Slashdot Mirror
Clay Shirky: RIAA Succeeds Where Cypherpunks Fail
scubacuda writes "Clay Shirky has an interesting take on encryption: 'The RIAA is succeeding where the Cypherpunks failed, convincing users to trade a broad but penetrable privacy for unbreakable anonymity under their personal control. In contrast to the Cypherpunks "eat your peas" approach, touting encryption as a first-order service users should work to embrace, encryption is now becoming a background feature of collaborative workspaces. Because encryption is becoming something that must run in the background, there is now an incentive to make its adoption as easy and transparent to the user as possible. It's too early to say how widely casual encryption use will spread, but it isn't too early to see that the shift is both profound and irreversible.'"
...for some reason it's not listed (at least, I couldn't find it) on the front page of shirky.com yet:
m l.
http://www.shirky.com/writings/riaa_encryption.ht
The Army reading list
The Cypherpunks never went around suing people (that is, actually costing them money) who weren't using encryption to mask their illegal activities. The RIAA is.
Real world practicality will always be a much better motivator than abstract idealism.
what eating peas has to do with encyprtion? I'm totally lost.
Shirky means that using encryption is good for you and that's the approach that proponents (Cypherpunks) have used, even though using encryption has historically been difficult and an unpleasant experience for the average user. Hence the "eat your peas" reference, similar to parents who try to get children to eat vegetables which they find distasteful (an unpleasant dining experience).
from the article:
to a first approximation, every PC owner under the age of 35 is now a felon.
This may or may not be an exaggeration, I have no idea, but Shirky makes a good point. When the vast majority of a society is violating a certain law, it is a sign that the law, not the society needs to change.
At this time, it seems that the RIAA is winning, and we are moving inexorably towards a world where large corporations control what people do with there computers. However, because there is so little popular respect at the moment for copyright law, it follows that eventually those laws will change.
Over the next 5-10 years, I predict that many laws will be completely rewritten to better accommodate the changes that the internet has brought upon society. Many of these changes will be for the better, and the end result will almost certainly be a more free and open society. Unfortunately, democracies are slow to act, so there will be years more of legal confusions and abuses of power before things finally straighten out.
Let's make a difference
Encryption is good, as long as the people using it are good. When people use encryption to hurt other people, it becomes a serious liability.
Well, DUH, it's a tool, nothing more.
You can say the same about cars, knives, guns and just about anything else.
The RIAA isn't setting out to do this, it's happening as a result of peoples' fear of a RIAA lawsuit.
--
Nice article. Unfortunately, apathy will ultimately reign supreme. People want to turn on their computer to get something. They don't want to be car mechanics in order to be able to drive a car. If the p2p software comes preconfigured to use encryption, then it will get used. If it has to be enabled, then it won't happen very often. It does not really matter if I want to use PGP, if no one else I communicate with is willing or able to install and use it.
It was unintelligible unless you read it three or four times.
Wait for about three days and Slashdot should have a sufficent ammount of dupes to make it much more clear =P
You can say the same about cars, knives, guns and just about anything else.
Especially dihydrogen monoxide.
Anybody else thinks that, if encrypted file-sharing becomes a reality, the RIAA will simply implode?
From the article:
to a first approximation, every PC owner under the age of 35 is now a felon.
Now remember what the Cypherpunks said a few years ago?
If crypto is outlawed,
only outlaws will have encryption
There you have it: goodbye RIAA. We hardly knew ya. You made us all felons, and by doing so, you opened the floodgate that were going to drown you.
The right to offend is far more important than the right not to be offended. (Rowan Atkinson)
I do not like hiden encryption. I like to know everything is working and not get to confortable. Don't want to be cought ignoring that lock icon on your browser these days.
However it's a rather tenuous link to say that the RIAA succeeded where Cypherpunks failed. Advocates are one thing, but really the rise of P2P applications and the growing Internet user base are what have caused P2P to become a real PITA for the RIAA. Therefore they make high profile legal cases to grab media attention. However, they could not realistically target piracy any more than the police raids on weekend markets in London will stop home-burned DVDs from being sold on a stall.
