Explaining SOPA

A lot of people are concerned about SOPA, the Stop Online Piracy Act. There are plenty of pages that say that it will destroy the Internet, but very few that explain clearly exactly why. It has also become clear that the politicians writing the law have no idea how the Internet actually works. So here is my attempt to explain it all.

Let me start by explaining DNS, using a situation that doesn’t involve computers, that hopefully anyone can understand.

Imagine a server on the Internet as being like an office building in 1973. No computers. No mobile phones. Just an office building with an expensive business phone line, internal phones connected by wires, and a receptionist with switchboard and a single phone line connected to the outside world.

The server has an IP address. That’s like the office building’s telephone number.

The web sites on that server are like the people who work in the office building. So talking to John Smith is like reading John Smith’s web site.

Now, when your web browser connects to John Smith’s web site, it looks up the IP address of the site, connects to the web host, and requests John Smith’s web site via HTTP. The request is then routed to the appropriate page.

That sounded complicated, so let’s translate it into our telephone analogy:

When you want to talk to John Smith, you look up the phone number of the building he works in, call that number, and ask to talk to John Smith, and you’re put through to him.

Note that unrelated people can work in the same office with the same phone number used to contact them. This is just like the Internet, where there can be multiple unrelated web sites on the same server at the same IP address. What about the different pages of a web site? Well, those are like talking to the owner of the web site about different topics.

OK. Next problem: DNS is distributed. How do we explain that?

Well, at work in 1973, when I want to know somebody’s telephone number, I look in my address book. If it’s not there, I look the number up in the company telephone directory, and make a copy in my address book so I’ll find it quicker next time. If the number isn’t in the company directory, I get the big telephone directory from the phone company, and look in that. If it isn’t there, I call directory assistance, and they look in the really big master telephone directory that has every number in the country. And so on.

DNS is like that. If your computer knows the IP address of a web site because it has used it recently, it just goes ahead and connects, makes the call. Otherwise, it asks your ISP if they have the IP address. If they don’t, your request for the IP address gets forwarded up to a higher level server, until we get to the so-called root servers, which are like the phone companies’ multi-volume master directories.

There are a few technical details not addressed by this analogy, but it’s close enough to explain basically how the system works.

So, now we can talk about the proposed SOPA legislation, the Stop Online Piracy Act.

The basic idea of SOPA is that if someone is accused of copyright violation, all the ISPs in America are required to block access to that person’s web site.

Put like that, it might sound quite reasonable. That’s probably how music and film industry lobbyists explain it to politicians. The problems become clear when you rephrase it for 1973 technology.

People are taping LPs, and giving tapes to friends who call them up on the phone and ask for a copy. So, if someone is accused of taping LPs, we will cut off the phones of the business he works at and remove his name from the phone directory.

Hopefully if you think about that for a moment, some obvious problems spring to mind. I’m going to talk about a few of them.

The first problem is that word “accused”. SOPA does not require any independent investigation. It does not require a lawsuit, or a trial, let alone a conviction. All that’s needed is for Polymer Records to accuse John Smith of taping their albums.

You might think that record companies can be trusted. Well, you might think that if you aren’t a musician, anyway. If you do, I’d suggest reading about some of the abuse of the Digital Millennium Copyright Act, DMCA. Just this last week, Universal Music Group have been issuing takedowns on YouTube for video recordings they don’t own the rights to. You might think it would never happen to you, but if you’ve ever uploaded a video of your kids singing Happy Birthday, well, that’s actionable copyright violation. The owners of The Birthday Song, Warner Brothers, collect about $2 million per year from demanding payment from people who sing it.

The second problem is this: Even if the record company is right, what about all the other people who work in the same office building? How are they going to do their work and earn a living?

A single IP address can host literally thousands of web sites, owned by people who are total strangers to each other. Blocking an IP address takes all those sites offline.

That’s not the only weapon against the Internet authorized by SOPA, though. It also allows for DNS-level blocking. That is, rather than taking out every single web site hosted at a particular IP address, it just takes out every page hosted at the same domain. Going back to our telephone analogy, when John Smith is accused of copying LPs, his name is struck from the telephone directory.

