Mike Nguyen's Weblog for CSCI 10

There are specific examples pertaining to the different spaces that these tussles will occur in. In terms of economics, competition breeds efficiency in distribution and as such competition must be an inherent attribute of the new design. The new design must find new ways to solve some of the current problems like lock-in IP addressing causing hassle for users who want to switch ISPs or unreasonable tiered pricing for users of different usage demands. Another tussle space would be trust implementation, whereby users must be well informed of the intentions and origins of the parties they are about to send information to or receive from. However this has a serious implication on the question of identity that the developers must face: should Internet usage remain virtually anonymous as it is right now for everyone?

Ultimately, the ideal of a future Internet that is free from the “gripping hand of authority” is a false utopian vision as there will always be tussles among competing factions for their own interests. Designers ought to keep this in mind as they seek to develop a newer and better Internet structure for all.

January 21, 2008

There is inherently a link between economics and computer security: the people who are responsible for protecting a computer system are not the one who have to suffer the costs of failure. It seems some of the biggest problems in computing no longer have anything to do with technology but rather the economic aspects of applying them. There has been a general trend of more co-operations between computing and economic analysts these days with projects ranging from economics of digital forensics of cell phones, cost to the U.S. economy for information infrastructure failures to economic barriers to adopting new security protocols. If we are to find a successful way of deploying security structure onto computer systems in this new age, economic incentives must be taken into serious considerations.

IMesh recently released of its new software contained a bundled application called Marketscore that would collect private data of its users, encrypted or non-encrypted, for research on “internet trends and e-commerce activities.” Many universities have blocked access by this spyware to prevent the leak of personal data. However many persons interviewed in the article seemed to be apathetic to the whole issue of privacy, citing reasons from free utilities that comes with authentication from leading security firms, ease of e-commerce browsing through the use of password management software and a lackadaisical behavior in response to the teeming of adware and spyware everywhere on the Internet. None of these sources are confirmed however.

Spyware collects private information about the user of the machine it resides in and sends such information to the owner without the user’s permission. Remote attacker can take advantage of the resident spyware to open a port on the computer for attack, lockdown and control of that computer. Spyware will also slow down computer performance through the transmission of such data. Computer hackers could also utilize hundreds or thousands of spyware from different computers at the same time for a concerted attack on a computer network, called distributed denial-of-service (DDoS).

The only effective ways to deal with spyware is first through education and protection. Users must be well educated about the potential security risks they are dealing with in accessing certain groups of networks as well as empowered with security clients that will protect them from inadvertent admission of malware. Furthermore legislation must require the full, transparent disclosure of the inclusion of spyware in any commercial application and the ease of uninstallation should the users wish to do so. Aggressive prosecution is needed against those attempted to use spyware for illegal activities. Contingency plans must be prepared by government agencies in response to any possible DDoS attacks as they would cripple the networks of governments and businesses. In this manner governments and businesses should work “closely together to address the issue and safeguard the productivity and security of the Internet computing environment.”

January 17, 2008

The incident at OSU was all about walking a tight rope between using social networking for security purposes and intruding on privacy. When students chose to upload some of their privacy information they were unaware that these information could be read by any administrator or other people in the same network as theirs. Many colleges are working towards helping students realize the consequences of posting indiscrete materials.

The case of Taylor Behl brought an alarm to divulging too much personal information on the Web and fatal consequences even if there was no direct connection in this particular case.

As Facebook expands its networks, these privacy issues become more serious as more people are capable of getting access to a personal profile. As such, the network has provided tools for users to control what content they would like other people to look at, yet few are aware of such tools. Campus policies towards Facebook in general are favorable, although some employed it as a tool for monitoring behavior while other chose to shut it off the network completely. In essence, students out there ought to be aware of the long term implications of the private data that they choose to post to their profiles.

People have the tendency to listen to gossips to know what has been going on around them. Online social networks have had improved the capability of absorbing these gossips greatly. Yet there is always a hazard of information “overload” - drama from strangers in need of help out there to whom you could not reach out. More gossips do not necessarily mean better ways of keeping in touch with reality.

