Slashdot Mirror
Clay Shirky: RIAA Succeeds Where Cypherpunks Fail
scubacuda writes "Clay Shirky has an interesting take on encryption: 'The RIAA is succeeding where the Cypherpunks failed, convincing users to trade a broad but penetrable privacy for unbreakable anonymity under their personal control. In contrast to the Cypherpunks "eat your peas" approach, touting encryption as a first-order service users should work to embrace, encryption is now becoming a background feature of collaborative workspaces. Because encryption is becoming something that must run in the background, there is now an incentive to make its adoption as easy and transparent to the user as possible. It's too early to say how widely casual encryption use will spread, but it isn't too early to see that the shift is both profound and irreversible.'"
...for some reason it's not listed (at least, I couldn't find it) on the front page of shirky.com yet:
m l.
http://www.shirky.com/writings/riaa_encryption.ht
The Army reading list
what eating peas has to do with encyprtion? I'm totally lost.
Shirky means that using encryption is good for you and that's the approach that proponents (Cypherpunks) have used, even though using encryption has historically been difficult and an unpleasant experience for the average user. Hence the "eat your peas" reference, similar to parents who try to get children to eat vegetables which they find distasteful (an unpleasant dining experience).
The RIAA isn't setting out to do this, it's happening as a result of peoples' fear of a RIAA lawsuit.
--
The reference to RIAA is not about their use of encryption in the form of DRM. It's about how conflict with the RIAA has resulted in many mainstream non-nerd people using privacy-enhancing tools (and more broadly: gaining a pro-privacy mentality).
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
there's multiple problems with anonymous, encrypted peer to peer whitout users oversights.
1. your IP address is still visible (lesser of all)
2. WHO are you trusting to view your files? who's to say it's not a RIAA-mandated agency ?
3. WHO are you trusting to download from?
4. even if you KNOW who you're talking to, if you don't manually verify, on a secure medium, the key used. how do you know there's no middle-man? the dsniff tool widely show this (sshmitm) by assuming users always click "yes" when prompted about unknown or changed hosts keys, that's sysadmins we're talking about, imagine joe-nowhere now?
Yep - dihydrogen monoxide is much nicer than dihydrogen dioxide.
The point of the article is that there are now enough users (even if only a small percentage) that want the encryption. Therefor the developers as including it as the the default. And as you stated users don't change the defaults. Encryption is just there.
Where does that claim come from? I'm pretty sure it's not true because more than 10% of encryption is PGP (not counting government crypto, anyway), and PGP isn't snake oil.
It's pretty easy to find snake oil, just read the Doghouse section of Bruce Schneier's monthly Crypto-Gram. But there are also a lot of good companies out there providing a lot of crypto solutions (although admittedly most of them actually license the technology from a small handful of good companies, like RSA and Certicom).
Encryption also does little when physical security can't be controlled
But the issue at hand, with regard to the RIAA and anonymity, is about network security. The RIAA finds it much easier to subpoena your ISP than to sneak into your house and steal your USB keys.
Good and ubiquitous crypto certainly isn't the end-all-and-be-all of security, as you point out, but it would indeed make for 'profound and irreversible' changes in the Internet, in the vulnerability landscape, and in the threat models of pretty much everyone on it.
Well said, but the RIAA is (IMO) way too fat in middle management to ever be able to give musicians the better terms we all instinctively know that they deserve. The answer (and yes, I'm both biased and financially self-interested -- but no, I don't speak for e-gold or anyone else but Jim Ray) is for musicians to "take-back the guitar-case" (the money is where the REAL control lies) and set up their own internet tipjars. It's been possible and easy for a few years, and finally they're going to learn to think in new ways about how to get paid by a planet-wide audience. They have had the technology for a while (since 1996 in some form or other).
Imagine a 'one-hit wonder' like Normal Greenbaum's "Spirit in the Sky," garnering 7 million or so direct tips for a quarter worth of gold (most tips would probably be more, if you actually liked the song enough to bother tipping the artist, and Norman's old "Spirit in the Sky" tune kinda rocks IMNSHO). I'm talking about more than a million dollars -- AFTER taxes. I have no idea what Norman's made from the song, but I doubt he did that well...
JMR
Speaking ONLY for Jim Ray.
Try e-gold - (contact me). I'm NOT e-
That's why I'm hoping that private, encrypted p2p systems like WASTE or Foldershare take off! I don't think either of those systems are quite ready for mass acceptance, but they certainly point in the right direction -- private, encrypted file sharing networks that anybody can use.
The reason that the RIAA is coming down so hard on file sharing is that there are so many people doing it. Years ago before napster came about, there were just as many songs available online. However, they were harder to get. Your average person wouldn't know where to go or how to get them. If RIAA is able to get the piracy back down to that level then they'll back off.
It only takes one person to break the encryption and put a song up on the net, but if he's likely to get sued/arrested then he'll think twice, and only those "in the know" will know where to go to get the songs.
