet is supposed to provide? What about overcoming the will of governments and all that stuff?

Trust doesn't put food on the table and people have to eat. And the only way for any of us to do that right now is with the permission of the credit banks.

...currently no DRM system in existence (that I know of) allows individual portions of a file to be altered and retain the rights embedded in them, unless Microsoft is stewing on something…

You again are confusing "files" with how the software interacts with those files. You are trying to put details on the painting before the sky is even on the canvas. A DRM system can behave however we specify it... or, the way things are presently going, however the Hollywood consortium specifies it.

Poptones,

You seem to be saying - in essence - that TC/DRM is freedom and denying that supposition on my part means to deny complete, free (i.e. gnu) computing systems their rightful participatory place in the future of global technology.

Is this correct? If not, please correct my misunderstanding (with my apologies) of your stated position.

Hilary, what do you think?

Poptones,

Declaring that "TC/DRM is freedom" is like an Orwellian declaration that "freedom is slavery".

I still don't understand how a gnu system can work under your regime. Does not at least some software on a system (from firmware and up) have to be non-free in order for TC/DRM to work as intended?

Declaring that “TC/DRM is freedom” is like an Orwellian declaration that “freedom is slavery”.

How ironic you should use such a metaphor.

Without ownership, we are enslaved by the corporations who "own" the trusted universe upon which the online world depends.

Does not at least some software on a system (from firmware and up) have to be non-free in order for TC/DRM to work as intended?

Of course not. I use gpg all the time for my emails and that is completely open source. Every hard drive in my computer is encrypted - more than 500GB of data in a redundantly protected storage bank. if I shut down this machine and leave it, how long do you think it would take you to break into this protected data store?

The code can be developed in the open and there is no reason we cannot have TCP system calls that allow for confirmation, via secure hashes, of a memory store. The kernel is still developed in the open, then compiled and transferred to other machine via a mutually trusted root authority. This root authority could be a single machine, or it could be a thousand machines across the grid linked as a single virtual machine that constantly audits each constituent computational "cell" for untrustworthiness.

Of course it comes down to trusting someone or a group of someones - you already do this now every time you make a purchase online - or install linux (or a component package) from a CD or download.

Palle Raabjerg:

"if the code interfacing with the TCPA hardware was open, stripping the DRM from any content would be trivial."

Yes, this is my impression too. Poptones, can you please clarify as to why this impression is mistaken? I didn't understand your "gpg" and secured hard-drives response. I still don't see how a gnu system (i.e. a completely free system) can work with TC/DRM.

Please correct me if I’m wrong poptones, but if you want a completely free system in the GNU sense of the word, this is impossible while using TCPA. Because if the code interfacing with the TCPA hardware was open, stripping the DRM from any content would be trivial.

TCPA is still in development. And if this were so then it would be doomed to failure because such secrets will eventually come out.

Even cryptography is not 100% secure. Cryptography only works so long as it is more work to break into the store than it is worth. By the way, it is important to note here this is exactly why the statements about content being forever locked away in DRM are fallacious. A decade ago it would take computational years to brute force 56 bit encryption - now you could do it in a matter of days. Content "locked away" today behind 512 bit encryption may, in a decade's time, become just as trivially breakable. So, in the unlikely even that the original sources for a piece of valuable content are lost to the people of 2020, it is very likely it would take only a matter of hours for that content to be recovered fully from DRM'd archives.

The point of DRM is to make it a practical impossibility for cleartext to be recovered from a file during that file's useful lifetime. If I have 500 dollars in my e-wallet then what is the useful lifetime of that data? If this were the "me" who used to live just off Melrose I can tell you the "useful lifetime" of those 500 encrypted e-bucks would be only a matter of hours :)

it is quite possible to run a system of completely free software today and not be seriously hampered in most other ways than not being able to run high-end 3D applications, which is mostly used for new games.

It is possible but not likely. Unless you are running a five year old motherboard, no wireless support and no modem, then you are using non-free modules. Are you saying it is possible or that you are? You are trying to make the case for trustworthiness and I am pointing out Millions of linux users - even those who flail their hands wildly at the merest suggestion of TCPA - already trust corporations like Nvidia and Intel by installing sealed, proprietary modules on their computers.

Any kind of meaningful DRM would require non-free software.

Utterly false. In fact, any system that relies upon proprietary algorithmic secrets is doomed to failure (just like decss).

Trustworthy DRM requires trustworthy software be deployed upon trustworthy hardware and that the trusted portion of the machine be periodically audited so as to prove that trustworthiness.

The tools used to create that hardware and software, and the standards that establish it, can be every bit as open as (for example) PGP, GPG, DM-crypt, ssh, and the non-secret encryption protocols that power them.

It is a non trivial problem, but it is solvable within those time limits - ie by the time an exploit is found in the present system, it has already been evolved so as to present new obstacles for the attacker to overcome.

You can’t just take principles from the physical world and artificially apply them to the digital/non-physical realm without consequences

Of course there are consequences. There are consequences to breathing and drinking water. There are also consequences to refusing to participate in the creation of an infrastructure which is becoming increasingly important to how we live our daily lives. You are worried about your "right" to rip madonna and I am saying that is a trivial concern given the world in which she shares that space with you is entirely owned by corporations.

Without Digital Rights Management you have no rights to manage in this digital realm. You exist here only because the corporate owners of the infrastructure allow it.

What I see here is a tremendous lack of confidence in the marketplace by some. Comments like "you have no rights to manage in this digital realm. You exist here only because the corporate owners of the infrastructure allow it." and "e will become completely dependant upon the “trusted” infrastructure of corporations" (sorry poptones, yours were the easiest to find).

But the point of any corporation is to make profit. And market forces will push the supplies to supply the products and rights that consumers will want and use. Maybe not fast enough for some, but the market will follow the demand, so long as a profit motive remains and so long as government stays out of the way. No corporation will exist very long (nor will its management remain) if it chooses to not meet market demands.

And besides, we are the corporations now. Stock ownership is incredibly more diverse than ever before, both directly and through mutual funds etc. So lose the image of Cornelius Vanderbilt and John D. Rockefeller sitting around scheming on how to control the world. The market is in control -- both the market for products and the market for equities.

I am afraid that the real issue for many was expressed by Palle Raasjberg: "The main reason I hate almost all sorts of copy-protection and DRM mechanisms is that they always require me to run some sort of non-free software . . .". To paraphrase : dammit, I just want everything now for free and with no restrictions.

Mice:

"so throwing the ball to you, Palle Raasjberg, how do you justify that the benefit to you to use “free” software is worth more than the greater loss to society caused by widespread piracy?"

Whoa! Back the truck up.

Are you suggesting that pursuing freedom causes people to break copyright law? You've tried to weigh freedom on the same scale alongside reduced piracy - which is absurd. You can't quantify freedom!

Freedom is of utmost importance and should not be sacrificed with an ignorant (yet well intentioned) 'lock and key' piracy reduction plan. What needs to happen is the emergence of an enlightened and revolutionary way of approaching copyright and artistic compensation - NOT "trusted computing" with DRM.

What I want: Freedom, and an environment where piracy is not an issue because everyone already has access to digital culture created by artists who are compensated fairly.

Ooops -- mice, you didn't really point out the "do whatever with it" comment that I made. That's on me. My bad.