Some school administrations have employed Facebook as a tool for monitoring students’ behavior, ranging from identifying culprits for vandalism to finding hazing activities. The popularity of Facebook/MySpace usage means that there will be long term implications for school administrations in handling what used to be considered private matters among students.

January 16, 2008

In my position paper I will be talking about two main issues involving the legality of using P2P services: the legal provisions involved in P2P technology and the issue of piracy itself.

First, with regards to P2P technology, it was originally developed by developers as another medium for sharing information among users, just as a CD burner, or a floppy does. Legal precedents pointed to the case of Sony’s Betamax in which Sony won as the device was “capable of substantial noninfringing use.” Does BitTorrent qualify under this category? Certainly so, considering the fact that on the main page of BitTorrent it promotes the sharing of latest Hollywood movie trailers, artists’ music video clips approved by MTV, FOX and many other media companies. As BitTorrent is already popular among users, these promotions will help boost movie and album sales and generate extra revenue for media producers. If P2P developers were to be charged with developing a technology merely for “copyright circumvention” and as such a DCMA infringement, this would set a very bad precedent for any other sort of file sharing medium, ranging from the CD burner, portable hard drives, or even the iPod (as a hard drive), and Gmail (where file exchange can take place too). It is understandable that in a wide network of users out there, there will be some who will abuse the network and use it for unauthorized distribution of copyrighted materials. However the responsibility then lies with the user as the party who committed direct infringement, and not the P2P developers, since they do not have any right of control over the content that these users are sharing and do not make money off it either. In short, by allowing the continued existence of P2P technology we are ensuring that the compliance with the First Amendment is not in jeopardy: individuals are allowed to exercise the freedom of choices of whether they would accept the consequences of breaking copyright law.

Second, copyright infringement looks bad in the eyes of the original creators as they had spent money, time and efforts in producing their works and needed to be remunerated with financial rewards. If people are all well-endowed in technical knowledge and there are very few avenues for the public to make legal purchases of these intellectual works, certainly many would opt for the freeloading option of illegally obtaining these works from P2P network. This would cause serious trouble for the creative industry. Nevertheless, music stores are virtually everywhere around us. Apple had opened its iTunes music store online. Listening to an MP3 file on a computer is a totally different experience from listening to a music CD on a hifi system. Not many of us out there are even adequately equipped with knowledge on how to run a torrent search. Therefore the number of infringing users out there makes up only a small percentage of the total consumers of these intellectual works. Furthermore, these illegally-shared contents on the P2P network are in fact digitized “copyrighted materials,” which means they are non-rival in nature: a person’s use of an MP3 file is not diminishing another’s chance of using it in the same manner. It is certainly not comparable to stealing CDs off the music store. These CDs are produced by the manufacturers themselves and there are costs involved in producing them. Stealing a CD will deprive an interested buyer from potentially getting it.

Beyond the technical assessment of the copyrighted material, let us now move on to the issue of piracy itself. There are many justifications for piracy in some cases. If a copyrighted material is unavailable or unfeasible to a user through any legal channel, P2P network more than often always has an answer to it. An enthusiastic Internet radio listener could one day discover a great song by an upcoming pop artist in Czech, yet he knows of no one living in Czech and the artist’s album is not sold in stores in the US. The only way he could get it is through downloading off sources from some other listeners who actually reside in Czech and have digital copies of the album available for sharing. Furthermore, for many third-world countries residents, their total monthly income worth the price of a new copy of Windows Vista. Given the fact that they have to spend money on food, housing, health care and other amenities, buying a legitimate copy of Windows is not an easy option for any of them. Their children would grow up being illiterate in information technology without the help of these one-dollar pirated CD shops. Many of them have gone on to study further in top IT schools over the world today and would become high-income earners. They would certainly be able to afford a copy of Windows Vista no doubt, but would they be given that chance had there been no availability of low-cost software knock-offs available to them? Finally, the music or software industries have been making huge profits off selling CD copies and complacent on developing new business models that would embrace new technological changes, like P2P and such. Trying to disable P2P through legal channels is a good opportunity for them to establish monopoly on material distribution through only a few propitiated channels and a setback on innovations on technologies in distribution.

