where do you get this "but legal opinion appears to be that substantially similar functionality OR interface are likely to be considered derivatives" from?
That would probably be from my Merchantile Law textbook, can't say for sure...
When items are similar in functional substance (or 'function' as we like to call it:0) they are not copies (but _may_ be derivatives).
Since I was claiming that they may be derivatives, and was not claiming they were copied, this is a moot point.
Also the article says that they studied the system and "produced a system that operated in the same way".
In other words they reverse engineered the system and created a... umm... copy? Okay, not copy in the sense of digital clone, but copy in the sense of "essentially the same thing".
As no mention is made of copying sourcecode (or deriving one set of sourcecode from the other) presumably you're assuming that the visual look-and-feel has been copied?
No, I was assuming primarily that function was cloned.
From what you say it sounds like Ford (or Benz, or whoever) can sue other car manufacturers for making cars because they copied their general idea even though the internals are different?
Copyright doesn't apply to cars. More on that below.
I'd be very suprised if they find that copyright is intended to create a monopoly on function of technological items as this is what patents are for.
This is striking at the heart of the matter. Copyright is intended to protect creative works, patents are intended to protect invention of tools.
To start with, I must note that the US view of patents (allow business models etc. to be patented) is different to most of the world. In general an invention has to be physically realised (in some places just physically realisable) to be considered for a patent. Essentially, innovation (as distinct from invention [physical] or creation [fictional / non-functional]) is not well protected by most IP laws.
It is also important to realise that in most legal systems (not sure about the UK specifically), a judge may not refer to the deliberations of the legislature in creating a law; i.e. the judiciary creates the interpretation of the law.
Looking at IP law in general, we find that the protection afforded to computer programs is bad. Patents often don't apply, and when they do it is often just a case of applying a well known methodology using a computer. Copyright protects the binary realisation, but not the source (which is protected as a literary work). As a tool, a computer program deserves the protection of a patent-like system, where innovation rather than precise realisation can be protected (and thereby allow common functionality to be present in all realisations without accusations of infringement, while protecting novel functionality). As a creation, a computer program like a game deserves protection like a book.
So, how will a court decide on what constitutes a "derived work" in the case of a computer program?
I would suggest that using another product as a reference for functionality OR interface would strongly indicate "copying" (in the broad sense of the word), and thus a derivative work. Where two products developed in parallel without one being able to base its functionality on another, I would say that there is no derivation.
"It is important to note that, because copyright is an unregistered right, it is necessary to prove copying in order to pursue a claim for copyright infringement."
In copyright discussions, the term "copy" or "copying" is used in a broad sense to cover all of the rights afforded exclusively to the author by the law. In this sense, "prove copying" simply means that the burden of proof that there was infringement (duplication, derivation, adaption, performance, broadcast, etc) lies with the copyright holder, and not with the defendant.
Precisely. It seems to me that the defendants have a countersuit and could bring criminal charges against the boys' parents for negligence.
Parents need to take more responsibility in their childrens' education and actions, and stop attempting to find poor excuses to explain why they failed in their parental duties.
I'm glad someone else is questioning this Bill... the devil's advocate in me has to find the bad points;)
In general we pay taxes where the state has an interest in providing or overseeing infrastructure. The principle of special taxes is to impose a tax on the use of infrastructure that isn't essential or not everyone uses.
In most countries income tax pays for government in general, the military, social security, education, and at least partially funds critical instructure like electricity, water and rail. Sales taxes (at least in theory) tend to fund protectionism and transport infrastructure. Airport taxes fund the cost to the state of maintaining airports and controlling air traffic, plus the oversight of the FAA.
Now, if you prohibit any Internet-specific tax, you probably rule out any federal/state regulatory body that can lay down and police minimum standards rules for ISPs and ISP services (including quality of service).