So, some people will use encryption just like Del Boy and Rodney (UK reference to Only Fools and Horses) used a suitcase for their wares and ran whenever the Police came close by. But massive public adoption of cryptography will only be because it will be built in for a reason (rather than optional) and because processors are fast enough to encrypt/decrypt on the fly with long keys... and still, it's a prediction. It's not mainstream yet - and the main thing this guy is forgetting is that the RIAA will bait and trap users with or without encryption on the wires.
Conversion Rate Optimisation French / English consultant
The RIAA has blunders at least twice. First it shutdown Napster 'way late (because it wasn't easy), now it is harassing KaZaa users with even less success. The next incarnation will be even tougher. They ought to be putting their energies into a paradigm shift like iPod. Or maybe even running their business competantly, with decent A&R budgets and better terms for musicians and customers since their distribution monopoly has faded.
Encryption, like all technology, is amoral.
Good and evil come from people. This is ultimatly where most legislation fails at stopping evil. You legislate away the technology that evil uses in the hopes of stopping it. However, evil rarely follows laws. So the laws are draconian to compensate for evil not following thems. The end result is that good does not benifit from said technology while evil thumbs thier nose at good.
Encryption will be used for evil, regardless. If you do not outlaw it then the playing field will be level.
The reference to RIAA is not about their use of encryption in the form of DRM. It's about how conflict with the RIAA has resulted in many mainstream non-nerd people using privacy-enhancing tools (and more broadly: gaining a pro-privacy mentality).
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Abstract idealism often tells the future. The Cypherpunks can once again send up a resounding "told ya so!"
Luck favors the prepared, darling.
When people use encryption to hurt other people
You mean like when I throw my copy of Applied Cryptography at people's heads?
Trolling is a art,
Not really. There's been several explosions of various file/disk encryption products. Your handheld device isn't a Somebody(Something?) until it's got at least a dozen "encrypted" personal information storage widgets for it.
The problem is that encryption is 90% snake oil. Usually it's written by someone who thinks they know encrpytion- and encryption isn't, to coin the phrase, like a hand grenade; close doesn't count. Zimmerman is famous for his saying that "anyone who claims to have unbreakable encryption doesn't"(apologies for paraphrasing).
Encryption also does little when physical security can't be controlled; Dallas Semi had the right idea with their iButtons, which brought reasonably secure key storage to the masses(if opened, for example, it erased itself) but it's gone pretty much nowhere; you just don't see them in widespread use(unlike, say, a proximity card or magswipe). I suspect even USB keys now vastly outnumber iButton devices.
All the encryption in the world won't do you any good if you can't store the keys securely...and these days, all it takes is a janitor with a CDROM with linux that 'phones home' and sends back choice tidbits...or an ipod.....or a USB hard drive..or a USB memory key...or a blank CDR, since so many machines come with CD burners now...
Please help metamoderate.
This is not the problem!!!!
The problem is not people intercepting your mp3s - the problem is sharing an mp3 with a guy working for the RIAA or in my case the CRIA and they get your IP and then they go to your ISP in an attempt to get you booted off the net, exactly as happened to me.
For instance - on Sourceforge there is a sooperencypted IRC project for safe sharing.
Useless.
All the RIAA spies have to do is go on the net, get that software, join the queue for mp3s then rat you out exactly as specified above.
What we NEED is a way to share files in such a manner as the receiver has no idea what your IP is.
This is not going to be easy. (And please don't mention Freenet ok?)
It's Christmas everyday with BitTorrent.
dihydrogen monoxide
We've gotta ban that stuff, all the kids are gonna start using it, and then we'll never get them to stop. It's addictive... I've had like 5 doses today...
We've gotta ban that stuff, all the kids are gonna start using it, and then we'll never get them to stop. It's addictive... I've had like 5 doses today... Man, be careful! It can be fatal if inhaled! It causes erosion, and is a primary component in acid rain! It's been found in the tumors of terminal cancer patients! It contributes to global warming! It's one of the world's top industrial chemicals... and it regularly works its way into our water supplies!
The World Wide Web is dying. Soon, we shall have only the Internet.
I read the article and can find nothing there suggesting how I can trade anything for unbreakable anonymity, or even how unbreakable anonymity could even be implemented.
