" /> net.wars: October 2006 Archives

« September 2006 | Main | November 2006 »

October 27, 2006

Crossfire

The Sky News host looked horrified. How, he asked, could anyone claim that getting rid of child pornography online had anything to do with freedom of speech? Surely, he added, anyone would know child pornography when they see it. "Of course," he added, "I've never seen any…"

We are all against child abuse.

The occasion for this discussion, which also included John Carr, from the NCH: ten years ago this week, a bunch of us sat in a room somewhere in Central London while Peter Dawe explain his back-of-the-envelope scheme for combating child pornography online. Most of us thought it was a bad idea, and against Net freedoms, but the then very real threat of regulation was worse. Carr and I were both there, arguing on opposite sides.

In honor of the tenth anniversary, the Internet Watch Foundation released a bunch of statistics. Removed 30,000 Web sites from the British Internet. Seen Britain's share of such sites shrink from 18 percent to .2 percent. A third of the Web sites reported to IWF are found to be "potentially illegal". (These get forwarded to the police.)

The IWF includes a note at the end of the press release to the effect that it doesn't like the term "child pornography" because it "can act to legitimise images which are not pornography." IWF prefers the term "child abuse", because, it says, "they are permanent records of children being sexually abused." But that isn't necessarily so: digital composites do not document anything at all. No one, as far as I'm aware, has done – or legally been able to do – a study of the images of this type that circulate. It would be valuable to know what percentage are images from known cases, for example, or how many can be identified as not children at all, either because they are clearly digital composites or because they use young-seeming adults.

I am willing to stipulate that the images the IWF inspects are, as I have been told they are, horrendously upsetting to look at. But we will never really know; there can be no transparency in this situation. I am also willing to stipulate that in spite of our fears in 1996, other than a few wobbles of purpose, the IWF seems to have stuck to its very narrow remit. It has not, as it has a couple of times suggested it might, branched out into hate speech and copyright violations. It has stuck, basically, to the one thing most people agree is wrong, though of course there is no external review of what's being removed.

Carr noted two things I didn't know. First, that the US is now the world leader in child pornography sites. Second, that Congress is now considering initiatives to change that. Until now, there's been this little problem of the First Amendment which, Carr said, is sacred to Americans. This was the moment when our host looked so horrified.

I'm not sure the First Amendment, which includes freedoms of assembly, religion, and the press as well as free speech, is as sacred as it used to be. For one thing, freedom of speech is one of those things that everyone wants for themselves but not so much for other people. For another, it's commonly misunderstood. The First Amendment doesn't guarantee free speech of all types and in all circumstances. What it actually says is that "Congress shall make no law…abridging the freedom of speech." It may well be that had the Founding Fathers lived in a time where giant corporations were as much of a threat as governments they would have drafted that differently. But the Constitution, like the Bible or Shakespeare, lives on interpretation and textual analysis. What the First Amendment bans, therefore, is legislation that limits free speech.

Which is why, when I went to look up the Congressional moves mentioned by Carr (which I've been unable to find and which even he suggested might be just midterm election posturing), I discovered that this week the ACLU is in court with the government over the 1998 Child Online Protection Act. In its action, ACLU is representing a host of well-respected plaintiffs, including Salon, Dictionary.com, and Powell's Bookstores.

The point of the ACLU's action is not to defend child abuse – we are all against child abuse. The point is that it is very, very difficult to draft a law that only, narrowly, bans child pornography and therefore could pass the First Amendment test in court. And COPA didn't manage it; instead, it banned material that might be "harmful to minors", whether or not that material might be valuable to adults. Clinton, who signed it into law in 2000, ought to be ashamed of himself. But I suppose politically it's a valid strategy: win votes for yourselfyou’re your party by creating a law that looks like you're doing something to protect children; let the ACLU be the bad guy later and by getting it overturned.

So what I should have said to our host is this: it's freedom of speech that's allowing us to have this discussion. But freedom of speech does not mean condoning child abuse.

