Unlimited Freedom on slow attestations
Unlimited Freedom has picked up on my hard-to-verify signatures discussion; he argues that hard-to-verify signatures (or, as he puts it, slow attestations) don't interfere with too many of the unquestionably good uses for trusted computing but that they are still not a good idea, since nobody would want to be bad at making attestations rather than good at making attestations. (He also reiterates his view that even DRM applications of attestation may be good for end users.) I even get called a sort of drug warrior, which would doubtless amuse Kevin Sabet.
I think there is something useful and interesting here. It should be clear that there are times and situations when it's good for you to be bad at something rather than good at it. I used to try to come up with examples of this, but I think the point should be uncontroversial. On the other hand, the usual case is that it's better to be good at things. Slow attestations are a middle ground (and possibly not a useful one) between being really good at attestations (being able to give them quickly) and pretty bad at attestations (being able to give them, but to cause them to be inaccurate if you want) or really bad at attestations (not being able to give them at all).
The observation that it can be useful to be bad at things doesn't prove that it's useful to be bad at any particular thing, and it doesn't prove that some particular skill level at something is preferable in a particular situation. In fact, it proves very little at all. Unlimited Freedom has pointed out that Eric Rescorla gave an earlier example that was useful: Fritz Attaway argued that it was good for consumers to be unable to copy DVDs (because it made them inexpensive, available, or produced with movies they like at a faster rate). Cory Doctorow considered this ridiculous, arguing that it's clearly better to know how to copy something than not to know how. (I don't think that's the whole of Cory's argument; it's embedded in a much larger argument against DRM, which you can see elaborated a little better in Cory's speech to Microsoft.)
Now the oddity is that the bare observation that it can be helpful to be bad at something, or unable to do something, cuts both ways with regard to the DRM industry. For example, Eric Rescorla can use it correctly to say that it's possible that Cory is wrong and you're better off being unable to copy DVDs (in which case DRM is easier). But I can use the same structure to argue correctly that it's possible that Unlimited Freedom is wrong and you're better off being unable to prove what your software environment is or what kind of device you're using (in which case DRM is harder). In one case, the inability is an inability to defeat DRM policies, and in the other case, it's an inability to do something that would tend to disable you from defeating DRM policies.
This shows (as I think Peter Suber observes in a different context) that every ability has a corresponding disability and every disability has a corresponding ability, and each of these can conceivably have merits for someone in a bargaining or market situation. For example, the inability to prove code identity is the ability to (persuasively) resist pressure to prove code identity. The inability to copy DVDs is the ability to convince someone that you won't copy the DVDs you buy. (The ability to copy DVDs is, among other things, the inability to convince sufficiently clever people that you can't.)
Now Thomas Schelling, whom Eric Resorla recommends to Cory, spent a whole book (at least) discussing these situations in an interesting way. Because Schelling spent a great deal of time simply trying to show that certain kinds of bargaining situations were possible (even though they might be against someone's intuition), I think it's likely that everyone can invoke Schelling in these arguments -- at least to the extent of "Well, you can't prove me wrong, because Schelling has envisioned some sort of bargaining game in which my argument would be right...".
It might be natural then to try to establish which kind of bargaining game people actually find themselves in, since figuring out where you are is very important in determining what you ought to do. Eric and Unlimited Freedom both go on to suggest, as I understand them, that there need to be empirical arguments about which abilities and which disabilities are useful in particular cases. And Unlimited Freedom did this in a way simply by describing applications in which nobody would doubt that the ability to make persuasive commitments or proofs is advantageous to everyone.
But there's a threefold problem here.
- First, we might not know enough to be able to convince each other about the incentives involved in particular situations. For example, there may be people out there who actually believe Bruce Lehman's White Paper and its discussion of incentives, whereas there are other people who think it's nonsense and harmful propaganda. I don't know what kind of evidence would help one side convince the other.
- Second, even if everyone agreed about the application of trusted computing to some particular situation, it's still the case that technologies (like other kinds of abilities) are used and re-used in different situations. So trusted computing, for example, will be available to very different people who find themselves in different situations. Presumably it will help some and harm others, and even the same person might be grateful for trusted computing in some contexts and bitterly resentful of it in others. (That's certainly the forecast of some of my colleagues, who plan to use it for traditional security applications but believe it will disadvantage them when applied to DRM.) It's also hard to resolve this problem because it means that different people will have different views of whether their situation has been improved by the technology; they also can't even predict for themselves (let alone for others) with great precision whether they will more frequently get into bad trusted computing applications than into good ones. But if the technology is widely deployed, then in some sense it will feel like part of the infrastructure, and difficult to dislodge or affect, for good or ill. So not everyone is in one single game or situation that can be identified and analyzed in isolation.
- Third, people have values other than finding the best advice for everyone in every bargaining game. This is related in part to the problem of initial allocations or initial entitlements (or what people following Coase have called "wealth effects"). I think this is what's gotten me branded as a drug warrior.
I'm sorry for writing this while somewhat sleepy, because I'd like to be able to concentrate on it better.