Encrypt the packets? Fine. You can still trace their origin.
Let's say that you do RSA key pairs, and build them into some sort of P2P. When two people connect, they swap public keys and encrypt the stream.
There is nothing that says that the person who is leeching a file from you isn't Hillary Rosen. Traceroute, and you're still nailed.
The only way to be truly anonymous in a P2P application would be to have the application auto proxy a neighbor. Here's how that would work.
User WantMusic jumps on the new P2P net and broadcasts a desire to download "myfavoritesong.mp3", and their RSA public key along with the request. Some other user, MusicBank, has the song. Rather than having the client pull the data directly from MusicBank, have MusicBank push the data to the client. Each outbound packet from MusicBank would at random select someone else on the net and say "Take this packet of data and pass it along to user WantMusic at this IP address."
If the someone else happened to be Hillary Rosen, all she would get is a packet of unreadable data - she doesn't have the private key. She could know who it was from, and where it was going but have no idea what it was. Might be music, might be the Linux kernel.
If Hillary jumps on the net and tries to download myfavoritesong.mp3, all she could do is traceroute a bunch of packets to 2nd party proxies. By the definition of the protocol, they don't have the file. They're innocent. She still doesn't know MusicBank has the file.
The disadvantage to this protocol is that it'd be slow. Each packet would have to hit a proxy. Instead of server->client, it'd be server->proxy->client. You could expect downloads to be at least 1/3 slower.
If I had the time, I'd write this sucker.
Weaselmancer
Weaselmancer
rediculous.
Shirky: "In any system where a user's identity is in the hands of a third party, that third party cannot be trusted." The classic Mafia version of this is: "Two people can keep a secret as long as one of them is dead." Most people don't think that way, and even if they did they are unlikely to trust any technological system that promises absolute anonymity. The cypherpunks' fantasies are no more ready for prime time now than ever. Main problem is that anonymous communication is a chimeral fantasy, and any scheme to even experiment with their implementation is complex and onerous to all but people who like to read Schneier for fun, and play secret agent. Above all, cypherpunks chase anonymity like it's a virtue, when most of the worst aspects of the net are caused by anonymity and unaccountability.
Careful! Applied Crypography is a thick book!
I am currently reading that book. (Second Edition) I was amazed at the prophetic words on page 97 (or maybe 99)? The book is discussing Key Escrow and Clipper. He says something to the effect of:
The copyright on the book says 1996. I'm assuming that even in the Second Edition that these words are prophetic. Sorry I don't have the exact quote, and am not positive on the page number because I don't have the book here with me. But you could find the Key Escrew form the TOC.
Those who would give up liberty in exchange for security and DRM should switch to Microsoft Palladium!
Well said, but the RIAA is (IMO) way too fat in middle management to ever be able to give musicians the better terms we all instinctively know that they deserve. The answer (and yes, I'm both biased and financially self-interested -- but no, I don't speak for e-gold or anyone else but Jim Ray) is for musicians to "take-back the guitar-case" (the money is where the REAL control lies) and set up their own internet tipjars. It's been possible and easy for a few years, and finally they're going to learn to think in new ways about how to get paid by a planet-wide audience. They have had the technology for a while (since 1996 in some form or other).
Imagine a 'one-hit wonder' like Normal Greenbaum's "Spirit in the Sky," garnering 7 million or so direct tips for a quarter worth of gold (most tips would probably be more, if you actually liked the song enough to bother tipping the artist, and Norman's old "Spirit in the Sky" tune kinda rocks IMNSHO). I'm talking about more than a million dollars -- AFTER taxes. I have no idea what Norman's made from the song, but I doubt he did that well...
JMR
Speaking ONLY for Jim Ray.
Try e-gold - (contact me). I'm NOT e-
That's why I'm hoping that private, encrypted p2p systems like WASTE or Foldershare take off! I don't think either of those systems are quite ready for mass acceptance, but they certainly point in the right direction -- private, encrypted file sharing networks that anybody can use.
"Now you see that Evil will always triumph, because Good is dumb."
John
A weapon can be considered technology, and it is still amoral.