Some people see this as a good thing -- that market forces should address the problem. But the problem is that the Internet is becoming a critical infrastructure, and private investment is focused on money centres. In other words if there's not enough market pressure in a particular area (geographic, type of service, etc) there won't be an investment, and the users lose out.
I'll take a concrete example from the telecommunications market: privitised network operators focus their services at business customers in commercial centres -- these are the juciest pickings. But the state has a responsibility to ensure that everyone has access to this critical infrastructure. So most telecomms markets are regulated to ensure that you can get a telephone, at largely the same price, whether you are a business, an individual in a high density residential area, or a farmer on 1000 acres with no-one in the vacinity.
Assuming the Internet is a critical infrasturcture, doesn't it stand to reason that similar regulation is (or may be) required; and if so, where do we find the money to fund the overseeing body?
In computer software Copyright does not only apply to outward appearance. Of course, the exact boundaries haven't been tested in (UK) courts.
If I reverse engineer another piece of software (read: interrogate the interface, not decompile) and create a CLI application that does exactly what the original GUI could do, I am arguably creating a derivative work, even though it looks completely different.
Book analogy: if I rewrote that Harry Potter stories in a science fiction setting, but kept the plot elements, characterisation and interactions/relationships the same, the work would almost certainly be infringing.
Copyright covers a work in its entirity, plus protection from verbatim copying of exerpts of that work. It does not cover derivatives of an unsubstantial portion of the work.
In "book" terms, I can take or adapt an idea from another author if is it a core concept of writing, of the genre, or simply not of recognisable value in its own right within the original work (i.e. not a recognisable and significant character, setting, or plot element).
Nah... they'd have to sue the condom manufacturers and hotels for creating an environment in which illegal P2P sharing could allow infringing material to be traded.
Characters, setting and plot (in that order) are the core elements behind derivative Copyright. Structure isn't really a consideration.
It is very difficult to argue that a work using a recognisable character is not a derivative. e.g. A boy magician with a lightning scar on his forehead (and a couple of other recognisable traits) would not be a good character for your new novel.
It is somewhat easier to make a non-derivative work in a recognisable setting. If you take a look at fan fiction websites, they elaborate on this. Write your fan fiction about new characters in a little explored area of the setting, and you're generally safe (at least, the "original" author or publisher isn't likely to come after you, because they're not very likely to win).
Copying a plot is often the easiest to get away with, if you change the setting and characters (possibly even genre). The courts would also take into account the distinction between formulaic fiction and works that are genuinely recognisable in their genre, as well as the amount (if I can put it that way) of the plot that is covered. Most novels have several parallel and interwoven plots; if you happened to use all (or most) of these, with the same twists... well that would probably be violation.
In the end, it is the combination of plot, setting and character that make a novel unique, and its down to the courts to make a judgement call about the similarity (or lack thereof) between two works, as well as considering the background (did the "derivative" author have access to the original?) to determine if there has been a Copyright violation.
This is bullshit. The UK is a signatory to the Berne Convention and other WIPO treaties, all of which require that derivative works are protected.
The interpretation of "derivative work" in software has not been tested before, but legal opinion appears to be that substantially similar functionality OR interface are likely to be considered derivatives, unless it can be shown on a balance on probabilities that the two developments were totally independant and had no knowledge of the other (in which case Copyright can't apply, but patents could).
There is a tendancy to believe that unless you're making a verbatim copy its not Copyright violation. Check the law: derivatives, translations, adaptions and exerpts (other than those covered by fair use, which ISN'T required by WIPO) are all protected by Copyright.
This site needs some way of posting comments or feedback. For example, I have issues with at least two of the recipes listed so far. Secure programming sites and recipes are no use if they aren't subject to peer review.
Just to prove how often I play games... I meant heretic;) And I had completely forgotten about the look up/down -- it was so seldom that it really had to be used;)
RPG: Wasteland, Ultima IV, Rogue/Hack/Moria: Despite ancient graphics they are simple in interface, enjoyable, and keep me interested for long periods of time.