If people haven't read about this yet - take a look at http://www.boingboing.net/2005/08/22/customers_of_new_uk_.html

Apparently a UK DSL service has struck a deal with Sony to allow FULL, UNRESTRICTED sharing of all Sony owned music (I think just music) by subscribers of this UK DSL service - full as in via P2P services, ripped from CD etc.

Sony and Independent Labels the DSL provider has entered into agreements with will share a proportional portion of the service's revenue (they are monitoring known P2P services apparently - the details of that are unclear from the BoingBoing article).

This announcement, if true and managed in the long term, is a great step forward - it is a very sensible compromise and allows the artists to be compensated, the label to get a rich data stream (apparently rough numbers about which specific songs are traded and how frequently - for the back catalogue in particular this might be very valuable data and for new releases might be helpful in picking the hits), and individual consumers to make a financial decision, support the artists and be legal

I wonder, however, if this will be extended to non-music content (films and tv shows) and if other labels and other access providers will also adopt this model.

One item I found interesting is that apparently this specific provider offers a fairly slow version of DSL - I think this idea will really take off when the service offered is highly competitive in terms of access speed and offers this extra perk ( I suspect many people would pay a premium especially when more labels beyond Sony are added - if any take the plunge).

Shannon

Shannon Clark:
Hold on. It isn't april the first? No...
Hrmm. It'll still need some confirmation. If true, then yes, that's what I'd call good news :)
Perhaps even great news.

The point I have been making, TBM, is that this is not the choice we must make, to have proprietary DRM or to have no DRM. But to date no one in the "free" community has been willing to address this segment of the market with a free and open alternative..

This is the problem. and it is not the fault of Hollywood or Microsoft or Apple that this has not been done. The free software community has no one to blame for this but itself.

It seems some still don't get that DRM and trusted infrastructure is not just about music and movies and books

DRM is needed within the free community more than within the corporate. The corporate community already has its "trusted" infrastructure and its licensing deals and its lawyers and lobbyists to protect its interests. It's ironic someone mentioned "Big brother" when talking about DRM. Big brother controls access to the "trusted infrastructure;" big brother sets the rules of the game and tracks your every transaction through that trusted infrastructure and denies you access to it when some vocal minority sways those "market forces" that own big brother.

But the point of any corporation is to make profit. And market forces will push the supplies to supply the products and rights that consumers will want and use.

If you do not have credit then you do not have access to this system. If you do wish to offer a service that defies some world government agenda, then you are excluded from this system. If you merely do not want to play the game by the rules of those who own and control the only trusted infrastructure, then you are excluded.

No, this is not the corporate world of the John D Rockerfellers. John D Rockerfeller was one of those fellows who felt the wealthy had a responsibility to the world that made them. The John D Rockerfellers are few and far between. This is the corporate world of Enron and Tyco and the Ken Lays. A world where even "the good guys" conspire with governments to censor and oppress their citizens. Because, as you correctly pointed out, they must do what they must in order to protect their shareholders and to sustain profitability. It is a small world now, and when Italy or France or China or the US says "you must not do this" they have no choice but to comply.

DRM and a trusted platform will empower people to work for themselves within this shared infrastructure. It will allow for individuals pooling their resources into organizations that may exist only within this digital realm and to offer services that compete directly with those now allowed only to the Big Brother entities.

The promise of the online realm presently isn't being fulfilled - and it can never be to many because they don't have access to the assets or the records the corporations demand before they will allow us to play in the online game which they essentially own.

Check this out. It's a good start, but may not mean much if we are locked out of the hardware platform upon which it will depend.

Peter M.:
Unless we have to go into the BIOS and certain firmwares, which there might be an argument for, I'm quite confident this is a free system I'm running, yes :) Otherwise, the rest is hardware, which isn't really essential as I can't make changes to that anyway.

Trustyness is not the main reason I want to run a free system. If it was only that, I wouldn't have any real issues with using nVidia and ATI drivers, since I certainly do trust them not to do anything malicious on purpose. The main reason is that there is no practical or legal barriers for me changing or fixing anything I want on the system. Which is indeed something TCPA could make problematic in various ways.

Yes, It’s correct when poptones says that TCPA can be implemented in Open Source. And he is also correct that it could have many useful applications.
But it doesn’t change that it could also support an infrastructure demanding “certified” software which could give problems for many important ways of using open source software and the open source development model.

There is always the opportunity to become untrustworthy. Would you put your money in a bank that kept its deposits hanging in the alley on a clothes line?

Yes, this system can be abused. it can lock us out of the future completely and make linux a quaint operating system relegated only to hobbyists and paranoid "blanks" who live in alleys and subway tunnels. And the one sure way to make exactly that happen is to jam our fingers in our ears and scream about how unfair the system is because we are not allowed to participate.

TBM, you said (to someone else):

...how do you justify that the benefit to you to use �free� software is worth more than the greater loss to society caused by widespread piracy?

Well, philosophical arguments aside, I'd like some evidence that DRM reduces piracy. If you present it (and it's accurate), then we'll talk.

Note that I will not accept evidence from the NPD Group, as they seem to be an overnight organization that has been criticized for inaccurate information, spinning errors into truth, and outright fabrication of facts.

3 Blind(ed by Physical Property) Mice:

"Commons Music, Peter Rock, we don’t want to appear to be ignoring your questions, but it is time to let this thread die."

Mice, I'm not particulary worried if we 3 are the only ones left reading this thread or if a million people are. The fact that you want to run away after CM challenges your implied belief that DRM reduces piracy and after I call you on your blatent misuse/abuse of the Magna Carta in an attempt to paint me as "anti-property" is telling.

You do not want to end this thread because you are tired. You need not go and "sleep it off". The simple facts are -

1) your tails have been cut off by the carving knife because

2) you have no legitimate response to CMs DRM/piracy question or my exposition of your bias between real-world objects and ideas. The "magna carta"? Give me a break.

But at least keep thinking on this question...it will help break down your conditioning ---

Why is constitutional copyright and patent law bounded by a limited time?

See you in future threads...

never accuse the mice of running away from a fight Peter Rock. we'll join you at the bar for one last drink, or in the bathroom for one last joint, before we call it a night.

as regards Commons Music's question I'd show some evidence that DRM reduces piracy. If you present it (and it’s accurate), then we’ll talk.

well it's a vapid question, but here goes: there hasn't been much DRM so the empirical evidence is frankly pretty thin. how could it be otherwise? there has, on the other hand, been terabytes of pirated digital content transmitted over the net. so at least piracy exists. we know that. and from that we can conclude that the tendency towards piracy among the general population is large.

before DVD-jon cracked the CSS encryption it was impossible to rip DVDs and separate the content from the media. after DeCSS, it wasn't. if you want to believe that people did not take advantage of DeCSS to do more than watch their paid-for DVDs on their linux box, you are more than welcome to engage in fantasy.

as for you Peter Rock, poptones cited frikkin Moses:

I have no idea how the EFF defines freedom but I know how everyone from Moses to Jefferson defined it. They defined it by man’s right to own a place in this world - because ownership is important to a sense of self.

the magna carta came thousands of years later, but it was all about property rights. six centuries before the enlightenment invented the concept of libre, sir, property rights was what libre was all about. it still is. unless the wikipedia entry has re-written this bit of history....

and to your question, Why is constitutional copyright and patent law bounded by a limited time?

civil liberties. at some point both inventions and works of art become so ubiquitous that the enforcement thereof requires a very heavy hand of government. but for a limited time, the hand is light and the tradeoff is necessary, acceptable, and beneficial.

it all falls into to commons at some point - as it should. the question is when. the commons-ists want it all and they want it now and that, dear friend, totally destroys the concept of property and undermines the very essence of libre.