Our analogy fails somewhat here. On the Internet, a single name like Flickr or YouTube can represent tens of thousands of people. So the problem of ‘collateral damage’ isn’t eliminated, only reduced.

But the analogy does make clear a more constitutional issue: In what way is it any of the government’s business what the phone company prints in the telephone directory? If I want to run a telephone directory business with ads for dodgy massage parlors, it’s none of the government’s business. Or in Internet terms, if I choose to publish the information that happyendings.com is at IP address 2001:db8:0:1 then the First Amendment requires that I be free to do so.

There are technical issues too. At the moment, a lot of effort is going into making the Internet more secure by preventing DNS spoofing. Like crooks who put card skimmers on ATMs, DNS spoofers put fake entries in the Internet’s ‘telephone directory’, so that when you think you’re contacting the bank, you’re actually contacting a web server they own. They then collect your username and password, and use those to drain your account.

The solution is called DNSSEC, secure DNS. It uses digital signatures to ensure that only DNS entries signed by your bank will be accepted by your browser. If the signed and verified entry is missing from the directory, your computer goes out and probes servers around the world until it finds one that can provide signed and verified information.

The problem, of course, is that this is utterly incompatible with SOPA. If the government orders that happyendings.com be removed from the Internet, a computer with secure DNS will detect that the “No such web site” reply is not signed by the company that owns the domain. It will try other DNS servers, including those outside the USA and beyond US government control, until it gets a true answer.

So for SOPA’s DNS filtering to work, DNSSEC has to be abandoned or blocked. Which means that online fraudsters will carry on having a free pass to put digital ‘card skimmers’ on your bank’s web site.

Hopefully you’ve followed all that. Please feel free to quote any or all of it in letters to your elected representatives. And now, a little irony to chuckle over.

Earlier this month, a Russian web site compiled a database of around 20% of the IP addresses using BitTorrent file sharing, along with the details of the files they were downloading. Investigation soon revealed something interesting. Someone at Sony Pictures movie studio had downloaded illegal copies of “Conan The Barbarian”, a movie owned by indie studio Lions Gate Entertainment. They had also downloaded Beavis and Butthead, owned by Viacom. Meanwhile, NBC Universal’s IP addresses had downloaded pirate copies of HBO’s “Game of Thrones”, and Fox Entertainment had pirated Paramount’s “Super 8”.

If SOPA were already in effect, Sony, Fox and NBC could have found their corporate web sites forced offline, with no trial, no notice, and no comeback. Do they realize this, or are they counting on the law not being enforced against them?

Learning from the Google+ suspensions

With all the anger over the Google+ mass suspensions, I’ve seen quite a few people post that they’re going elsewhere. Rainyday Superstar has suggested that she might go use Tumblr more. Other people are talking about Diaspora, DreamWidth, even (gag!) staying with Facebook.

I think those people are all failing to see the big picture.

Google’s behavior towards its users is a surprise only because we’ve come to expect better from Google. I learned from LiveJournal and Facebook that sooner or later, almost any corporate entity that becomes popular enough will stop caring about its users. With LiveJournal, it got to the point where even Brad Fitz stopped caring–he had his exit strategy sorted out, and just told people he was no longer in charge of the ship.

Furthermore, freedom of the press in America has a simple rule: if you don’t own the press, you don’t get the freedom. The Constitution only applies to government censorship; private commercial entities get to censor as much as they like. If you are reliant on someone else’s platform to distribute your writing, expect limits on your speech.

This is why anything I write that’s of non-trivial length goes on my web sites. (One for work-related stuff, one for more personal matters.) I’ll post links to it on Google+, Facebook, and other social networking sites, but the actual content stays on a site I own and control.

I use free, open source software (WordPress) which can be deployed to any commodity $5-a-month web hosting provider. I own the domain, and have it registered through a separate company, so if my hosting provider goes rogue they can’t stop me from moving my site and domain somewhere else. (Yes, I’ve seen that happen.) The data is backed up automatically every night to a server in my house, so at most I’d lose a day’s postings and comments. I use rdiff-backup for the nightly archives, so that if someone hacks in and corrupts or destroys the site database I can wind back to the last intact version.