Turn-based strategy: Warlords, Empire, Baron Realms Elite: Warlords was a fun game from the old days when friends shared a keyboard while playing multiplayer games. Empire is an ancient text-interface game where you move space ships between planets to dominate the "playing field". BRE was a multiplayer, long-running BBS game (similar in concept to Empire).
RTS: Dune II: One of the original RTS and still the best. Easy to understand and enjoyable while still being challanging for an irregular gamer.
FPS: Doom II, Hexen: The graphics and handling put these ahead of Wolfenstein, but their perspective (no up/down) makes them easier to control than newer games. Again, the choice of someone who doesn't play games enough to go pro.
Arcade: Manic Miner, Prince of Persia: (I'm not considering Atari here) Both leading games in their time. Manic Miner is a classic of arcade style games that kept you interested by constant changes of scene. Prince of Persia combined "static" skill of running and jumping with the "dynamic" skill of interactive combat. Combined with changes of scene and a plot, this made it an excellent game.
Adventure: Day of the Tenticle, Star Control II: The DOTT graphics, gameplay and story line puts it ahread of Seirra's offerings. It presents challanging but interesting puzzles without combat and/or other instant-death problems. Star Control II combines various forms of arcade action into a strong storyline; compelling stuff.
Simulation: MechWarrior, SimCity, LX: MechWarrior's focus on combat puts it in the simulation rather than adventure category (few people realise it had a storyline;) ). Fun, and completely different to the often impossible to control flight sims (okay - I don't like simulators much). Everyone knows (and loves?) SimCity. LX is an ancient attack helicopter simulator that was somehow very playable (perhaps because takeoff and landing was easy?).
Indirect infringement. Its a nasty reality of Copyright law that can cause all sorts of problems.
If you rip make a copy of a CD and mail it to me, you are directly infringing Copyright. I on the other hand will be indirectly infringing Copyright, and also liable to damages.
If it came to SCO's attention that IBM was in possession of intellectual property that SCO believed they owned and for which IBM did not have a license for SCO, then SCO can go after IBM, irrespective of the party responsible for direct infringement.
Another vote for TIJ, but, what are you trying to achieve with this course?
Most responses here seem to be "teach 'em good OO". What is the goal of this course -- what are the students supposed to get out of it? Since they aren't CS/IS graduates ("no programming experience") I can only assume they either need to (a) change careers, or (b) use programming as a tool in their career.
In the case of (a) one may contend that knowledge of OO design is important, but also that an introductory course is far from sufficient.
In the case of (b) knowledge of design principles is not likely to be of significant and immediate use to your students. They would be better served by emphasising practical aspects of implementation in Java, focusing on solving particular problems, but being taught within a framework that implicitly demonstrates the benefits of good design. I'm imagining here students who need to create small programs for reporting, scientific and/or financial calculation, statistical analysis, etc. Although the software they write could benefit from good design, it is ultimately of little use to such people (if they really need an extensible robust framework/application, they'll hire someone with the proper expertise).
So focus on the goals of the course, from the student's perspective, and not on just trying to drum good design principles into them.
If I enrolled and paid good money for a course entitled "Introductory Java Programming", I would be understandably pissed if the first thing I was told was "go and teach yourself Java by mid semester".
Microsoft announces a breakthrough in file system technology (around 1996), nothing happens
newdocms announced on Slashdot in January 2003. Integrates with KDE, so no-one cares
Microsoft announces WinFS plans for Longhorn. Slashdot decides that Microsoft sucks.
Initial release of Haystack from MIT. Screenshot has XP interface so no-one gives a toss
WinFS is reviewed, Slashdot has a flame war about file system layout, and concludes that MS sucks and a database file system is a stupid idea anyway and no-one wants one
YEDFS (Yet Another Database File System) announced calling itself "Storage". Integrates with GNOME. FLOSS community bows and worships the superiority, leadership and sheer innovativeness of the application.
