Month: July 2010

Update: Feeva, Advertising, and Privacy

/ Christopher Parsons / 5 Comments

MusicBrainzServersWhen you spend a lot of time working in the areas of copyright, traffic sniffing and analysis, and the Internet’s surveillance infrastructure more generally, there is a tendency to expect bad things on a daily basis. This expectation is built up from years of horrors, and I’m rarely disappointed in my day-to-day research. Thus, when Wired reported that a company called Feeva was injecting locational information into packet headers the actions didn’t come across as surprising; privacy infringements as reported in the Wired piece are depressingly common. In response I wrote a brief post decrying the modification of packet-headers for geolocational purposes and was quoted by Jon Newton on P2Pnet on my reactions to what I understood at the time was going on.

After the post, and quotations turned up on P2Pnet, folks at Feeva quickly got ahold of me. I’ve since had a few conversations with them. It turns out that (a) there were factual inaccuracies in the Wired article; (b) Feeva isn’t the privacy-devastating monster that they came off as in the Wired article. Given my increased familiarity with the technology I wanted to better outline what their technology does and alter my earlier post’s conclusion: Feeva is employing a surprising privacy-protective advertising system. As it stands, their system is a whole lot better at limiting infringements on individuals’ privacy for advertising-related purposes than any other scalable model that I’m presently aware of.

Before I get into the post proper, however, I do want to note that I am somewhat limited in the totality of what I can speak about. I’ve spoken with both Feeva’s Chief Technology Officer, Miten Sampat, and Chief Privacy Officer, Dr. Don Lloyd Cook, and they’ve been incredibly generous in sharing both their time and corporate information. The two have been incredibly forthcoming with the technical details of the system employed and (unsurprisingly) some of this information is protected. As such, I can’t get into super-specifics (i.e. X technology uses Y protocol and Z hardware) but, while some abstractions are required, I think that I’ve managed to get across key elements of the system they’ve put in place.

Continue reading

Ole, Intellectual Property, and Taxing Canadian ISPs

/ Christopher Parsons / 9 Comments

Ole, a Canadian independent record label, put forward an often-heard and much disputed proposal to enhance record label revenues: Ole wants ISPs to surveil Canada’s digital networks for copywritten works. In the record label’s filing on July 12 for the Digital Economy Consultations, entitled “Building Delivery Systems at the Expense of Content Creators,” Ole asserts that ISPs are functioning as “short circuits” and let music customers avoid purchasing music on the free market. Rather than go to the market, customers are (behaving as rational economic actors…) instead using ISP networks to download music. That music is being downloaded is an unquestionable reality, but the stance that this indicates ISP liability for customers’ actions seems to be an effort to re-frame record industries’ unwillingness to adopt contemporary business models as a matter for ISPs to now deal with. In this post, I want to briefly touch on Ole’s filing and the realities of network surveillance for network-grade content awareness in today market. I’ll be concluding by suggesting that many of the problems presently facing labels are of their own making and that we should, at best, feel pity and at worst fear what they crush in their terror throes induced by disruptive technologies.

Ole asserts that there are two key infotainment revenue streams that content providers, such as ISPs, maintain: the $150 Cable TV stream and the $50 Internet stream. Given that content providers are required to redistribute some of the $150/month to content creators (often between 0.40-0.50 cents of every dollar collected), Ole argues that ISPs should be similarly required to distribute some of the $50/month to content creators that make the Internet worth using for end-users. Unstated, but presumed, is a very 1995 understanding of both copyright and digital networks. In 1995 the American Information Infrastructure Task Force released its Intellectual Property and the National Information Infrastructure report, wherein they wrote;

…the full potential of the NII will not be realized if the education, information and entertainment products protected by intellectual property laws are not protected effectively when disseminated via the NII…the public will not use the services available on the NII and generate the market necessary for its success unless a wide variety of works are available under equitable and reasonable terms and conditions, and the integrity of those works is assured…What will drive the NII is the content moving through it.

Of course, the assertion that if commercial content creators don’t make their works available on the Internet then the Internet will collapse is patently false.

Continue reading

Traffic Management on Mobile Gets Regulated

/ Christopher Parsons

Shortly before Canada Day the Canadian Radio-television Telecommunications Commission (CRTC) released their decision as to whether they were to modify the forbearance framework for mobile wireless data services. To date, the CRTC has used a light hand when it’s come to wireless data communications: they’ve generally left wireless providers alone so that the providers could expand their networks in the (supposedly) competitive wireless marketplace. As of decision 2010-445 the Commission’s power and duties are extended and the spectre of traffic management on mobile networks is re-raised.