Wendy M. Grossman’s Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

October 20, 2006

Spam, spam, spam, and spam

Illinois is a fine state. It is the Land of Lincoln. It is the birth place of such well-known Americans as Oprah Winfrey, Roger Ebert, and Ronald Reagan. It has a baseball team so famous that even I know it's called the Chicago Cubs. John Dewey (as in the Dewey decimal system for cataloguing library books) came from Illinois. So did the famous pro-evolution lawyer Clarence Darrow, Mormon church founder Joseph Smith, the nuclear physicist Enrico Fermi, semiconductor inventor William Shockley, and Frank Lloyd Wright.

I say all this because I don't want anyone to think I don't like or respect Illinois or the intelligence and honor of its judges, including those of Charles Kocoras, who who awarded $11.7 million in damages to e360Insight, a company branded a spammer by the Spamhaus Project.

The story has been percolating for a while now, but is reasonably simple. e360Insight says it's not a bad spammer guy but a good opt-in marketing guy; Spamhaus first said the Illinois court didn't have jurisdiction over a British company with no offices, staff, or operations in the US, then decided to appeal against the court's $11.7 million judgement. e360Insight filed a motion asking the court to haveICANN and/or Spamhaus's domain registrar, the Canadian company Tucows, remove Spamhaus's domain from the Net. The judge refused to grant this request, partly because doing so would cut off Spamhaus's lawful activities, not just those in contravention of the order he issued against Spamhaus. And a good time is being had by all the lawyers.

The case raises so many problems you almost don't know where to start. For one thing, there's the arms race that is spam and anti-spam. This lawsuit escalates it, in that if you can't get rid of an anti-spammer through DDoS attacks, well, hey, bankrupt them through lawsuits.

Spam, as we know, is a terrible, intractable problem that has broken email, and is trying to break blogs, instant messaging, online chat, and, soon, VOIP. (The net.wars blog, this week, has had hundreds of spam comments, all appearing to come from various Gmail addresses, all landing in my inbox, breaking both blogs and email in one easy, low-cost plan. The breakage takes two forms. One is the spam itself – up to 90 percent of all email. But the second is the steps people take to stop it. No one can use email with any certainty now.

Some have argued that real-time blacklists are censorship. I don't think it's fair to invoke the specter of Joseph McCarthy. For one thing, using these blacklists is voluntary. No one is forced to subscribe, not even free Webmail users. That single fact ought to be the biggest protection against abuse. For another thing, spam email in the volumes it's now going out is effectively censorship in itself: it fills email boxes, often obscuring and sometimes blocking entirely wanted email. The fact that most of it either is a scam or advertises something illegal is irrelevant; what defines spam, I have long argued, is the behavior that produces it. I have also argued that the most effective way to put spammers out of business is to lean on the credit card companies to pull their authorisations.

Mail servers are private property; no one has the automatic right to expect mine to receive unwanted email just as I am not obliged to speak to a telemarketer who phones during dinner.

That does not mean all spambusters are perfect. Spamhaus provides a valuable public service. But not all anti-spammers are sane; in 2004 journalist Brian McWilliams made a reasonable case in his book Spam Kings that some anti-spammers can be as obsessive as the spammers they chase.

The question that's dominated a lot of the Spamhaus coverage is whether an Illinois court has jurisdiction over a UK-based company with no offices or staff in the US. In the increasingly connected world we live in, there are going to be a lot of these jurisdictional questions. The first one I remember – the 1996 case United States vs. Thomas – came down in favor of the notion that Tennessee could impose its community decency standards on a bulletin board system in California. It may be regrettable – but consumers are eager enough for their courts to have jurisdiction in case of fraud. Spamhaus is arguably as much in business in the US as any foreign organisation whose products are bought or used in the US. Ultimately, "Come here and say that" just isn't much of a legal case.

The really tricky and disturbing question is: how should blacklists operate in future? Publicly listing the spammers whose mail is being blocked is an important – even vital – way of keeping blacklists honest. If you know what's being blocked and can take steps to correct it, it's not censorship. But publishing those lists makes legal action against spam blockers of all types – blacklists, filtering software, you name it – easier.

Spammers themselves, however, should not rejoice if Spamhaus goes down. Spam has broken email, that's not news. But if Spamhaus goes and we actually receive all the spam it's been weeding out for us – the flood will be so great that spam will finally break spam itself.