What information has to do with a discretely measureable chunk of land (which is what the magna carta primarily addresses along with slavery) is beyond me.

Is your thinking really this limited? I cannot believe it - you have made some interesting points, have I totally overestimated you?

What defines the borders of "my land" from "your land?" Fly above this earth only a few hundred feet and it's all just rows and boxes of colors. There are no borders or boundaries and even the barb wire becomes invisible.

What separates my stuff from your stuff is information. Ford may produce a Million Mustangs or ten Million and yet I always know mine from someone elses even if they are the same color because my key fits mine and because the VIN in the windshield matches the piece of paper in my pocket.

Information is what determines the value of your work. Does your employer hand you a shoebox of cash at the end of every week? A wheelbarrow of sugar? A truckload of salt? Information is what set the value - and information is what you carry to the bank to echange for more information which you carry to the grocer, the butcher, and the candlestick maker.

Digital Rights Management and a mutually trustworthy computing environment is the only thing that will allow us to exchange trustworthy information (as opposed to common information) outside the very narrow boundaries set by those who presently control all of it.

Your freedom is entirely an illusion. A street vendor in Cuba presently enjoys more freedom than any of us because for us there is no means of establishing private ownership in this online world.

This passage in Code V2.0 ends with the question "is this stll true?"

Though Vietnam is a “Communist” state whose ideology, as understood in the West, admits very little limitation on the power of the state; though the Vietnamese state sets as its ideal a common good rather than the good of individuals or individual liberty; though on paper there is no “liberty” in Vietnam in the sense that we in the West like to imagine it—though all this is true, I could not escape the feeling that people in Vietnam, in their day-to-day existence, are far less “regulated” than people in the United States. Not all people, of course: political opponents undoubtedly feel the power of the state quite forcefully. But I sensed that ordinary people in their ordinary lives, many running small shops, had no conception of the control that government can exercise; no experience of having their wages reported to a central bureaucracy once a quarter; no understanding of what it is like to live under the (relative) efficiency of the regulation we have here. Life there is remarkably free from governmental control.

In this online world even those people of Vietnam enjoy more "freedom" than us, because there is nowhere we may escape the watchful eye of Big Brother. Our every movement is tracked and recorded and, even if we are momentarily able to escape his watch for a few minutes, the only "freedom" we then have is to gaze in awe at this alien culture. Should we attempt to interact within that other marketplace the illusion comes crashing down as we are forced to re-enter the "trusted" domain of commerce where big brother sees all, knows all, and permits only what he favors.

If code is law, we are ruled by tyrants.

It is time to declare our independence.

Hilary, what do you think?

TBM:

there hasn�t been much DRM so the empirical evidence is frankly pretty thin.

Really? HASN'T been? DRM has been embedded in music since iTunes launched in 2003, and has been in every major music service to launch since then. So, one would imagine there would be at least some decline in P2P network usage and piracy, but there wasn't. In fact, P2P tracker BigChampagne has said that P2P usage has doubled since 2003 (even as iTunes users went up), which is a diametrically opposite effect of what was trying to be achieved.

if you want to believe that people did not take advantage of DeCSS to do more than watch their paid-for DVDs on their linux box, you are more than welcome to engage in fantasy.

I'm well aware that DeCSS was (and is) used to pirate DVDs. My point is that the DRM was cracked, that DRM will always be cracked, and that only one unfettered copy is needed to render the protection useless.

I asked you to provide evidence that DRM is effective in preventing piracy, but I'll make it even easier: How WILL DRM prevent piracy?

Let's go over possible response:

1. Stops piracy cause it prevents copying

Obviously not. Only ONE UNPROTECTED COPY is needed, remember? And since DRM will always be cracked (just how it goes), then this doesn't work.

2. Creates a "speedbump"

This doesn't work, either. iTunes has updated its DRM system every time that Jon cracks it, and yet iTunes music (even exclusives) are online within minutes of being released.

Good job there.

3. Slows so-called "casual piracy"

Who these days doesn't know about P2P networks and torrent download sites? I must say that if the goal of DRM is to prevent people over sixty from copying content, then it succeeds. I think, however, that (if data I've seen is accurate) teenagers and twentysomethings are the ones that copy and share and pirate and all that. And for them, they go to P2P networks and find it, so loop back to #1 for the possible response to this.

So, how will DRM make the world a better place or reduce piracy or do anything that anyone who sells it is promising?

poptones:

I responded to a comment of yours in the thread prior to this one, but I think the points you keep reciting here are still maintained in it, so I'll repost it...

-----

A few things…

If I want to offer material or services the US government doesn’t like they will do all they can to pressure me out of business.

Hate to tell you this, but if the US government wants something stopped, it will stop it. Doing my documentary on the drug war has taught me this in spades.

Now, if I were the gambling sort I mighttry accepting payment in game money. But that surely wouldn’t last; as soon as the game makers got wind of my efforts they would either sue me into oblivion or just stop allowing people to trade virtual goods outside the game, thus essentially freezing all my in-game assets and putting me out of business.

How would a new DRM infrastructure change that? They’d still own the items to the game assets. It’s their choice whether to allow real-world sales of them. They could still sue you for copyright infringement.

A pervasive and trustworthy personal computing platform must exist if the internet is to live up to the hype of the last decades. Without it, no one is truly free in this electronic world because no one can “own” anything.

If you mean anything can be copied and disseminated…well, yes. But, DRM wouldn’t really stop that (see here), even with the trusted computing backend.

Besides that, people would still own their creations. They couldn’t really stop its dissemination if an unprotected copy got out (which, of course, is what will always happen), but they’d still own it legally and morally (morally both in the philosophical and legal sense, although moral rights only exist outside the US). Ownership doesn’t vanish because of pirated copies, and the laws are working to really protect owners, so much so that, if you so chose, you could bring the full might of the law down on anyone who defied your rights. DRM wouldn’t help this, AT ALL (although you would get greater force of law cause of the anti-circumvention provisions).

Of course, this is assuming you’re in a country within the umbrella of the Berne Convention and various copyright treaties.

But, I go on…

Poptones:

"But it is coming and forces governmental and corporate are conspiring to make sure it will work - no matter how much more “freedom” in the online realm we have to give up in the process. Sitting aside and refusing to participate in the specification process is only going to better ensure they get exactly their way."

Borg from Star Trek:

"Resistance is futile."

Poptones (who has previously denied that he is a cryptography expert) has claimed that it is possible to build an open source "Trusted Computing Module", just as it is possible to build open source PGP/SSH/etc. programs. This is entirely incorrect.

He misses the critical difference between the two situations: SSH and PGP are designed to protect a message from third parties who try to intercept the message. A TC module has to protect the message from the recipient. So if I download the TC module's source code, I can rewrite the source in such a way that the compiled program writes the message back in ways that give me full access.

