Regulation

Michael Geist draws a contrast between 1997 and 2003 -- suggesting that Internet regulation, which used to seem impossible, is proceeding apace.

In fact, a lot of changes in the Internet which previously seemed impossible have come to pass or are coming to pass or might soon come to pass if you're not careful.

I remember that, soon after I met Nick Moffitt, he made an allusion to the Hunter S. Thompson line about "a high and beautiful wave". He predicted that we would look back with some nostalgia and regret at that time (the years immediately after 1997). Nick was talking about free software, not specifically about free expression, but I still remember being concerned about the end of that "high and beautiful wave". (If you've never read the passage, do a Google search.)

I'm still concerned.

Song

I seem to be in a song about the DMCA. There are a lot of samples from a Free Dmitry protest, and I'm one of the samples! My colleague Lee Tien is also sampled: "Between 1947 and 1975, the National Security Agency intercepted every single overseas telegram...".

I was very startled, because I was told to listen to the song because Lee was in it, and then I heard my own voice right at the end. I remember when I visited my father during the Free Dmitry campaign: he told me later that he said goodbye to me, dropped me off at the airport, turned on NPR as he was driving home, and heard me interviewed.

Book

Martin Pool favorably reviews a book by Eric Raymond called The Art of Unix Programming. I took a look, and I think TAOUP is full of wonderful stuff. I would eagerly purchase a copy if it came out in paper.

In general, it collects stuff that you have an intuition about after working with Unix for a while, but might not have formalized anywhere. And it's just plain fun and interesting (and doesn't claim that Unix got everything right).

In other Martin news, I'm very pleased that Martin likes my code!

A pairing

Here are two opposite sentiments which form an interesting pair:

Amicus Plato, magis amica veritas.

(This is given in several forms and attributed to several different people. "Plato is [my] friend, but the truth is [my] better friend.")

Errare, mehercule, malo cum Platone quam cum istis vera sentire.

(This is definitely due to Cicero. "By Hercules [we might say 'by God'], I would rather be wrong with Plato than be right [believe the truth] with them..." Some translate: "I prefer to err with Plato...")

These two are sometimes contrasted, but I think not usually mentioned alongside one another.

Internet security

"We were ORDERED not to do [cryptographic] research and innovation in the Internet project [...]"

Illegal Art

The Illegal Art exhibit is really great. I got to go with Aaron and Riana, and saw lots of people I knew, and also attended part of the panel discussion.

The Illegal Art CD omits some works I might have included, but is interesting; "Bittersweet Symphony" and "The Motorcade Sped On" were my favorite tracks. The latter was moving to me even though Kennedy died before I was born.

I also got the Illegal Art DVD, and got it autographed by Carrie McLaren! (I gave her an autographed LNX-BBC in exchange.) I haven't watched it yet, because I don't own a DVD player.

I'm going to go with my mom to the Illegal Art film exhibitions later on this month. July is a whole month of illegal art for those of us in the Bay Area, and my mom is coming to visit.

City responds to DMCA

Apparently the City and County of San Francisco realizes what a bad idea anticircumvention is. They posted this sign in many places around the city:

(Thanks to Cory for taking this picture after I pointed this out to him.)

Don't boycott MSNBOT

I received a note urging me to use the robots.txt mechanism to prevent Microsoft's search engine from indexing my site. My response is that creating a search engine is a virtuous and charitable thing, and an ease to the people.

The impulse to decide which search engines are legitimate based on who owns them seems to me less like an ordinary boycott and more like, and closer to, a pattern of subdividing the net into small parts which can't talk to each other. "A strange game -- the only way to win is not to play."

Lament

Among those through whose hard-won precedent
We feel secure when we invent
Was Sony's lawyer, Dunlavey.
Timor mortis conturbat me.

Inside the park past which his streetcars run,
Since eighty-nine's quake basking in the sun,
A street sign honors Donald Chee:
Timor mortis conturbat me.

Vacation

I took a vacation in Washington, D.C., which is incredibly hot and humid. Sorry for the long gap in posts here; I'm back now.