In this post I’m going to spell out what the changes actually mean – what duties and responsibilities, in specific, the CRTC is responsible for – and what traffic management on mobile networks would entail. This will see me significantly reference portions of the Canadian Telecommunications Act; if you do work in telecommunications in Canada you’ll be familiar with a lot of what’s below (and might find my earlier post on deep packet inspection and mobile discrimination more interesting), but for the rest this will expose you to some of the actual text of the Act.

In amending the forbearance framework the CRTC is entering the regulatory domain on several topics pertaining to wireless data communications. Specifically, wireless providers are now subject to section 24 and subsections 27(2), 27(3), and 27(4) of the Act. Section 24 states that the “offering and provision of telecommunications service by a Canadian carrier are subject to any conditions imposed by the Commission or included in tariff approved by the Commission.” In effect, the CRTC can now intervene in the conditions of service that carriers make available to other carriers and the public. Under 27(2) carriers can no longer unjustly discriminate against or give unreasonable preference towards any person. This limitation includes the telecommunications carrier itself and thus means that neither fees nor management of the network can be excessively leveraged to the benefit of the carrier and detriment of other parties.

Continue reading

On a Social Networking Bill of Rights

/ Christopher Parsons

I attended this year’s Computers, Freedom, and Privacy conference and spent time in sessions on privacy in large data sets, deep packet inspection and network neutrality, the role of privacy in venture capital pitches, and what businesses are doing to secure privacy. In addition, a collection of us worked for some time to produce a rough draft of the Social Network Users’ Bill of Rights that was subsequently discussed and ratified by the conference participants. In this post, I want to speak to the motivations of the Bill of Rights, characteristics of social networking and Bill proper, a few hopeful outcomes resulting from the Bill’s instantiation and conclude by denoting a concerns around the Bill’s creation and consequent challenges for moving it forward.

First, let me speak to the motivation behind the Bill. Social networking environments are increasingly becoming the places where individuals store key information – contact information, photos, thoughts and reflections, video – and genuinely becoming integrated into the political. This integration was particularly poignantly demonstrated last year when the American State Department asked Twitter to delay upgrades that would disrupt service and stem the information flowing out of Iran following the illegitimate election of President Ahmadinejad. Social networks have already been tied into the economic and social landscapes in profound ways: we see infrastructure costs for maintaining core business functionality approaching zero and the labor that was historically required for initiating conversations and meetings, to say nothing of shared authorship, have been integrated into social networking platforms themselves. Social networking, under this rubric, extends beyond sites such as Facebook and MySpace, and encapsulate companies like Google and Yahoo!, WordPress, and Digg, and their associated product offerings. Social networking extends well beyond social media; we can turn to Mashable’s collection of twenty characteristics included in the term ‘social networking’ for guidance as to what the term captures:

Continue reading

Review: Apple iPad

/ Christopher Parsons

I pre-ordered the iPad  as soon as I could and unpacked it the day that I returned from a trip to South America (that saw me miss its actual delivery). I’ve had the device for over a month now, have been actively using it, and wanted to offer my impressions. Those impressions, I will note, are significantly conditioned by the reasons that I bought the device, which I’ll outline. I’ll first briefly address the actual hardware and operating system of the device, then move to what I like and dislike about the product. Ultimately, I’m happy with the device and have absolutely no regrets in getting this particular first-gen Apple product.

The screen, ergonomics, and weight are all fine. It’s using an IPS-LCD, which means that viewing angles are good and colour reproduction is pretty faithful. While some have criticized the back for being slightly rounded, it hasn’t bothered me in any way, nor has the weight of 1.5lbs struck me as ‘heavy’ though the device is heavier than appearances might lead one to believe. There is a bezel surrounding the screen itself and it makes sense: I can rest my hands on the non-interactive bezel without affecting whatever I’m displaying on the screen. This is a good thing. the iPad has the same touch interface as the iPhone and iPod Touch. This makes the iPad simple to use, if lacking any deviant features from those earlier devices (and, with the release of iOS 4, the iPad actually has slightly fewer features than the iPhone or Touch). In light of its use of the older 3.2 release of the OS, the iPad is horrible if you rely on multiple windows being open to get work done and is a poor choice for any content producer looking to do a lot of work on it that will see you flipping between a document/content production editor and the web. In effect, anyone who’s tried doing intensive content production on the iPhone or Touch will largely encounter the same old problems here. I’m not saying that you can’t do such production, but it’s far less convenient than on a full desktop/notebook or even netbook. On the upside: the device is light and battery life is good (I tend to go for 36-72 hours without needing to plug in, with moderate to heavy use each day).

