Archive for the ‘Copyright’ Category

As some of you may or may not know, I’ve been following with interest the progress of Lawrence Watt Evans’ Spriggan Experiment. For those of you who aren’t familiar with LWE, he is a fantasy/sci-fi author whose cannon includes a number of titles that I think are exemplary; his writing style is informal and fun, and he’s the master of the super-interesting premise – “The Cyborg and the Sorceror” for example is a wildly creative idea and one that I think has been under-received by the sci-fi community.

So what does this have to do with information security? About a year ago, LWE decided to use Schneier’s Street Performer Protocol for the distribution and authorship of a new book in one of his series. Because he’s cool as shiz, he even answered some questions for us about the process and his use of the method. Well, apparently the experiment worked; so much so that he’s decided to release another book that way; even more interesting is that he’s put up a blog for reporting progress and (hopefully) where he’ll post his thoughts about the process.

So, needless to say I’m excited. I’m wishing him the best on this project and hopefully it’ll be economically successful enough that he’ll keep going… and going… and going…

As a side note, the image above is cover-art from the last serial he put out (linked to the image on his site.) I highly encourage fans of sci-fi to check it out; after all, it’s free to read.

Something is seriously wrong with the MPAA… You’ve probably already heard about the recent MPAA decision to sue people for linking to stuff. If you haven’t heard about this foolishness, it’s worth looking it up… About a month ago, he MPAA decided to sue a basketful of Usenet and Torrent related web sites for facilitating illegal downloads. What’s really strange about the Torrent stuff is that they don’t host or transmit copyrighted material – they link to it. So, according to the MPAA, if you tell somebody where to go to get pirated material, you immediately become part of the illegality. To use a physical-world analogy, if somebody comes up to you on the street and asks where they can buy a pirated DVD of “The Little Mermaid”, you’re doing something illegal if you say something like “try asking that dude with the movie table down on 5th Ave”.

But I digress. The point isn’t about that stuff… It’s about the completely crazy event that came to light yesterday about what the MPAA has been doing to support the case against these guys. Apparently, according to a complaint from yesterday, the MPAA has hired a hacker to break into TorrentSpy’s computer equipment, steal proprietary information, dumpster-dive, and so on. Creepy. Without TorrentSpy’s claim to have the documented agreement between the hacker and the MPAA rep, I would suspect someone of making this stuff up. I guess we’ll see how concrete the documentation is as the trial gets underway.

I’ve said it before, and I’ll say it again: there’s nothing more dangerous than an idiot with initiative. Sony is now recalling all CD’s protected by their controversial DRM technology. This is probably a good thing, since folks digging around the uninstaller noticed the fact that the rootkit removal tool is itself a rootkit.

No, seriously – it’s an ActiveX, it’s marked “safe for scripting,” and the developers broke one of the cardinal rules of ActiveX – i.e. if you say it’s “safe”, it shouldn’t for example be able to connect to an arbitrary Internet site, download software, and execute it. Ouch. As a former developer, I can tell you “never do that”.

In other news, BlackHat just got bought by the folks that brought us CSI.

Last week gave us an interesting behind the scenes look into how content companies approach the ongoing copyright debate: we saw the Sony rootkit get exposed by the technology community, judged in the court of public opinion, and subsequently get left on the side of the road. So now Sony has promised to keep their CD’s free of noxious content (at least as far as software goes – Ashley Simpson will apparently keep singing.) Everyone seems to be doing their victory dance, but I’m curious – how much did consumers really win? Was it a “confetti in the streets” victory – or maybe just a “Miller time” sort of victory? My apologies if I seem to have a negative outlook, but my quick take is that as far as things go, we won a “MillerTime” (kiddie size) sort of victory – if even that.

First and most importantly, we won nothing on the “fair use” front. It would seem to me that Sony maintains the same vise-like grip on when/how you play your music as they did yesterday. They just removed one of their technical controls. Do their rights change without the technical enforcement? If there’s a cop sitting on the side of the road looking for speeders, does it become legal to speed when the cop pulls away? Clearly not. In other words, consumers are in the same position relative to Sony as they were before. Nothing’s changed. In my opinion, the issue is that Sony felt it had the right to do what they did in the first place. I doubt that they’re view of that has radically changed since they made their decision.

We got zilch on a technical front. The fact that this particular rootkit on this particular platform is gone doesn’t mean that there aren’t other technologies waiting in the wings that take away your control over a device you own… What’s to come will take away our control just as effectively as Sony’s rootkit, but will be forwarded by the technology. Mark my words, by the time DRM comes around, it will be so hidden inside something legitimate that we’ll be begging for it to happen.