So given the existence of said source code implementing the protocols underlying trusted computing, the only defense is for the computer to not give the TC module any protected information. In short, the computer can only run trusted modules, and it certainly isn't going to trust mine. If Poptones understands this, and considers this state of affairs acceptable, he is free to his opinion. But he is being disingenuous to imply that it's "Open Source".

Poptones is also incorrect in his earlier claim that a good digital cash system requires that all participants use a trusted computing platform. Unlike a TC module, the message itself doesn't need to be protected from the user. Each piece of digital cash is just a series of ones and zeros. The protection comes from the need to present that message to the other users of the system. In order for the rest of the digital cash system to accept a piece of currency as legitimate, that currency has to pass numerous cryptographic checks that can prove the message you've sent is the same as the message you received. Check this primer out for an overview of the crypto that would go into a digital currency system. No Trusted Computing required; an ideal digital cash system could be run on the computers we were using fifteen years ago.

It seems you tweeked a hot topic here!! As far as the whole Andy Warhol soup can thing (I just saw them at the MoMa!) and other such art that uses products/companies is its a sort of free promotion for the company!! There name or image is being circulated around and they didnt have to pay for it. Sounds like a good deal to me.
You have a great article here, which is obviouse by the 140+ comments!! There is a site called associatedcontent.com that allows people to publish articles for users to read. There is a possibility that they will pay you as well. I think you should go for it.

That should be, "and will never be."

p.s. Sorry, I meant to say thanks before posting to the Mice and poptones.

Thanks to Bryce for the information and link. That was of great value. For a minute, poptones had me wondering if I had completely misunderstood the basic workings of "Trusted Computing modules". I'm not an expert in anything so I'm often and easily fooled. As I had thought, a gnu system is not practically possible under the regime of TC/DRM.

It seems like building a gnu/tc/drm system would be like putting up a lock with its key sitting in the keyhole waiting to be turned. You could do it in theory - but what would be the point? It seems to me that something in the recipient's computer must be non-free for this scheme to "work".

But this does not mean that a gnu system is insecure. Classic encryption can keep received and sent information private and secure against those who wish to intercept your transmission.

Please, if I've misunderstood something, correct me. And, thanks again for such an informative post.

@poptones

You're right about everything in your post. But you forget a few important things:
If you for some reason have to run an untrusted kernel, what will that mean to your ability to do your daily life on the Internet?
You can of course have more root authorities, but who does mainstream media trust? .. and who is going to pay for certification and what will it cost?

Of course, no computer program (DRM system) can reflect accurately copyright law. Most obvious problem might be that it's impossible to decide if it's currently X years after the death of the author (where X presently equals 70).

...the system you are proposing doesn’t allow content creators to assert their rights under copyright law. Instead, it would allow them to assert whatever rights they saw fit, regardless of the law.

Then you write the code to recognize the law.

I just pointed out not two posts back how cryptography is not an indefinite lock. It is a "temporal lock" - and not even that to a determined attacker with sufficient resources to launch a brute force attack. The presently defined TCPA spec outlines 128 bit cryptography. At the present rate of advance in computing power, brute force attacks upon 128 bit cryptography will become practical within a decade - well within the terms of any newly created copyrights. And that necessity, of course, assumes such an attack would even be needed because of a creator stupid or careless enough to lose all cleartext copies of the source material. You can even get around that (unlikely) need by requiring producers of DRM protected materials register private keys for all copyrighted works with the Library of Congress.

If you for some reason have to run an untrusted kernel, what will that mean to your ability to do your daily life on the Internet?

You (and, I think, most everyone) overlook one incredibly important point I raised earlier: the next machines will have multiple cores and will allow for multiple operating systems.

You can already do this with linux. the technology is still relatively young, but it is here. The next architecture being touted is one that will basically run everything in "emulation" at the microprogram level (aka inside the CPU itself).

At that point, it is all moot. You can run linux and osx and windows all at once.

And this is the gotcha: when that comes about then there is no validity to the claims that "we are locked out" - because "we" aren't. Even if inux itself is locked out of the "trusted platform" it's not as if we have to actually buy another computer in order to run Redhat right alongside the Microsoft moneybelt and the Microsoft trusted media controller and the Apple trusted network stack. All these self contained "operating systems" will run on the same computer and communicate through internal encrypted communications channels in exactly the same way as my desktop machine now is routed through the ten year old HP vectra at my feet that serves as my home's firewall and router.

You see? At that point the only arguments we can make about being "locked out" are along antitrust lines - and since there will be all of two operating systems available from the Redmond group (And perhaps a third if Sun continues to offer Solaris - but how "free" will that "trusted platform" part of Solaris be?), this oligopoly is not an antitrust issue... no matter that it is still, at its root, an issue of trust.

The future will hit us with boob slapping ferocity...

This is getting ridiculous.
Of course Open Source TCPA is possible and can be used for DRM. The problem is not whether it's open source (giving your the right to modidy). The problem is whether you can use your modifications for anything at all.

Sure cryptography is a "temporay lock", but that's no reason for DRM to be a good idea. History has already seen works lost due to proprietary file formats. Cryptography (how ever weak) will not make that better. And even if we were guarantied to be able to acces all works in 100 years, that wouldn't make it a good idea anyway.

No, I don't forget, that you suggested multiple operating systems. You are forgetting that the reason to need to run a modified kernel could be anything within fair use.
It doesn't matter for the consumer if he can run Linux, OSX and Windows at once. Most people don't (and won't) run more than one OS and if I'm an Apple customer, what good would it do me that I can run all my apps (except one) on OSX, but I have to pay for Windows to run the last one. The price is probably the same as if I only ran Windows.
How will your "trusted" Windows behave, when I ask it to communicate with my "untrusted" Linux along your "internal encrypted communications channels" ?

How will your “trusted” Windows behave, when I ask it to communicate with my “untrusted” Linux along your “internal encrypted communications channels” ?

Well it's not my "trusted" Windows - it's Microsoft's. I do not run Windows and, frankly, I resent your insinuation. But I'll still answer your question.

TCPA means an encrypted space all the way from the hard drive to the monitor screen. The keyboard is encrypted, even (one would guess) the mouse. Many currently available hard drives already support encrypted communications channels. The CPU will incorporate encryption, the memory contents will be encrypted, and even the graphics controller chips will incorporate encryption - they will accept data over an encrypted bus and will output encrypted data to monitors that employ digital interfaces that are, likewise, carrying encrypted data.

Just as your system now uses overlays to handle video rendering, so too would the video controller on a "trusted" system. It will be taking that encrypted data and outputting it to a chromakeyed window just like it does now. Try taking a screencap now of a movie that is playing and you will more than likely just get a blue box - same thing.

Once the hardware becomes "trusted" and the computational power is divided up among a few cores, the notion of operating system is going to change quite a bit. You can already boot linux inside windows or windows inside linux. With a "trusted" platform you could have windows media player 13 ship with its own microkernel and linux with its desktop kernel and OS X with its desktop kernel. Since the video hardware will already be designed to support total segregation of process data you could have multiple operating systems rendering only to their own display windows. Applications can then ship with as much of the operating system as they need. What's 200MB when your system can store 1000 times that?

think about it: multiple CPU cores and workspaces segregated via encryption. At that point I might actually be tempted to "trust" windows enough to let it handle rendering "protected media" to the display because I would likewise be able to trust Windows could not access my linux desktop, crash it, or otherwise infect, damage or even access the other protected spaces on my hard drive.