Continue reading

Kinder DRM Still Undermines Digital Abundance

/ Christopher Parsons / 3 Comments

We live in an era of digital abundance, an era where we can genuinely rethink the underlying economics of information creation and dissemination as the cost of creation, storage, and dissemination infrastructures approach zero. Against fears that this threatens to ‘undermine’ content production we see the rise in the quantity of content that is produced and, correspondingly, a rise in novel approaches to profit from the generation of that content in an abundant bitscape. We should resist efforts to undermine abundance through Digital Rights Management protocols.

As reported by Ars Technica, the IEEE is developing a novel kind of DRM that would see ‘content’ folders encrypted and only accessible after individuals used decryption keys to access that content. For rights holders and some content producers, this is seen as having the merit of securing their ‘goods’ by attempting the replicate the scarcity of atoms in the bitscape. Consumers would ‘benefit’ because they would not longer have to deal with onerous licensing terms: they would own the keys and the keys would have value because of their capacity to ‘open’ content streams. Of course, this would also introduce the pain in the ass of key management, something that few consumers are likely to want to suffer through any more than the already existing consumer ‘protection’ measures they regularly encounter.

The IEEE’s motivations behind this DRM system are to remedy problems caused by non-rivalrous digital content. Paul Sweazey has stated that;

…a truly non-rivalrous system makes commerce too difficult, even impossible, and that we need to create ways for the digital world to mirror the constraints of the physical one.

The creation of this rivalrous system is seen as a ‘middle road’ between advocates of abundance and total DRM lockdown. I would suggest that what we’re really seeing is just another attempt to undermine (arguably) the most significant quality of the bitscape, which is the capacity to replicate information across networks spanning the globe without diminishing the ‘holdings’ of whomever held the original copy. Moreover, it demonstrates a continued unwillingness and/or inability to experiment with novel business models that, while perhaps reducing overall revenue compared to past years/decades, will enable companies to continue delivering profits in the long-term. Value continues to be perceived as existing in the sales of digital things, and instead of seeking out novel ways to extract derivative value from their ubiquitous existence resulting from widespread copying there is an attempt to totally monetize all copies. This is in defiance of demonstrably successful freemium strategies, as well as other related schemes that work to gain widespread brand awareness and capitalize off the sale of rivalrous goods to a small percentage of users. 

I have incredible doubts that any key system will remain secure over the long-haul (and, by long-haul, I mean just 10-20 days of the system being deployed). There are just too many parties that will do everything in their power to break the encryption and key management system, and history has proven that the attackers tend to far outstrip the defenders in the field of content protection algorithms. Central is that technological security systems tend to be incredibly brittle, fail poorly, and enable modes of attack that relatively ineffective against human-based security. Schneier, in his 2006 book Beyond Fear, notes that;

Technology gives attackers leverage because they can do more in an attack. Class breaks give attackers leverage because they can exploit one vulnerability to attack every system within a class. Automation gives attackers leverage because they can exploit vulnerabilities a million times.. Technique propagation gives attackers leverage because now they can try more attacks, including ones they can’t even understand. Action at a distance and aggregation also give attackers leverage because now there are many more potential targets (p. 99).

A DRM scheme that aims to use encryption keys to establish digital bits as rivalrous will fall prey to each of the items noted in that quotation.

Making customers screw around with encryption keys, have adequate key management systems, always requiring connections to the ‘net to access keys, or any other ways that engineers imagine customers dealing with key management is almost destined to fail. Engineers are, in this case, trying to stuff the genie back in a bottle instead of working with progressive MBAs and innovators who are trying to create (and often, though certainly not always, succeeding) novel business models that leverage add-on services, scarce extras, and other things that are genuinely exclusive to monetize digital distribution systems. Focusing on protection, in this case, is the dead wrong way to to and highly unlikely to do much other than waste a lot of people’s time that could otherwise be productively exercised.