Even if I'm out by a factor of 40, my figures were based on a tiny 60,000 mails, and the only reason for this was the assumption that the ISP would be proactively monitoring traffic through its MTA or network in order to prevent policy violations, and would pick up attempts to send a number of messages unreasonably large for an opt-in list.
I'll start with an aside. Let's say postage costs $0.01 per snail letter. $200 buys you 2,000 letters. Yet somehow you believe that it doesn't make economic sense to pay $200 to send 60,000 spam mails under the pretence of them being opt-in (that's not unreasonably large for an opt-in mailing list)? It costs a spammer around $20 to send that many messages, and they can expect at worse a 0.1% positive response, for a total profit of $380 if they can make $10 off each response and pay the $200 for a certificate. This is in line with the MO and expected income of your average spammer, according to various studies.
End users (like spammers) don't obtain certificates in AMTP. MTA's (ISPs and possibly large companies) do. You can't just revoke MTA certificates and prevent the ISP from reregistering -- the ISP has to take some proactive steps to prevent abuse, and then respond when it does occur.
The spammer can happily move to another ISP (which is what already happens), without having to pay for a new certificate, or have to give their credentials to anyone. If you're proposing black lists shared between ISPs -- forget it. It doesn't work at the moment, and its horribly open to abuse. The same goes for CAs: there will be more than one authority, and they are unlikely to share (or reliably share) blacklist data.
Any proposal based on end users having certificates and having to present ID verification destroy anonymity.
You need to do some reading on spam economics. Traditional postal spam is economical to advertisers, despite the cost of snail mail (even given bulk discounts). The costs run into a lot more than a couple of hundred dollars per "run" of mails.
Your estimation of the significance of the cost of a certificate is based on US economics. It doesn't take into account the cost relative to income of $200 to an ISP in countries with lower per capita incomes and weak currency. It also doesn't consider the prejudice to small ISPs in poorly serviced regions.
I think your point about anonymity is a good one. AMTP won't necessarily kill it, but IM2K would. We definately need to be able to receive all e-mails without being concered that some MTA somewhere is blocking them (I'm already having trouble talking to friends in the UK because of generous additions to spam blacklists).
The problems with IM2K are pretty well known, and we're still waiting for a solution;) My biggest issue is having to download from a remote site at 0.5kbps instead of a full (wow) 56kbaud.
Pay per e-mail sucks because it can't account for foreign exchange disparities. $1 to send 100 e-mails is a whole lot cheaper for an average income earner in the US than R7 is here (ZA). The countries that will be the worst affected are the poorest 3rd world countries, that most need the benefit of cheap Internet access to improve their economic condition.
The system relies on being able to identify which nodes aren't playing ball, and banning them. This means either certificate revocation, or a "filter" list of certified MTAs that are ignoring policy enforcement on their end.
Your suggestion of end user "account types" sounds like an accurate assessment of how this would be implemented -- again very scary. Now ISPs will be able to add charges for another "class" of Internet use. Small businesses who want a single mail address and don't want to buy business class services or hosting will be violating policy by sending business e-mail from their per/individual account.
This draft fails to provide any significant advance over SMTP. The use of TLS and authentication between MTAs merely provides a mechanism to identify policy violators. It does not (as the draft recognises) prevent fraud against a CA, it does not address the problem of distributing certificate revocations, it opens the door to a new era of DoS attacks against CA services (which will likely be far less robust than the DNS system), increases the barrier to entry for the ISP market (with costs being passed on to consumers, of course), and the opportunity for politically based service interrupts (like we already see with SPAM black lists) is just plain scary.
Further to the last point: ISPs are generally forced to react to SPAM rather than be proactive (it is generally impossible for an ISP to distinguish between UBE and opt-in lists). This means that spammers will always be one step ahead, and any network with enough bullying power can summarily demand the revocation of another ISP's certificate for policy violations. An entirely new class of disputes will arise, making SPAM black listing arguments seem tame.