Even Linus Torvalds has pointed out there could be merit in "allowing" this technology in linux. But if we don't participate in its specification we will be locked out of all but the least of it.

I'm sorry you cannot grasp what I am describing. I wonder whether it is an issue of technical knowledge, and inability to communicate, or simply a refusal to look past preconcieved notions and prejudice?

Let's try it from this angle: I ue ubuntu because I really like the gnome desktop. Part of the gnome project has been to integrate more functionaliy with (and based on) mono.

Mono is an open source version of .NET. Many people (myself included) were (and are) a bit mistrustful of this relationship. Microsoft has encouraged open source development of an interoperable software platform, but interoperability seems to be the way it is going. A mono application can be divided up among several computers and even have portions running on a windows machine and portions running on linux. They all communicate through network protocols and objects shared via standardized methods of data exchange.

When you can have multiple operating systems running on the same machine, in their own sandboxes, this model still works. Youu might have an authentication model owned by company A and a data handler owned by company B and a graphics handler owned by company C. The graphics display device has its own operating system, its system calls and primitive operations. The sound path can be handled by module X and the desktop management handle by module Y.

The "operating system" only manages the switching of data packets and the scheduling of tasks among the resources available to it. Your "operating system" is not the stuff you see on the screen. the stuff you see on the screen is the desktop manager. The desktop manager responds to your commands and relays those commands to the graphics handler and the sound handlers and the disk drive manager and the network stack, which then hands off data to the network drivers.

Microsoft doesn't have a linux lab for nothing, you know. There are a LOT of people out there dual booting windows and linux. The GPL is a decent defense against software becoming borged into windows, but if Windows can support a common architecture with portions of linux, and if linux is embracing interoperable software platforms (like mono) then the task of melding these systems within the same machine becomes even easier.

This platform is coming. The notion that you will be paying for it because of the added complexity is more specious rhetoric; the reason linux works so well at present is because it runs on commodity hardware. To demand less than the functionality provided by commodity hardware means paying more due to the lower production volumes. Refusing to participate in the specification process means locking ourselves out of the cheapest, most poweful hardware of the future.

It's sad that the operating system presently making the most rapid gains seems to be headed toward a devolution into the operating system of paranoid luddites.

Oh then...

Duh.

Is it your "fair use right" to use a hammer for a saw? Because you paid for the hammer does not make it a "fair use problem solver."

Two choices:

Participate and be free

Don't participate and be pwnd

There is no option where you don't participate and you still get to take home a prize from the fair.

Yes it's my fair use right. Just as the Betamax case ruled it was fair use to use a VCR.
Your answer brings us to the conclussion that we just do not agree and that I don't believe in your idea of a take-it-or-leave future.

I really think so much of this is academic. Even Ms. Rosen knows in her heart of hearts that the DMCA is more or less a history lesson in FAILURE.

My guess is 90% of people between 15 and 40 have broken it knowing and multipe times.

Today music p2p isn't just most of distribution, Rosen knows sanctioned revenue producing distribution is about 3% of all transactions. Some victory.

Everything that happened with music is now hitting video material.

Thanks to the DMRA and the way the industry throws around terms like "pirate" if I would already be ac iminal if I decided to buy a movie and make a copy to watch on my Arcoos -- why actually buy the movie, or even rent it?

poptones:

I'm still a little iffy on how open source DRM would work, even if it is backed by Sun.

Here is a typical DRM system:

1. Encrypted file

2. Player/Decrypter

3. Keyfile

Now, once the file is encrypted, it can only be decrypted by the player. In a traditional encryption setup, this decryption would end here, and thus the person that has the key would be able to unlock it, and have the decrypted file.

With DRM, there has to be an ability to decrypt it, then re-encrypt it once the license has expired or ended. If the player used to decrypt it is open source, after the end user receives the decryption and gets the cleartext, be able to alter the player so that it wouldn't re-encrypt using the license? Once the keyfile is obtained and cleartext is accessed, what is preventing the player from being altered to simply decrypt using the keyfile, then that's it? I'm curious how an open source system like that would function like traditional DRM?

------

BTW, for the person who asked, Creative Commons has nothing to do with the Open Media Commons, Sun just used "commons" to, I assume, try to associate itself with CC.

Wow. The last couple of days have been quite a learning experience. This is how I now see things (subject to change of course)...

Poptones is absolutely correct on some points.

"Open Source DRM" is a reality. I had made the naive mistake of thinking that the Open Source Community thought that freedom mattered. Once again, it is about practical advantages for the Open Source folks. As far as I can tell, Sun's DRM scheme is using the controversial CDDL license. This will allow "Open Source DRM" which acts as the stepping stone for what is truly desired by those who do not value freedom - that is, the Trusted Computing Platform Alliance.

Unfortunately, the Open Source community catering to DRM under the CDDL (which is not GPL-compatible) will bring much harm to the free software community unless some action is taken. At this point it may be too late - unless the Open Source Community can drop the CDDL. I don't see why they can't, but dropping it would not be practical so I don't expect this miracle to take place.

Poptones is absolutely correct. Those who value freedom may soon find themselves on the sidelines.

Personally, I think this is a critical moment in FOSS history. If TC gains a foothold through this Open Source-endorsed DRM scheme, Hollywood and the big software corporations will finally get what they want...

For you to believe that the internet connected computer is nothing more than a television on steroids. A mechanism for their profit.

Poptones is in...anyone else?

I read everything she wrote 3 times.

I believe she is a sociopath.

When one person looks at what another person is wearing it is hard to quantify how much value is being transfered, but let's start at $1 per a milisecond and restrict who can be seen. At that point the price can be determined by what the market can bare.

"Open Source DRM" illegal according to the DMCA, no?

The term “intellectual property” is of little use as basis for a discussion. It covers a set of very different forms of protection of immaterials which does not have the same purposes or the same effects. The term is often used to try to suggest that immaterial rights should behave the same way as the right to tangible property. That’s not the case.

what makes an item "material?" That you can hold it in your hand? Plants can be patented and this has been recongized law for decades before the megacorporations got hold of it. While the plant may be "material" the things that set one apart from another exist in the DNA of the thing itself - the information that defines its existence within the natural world.

"Material" things have scarcity. They have value because of this scarcity. And what makes them scarce? That's just the way things work in this world - things are made of something, and their embodiment represents work.

In a virtual world natural laws can also be defined. Sure, you can have things like inverted gravity and objects that cannot be damaged - but you also have things that require the game player put forth effort in order to "earn" - all you have to do is define the rules under which those "things" must behave.

If I am playing warcraft and you steal my sword, have you stolen my intellectual property? No, that is the rules and programs that allow my sword to exist - from my point of view, you have simply stolen my sword.

What if we move that warcraft world into a distributed network of peers? Rather than having the laws defined y a corporation, they are defined by we, the gamers. the rules and laws evolve as we agree through consensus. Now, if you steal my sword, have you stolen my IP? That is still in the game itself - and in this case, since we created it, we own it. So in this case, again, stealing my sword means you have stolen my sword.

It is mine because I put forth the work and time required to obtain it. it is mine because, by the natural laws that govern the world we have created, I cannot simply conjure another from thin air as if in a dream. In order to replace it I must again put forth the effort and time of obtaining another sword. It is as much a "thing" as the chair I sit in now, only it exists in a different world.