January 14, 2008

- A Russian programmer was arrested by FBI for writing a program that would disable the restrictions imposed on an Adobe Reader ebook format. Adobe pointed out that the same piece of software would allow a pirate to make illegal copies of the ebook otherwise readable only with Adobe’s reader technology. This is a violation of the Digital Millennium Copyright Act.

- The problem is, copyright laws allow fair use of copyrighted material, copyright technology does not. Copyright laws protect for a limited amount of time, copyright technology does not. That cracking copyright technology is a violation of DMCA is controversial.

- DMCA criminalizes people who undermine copyright technology while they do not necessary break copyright laws. People are not allowed to make presentations on security loopholes of an encryption system, for example. Such restrictions will have negative effects on innovations in encryption and security industry itself.

- YouTube has been involved in a legal case initiated by Viacom for violating copyrights. YouTube defends itself on a clause stipulated by DMCA that as long as the service has no “knowledge of infringement” or “expeditiously” takes down illegal materials, it is released from legal liability. However this clause does not apply to people who derive a commercial benefit from these stored copyrighted materials, if they have the ability to control them.

- Such clause allows the flourishing of many Web services like online storage, e-mail, Web hosting etc. without the need to patrol every single file uploaded for copyright check.

- YouTube is different, it is known for the entertainment value that it offers and not any technical support like those other hosting services. It therefore attracts a huge amount of traffic and income as well through paid advertisements. It does have “knowledge” of what is on the site, because the public knows too. It certainly has the “right and ability of its control” through removal of pornographic materials and having different channels and featured videos on the main page, for example. The obligation to monitor uploaded content must rest with YouTube. Forcing this obligation upon YouTube / Google will not stifle creations but rather promote respect for copyright laws. After all, had copyright laws not been respected, YouTube / Google would not have been there in the first place.

- Most legal downloadable music content these days are armed with Digital Rights Management that would help prevent users from illegally sharing these files on the Internet. However DRM put a burden on the user himself as to how he would like to personally use these files e.g. limiting the number of computers that can play downloaded files.

- Attaway, a senior executive at MPAA, asserts that DRM is positive but not yet perfect. The cost of producing a movie is huge as such there will always be fees involved in watching a movie. However there are different demands for watching a movie and DRM allows the differentiation of pricing for these different demands.

- Seltzer responds by saying that DRM & DMCA already stops innovations on DRM-protected media. DVD players do not allow clip-cutting for personal uses. Some companies who came up with popular technology for storage from DVDs have to settle lawsuits. DRM & DMCA protect the current business model but stifle new innovations that could potentially benefit both media creators and users.

- Attaway: DMCA has been an incredible stimulus to creativity since its inception in 1998: free downloads were made available on websites of media corporations, feature length films on iTunes etc. DRM is only seen as comparable to the electronic tags on clothing at the mall – making sure the owner pays for its use. DRM has never been found to be interfering with fair use at all.

- Seltzer: That is only applicable to viewing technologies and not technologies that empower the viewer as new creators of video remixes. DRM & DCMA limit fair use in the sense that innovators of new technologies that allow flexible use of licensed media content will have to get approval first.

- Attaway: Media content creators must be able to control the use of their content and extract economic value from it. Transformative uses are acceptable but not prioritized over incentives for creativity. As DRM develops, it will allow both copyright protection and transformative use of such licensed content.

- Seltzer: The public ought to have a certain benefit from the creation of new media too as it will inspire further innovations. The problem is, DRM prevents any possibility of such access and at the same time, still succumbs to many hacking methods.