The additional responsibilities this draft places on end users is also unacceptable. You will have to remember to flag your message "commercial" or "personal" and whether the distribution is "individual" or "customer". And of course is someone complains about the classification you could end up having your service terminates, so that the ISP can prove it took appropriate action against the "abuse".
We have to accept that it is a fact that we cannot get away from SPAM. The postal and Internet mail systems rely on the opportunity to send a message to any recipient. Implementing a client side PKI-based whitelist for mail would be trivial (and many people do this), but destructive to the communication medium. The object is not to get away from SPAM, but to ensure that we, as recipients, do not bear the cost of SPAM.
Any system that filters messages at your mailbox, or your ISP's server, costs you money. Your bandwidth and your ISP's bandwidth are wasted. AMTP may reduce this, but adds other hidden costs like a certified key and probably the ongoing maintenance of good relations with many peer MTAs to avoid accusations of abuse.
Anyone interested in alternatives to the SMTP system should take a look at D. J. Bernstein's Internet Mail 2000 ideas; in brief, the sender holds the message in his/her mailbox and make his/her bandwidth available to allow the mail to be downloaded by the recipient (who can obviously choose not to download it).
Ah, but you failed to account for the suffix 'ia'. Surely, given its phonetic similarity to 'ear', this would mean that dyslexia would be a functional impediment in the hearing rather than the seeing of letters in the correct order?
Slashdot Mirror
That would probably be from my Merchantile Law textbook, can't say for sure ...
Since I was claiming that they may be derivatives, and was not claiming they were copied, this is a moot point.
In other words they reverse engineered the system and created a ... umm ... copy? Okay, not copy in the sense of digital clone, but copy in the sense of "essentially the same thing".
No, I was assuming primarily that function was cloned.
Copyright doesn't apply to cars. More on that below.
This is striking at the heart of the matter. Copyright is intended to protect creative works, patents are intended to protect invention of tools.
To start with, I must note that the US view of patents (allow business models etc. to be patented) is different to most of the world. In general an invention has to be physically realised (in some places just physically realisable) to be considered for a patent. Essentially, innovation (as distinct from invention [physical] or creation [fictional / non-functional]) is not well protected by most IP laws.
It is also important to realise that in most legal systems (not sure about the UK specifically), a judge may not refer to the deliberations of the legislature in creating a law; i.e. the judiciary creates the interpretation of the law.
Looking at IP law in general, we find that the protection afforded to computer programs is bad. Patents often don't apply, and when they do it is often just a case of applying a well known methodology using a computer. Copyright protects the binary realisation, but not the source (which is protected as a literary work). As a tool, a computer program deserves the protection of a patent-like system, where innovation rather than precise realisation can be protected (and thereby allow common functionality to be present in all realisations without accusations of infringement, while protecting novel functionality). As a creation, a computer program like a game deserves protection like a book.
So, how will a court decide on what constitutes a "derived work" in the case of a computer program?
I would suggest that using another product as a reference for functionality OR interface would strongly indicate "copying" (in the broad sense of the word), and thus a derivative work. Where two products developed in parallel without one being able to base its functionality on another, I would say that there is no derivation.
In copyright discussions, the term "copy" or "copying" is used in a broad sense to cover all of the rights afforded exclusively to the author by the law. In this sense, "prove copying" simply means that the burden of proof that there was infringement (duplication, derivation, adaption, performance, broadcast, etc) lies with the copyright holder, and not with the defendant.
Precisely. It seems to me that the defendants have a countersuit and could bring criminal charges against the boys' parents for negligence.
Parents need to take more responsibility in their childrens' education and actions, and stop attempting to find poor excuses to explain why they failed in their parental duties.
I'm glad someone else is questioning this Bill ... the devil's advocate in me has to find the bad points ;)
In general we pay taxes where the state has an interest in providing or overseeing infrastructure. The principle of special taxes is to impose a tax on the use of infrastructure that isn't essential or not everyone uses.