A Weapon and/or technology, can only be put to use by people for thier own purpose, good or evil.
"Outlaw guns and only outlaws will have guns", etc... Look how well outlawing guns in Washington, DC has worked.
Weaponised anthrax could be put to good use, such as using it to find an antidote to protect people from it.
The RIAA isn't responsible for making encryption commonly deployed; sending credit card numbers to websites is. The pattern is essentially the same, however. The cryptographers work on stuff, the security people say you really need to use encryption, but people generally don't actually do anything about it until something of value to them is stolen, at which point encryption becomes widely used and transparent. A few years go by, and everybody forgets that what they're using is encryption.
Now people talk about how they expect encryption to get outlawed. I think Amazon's $19B market cap which depends directly on encryption and eBay's $38B which essentially requires it (not to mention all of the companies which do some of their business online) will prevent this. Then there are VPNs, telecommuting, overseas content outsourcing, and so forth. Encryption is, at this point, something the US economy depends significantly on, and it's not going to get outlawed any time soon.
"Those who cannot remember the past are condemned to repeat it." -George Santanya
This strikes me very much familiar along with the "war" on drugs. A previous post touched on this lightly as well. Be it encryption, invite only LAN MP3 share parties, USENET, or any of the other countless work arounds out there...By brandishing their lawyers they are in fact creating an underground which society has demonstrated they want to exist, and it will. Instead of trying to make use of this phenomenon, they want to bully people and focus their creative energies on how they can sue. Sounds eerily familiar to the ban of alcohol which founded organized crime in the US and gave a beautiful model for drug running today. In an effort to slay a beast, a new monster was created and the beast was welcomed with open arms in the long run and taxed accordingly to make it profitable and put into a mostly controlled environment. Of course it's not possible to put music into a controlled environment, but iTunes was able to make downloading music a business. Guess they should have focussed on hedging that new market instead of helping to create an underground they will never be able to control or profit from. (Go to concerts if you want the artists to get your money, and boycott RIAA backed media)
-1 Overrated (Too many big words for me to comprehend)
Well, you do (for one), or at least you would if you thought things through.
Almost no one whom you'd consider to be "Evil" considers themselves to be evil. And they would likely tag some people as "Evil" even if you would disagree with their assessment. And almost no one would agree with you on what is good and what is evil completely. To do that, they'd have to be you.
Which means that if the world were to function by your own self-centered definition of good and evil, you'd be all alone.
Nature itself doesn't have a concept of good or evil. Which means regardless of wether we'd each want a level playing field, it's ultimately a level playing field on which we must play.
Now "society" is just one of the teams on this playing field; a big team, I'd admit, and one you're likely so familiar with as to believe that no others exist, but it's just a team nonetheless. As you point out, your society has created your society's laws and has it's own interest in seeing that people on any other team are placed at a disadvantage. After all, it has to protect those "rights" which your society holds so dearly.
Is it possible that members of some other society might have their own values, profess their own beliefs, and institute their own laws to protect the rights they hold so dear? Some of these might conflict with the values, beliefs, and laws of your society; does that make them "Evil"?
Only a troll would believe so.
Yet even at this point, we're making a judgment call saying that one kind of "society" can be more "good" than another in a way that a "non-society" could never approach. That's a widely held belief, but there's still a lot of time left on the clock. Maybe Douglas Adams was right and some day we'll decide that even the trees were a bad idea, and we should have all stayed in the oceans..."
If you continue to insist that the playing field be tipped selfishly in your favor, then you must admit that, over time, more and more people will become aligned against you in their own self interest. Each time you exclude someone by calling them (or their team/society) "Evil" you build a greater force which sees you the same way. And the stronger you hold your beliefs, the more motivate they are to hold theirs.
I could not possibly have said it better myself.
The thing about things we don't know is we often don't know we don't know them.
putting the genie back in the bottle.
it's expression alone indicates the likelyhood of success.
every day http://en.wikipedia.org/wiki/Special:Random
I had to read the /. write-up about three times to workout what it was going on about. Couldn't have just said "RIAA ativities over the last year or so may have finally brought encryption and privacy concerns to the attention of the masses. Interesting article here"? I think that's what it's trying to say.