- Attaway: DRM allows differentiated pricings in usage. DRM currently is not developed enough. DRM is like locks on the door, they do not guarantee free from theft but at least discourage them.

- Seltzer: DRM let the owners dictate usage terms in very limited ways. Newer innovations of usage will have to go through approval process. Improvements in DRM are not going to make it any easier. A door lock should not lock the house from its own owner.

- The case between Microsoft and Slashdot on articles publishing criticism on Microsoft Kerberos and its interoperability restrictions is just one among many examples where DMCA is violating the freedom of speech.

- Slashdot maintained the viewpoint that “unauthorized reproductions” cited by Microsoft were in fact non-infringing fair uses for the purpose of criticisms and comments. Even if Microsoft Kerberos specification is considered “trade secret,” the DMCA does not authorize takedown demands of trade secrets.

- Microsoft argued that information protected by EULA had been undermined through these postings, and if this information is regarded as a “product” or a “service,” then it is a violation of the DMCA.

- If Microsoft won, it would undermine the fair use of published information through this form of “clickwrap.” If the new UCITA got approved, any current fair use of software would be criminalized as well.

- This act has a serious implication on freedom of speech: restrictions on reuse of copyrighted expressions for the purpose of research, criticism, comment and education could be regarded as restrictions of speech. Furthermore, DMCA and UCITA could potentially shield flawed product designs from competition in a healthy market. The First Amendment and related restrictions on copyright had enabled the flourish of innovations without undermining intellectual property protection. However DMCA and UCITA are going to change that.

January 10, 2008

- Any network requires some centralized control in order to function. The telephone communication system is controlled by the International Telecommunication Union, now part of the UN. The Internet is currently administered by the Internet Corporation for Assigned Names and Domains (ICANN). Even though ICANN has a Governmental Advisory Committees made up of international representatives, they do not have real power and ICANN is merely an instrument for US hegemony. Many countries criticized the control of the Internet by the US and its recent statement to control the Internet for an indefinite time.

- There is a need for control over the assignment of domain names, IP addresses, root server operations and preservation of technical standards for interoperability. So far the Internet has a certain degree of openness, supported by private network providers and free from the grip of telecom regulators.

- Up to 1998, administration was run by John Postel alone who gave out proprietary rights over domain names. And then ICANN came along following a series of spats between governments, businesses and NGOs. Its private-sector status has allowed it to operate free from political influences; one example would be the allocation of the “.tw” domain.

- ICANN is criticized from every side, from the lack of transparency, accountability and legitimacy, being overly regulative to earning excessive profits. The Internet ought to be managed by an international community, not a single nation. Yet while the UN was working on a proposal to transfer the ownership to the UN, US Department of Commerce had already pre-empted with a declaration of ownership.

- ICANN takes credit for the interoperability of the Internet thus far, and the US government is committed to keeping its liberal values in running the ICANN. There is no guarantee that an international committee will be operating on the same ground given the fact that there are governments out there that do not hold dear to the democratic ideals or the free flow of information.

- However if the US continues to hold grip onto domain name registration, other entities will also establish their own bodies with competing rights. Incompability will result, therefore in the long run the US ought to find a method of power-sharing.

- The debate over the control of the Internet is in fact a clash of perspectives, ICANN is seen by the US government as its own defusal of government authority over the Internet whereas other governments view the organization as a creature of the US government. Other governments view international administration as a further step toward democracy on the Internet, the US views it as a retreat.

- US Secretary of State sent a letter to the UK Foreign Minister in response to EU’s proposal to establish a new inter-governmental body to replace ICANN. In her letter, Rice stressed on the importance of retaining structural stability of the Internet. Intergovernmental administration will only add the “burdensome,” unnecessary bureaucracy to Internet governance. As much as the US is “willing” to discuss the issue of Internet governance with other nations over the assignment of country domain names, it would like to see ICANN as the only private authoritative body that ensures the efficiency of Internet governance.