In most countries income tax pays for government in general, the military, social security, education, and at least partially funds critical instructure like electricity, water and rail. Sales taxes (at least in theory) tend to fund protectionism and transport infrastructure. Airport taxes fund the cost to the state of maintaining airports and controlling air traffic, plus the oversight of the FAA.
Now, if you prohibit any Internet-specific tax, you probably rule out any federal/state regulatory body that can lay down and police minimum standards rules for ISPs and ISP services (including quality of service).
Some people see this as a good thing -- that market forces should address the problem. But the problem is that the Internet is becoming a critical infrastructure, and private investment is focused on money centres. In other words if there's not enough market pressure in a particular area (geographic, type of service, etc) there won't be an investment, and the users lose out.
I'll take a concrete example from the telecommunications market: privitised network operators focus their services at business customers in commercial centres -- these are the juciest pickings. But the state has a responsibility to ensure that everyone has access to this critical infrastructure. So most telecomms markets are regulated to ensure that you can get a telephone, at largely the same price, whether you are a business, an individual in a high density residential area, or a farmer on 1000 acres with no-one in the vacinity.
Assuming the Internet is a critical infrasturcture, doesn't it stand to reason that similar regulation is (or may be) required; and if so, where do we find the money to fund the overseeing body?
Musical works (i.e. the tune), lyrics (a literary work), performance and sound recordings are all protected separately by Copyright law.
In other words, if you create "a song":
Cars are not protected by Copyright (although design registration and patents may apply).
In computer software Copyright does not only apply to outward appearance. Of course, the exact boundaries haven't been tested in (UK) courts.
If I reverse engineer another piece of software (read: interrogate the interface, not decompile) and create a CLI application that does exactly what the original GUI could do, I am arguably creating a derivative work, even though it looks completely different.
Book analogy: if I rewrote that Harry Potter stories in a science fiction setting, but kept the plot elements, characterisation and interactions/relationships the same, the work would almost certainly be infringing.
Copyright covers a work in its entirity, plus protection from verbatim copying of exerpts of that work. It does not cover derivatives of an unsubstantial portion of the work.
In "book" terms, I can take or adapt an idea from another author if is it a core concept of writing, of the genre, or simply not of recognisable value in its own right within the original work (i.e. not a recognisable and significant character, setting, or plot element).
Nah ... they'd have to sue the condom manufacturers and hotels for creating an environment in which illegal P2P sharing could allow infringing material to be traded.
Characters, setting and plot (in that order) are the core elements behind derivative Copyright. Structure isn't really a consideration.
It is very difficult to argue that a work using a recognisable character is not a derivative. e.g. A boy magician with a lightning scar on his forehead (and a couple of other recognisable traits) would not be a good character for your new novel.
It is somewhat easier to make a non-derivative work in a recognisable setting. If you take a look at fan fiction websites, they elaborate on this. Write your fan fiction about new characters in a little explored area of the setting, and you're generally safe (at least, the "original" author or publisher isn't likely to come after you, because they're not very likely to win).
Copying a plot is often the easiest to get away with, if you change the setting and characters (possibly even genre). The courts would also take into account the distinction between formulaic fiction and works that are genuinely recognisable in their genre, as well as the amount (if I can put it that way) of the plot that is covered. Most novels have several parallel and interwoven plots; if you happened to use all (or most) of these, with the same twists ... well that would probably be violation.
In the end, it is the combination of plot, setting and character that make a novel unique, and its down to the courts to make a judgement call about the similarity (or lack thereof) between two works, as well as considering the background (did the "derivative" author have access to the original?) to determine if there has been a Copyright violation.
This is bullshit. The UK is a signatory to the Berne Convention and other WIPO treaties, all of which require that derivative works are protected.
The interpretation of "derivative work" in software has not been tested before, but legal opinion appears to be that substantially similar functionality OR interface are likely to be considered derivatives, unless it can be shown on a balance on probabilities that the two developments were totally independant and had no knowledge of the other (in which case Copyright can't apply, but patents could).