I could have my web site content destroyed, but it would pretty much take a government raid on my house and ISP to achieve that. At that point I’d have bigger problems to worry about, and the US Constitution would (theoretically at least) start to apply.

(I even picked the domain name partly because it’s a command used by every dial-up modem and by many Unix WiFi drivers, so it would be difficult for some tool like Richard Branson to grab a trademark or copyright registration and try to take the domain away from me. It also has no commercial value at this point. Hayes tried to stop other modem makers from using their commands using every legal trick in the book, but they ultimately failed.)

You might think that my web publishing setup is overkill. I’m not exactly Julian Assange, after all. But the other thing that LiveJournal taught me, and which the Google+ fiasco is also making clear, is that you never know what trivial thing is going to make a company use the ban hammer. LiveJournal booted me for posting information which was publicly available to the entire world on the subject’s web site. Google+ is giving people the ban hammer for having names like “Winter Seale” and “Laurence Simon”. So even if your idea of controversy is saying the word “fuck”, you might want to consider a setup like mine, at least if you put any time and effort into what you write. It isn’t hard to set up and use WordPress; arranging the automatic backups is a little more technical, but it’s not rocket surgery.

Stopping by a Web Site on a Sunny Afternoon

(poem for Eric Whitacre)

Whose words they are I think I know.

His poem’s copyrighted though,

With words you’re not allowed to hear

About the dark woods in the snow.

The man would maybe think it queer;

His family dead for many a year,

No heirs in need of royalties,

Yet companies still profiteer.

Ignoring other artists’ pleas

The publisher alone decrees:

None can set Frost’s words to music,

None can share words such as these.

The poem’s lovely, all agree,

But pay up if you want to see,

And years will pass before it’s free,

And years will pass before it’s free.

2011-04-22

Inspiration

The gangster chic of remix culture

Giles Bowkett ponders remix culture, and writes:

There’s an interesting and somewhat alarming correlation between culture based on recycling other culture and organized crime.

I don’t think there’s any particular mystery about why this is the case. It’s down to the unfortunate fact that corporations have decided to try and make artistic collage and appropriation into a form of illegal art. If you make music via extensive sampling, sooner or later you’re going to get sued, or at least seriously threatened with a lawsuit. Examples range from the pop/punk of Culturcide, Chumbawamba and KLF/Jamms, through the eclectic satires of Negativland, to the academic experimentalism of John Oswald. Even referring to a product or famous person by name can get you sued, as Momus found out (twice). More recent artists like Girl Talk seem to be avoiding lawsuits mostly because the music industry is too busy suing file sharers.

None of those artists’ work had any particular connection to crime–until they were sued. But after a decade or so of high profile copyright and trademark lawsuits, the connection between crime and sample culture was established in the minds of artists. While hip-hop started out sample-based out of necessity–the early proponents couldn’t afford any expensive studios or instruments, and relied on tape manipulation–before long even the most successful and wealthy hip-hop and rap acts realized that the illegality of sampling was a perfect complement to their subject matter. Similarly, as raves were driven underground, the music became more sample-heavy.

Kids today may not realize that back in the 1970s and early 80s, giving the finger to the establishment was easy. All you had to do was dress outrageously, make a virtue of your alleged lack of musicianship, dismiss previous artists as irrelevant, and swear a lot (ideally on live TV). But by the mid 90s, offending the establishment was getting harder and harder. You could fire a machine gun at the audience and dump a dead sheep outside the venue and barely get any outrage. By 2001, The Onion pointed out the ridiculousness of artists who still hope to shock through mere appearance.

No, there’s only one way to really piss off the establishment these days, and that’s to disrespect their intellectual property without paying proper monetary tribute.

But moving from John Oswald to Patton Oswalt, I think Oswalt’s rant is really about his dissatisfaction that his long-nurtured position of cool knowledgability in the underground geek culture is now something anyone can obtain easily. I have some sympathy with that. I remember taking day trips to London to visit half a dozen major record stores, and searching bargain bins and used racks in the hope of finding some obscure unwanted copy of an album I’d been seeking for years. Now the challenge has gone.