By "stealing it" all you have done is a;ter some portion of data that previously said the sword was mine. The sword itself cannot be projected into our physical world, but it still represents real world work on my part because I am not a collection of data and, by the laws that govern us, I was required to work for it. All you have done is alter information but in doing so you have robbed me of the time I spent creating this assemblage of data.

I am not confused in this any more than you or anyone else. Characters from Daffy Duck and Bugs Bunny all the way back to Rosencrance and Gildenstern have confronted this conundrum. Only now we have the means to make the problem more "material" than Shakespeare could ever have imagined.

So far as your questions about the feasability of open source DRM - as I said, the user never gets the cleartext because the user doesn't have access to the key. The key is locked in an encrypted portion of the user's hard drive, and the key to that is locked inside the CPU itself. In this way you can copy the data on your hard drive to another system and not lose access to your music (as present DRM systems do) because there is no need to "key" that files themselves to any specific system.

If you should upgrade your system you would copy the data and then go back online and get the machine re-trusted. Once the provider of your DRM content has certified the new machine the key would then be sent to your new CPU and the data on the hard drive that it had locked away could again be accessed.

There is so much greatness we could do with a distributed trusted net... but we need to make sure the technology evolves in the open.

poptones:

So far as your questions about the feasability of open source DRM - as I said, the user never gets the cleartext because the user doesn�t have access to the key. The key is locked in an encrypted portion of the user�s hard drive, and the key to that is locked inside the CPU itself. In this way you can copy the data on your hard drive to another system and not lose access to your music (as present DRM systems do) because there is no need to �key� that files themselves to any specific system.

I think you're fundamentally misunderstanding what I'm saying.

The key may be locked, yes, but there has to be something that can play the file, right? A player. That player has to use the key to decrypt the file to cleartext while it's playing, or else it wouldn't play at all.

Now, my question is, since everything would be open source, wouldn't it just be a simple matter of modifing the player so it's never reencrypted using the key? The key would remain hidden, sure, but the player would have to use it to unlock the content to play it, and if you unlock it, you have the access.

How would one get around this flaw?

----

P.S. Hilary, where'd you go? Ten days and no new posts...tsk tsk. ;-)

Poptones:

"So far as your questions about the feasability of open source DRM - as I said, the user never gets the cleartext because the user doesn’t have access to the key. The key is locked in an encrypted portion of the user’s hard drive, and the key to that is locked inside the CPU itself."

So you're saying that the user's hard drive will be encrypted in this system. That is fine - I have nothing against encryption...but you are saying it will be encrypted so that I can't access information on my own hard drive?

And you are saying that members of the "free community" should not only accept, but endorse this unethical architecture if they want their computers to be able to play popular media files? You say we are fools if we decide to suffer the consequences of sitting on the sidelines, no? That there is no value in standing up for freedom? That freedom supporters are living in a fantasy world and are deluded about the great benefit to society this practical approach of TC/DRM will bring?

You are basically saying that 'freedom' means being able to access popular media files and has nothing whatsoever to do with our quality of life regarding the individual privacy and security of our machines.

@comons music

No, because if you modified the player, it would become untrusted and then it would never be given the key to decrypt the file.

CORRECTION: "its mother."

Damn grammar.

Commons Music:

"Untrusted based on what?"

Couldn't the hardware be built to check and see if the player asking to play a file is trusted (i.e. not modified) and if NO, then refuse to send the key? And if YES, then the player being used may be "open source" but it still won't help one strip the DRM for their fair use.

Is this how this proposed and oppressive Orwellian technology works?

This is the point I made like 100 posts ago! Nothing is “owned” by you or me - everything is “owned” by a corporation somewhere. And so long as this continues to be true everything we do here is ultimately in service to an oliopoly of corporate kings. they define and control “value” because they own us. If they do not want your data to appear here, they shut you down. If they do not want you to earn income, they shut you down. If they do not feel your existence here is in their economic interest, they shut you down.

Okay, I'm back here for a moment.

poptones: Personally speaking, I own quite a bit. My group, Tryad, owns the music we made. Some is under a specific CC license from samples, but we still control it. I write, I have screenplays, I have my documentary. These are things I OWN, because I CREATED THEM. Nobody, not Hollywood, corporations, or "they" can just shut me down, and I don't see where this paranoia is originating from. How could "they" just shut me down? I have a documentary coming out about the war on drugs, and you think the government can just "shut me down"? Sorry, no, they can't. I'm certainly not doing anything illegal with it, so I'm mystified by how you believe we have no control over our lives.

Sure, Blizzard owns those things, as well they should. They created them, so they should own them. Just as my group and I created "The Final Rewind," so we own that, and as well we should. I don't see why I would need DRM to "own" it any further. Copyright law is protecting me just fine, and if someone misuses something I made, I have recourse against the person or persons who have wronged me.

That copyrighted content could be covered under fair use, if it was just in there and captured accidentally. This is a fault of lawyers being overly cautious for indemnity insurance, not of copyright in and of itself.

Also, last time I checked, I was neither a Panamanian general nor a ruthless dictator who murdered countless people.

Then again, I was really drunk last weekend, so I suppose anything's possible...

Irrelevant. Under the DMCA if the owner of the content objects the content will be taken down unless your host is up for a fight, and it will be left to you to defend this notion of “rights” in court at your own expense.

This is why I'm for H.R. 1201 and a more thorough reformation of the DMCA. Also, I have my own server for stuff I want up there, so there's that.

But I tire of this. I think we've taken it as far as it's going to go. I guess we'll have to agree to disagree. ;-)

Cheers.

Poptones,

I have a question.

Let's say I get one of these brand new, shiny, built-to-the-hilt Trusted devices - acting as a server - and legally obtain the right to download a DRM encrusted media file. I download the file and it plays perfectly - no hassles. Everyone is happy. Hollywood got their cash and I have the file.

Now that file is on a private server that can communicate with 30 other machines. But none of the 30 clients will play the file because the machines are not "Trusted."

But you see, I have the right to put that file on 20 other machines and expect it to play because Fair Use says I can.

What is the solution Poptones? What should I do?

Hilary, what do you think?

poptones it's been interesting reading your posts, but clearly you are talking only to yourself. let's kick it over 200.

I have the right to put that file on 20 other machines and expect it to play because Fair Use says I can.

it keeps coming back to this: I HAVE THE RIGHT. no, Peter Rock, you don't. not on this planet. do you have the right to make 20 exact copies of a 10 dollar bill just because you "bought" one original? if you did (and if you could), don't you see how that would destroy the value of money? it's the same thing with digital content, amigo. NOT AN ANALOGY: THE SAME THING.

fair use gives you the right to make bad copes of a 10 dollar bill - copies that could not be confused with the original - it doesn't give you and everyone else "the right" to counterfeit. that little metallic strip in the dollar? DRM. (dollar rights management.) it is the trusted currency system that allows the system of paper money to work.

one you can get your head around this very simple concept, everything poptones says will make sense.

Nate:

"Instead, fair use is a defense against copyright infringement. "

Ahh, yes. You are correct. I should not have used the word 'right' in that context. A better way of saying it is -

I will use that file on other machines because I am confident that I am not infringing copyright due to fair use doctrine.

But I find the other machines are not built for Collusive Computing (TC), By law, my "rights" have not been violated, but the Fair Use doctrine has been emaciated in my particuar case. And because I have no rights, there is virtually nothing I can do about it.