There is a tendancy to believe that unless you're making a verbatim copy its not Copyright violation. Check the law: derivatives, translations, adaptions and exerpts (other than those covered by fair use, which ISN'T required by WIPO) are all protected by Copyright.
This site needs some way of posting comments or feedback. For example, I have issues with at least two of the recipes listed so far. Secure programming sites and recipes are no use if they aren't subject to peer review.
Just to prove how often I play games ... I meant heretic ;) And I had completely forgotten about the look up/down -- it was so seldom that it really had to be used ;)
Well, that's my 5c :)
Indirect infringement. Its a nasty reality of Copyright law that can cause all sorts of problems.
If you rip make a copy of a CD and mail it to me, you are directly infringing Copyright. I on the other hand will be indirectly infringing Copyright, and also liable to damages.
If it came to SCO's attention that IBM was in possession of intellectual property that SCO believed they owned and for which IBM did not have a license for SCO, then SCO can go after IBM, irrespective of the party responsible for direct infringement.
Another vote for TIJ, but, what are you trying to achieve with this course?
Most responses here seem to be "teach 'em good OO". What is the goal of this course -- what are the students supposed to get out of it? Since they aren't CS/IS graduates ("no programming experience") I can only assume they either need to (a) change careers, or (b) use programming as a tool in their career.
In the case of (a) one may contend that knowledge of OO design is important, but also that an introductory course is far from sufficient.
In the case of (b) knowledge of design principles is not likely to be of significant and immediate use to your students. They would be better served by emphasising practical aspects of implementation in Java, focusing on solving particular problems, but being taught within a framework that implicitly demonstrates the benefits of good design. I'm imagining here students who need to create small programs for reporting, scientific and/or financial calculation, statistical analysis, etc. Although the software they write could benefit from good design, it is ultimately of little use to such people (if they really need an extensible robust framework/application, they'll hire someone with the proper expertise).
So focus on the goals of the course, from the student's perspective, and not on just trying to drum good design principles into them.
If I enrolled and paid good money for a course entitled "Introductory Java Programming", I would be understandably pissed if the first thing I was told was "go and teach yourself Java by mid semester".
Summary of developments:
Google for "spam economics". Here are some of the links you'll find.
Even if I'm out by a factor of 40, my figures were based on a tiny 60,000 mails, and the only reason for this was the assumption that the ISP would be proactively monitoring traffic through its MTA or network in order to prevent policy violations, and would pick up attempts to send a number of messages unreasonably large for an opt-in list.
I'll start with an aside. Let's say postage costs $0.01 per snail letter. $200 buys you 2,000 letters. Yet somehow you believe that it doesn't make economic sense to pay $200 to send 60,000 spam mails under the pretence of them being opt-in (that's not unreasonably large for an opt-in mailing list)? It costs a spammer around $20 to send that many messages, and they can expect at worse a 0.1% positive response, for a total profit of $380 if they can make $10 off each response and pay the $200 for a certificate. This is in line with the MO and expected income of your average spammer, according to various studies.
End users (like spammers) don't obtain certificates in AMTP. MTA's (ISPs and possibly large companies) do. You can't just revoke MTA certificates and prevent the ISP from reregistering -- the ISP has to take some proactive steps to prevent abuse, and then respond when it does occur.
The spammer can happily move to another ISP (which is what already happens), without having to pay for a new certificate, or have to give their credentials to anyone. If you're proposing black lists shared between ISPs -- forget it. It doesn't work at the moment, and its horribly open to abuse. The same goes for CAs: there will be more than one authority, and they are unlikely to share (or reliably share) blacklist data.
Any proposal based on end users having certificates and having to present ID verification destroy anonymity.
You need to do some reading on spam economics. Traditional postal spam is economical to advertisers, despite the cost of snail mail (even given bulk discounts). The costs run into a lot more than a couple of hundred dollars per "run" of mails.