It took me four years before I tracked down a copy of synthpop band New Musik’s second album “Anywhere”; when I eventually found a vinyl copy in the £2 bin in a record shop in Beaconsfield, it was like Christmas had come. You, on the other hand, can buy a copy right now on Amazon, albeit for a bit more than I paid. Looking for Landscape’s classic “From the Tea-rooms of Mars… to the hell-holes of Uranus”? You won’t have to travel to the Oxford Street Virgin Megastore in the hope of finding it, as I did. It wouldn’t help to try, in fact, because the megastore is gone; nobody’s going to travel half way across the country in the hope of collecting the TELEX back-catalog when they can order it all with a few clicks. It’s just too easy.

Another subtext I see in Oswalt’s rant is the familiar and tiresome claim that they don’t make any good art any more. The music I listened to in college was awesome, man, these modern artists just can’t compare, right?

Wrong. Sure, the 80s gave us punk, synth and new wave, but it also gave us Black Lace, Olivia Newton-John, Captain and Tennille, Styx, Kenny Rogers, The Tweets, and of course Rick Astley. The 80s launched the career of Céline Dion, and the charts were perpetually infested with Stock, Aitken and Waterman productions. The 90s were no better; they may have made electronica resurgent, but they also brought us Backstreet Boys, Vanilla Ice, Mariah Carey, Whitney Houston, and Britney Spears. Take off the rose-tinted blinkers and you can find incredible new music made in the last decade, from Radiohead’s “In Rainbows” and Röyksopp’s Melody A.M., to Jackson and his Computer Band and Whitey.

There probably isn’t going to be a pop culture “Year Zero”; at least, not for music. While the 70s and 80s both saw technology completely change the boundaries of what was possible, at this point technology is cheap enough and sophisticated enough that pretty much anyone with a day job can put together a mini recording studio and make music that sounds like absolutely anything they can imagine. A couple of grand will get you 16 channels of digital stereo multitrack recording and a rack of virtual synthesizers that would have made Rick Wakeman weep for joy in 1974.

Sure, lots of people are using the technology for mashups and YouTube joke videos, but I suspect that’s just a temporary phenomenon. People are learning to use the tools at their disposal, and remixes are a great way to do that. It’s like the early days of desktop publishing, when the world exploded with bad fonts. Give it a while, and things will settle down, and we’ll see more Jonathan Coultons, Weebls and Liam Lynches, and fewer reaction videos and nut-shot compilations.

Letter to the FTC 539814-00408

This is a copy of my comments to the Federal Trade Commission, who are asking for comments on DRM technologies for a Town Hall Meeting in March.

As you are doubtless aware, the Copyright Act of 1976 codifies the First-Sale Doctrine. This states that a purchaser of a copyright work has the legal right to sell or give away the copy, once it has been obtained–so long as no additional copies have been made.

One major issue I have with DRM technologies is that they deny the customer his legal right to resell the product on the second hand market. Also, in many cases purchased products may evaporate if the DRM provider goes out of business, yet still these products are described as being sold to the customer, with words like "buy", "purchase" and "on sale" being used.

Netflix will let me keep a movie indefinitely, but I can’t sell the disc, and they reserve the right to demand it back. Similarly, iTunes digital movies can be kept indefinitely, but I can’t sell the movie, and Apple can turn off my access to it, analogous to demanding the disc back. Netflix describe their service honestly, as rental. Apple describe their service as purchase, with the button saying "Buy now".

This seems to me to be confusing. Physical video stores like Blockbuster would not be allowed to say "Buy this movie for $3.89!" when the terms were actually rental with no due date for return, so I don’t understand why digital movie rentals are treated differently.

I have a simple proposal. It should be illegal to describe something as being "sold" or "for sale" unless the corresponding right of resale is available to the purchaser. Instead, a phrase such as "indefinite rental" should be used, as that’s what is really being offered.

In other words, when I "buy" a movie from the PS3 online store, I’m not really buying it, because I can’t resell it second hand when I’m done with it. So Sony should not be able to pretend I’m buying it; they should be legally required to describe the offering accurately, as an "indefinite rental".

I think this would go a long way towards making it clear to the average consumer that their DRM-protected purchased content comes with metaphorical strings attached, and that it might go away one day.