"I think that such a right would be a fair trade for a government enforced monoply of production (copyright), but legally I don’t think any such right exists."

This makes sense to me although in a world of Collusive Computing, it would seem that this theoretical right cannot exist.

This makes sense to me although in a world of Collusive Computing, it would seem that this theoretical right cannot exist.

Of course it can. Or it can exist only for some things. Which things, and how they work, is up to the people of the community.

If I don't like the weather where I live I do not have the "right" to change the weather to better suit me. Ironically, in this artifical world we might have that right.

"Collusive computing" isn't an entirely unfair name for it, though I'm sure you meant this as an insult. the fact is the internet was designed when it was really, really hard to make a bunch of computers talk to one another. Now our desktop system have within them networks of smaller computers performing various functions. The infrastructure of the internet does not need to adopt this new paradigm, but the computers themselves need to.

TCPA means you or I have the choice of buying a portion of a computational engine that crosses the globe. Right now we don't have that - we have a computer that may contribute data but mostly is used simply to extract data from the grid. It is incredibly hard to build a trusted network that can accomplish anything at all because the computers themselves are so incredibly brittle.

The next evolution is coming like a steamroller. Its progress may seem deceptively slow, but only a fool would attempt to stand it down. we need to climb on board and make sure we share in manning the controls.

Security is one of those stepsisters of our field," said Kleinrock. "It was not built in to the original internet. We had a philosophy and culture of trust. Everything we do now (for security) is patchwork, which makes it much harder."

The initiative will promote network architectures that balance "privacy and accountability and vary protections for individuals based on "difference and local values," the announcement read.

A new internet could also be made to support the privacy choices of individuals and communities as sensors and communications devices become more ubiquitous, GENI organizers hope.

People already lack privacy and security on the internet, said Princeton University professor and SIGCOMM chairwoman Jennifer Rexford, one of the GENI organizers.

"(Security) is an incredibly important problem today," Rexford said. "And if you don't solve that problem, you haven't solved anything."

Concerns about security are valid, but this is why we need to participate - to make sure "trusted" means choice and openness and not "you will trust us because we tell you to."

Once that computational engine is in place we have the means to define those "laws" however we as a collective within any given community decide. A hundred communities with a hundred different sets of laws, all of them unbounded by geography or even language. If you don't like the law in Hollywood, move out... that's (literally) what I did.

If I don’t like the weather where I live I do not have the “right” to change the weather to better suit me. Ironically, in this artifical world we might have that right.

Oh... come on... these types of analogies are simpy too far out.

Anyway... If your vision of the future actually becomes true with all the monetary trust you'd like to put into it, cracking the hardware would become really interesting for criminals. Thus it would bring us the same kind of problems as digital identity-theft and cracked biometrics threaten to do.

That would be the part where I point out that I couldn't care less that I cannot change the wheater in real life. Just as I cannot make the earth stop spinning. .. and it probably wouldn't be a good thing if I could.
I don't know why you think these kind of aguments are good sellingpoint for your trusted computing fantasy. They are not.

How can you argue A) they have no right to create such a virtual space or B) this is a bad thing for society?

I don't. You have not been listening. I argue that the lack of consumer protections against monopolies based on the digital infrastructure used to realise this is a problem.

Regarding fair use and "rights". You're right. "fair use" (or the European equivalents) are not defined as rights in the copyright laws it self. It is however a human right to "freely to participate in the cultural life of the community, to enjoy the arts and to share in scientific advancement and its benefits."
Maybe you don't think that it should be a right to (within your privacy) freely choose which player-technonology you use to play a digital work. .. I do. (Remember that copyright it self is mainly a right granted by society. It's not god given.)

Of course, if a producer can make it technically impossible for me to do so, it's within their right. But if it is abused society has the right and duty to protect consumers.

You would of course say, that if I don't like it, I can just stay away from it. I don't believe the social workings of the market works like that.

Also, the more trust you put into technology, the larger the problems, when technology is compromised.

"The corporate commons" is, at present the only online commons we have left. No, this isn't entirely true - I participate myself in many newsgroups (to the point that, even on dialup, I regularly chew through my allotted 6GB per month - in fact, I'm presently locked out until Sept 1). But newsgroups aren't nearly as much "communities" as they once were. Most folks I know, in fact, don't even know what the hell usenet is.

What we are left with is a corporate commons - thousands of community BBS systems that are, most often, administrated by some corporate interest. and even them that aren't are entirely behoven to the corporations that own the servers that host the software.

I'm not a gamer in the contemporary sense of the word. I don't even have a single game installed on my machine right now that didn't come OOTB with the operating system. But I am all about the old school notions of virtual reality and the possibilities presented by a wired world. If you've never seen it before you should rent Wild Palms - ir predated The Matrix by, like, a decade and it still raises some worthwhile points.

Having a more widely distributed computational structure is the next wave. SUN has had their employees operating on their new "computational grid" system for a while now, encouraging them to install applications that request resources in order to test it out, etc.

This is all really a step back to what the internet was originally envisioned - a computational network of peers. But because none of us have any meaningful security in our systems such a network is not possible. It's funny how some complain about having less security from such a system when at present they essentially have no secuirity at all. Any application running on your computer has the ability to query the hard drive, detect what other software you have installed and running... that some seem to see this as a good thing only shows how normalized has become the expectation of having zero system security - without that ability to audit every mounted disk space available to the operating system it would be impossible to remove all the spyware and virii and crap that gets accumulated on so many systems!

Anyway, all that stuff you see in The Matrix and Wild Palms - assuming any of it could be real, it can't using the infrastructure we have now because you cannot have ownership of information on the web. It is, given the nature of the beast, impossible to enforce "natural laws" in such a widely a distributed computational environment because anyone running the code can rewrite it in such a manner that they can become, essentially, super beings. By having the system able to defend itself from attack we can take one giant step toward creating truly shared virtual spaces - spaces that no one owns and where removing a portion of the resource (Ie shutting off or removing a node) would still leave the community intact.

Here's some more "wild" analogies for you to munch on: this is very similar to the way we presently understand the human brain to work. In children where even half the brain was physically removed from the body, the person was still "whole" and retained all her memories.

With a distributed computational architecture, if you design the community right, the community itself becomes host to the "keys." Using genetic algorithms and a means of affirming consensus within a community the software could be "seeded" by the initial developers but, once running, not allowed to be altered even by those who spawned it.

This only sounds scary because now that would mean if it got out of hand it could wipe out our systems. But when every process runs in its own encrypted space and is not allowed access to any portion of the system outside that space, such an experiement would be orders of magnitude safer than what we have now; if a process proves to be a nuisance, just shut it off.

But in-world such a system could evolve "natural laws" and the only way to alter them would be to opt-out of that world or to generate consensus on changes you want implimented. How such a system might evolve when it was distributed across thousands of nodes hosting thousands of people no one knows because we've never been able to do it.

None of this means "copyright owners have too much power" because that is only one space You can still go to Virgin and buy a sack of CDs (or DVDs or whatever they sell) and you can still play those discs in any player that will accept them. You can still buy books at Border's, you can still go to Magnatune and buy "alternaitvely licensed" music from whomever wants to offer it. More choice, and more ways for people in real life to realize the promise of a wired world.