- The Internet was created decentralized in nature with limited government intervention. However the situation has changed as its reach becomes worldwide. The Tunis meeting hopes to end the US control over the Internet through ICANN. However creators of the Internet are concerned that by lending itself to governmental control, the Internet could be fragmented and best left alone. As some say, “there is nothing to control.” Because the Internet is build with the concept of interlinked network that there is no single control node.

- There have been attacks at the US for overseeing ICANN as a demonstration of economic and political power, yet there were no viable solutions proposed. Some pointed at the UN while the EU is developing a similar governing body to ICANN. Many believed that the battle for the control of the Internet is motivated by commercial interests. Also, a standardized form for address designation will allow interoperability and universal comprehension rather than, localized addresses in a different alphabet system.

- The UN does not have enough credibility to take up such a task as administering the Internet – given the plethora of scandals that are bogging it down, like the food-for-oil program in Iraq and child prostitution rings in Congo.

- ICANN only manage the technical aspect in matching domain names with IP addresses and therefore there should be no reason for any government to interfere with its duty. It does not “control” the Internet.

- Management costs will be raised and there might be a prospect of an international Internet tax if the UN is to be in charge.

- ICANN certainly has its shortcomings, but overall, this whole rhetoric on the US government is more motivated by political purposes. There is currently no viable alternative.

January 9, 2008

- Telecommunications (telephone and cable) companies hope to come up with a plan that would prioritize bandwidth for certain Internet companies for a fee. They argue that it will enhance users’ experience (think QOS) and drive down the cost of high-speed Internet. Some of the motives include extra funding for building higher capacity and quality communication networks. But more importantly, these companies also would like a slice of the profits that Internet service providers have been generating through the use of their bandwidth.

- Internet service providers see this as a threat to privacy and consumers’ rights and also, attempts at establishing regulations to deter potential competitors. Even in the case where net neutrality could not be preserved, it would matter little to established names like Yahoo and Google to pay a percentage to these network providers; however future up-start entrepreneurs hoping to become another Google or Yahoo will face high-cost deterrence when it comes to new innovations.

- The disabling of Net Neutrality could be likened to “toll booths” along the information highway which are owned by network providers, no longer a “free and open technology” fostering innovation.

- Net Neutrality had been a concept central to the Internet up until 2005 when FCC eliminated this ruling and as such this issue had been brought up in Congress for voting.

- If Net Neutrality is lost, high-speed bandwidth would only be available to those who could afford it. Think of a similar situation whereby subscription is required for cable TV. Major industries will have to pay out of their pocket a huge amount for Internet services; as such they will pass on this rise in costs to their customers as well. Expansion of independent network of media will be halted. Innovations will be stifled.

- Net Neutrality finds supporters from different walks of lives: entrepreneurs, Christian groups, social charities and some other consumer groups.

- A prioritization of network bandwidth will bring about great applications that would have been unfeasible in the face of neutrality. One example is remote monitoring of vital signs of patients for better treatment. This is only possible if transmission of such data takes top priority over other trivial file downloading process. Net neutrality supporters are obstructing these prospects severely.

- Relate the Internet to the concept of externality in markets: the usage of the Internet has implied externalities to it. The more people use the Internet, the more useful it is to “plug in.” But at the same time, more people using the Internet for all kind of purposes will bring about negative externality: traffic congestion.

- Some others who want to use a broader bandwidth will then be inhibited by this limited flow of traffic. Solutions? Those who can afford will pay more for it and be given more. It would not make sense to ask everyone to pay a same amount for an increase in broadband if some do not really need it. Cars should pay lower road tolls than trucks.

- Unlike what many might have told us in rhetorics, disabling Net Neutrality does not constitute an assault on users’ privacy. It is more of a battle for profits among corporations and the outcome seems to affect us little. Nevertheless it is safe to assume that a removal of Net Neutrality will not guarantee a significant improvement in quality of service for end-users, neither will it help decrease cost of bandwidth if the motives for Quality of Service ironically is to recoup profits in the first place.