> PGP's freeware version comes with a "Create Self Decrypting Archive"
:-)
Win32 only I believe though. At least, last I tried it didn't ask me what target platform the executable should be compiled to
"And the meaning of words; when they cease to function; when will it start worrying you?"
The RIAA (or chinese government) can put a lot of nodes on the network to spy on the requests, proxies. RIAA just has to have computer to keep sending out requests for only illegal data. Eventually nodes will forward through the RIAA's proxy to the RIAA's requester.
As long as an arbitrary (untrusted) node can see who the source and destination is, it won't work.
"Encrypt the packets? Fine. You can still trace their origin."
Sign the packets. Broadcast them, and anyone who receives them broadcasts them to anyone else who's interested. You don't need to hide the fact you're sending packets if there's no way of knowing whether you originated them or not. You're just a part of the network, routing traffic for anyone who's interested. You're no more liable for filtering it than the Tier-1 routers are.
You sent that packet? No I didn't I forwarded it. From whom? Don't know, it's automatic.
Konspire2B
Over the next 5-10 years, I predict that many laws will be completely rewritten to better accommodate the changes that the internet has brought upon society. Many of these changes will be for the better, and the end result will almost certainly be a more free and open society.
Alternative lisencing scemes have already been created, which are the copyright equivalent to the GPL. These alternative copyright systems will compete with full copyright instead of replaceing it. As more and more artists put their work into liberal lisencing scemes it will become harder for others to do business the old fashoned way. The fact that these alternative lisences exsist ensure the future of full copyright, because now producers and consumers have a choice. For this reason there will always be some content locked out of the public domain. Old fashoned copyright law will not change, but it's perseption and proliferation of use will.
Take the Microsoft anti-trust case for example. It's no coinsedence that the issue puttered out at the same time Linux was gaining in popularity. It seems that legal alternatives, (the GPL) and public action beat the government to the punch. For the most part, copyright will follow the same path.
I like the way that John Parry Barlow expresses this idea:
Key to financial independence: Spend less than you earn. Save and invest the difference. Do it for a long time.
He's another guy who goes "Big Picture" and "Philosophical" because the nuts and bolts of technology, programming, and in this case encryption are (and always will be) beyond him.
He's a lightweight.
If you're still confused: See "Esther Dyson"
------ The best brain training is now totally free : )
...because P2P is about exchange, and people need to know whom to send information to. What you CAN do however, is to make it very difficult to prove that the data in question ORIGINATED FROM YOUR IP. This can be done by massively modifying a standard P2P network, so that each client randomly serves as a relay for sending data or parts of data to another client. It's like tossing a ball around between friends and not letting RIAA catch it. I need piece #32 of Terminator4.avi, and so I send a request. Client #398 responds, saying that it can provide piece #32, while actually it receives it from client #UNKNOWN (ip you're not aware of) and sends it to you. The fact is that client #398 is most likely not a part of downloading of Terminator4.avi at all, and you will not find it on it's hard drive. It just participates in a scheme of global file distribution, serving as a temporary proxy, a shield for the client that actually does have it. There's no way you can accuse client #398 of transferring warez, because it only transferred a small chunk of encrypted data. Even if decrypted, its matching to a certain pattern inside Terminator4.avi can be a pure coincidence. Or it can even be a sum of several blocks inside the file, in which case it will not match any "whole" piece of the file at all. At this point, of course, an RIAA member can set up a computer, join this network, and try to catch the cases where HIS client is used as the relay, in which case his client becomes aware of a certain person's IP address, and that person sends the file chunk to the RIAA computer so that it can transfer it to the recipient. This can be made difficult, by requiring each new member of the network to have sufficient amount of "illegal" files (and not just the same file many times over!) actually shared with others for free, before it becomes fully a part of the network. This would require RIAA computer to have actual "illegal" files on it, and quite a few of them. If they fill it with fakes, they will either be unpopular and never become a part of the network, or, if some people actually acquire the entire file, they'll get a sufficient amount of "blacklisting" from the network to never be allowed to join it. So, RIAA will be forced to use warez in order to find warez sharers. Still, the problem of them acquiring IP's that way remains. Perhaps it can be solved by allowing recursive relays, where a chunk, instead of being proxied by one client, can travel through an indetermined amount of clients, say, up to 10, before it actually reaches its destination. However certain measures will have to be taken to prevent an "empty loop", where clients keep requesting the file from one another, and neither has it...
Isn't that exactly how Freenet works?
I see that you're not a lawyer... nor a citizen concerned enough to learn about his national laws. There used to be widespreah myths about entrapment, but I thought the illegal-drug culture in the US had spread the truth (as a defensive measure).
Here's a few little facts about entrapment:
Not entrapment: "Here's $20, give me some cocaine".
Entrapment: "Here's $20000, kill that guy"
It also looks like illegal search and seizure--and an unconstitutional invasion of privacy and misuse of private property.
The Constitution only restricts the actions of governments, not private groups like the RIAA. (And it doesn't guarantee privacy either.)