Wendy M. Grossman’s Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

October 13, 2006

GoogTube

Lawsuits!

That seems to have been most people's gleeful reaction earlier this week when Google announced its acquisition of YouTube for $1.65 billion. That and "They paid too much." Anyone would think you'd never heard of a site with user-submitted content before. Or stock swaps.

First, the lawsuit prospects. YouTube isn't a file-sharing network; it's not Napster, KaZAa, BitTorrent, Gnutella, or eDonkey. It has more in common with free Web site services. Except for "Director" accounts, videos posted to YouTube are limited to ten minutes. That certainly doesn't stop anyone from posting something that's copyright, but it does mean that YouTube isn't the most convenient way to share a feature film, hour-long TV drama, or even, really, a sitcom unless you get a director account, which requires you to indemnify YouTube in case of your misuse and supply a bunch of personal details. A ten-minute video clip from, say, a five-hour tennis match (or from an old comedy show) still violates someone's copyright, but there's less point to suing over it. The prediction that it will be individuals and "little guys" who sue YouTube rather than large rightsholders seems to me to be the right one; the little guys have more to lose in this situation. And also: a little guy will sue a big guy hoping for a nice settlement; a big guy will squash a little guy like Bambi Meets Godzilla; but two big guys make a deal.

The bigger copyright issue is to do with music, since you can easily upload a single DVD album cut and stay within the time/file size limits. But the purchase announcement was accompanied by the news of licensing agreements with Sony BMG and Warner Music Group. That's so smart it's almost unbelievable, given the recent history of the copyright wars: the easiest way to get people not to violate your copyrights is to do it yourself. If you can readily access good, official copies of something, why would you bother with illegal, less good ones unless those had some creative added value of their own (or the official ones were really expensive)?

There's also the point that although you can download YouTube videos doing so is the kind of hack that most mainstream watchers probably won't bother with.

It would be really helpful if someone of a statistical bent and possessed of a lot of patience would go in and do a survey of YouTube to determine what percentage of the content is in violation of copyright, what percentage of the violating material is not available commercially, and what percentage could actually damage anyone's sales. My own guess is that the answer to those are: a lot, most, and hardly any. But in any case, we've gone through this same thing with online file libraries and free home pages, and we know how it's going to come out: YouTube will operate, as it does now, a notice and takedown policy, and courts will eventually agree that as long as it operates that policy consistently and promptly it can't be held responsible for the sins of its users.

Even longer term, probably two other things will happen. Backed by Google's clout, YouTube should be able to sign long-term licensing deals with the major rightsholders that will cover a lot of the copyrighted material (though clearly not that of the "little guys"). Second, fair use could be extended to cover video and music; Google is currently arguing that its book scanning project (reminiscent of MP3.com's failed MyMP3 service) qualifies as fair use, although the publishers involved disagree violently.

The second thing, the paying too much, ignores the fact that Google paid entirely in stock. It's still a lot of money – or would be, if the YouTube guys could sell it and leave – but in real terms last year's $1 billion investment for a 5 percent stake in AOL cost the company more and ultimately will probably profit it less. But the fact is the price didn't matter: Google had to buy YouTube to keep it out of the hands of Yahoo! and MSN. With YouTube in the hands of one of those other companies, Google Video was dead in the water. Google makes its money on advertising; advertising goes where the people go and in direct proportion. People have known for a long time that video would eventually be successful on the Net; they just weren't sure how. In combining a video service with social networking, YouTube seems to have found the answer.

To the suggestion that YouTube is a flash-in-the-Net fad, I say nerts. YouTube has all the same characteristics as such passing fads as eBay, mobile phones, the Internet in general, and Google itself not so long ago. Individual videos will flash in and out of popularity, to be sure, just as you don't hear a whole lot any more about the Hampster Dance, booth in the Mojave Desert, or "I kiss you!" Mahir Cagri, all Net stars in their time. But as video channels proliferate, a networking site where you can watch just the good bits by word-of-Net is as valuable as Google News.