- The concept of differentiating network usage is not a new topic. In economics this is called “price discrimination.” Think of public concerts that have differentiated prices for adults, children, students and seniors. Or airlines offering business and economic classes. But the ideal scenario is the former: everyone gets roughly the equal amount of enjoyment yet pays for it affordably according to their level of income. The latter represent the state of the future of Internet without net neutrality: you pay more to get more. However I do find the analogy of the “externality” of the Internet highly illogical. The Internet has a vast array of infrastructural and social components that it is irrelevant to label it as a single “market product” for the sake of comparison. As more people using the Internet, people will benefit from the exchange of information on it, not the Internet itself. Individual subscribers have already paid a monthly fee to their providers for an allocated amount of bandwidth usage. As such, I do not see how a user who pays $30 per month for 512kbps broadband and downloads movie 24 hours a day would threaten (or in other words, commit a negative externality) his neighbor’s bandwidth who pays $50 for 1.5Mbps broadband and only reads the New York Times occasionally. We are not talking about the individual here but rather the corporate subscriber who needs hosting from network providers. Leave the individual alone.

- On the other side of the playing field, Net Neutrality advocates need to get it right. First, telecommunication networks aim to provide another top-priority, dedicated bandwidth for subscribers who could afford it, on top of the current infrastructure. The “dirt-road” scenario for the average user is irrelevant. Furthermore, personal network subscribers are differentiated from corporate subscribers and therefore, independent media are allowed to operate as freely as they wish, unless there is a need for a higher bandwidth demand for media streaming and such, this is where corporate subscriptions could prove to be more useful, although of course at a higher cost. To assert that the elimination of Net Neutrality equates the end of the free flow of information is like condemning raises in corporate taxes as daylight robbery that would end the flow of money in the economy.

- My final two cents here is that I am rather ambivalent to the outcome of the battle, unless the removal of net neutrality does not bring about an improvement of quality of service and additional constructions of infrastructure but rather a reshuffling of bandwidth.

January 7, 2008

- The Internet has its history dated back to 1962, in its early days of postulation of using network as a platform for social interaction and attempts to actualize it through technologies like circuit switching and packet switching.

- ARPANET was the first network built on the concept of packet switching in 1967. Computers were quickly added to this network afterward. One key characteristic of ARPANET that remains central to the Internet to this day is open-network architecture: service providers retain the autonomy in building their own networks, these networks would be connected to the Internet through gateways that simply act as transfer nodes that should not record information from packets going through them and most importantly, “there would be no global control at the operations level.”

- TCP/IP was developed as the protocol to facilitate this transfer of information. - By 1985, the Internet was used as a support network among a community of researchers and developers but not yet extended to ordinary end users. The advent of the NSFNET program made significant contributions to the extension of the Internet through upgrades of infrastructure.

- Besides infrastructure, there are support organizations established and evolved with time to approve and develop new protocols and standards for the Internet.

- The commercialization of the Internet was kicked off thanks to eager co-operations among inventors and vendors alike to develop end-user products.

- Some of the greatest future challenges for the Internet in the future will be how it could be managed to evolve as it was no longer developed by a few dedicated groups of professionals but interested parties from many different fields.

Proponents for QOS cite the need for prioritizing connections, for example, voice streaming should be given priority over other petty file downloads. The current IP infrastructure does not support such capability. However such gains with QOS could be a myth.

The analogy in transportation would be emergency vs. ordinary vehicles. Emergency vehicles do not need special accessories if the road is half-empty; they will get by comfortably. On the other hand, even with sirens and flashing lights, emergency vehicles would not get a way with a tight traffic jam. They work best in moderate congestion.

In the same way, QOS could only bring about great benefit if the utilization of connections is at a fairly high rate. Unfortunately it is a known fact that the capacity of the Internet is ever expanding at a fast rate, unlike ground transportation. The utilization rate is still low, and in any case, expansion of capacity will render QOS useless.