Microsoft performance reviews

One of the people at Microsoft I've dealt with about trusted computing put me down as a recipient of an electronic survey as part of his performance review. So I was supposed to evaluate him on a series of (ASP-based) web forms.

I was particularly amused by

71. Develops an actionable strategy

Somebody really needs to reword that question.

RIAA subpoenas

The RIAA is sending subpoenas to a lot of ISPs to try to identify people. As we previously explained in an amicus brief, the procedure they're using for this, created by 17 USC 512(h), lacks a lot of procedural safeguards normally associated with subpoenas.

I've looked at a large number of the subpoena requests. They're obviously generated by a script -- "mail merge", as they used to say -- and that's a good thing from a certain point of view, but it's kind of frightening. Your identity is essentially being requested by a computer, and then Yvette Molinaro is in the loop seemingly for the sole purpose of signing her name to attest, in effect, that the computer was programmed properly.

It's almost as though you could have XML-RPC or some other function call through which the RIAA could get the user's identity.

In fact, there are many press reports to the effect that the D.C. District Court is overwhelmed by having to process all of these subpoenas -- already in the dozens per day -- and if the court is having so much trouble just stamping and scanning and docketing, think about the compliance burden for the ISPs. Perhaps RIAA hopes that ISPs will eventually decide to create automated mechanisms, through private agreements with RIAA, in order to keep this out of the courts and lower everyone's costs. An ISP could set up a particular e-mail account. RIAA would send signed e-mail attesting that a particular user's identity was sought for the purpose of enforcing copyrights; the ISP would respond automatically, identifying the user. It could work.

This has happened in other contexts. Under the current 512(h) regime, there would seem to be a strong incentive for ISPs to negotiate private alternatives, which would be cheaper but typically even less privacy-protective than the status quo.

It is troubling to think that a single typo would now result in the automatic exposure of an Internet user's true name and contact information. Suppose the RIAA transposes two digits in the IP address. Now the ISP is likely to disclose that other user's identity instead of the identity of the person who was actually sought, and there is likely to be no review and no recourse. In fact, the user who's wrongly identified might never know (unless he or she is subsequently sued).

These errors are pretty easy to make, and the subpoena power is very strong. There are lots of ways to mitigate this harm somewhat, but those which don't involve politics mainly involve effort by ISPs. The cheapest course for the ISPs might just be to give up and not do anything to protect their users' privacy. That would make the entertainment industries' frequent claim that you aren't anonymous when you use the Internet become much closer to the truth.

Anyway, I got to do some fun coding as a result of this and learn about Python's modules for CGI scripting and MySQL access. It's surprisingly easy. Dan Moniz created a nice front-end to the database we built, and now you can search to see whether your identity has been subpoenaed.

I think it's silly that people are only searching for their KaZaA usernames and the like. The ISPs won't identify you by your KaZaA username, even if you're a KaZaA user, because the ISP doesn't know your KaZaA username or whether you're a KaZaA user. The ISP will identify you by your IP address, because that's what the ISP knows. And the ISP will identify you by your IP address whether you're a KaZaA user or not, whether you're a copyright infringer or not. The risk of misidentification is extremely great -- especially with this prelitigation subpoena process -- and all Internet users should be concerned, not just copyright infringers.

Bill Frantz has a signature file which says "Due process for all used to be the American way". I don't think he has these subpoenas in particular in mind. But you are now, right this moment, a single typographical error away from being identified, possibly without your knowledge.

ATC

United Airlines has a great feature where they let you listen to the radio communications between the plane and the air traffic controller. I don't fly on United very often because it seems expensive compared to airlines like Southwest and JetBlue, but whenever I fly United, I find this feature endlessly fascinating. You can predict what your flight is going to do, because certain actions are almost never taken without instructions from the ATC (like significant altitude changes).

(Pretty much all of my assertions about aviation below are based on my experiences listening to the radio during flights; some of them might be wrong, since I don't have any formal aviation training and am not a pilot.)