Wendy M. Grossman’s Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

October 6, 2006

A different kind of poll tax

Elections have always had two parts: the election itself, and the dickering beforehand (and occasionally afterwards) over who gets to vote. The latest move in that direction: at the end of September the House of Representatives passed the Federal Election Integrity Act of 2006 (H.R. 4844), which from 2010 will prohibit election officials from giving anyone a ballot who can't present a government-issued photo ID whose issuing requirements included proof of US citizenship. (This lets out driver's licenses, which everyone has, though I guess it would allow passports, which relatively few have.)
These days, there is a third element: specifying the technology that will tabulate the votes. Democracy depends on the voters' being able to believe that what determines the election is the voters' choices rather than the latter two.

The last of these has been written about a great deal in technology circles over the last decade. Few security experts are satisfied with the idea that we should trust computers to do "black box voting" where they count up and just let us know the results. Even fewer security experts are happy with the idea that so many politicians around the world want to embrace: Internet (and mobile phone) voting.

The run-up to this year's mid-term US elections has seen many reports of glitches. My favorite recent report comes from a test in Maryland, where it turned out that the machines under test did not communicate with each other properly when the touch screens were in use. If they don't communicate correctly, voters might be able to vote more than once. Attaching mice to the machines solves the problem – but the incident is exactly the kind of wacky glitch that's familiar from everyday computing life and that can take absurd amounts of time to resolve. Why does anyone think that this is a sensible way to vote? (Internet voting has all the same risks of machine glitches, and then a whole lot more.)

The 2000 US Presidential election isn’t as famous for the removal from the electoral rolls in Florida of few hundred thousand voters as it is for hanging chad – but read or watch on the subject. Of course, wrangling over who gets to vote didn't start then. Gerrymandering districts, fighting over giving the right to vote to women, slaves, felons, expatriates…

The latest twist in this fine, old activity is the push in the US towards requiring Voter ID. Besides the federal bill mentioned above, a couple of dozen states have passed ID requirements since 2000, though state courts in Missouri, Kentucky, Arizona, and California are already striking them down. The target here seems to be that bogeyman of modern American life, illegal immigrants.

Voter ID isn't as obviously a poll tax. After all, this is just about authenticating voters, right? Every voter a legal voter. But although these bills generally include a requirement to supply a voter ID free of charge to people too poor to pay for one, the supporting documentation isn't free: try getting a free copy of your birth certificate, for example. The combination of the costs involved in that aspect, plus the effort involved in getting the ID are a burden that falls disproportionately on the usual already disadvantaged groups (the same ones stopped from voting in the past by road blocks, insufficient provision of voting machines in some precincts, and indiscriminate cleaning of the electoral rolls). Effectively, voter ID creates an additional barrier between the voter and the act of voting. It may not be the letter of a poll tax, but it is the spirit of one.

This is in fact the sort of point that opponents are making.

There are plenty of other logistical problems, of course, such as: what about absentee voters? I registered in Ithaca, New York, in 1972. A few months before federal primaries, the Board of Elections there mails me a registration form; returning it gets me absentee ballots for the Democratic primaries and the elections themselves. I've never known whether my vote is truly anonymous; nor whether it's actually counted. I take those things on trust, just as, I suppose, the Board of Elections trusts that the person sending back these papers is not some stray British person who's does my signature really well. To insert voter ID into that process would presumably require turning expatriate voters over to, say, the US Embassies, who are familiar with authentication and checking identity documents.

Given that most countries have few such outposts, the barriers to absentee voting would be substantially raised for many expatriates. Granted, we're a small portion of the problem. But there's a direct clash between the trend to embrace remote voting - the entire state of Oregon votes by mail – and the desire to authenticate everyone.
We can fix most of the voting technology problems by requiring voter-verifiable, auditable, paper trails, as Rebecca Mercuri began pushing for all those years ago (and most computer scientists now agree with), and there seem to be substantial moves in that direction as state electors test the electronic equipment and scientists find more and more serious potential problems. Twenty-seven states now have laws requiring paper trails. But how we control who votes is the much more difficult and less talked-about frontier.

Wendy M. Grossman’s Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).