So, no – I don’t think this was much of a victory. Sorry to disappoint.

All of us are following the Sony DRM “rootkit” issue, right?

Since this story broke, I’ve been asking the question if Sony’s DRM software is going to be considered “malware” by the AV/spyware players. CA has answered that question for us, and the answer is “yes, it most certainly is”. They’ve added it to the CA Spyware Encyclopedia, and has given it a very thorough analysis.

This is a good move for CA in my opinion; the home and corporate buying public has spoken loud and clear about their feelings about this software and I think CA is heeding that sentiment. Take 5 minutes and look through the ocean of responses and comments to Mark’s SysInternals blog entries – note how many are from administrators experiencing pain:

I’m just some network admin. Just a couple hundred users, a few servers, nohting special. I’ve encouraged users to bring CD’s in to work if they want to listen to music ’cause I don’t really have the bandwidth to support a lot of streaming content. Silly me.

or

I am sysadmin … This Sony’s Rootkit just makes my work harder… Having this program installed calling home is a security risk that no sysadmin can take, period. No matter how you call it: rootkit, DRM, etc. It opens a door in an already difficult to secure OS.

I know what side I’d want to be on if I were an anti-spyware player. Kudos to CA for reading the market and taking a stand.

In case anybody’s paying attention, Grokster has shut their doors. Their website is down and their service is inaccessible. I guess everybody already knew this was coming, so there should be no surprises.

On a related note, Ed Felten has an interesting take on some of of the recent RIAA legal activity here.

Hey, feel like getting angry? Worth reading is Wired’s take on the litigation activities of the RIAA. They’re apparently “cracking down” on the criminal masterminds of digital piracy; namely: single moms, the disabled, and the elderly. Looks like Granny Crabtree’s been downloading Jim Nabors hymns again – maybe 10 years on a chain gang will turn her off her wicked ways…

My favorite part of this is where they go after the disabled single mom for a million in damages:

“I don’t even know how to download music,” said Tanya Andersen, a disabled single mother from Oregon who lives on Social Security benefits. “The user names (they cite) I have never heard of.”

Andersen is one of three single parents claiming to have been erroneously identified as an illegal music trader by a law firm representing RIAA interests, which is seeking more than $1 million in damages — $750 for each of the 1,400 songs Andersen allegedly shared.

OK, in case you missed my comments about this before, Lawrence Watt-Evans, seriously cool fantasy author, is in the middle of an experiment he calls The Spriggan Experiment. Spriggans are harmless semi-intelligent frog-like creatures that crawl out of an enchanted mirror located in the mountains of the small kingdoms – you see, when Tobas found the castle outside the world… well, I won’t spoil it.

Anyway, Spriggans do more than chase wizards, look cute, and get underfoot. They also tell us something about copyright. Wait, what? It’s true… You see, Lawrence is using Schneier’s Street Perfomer Protocol to publish the book – and it’s working, sort of. Because Lawrence is cool as hell, he agreed to answer a few of my questions about the experiment. I’m going to try to ping him again for some info once the experiment is done, but in the meantime, a quick paraphrase of his impressions (I didn’t explicitly say I would quote him anywhere, so I’m not going to directly do so without his OK.) This is the first time that SPP has been used for an artistic work (please spare me the comments about how Blender was an artistic work) so it’s pretty exciting. Security community suspicions confirmed:

- It will likely make quite a bit less money than the traditional publishing model (I think we all knew that would happen.) The experiment’s not done yet, so hopefully he’ll tell us more about that once everything is put to bed.
- There is some evidence that it is driving interest in his previously published books

Suspicions contradicted:

- Overhead from maintaining the distribution channel is minimal
- Not having an editorial staff does not have a deliterous impact on the timeline

Anyway, I continue to be really excited abut this experiment.

Along with the rest of the world, I’ve been gearing up these past few days for the upcoming release of the next installment of everybody’s favorite young wizard. In the process of delving into the fantastical, I happened across an online serial fantasy tale from Lawrence Watt Evans, being released under the auspices of Schneier’s Street Performer Protocol.

This is interesting, because it’s the first book from a published author that I’ve heard being released in this fashion (feel free to correct me if this is in error) – the “blender” software proved the model with software, but the developer went out of business afterwards, so we didn’t get to see how it worked out long-term. This is interesting experiment to watch to see how this concept works with books.

So, how’s it working out so far? According to the author, he’s paid through several chapters ahead and the system is working better than he anticipated.

Score one for Bruce.