There's a whole jargon and set of conventions used in communications between pilots and the ground. For example, there are all the phrases like "climb and maintain flight level X", rules about how to address planes and how to identify yourself, ways to instruct a pilot to contact a different controller, and so on. You can pick up quite a lot of it quickly by listening to the various towers encountered on a transcontinental flight or two. And it's really fun to know when your plane is about to go up or down or turn.

At least in some parts of the world, the pilots and the controllers have a really endearing habit of saying "good day" to one another, which originally made me wonder if they were all Australian. (They're not.) They also like to call one another "sir" and "ma'am". They're very polite and very, very terse.

The main activity of pilots at cruising altitude on long flights, at least during days with substantial "chop", seems to be changing altitudes to avoid turbulence. It's not permitted to change altitudes without prior permission, so pilots have to figure out exactly what altitude they want, and then request it. If the altitude is available, the tower will usually allow the requesting pilot to take it. Different altitudes at a single location will have dramatically different amounts of "chop", and the level turbulence at a particular place will be fairly steady at a particular altitude for what is apparently a period of several hours.

Therefore, pilots are always giving each other reports, and asking for reports, about what (empirically) the flying conditions are like along various routes at various altitudes. If one pilot says an altitude is good, other pilots following behind will want to use that altitude; if a pilot says an altitude is very choppy, other pilots will want to avoid it.

When pilots are concerned about turbulence, then, they want the controller to do work for them (inquiring about and tracking the weather conditions), but they need the controller's help and don't want to be pests. They're dependent on the controller's kindness and goodwill, since the controller could simply say that permission to climb or descend to a particular flight level was denied. The controller does not have to justify his or her decisions at all. The authority of the tower is quite profound, at least if pilots are operating under flight rules in which the tower has to approve their decisions.

So a pilot has a self-interested reason to want to ask for weather reports (and associated changes in altitude or flight path) as frequently as possible, but it would really irritate the tower if every pilot did so at every opportunity. The tower just wants to get rid of planes quickly and safely, and isn't extremely interested in how much turbulence particular planes experience -- mild turbulence is unlikely to cause any harm, but merely makes passengers uncomfortable.

The pilot and the tower have a mutual interest in having a good working relationship, and so the pilot tries to be friendly to the tower by controlling the frequency of requests, and the tower tries to be friendly to the tower by researching weather conditions and granting requests whenever possible. This informal negotiation is very interesting. Imagine it were your job to approve requests, and it didn't cost you anything but your time to do so. But many, many people depended on your approval, and were constantly clamoring for your attention. Managing these requests would be an intricate and challenging responsibility -- given that some of them are mutually incompatible -- and the requesters would quickly discover that it wasn't in their interest to annoy you, wouldn't they?

I wish that an anthropologist would do a study of the culture of air traffic control communications. It's a totally oral culture, it's a worldwide culture, it's a fairly old modern technical culture, and it has its own extensive jargon and is totally unfamiliar to most people. There are relatively very few participants, they deal with each other very frequently, and they might not even know one another's names. They would probably not recognize one another if they met on the street. They're partly accountable to various bureaucracies, but nobody can really tell them what to do. (Well, I guess Ronald Reagan can fire them all, which might count as telling them what to do.)

It would be interesting to read a description of the jargon and of the kinds of social practices which can occur in these terse, static-filled, utilitarian bursts of communication. Is there a subtext? Can pilots tell when the tower is annoyed or overworked? Is there an informal quid pro quo? Do participants even realize when they are participating in an exchange of value or power? Are there rivalries and friendships? Where did all of the jargon come from, and how do participants learn it?

My desire for that particular study reminds of other things I'm curious about, outside the fascinating world of ATC. I want someone to study the role of cranks, for example, in fields which are more contested and less contested. I should write something about cranks to explain more clearly what I mean.

AP

The AP did an article on anonymous file-sharing and quoted me:

"I'm not aware of independent testing or review to verify the claims that people are making," he said.

The article as a whole seems to suggest that anonymous file-sharing may be impossible. But I think it's perfectly possible: I would just be worried about trusting your privacy to Brand X File-Sharing Software without having a clear idea of how it tries to protect your identity and whether that method is secure against attacks you're concerned about.

One important lesson of security and privacy is that things marked "Secure" or "Private" need not be.