Your estimation of the significance of the cost of a certificate is based on US economics. It doesn't take into account the cost relative to income of $200 to an ISP in countries with lower per capita incomes and weak currency. It also doesn't consider the prejudice to small ISPs in poorly serviced regions.
'ello fyonn.
I think your point about anonymity is a good one. AMTP won't necessarily kill it, but IM2K would. We definately need to be able to receive all e-mails without being concered that some MTA somewhere is blocking them (I'm already having trouble talking to friends in the UK because of generous additions to spam blacklists).
The problems with IM2K are pretty well known, and we're still waiting for a solution ;) My biggest issue is having to download from a remote site at 0.5kbps instead of a full (wow) 56kbaud.
Pay per e-mail sucks because it can't account for foreign exchange disparities. $1 to send 100 e-mails is a whole lot cheaper for an average income earner in the US than R7 is here (ZA). The countries that will be the worst affected are the poorest 3rd world countries, that most need the benefit of cheap Internet access to improve their economic condition.
Well, that's my $0.0047.
The system relies on being able to identify which nodes aren't playing ball, and banning them. This means either certificate revocation, or a "filter" list of certified MTAs that are ignoring policy enforcement on their end.
Your suggestion of end user "account types" sounds like an accurate assessment of how this would be implemented -- again very scary. Now ISPs will be able to add charges for another "class" of Internet use. Small businesses who want a single mail address and don't want to buy business class services or hosting will be violating policy by sending business e-mail from their per/individual account.
This draft fails to provide any significant advance over SMTP. The use of TLS and authentication between MTAs merely provides a mechanism to identify policy violators. It does not (as the draft recognises) prevent fraud against a CA, it does not address the problem of distributing certificate revocations, it opens the door to a new era of DoS attacks against CA services (which will likely be far less robust than the DNS system), increases the barrier to entry for the ISP market (with costs being passed on to consumers, of course), and the opportunity for politically based service interrupts (like we already see with SPAM black lists) is just plain scary.
Further to the last point: ISPs are generally forced to react to SPAM rather than be proactive (it is generally impossible for an ISP to distinguish between UBE and opt-in lists). This means that spammers will always be one step ahead, and any network with enough bullying power can summarily demand the revocation of another ISP's certificate for policy violations. An entirely new class of disputes will arise, making SPAM black listing arguments seem tame.
The additional responsibilities this draft places on end users is also unacceptable. You will have to remember to flag your message "commercial" or "personal" and whether the distribution is "individual" or "customer". And of course is someone complains about the classification you could end up having your service terminates, so that the ISP can prove it took appropriate action against the "abuse".
We have to accept that it is a fact that we cannot get away from SPAM. The postal and Internet mail systems rely on the opportunity to send a message to any recipient. Implementing a client side PKI-based whitelist for mail would be trivial (and many people do this), but destructive to the communication medium. The object is not to get away from SPAM, but to ensure that we, as recipients, do not bear the cost of SPAM.
Any system that filters messages at your mailbox, or your ISP's server, costs you money. Your bandwidth and your ISP's bandwidth are wasted. AMTP may reduce this, but adds other hidden costs like a certified key and probably the ongoing maintenance of good relations with many peer MTAs to avoid accusations of abuse.
Anyone interested in alternatives to the SMTP system should take a look at D. J. Bernstein's Internet Mail 2000 ideas; in brief, the sender holds the message in his/her mailbox and make his/her bandwidth available to allow the mail to be downloaded by the recipient (who can obviously choose not to download it).
Ah, but you failed to account for the suffix 'ia'. Surely, given its phonetic similarity to 'ear', this would mean that dyslexia would be a functional impediment in the hearing rather than the seeing of letters in the correct order?
People are cruel. What jerk came up with the name "lisp" (the speech impediment)? And why name it "dyslexia" instead of using a suitable palindrome?