So far as political babes.... that's just me being cute. I was trying to find something that fit with "Atypical joe" and I find Arianna Huffington very... attractive in a purely apolitical way. I'm a guy; so sue me.

An awesome jumping off point, PM.

It's so nice to discover I am not alone.

...Remote attestation makes it possible for distributed computing projects to make sure that people are running legitimate clients which won't cheat. Sealed storage will allow the client to checkpoint itself periodically and pick up where it left off if it gets interrupted, in such a way that no other program can create bogus partial data that it would be tricked into accepting. No longer will the time wasting counter-measures and tricks be necessary which are presently being used to try to catch cheaters. Code can be presented in open source form, which will improve confidence and make people more likely to run the programs. With all of these advantages, TC will be an important foundation for distributed computing projects in the future.

It doesn’t change the fact that the same functionality can be abused when such distributed systems are not entered on a fully voluntary basis with full knowledge of the implications in a free market with fair competition.

Such a system would allow less abuse than what we now have. The internet is absolutely infested with machines that are zombies, machines that are spam relays, machines that are not entirely under the control of the user or someone the user trusts, and the users have no idea of this.

If Sony locks down Madonna to a single machine, that user is going to realize the files he bought are locked down real quick. They are going to know who set the rules they object to, they are going to know who to yell at about it, and they are going to know who to avoid in the future if they don't like the policies.

All that crap about being "locked down to one vendor" is already in place. If you want to watch Big Brother on the net you have exactly ONE place to go: Real Networks and their proprietary player. And you are allowed exactly ONE operating system in order to use that service: Microsoft Windows.

If you want to watch the trailers at the mac trailers site, you have exactly one piece of software you can use: Quicktime. Whether you use linux or windows or a mac, you still have exactly one choice on software decoder.

Even if someone posts completely free music and that music is in the format of either real audio or windows media, you still are constrainted to using one vendor's software. It doesn't matter if you are using linux and Xine or Mplayer or XMMS or whatever, the software decoders that actually play those files are still just hacked versions of the Windows software - it's the only "choice" out there right now.

The one great difference is having a virtualized, trustworthy machine means you have less risk of exploitation or even of software flaws causing lockups than the system we have now. The fact the codecs would become "uncrackable" and you'd be "forced" to run Windows in order to use their codecs is not a "barrier to fair use" or even a barrier to using linux for all the other Free as in freedom and legally licensed software on that platform when Microsoft is able to ship the required Windows runtime along with the free as in beer Windows Media Player that all runs in a completely segregated sandbox where any weaknesses it may have cannot spill over into the rest of the more secure operating system it shares space with on the machine.

The system is already broken - badly. The arguments that this would allow corporations to engage in outright illegal behavior is moot when the system as it is now allows essentially anonymous and untraceable entitites to do far, far worse things than merely "forcing" Hillary Duff fans to use Windows Media Player if they want to listen to her on their computer.

OK, so the owner is ignorant and cannot be trusted to run his machine properly, but I am supposed to trust that operator (or any operator) with my data?

Can you please at least try to come up with a consistent argument?

Breaking the system so the user can ourtright lie about being trustworthy makes about as much sense as putting Michael Jackson in charge of the daycare center. The platform needs to be designed in the open, but if the open community refuses to participate in its design Microsoft is not to blame for that.

However, if I can trust the machine, then you can trust the machine. If you don't want to trust my software, no one is putting a gun to your head to install it.

It’s not “TC or chaos” as you try to imply.

"Try" to imply? No, I did not try to imply - I outright assert it. But you are half right: because there is no trustworthy consumer platform right now it's only chaos.

There must be something you haven’t understood. TC doesn’t make the user trustworthy. It makes the computer trustworthy (until hardware is compromised… THEN you have trouble).
EFFs suggestion doesn’t enable the user to lie about being trustworthy. People don’t get trustworthy just because they have a certain piece of hardware in their homes.

Yes, they do. If you have an ATM in your living room, the bank can still trust you not to steal from the other despositors because the ATM itself is reasonably secure even against you attacking it. This may not be entirely analogous because you can still hacksaw it - but if they have the system able to detect when you have hacksawed it and make the money magically disappear before you gain entry into the vault, then it is still a trustworthy proposition.

...if all Pokemon/Disney was only accessible with a certain TC-enabled client...

Is utterly meaningless hyperbolae. We might as well be discussing the economic and societal impacts of the second coming of christ. Pokemon and Disney are going to make their stuff available to as many people as possible because that is the only way they make money. What you have now is no Disney at all on the web because Disney doesn't trust it. What you might have is more Disney on the web but restricted to software Disney feels it can trust. How do you explain too your six year old right now that she cannot play The Little Mermaid on your computer because you will only use linux? Or because the game at the website doesn't play well with the linux Flash player?

A trusted platform means you can run linux and you can still run windows - only you can actually trust the computer to not allow Windows virii to infect your linux system or the data it controls. You have more options instead of less. If you still refuse to allow windows because of some orthodoxy on your part then your question is moot - it is not my concern or my business to tell you how you explain your religion or ethics to your six year old.

Perhaps this will help you understand. Or this. If, after reading this information you still have questions or points to raise I do hope they will at least be points not covered a hundred messages ago.

@poptones
1) Your ATM analogy doesn't hold.
2) You suggested multiple OS's running in virtual environment long ago. It's still not a solution.
3) I don't have any questions. I've seen where you're going long ago and I don't like it. No point in arguing with you when confronted with that attitude.

As I've said earlier. TPMs can be useful. As a system admin I would love to be able to cryptographicly verify the state of the machines I am responsible for via hardware. But I can do that just as fine, if I knew the endorsement key. I don't need third party interference to trust my systems and I see no reason to trust them more, if I can't modify them to suit my needs without rendering them useless.

Wow. I go away for a few days, and I come back 150 comments later.

peter's last comment is right. The problem with a completely rule-based system is that the underlying concept of right and wrong are subsumed into the rules -- if one can technically get around the rules, then the behavior becomes OK. See tax law for examples. Gaming the system becomes a good thing -- "heroes" are made that way.

But the fly in the ointment is that much of human society does not accept the principles of right and wrong. (see islamic fascism, for example, not to mention counterfeiters from Asia in the copyright context). So to utterly trust all to do the right thing now is foolish. Especially when there is hype after hype after hype after hype (this thread, perhaps?) about how the recording industry/Microsoft/all corporations are evil and soulless and must be eviscerated. Not to mention those who demand that they be able to show The Little Mermaid on a Linux system, because the social life of their children requires it. Not to mention those who are simply happy to be free riders.

I, too, would love to go back to a time when we could all leave our doors open. But we can't when there are thieves parading down the streets.

So what to do? I have faith in the market, and in content owners eventually rediscovering that more money can be made by increasing access to their product. Arguing about the specific tools is pointless -- demand will work things out eventually. Mark Cuban has figured this out -- keep an eye on him.

Not to mention those who demand that they be able to show The Little Mermaid on a Linux system, because the social life of their children requires it

*Sigh*... That was not what was said and you know it.
I pointed out that today copyright laws (for good reasons) allows reverse-engineering for the purpose of interoperability. Disney could use TC to make that impossible and require a specific product. Poptones says that we should just take it or leave it. I pointed out that society does not work like that and in effect the fair competition goal of the interoperability clauses in copyright law would not be fulfilled.