April 24, 2006 | Suw Charman Anderson

Internet Governance and Regulation: The Future of the Internet - and How to Stop It

ORG Advisory Council member Professor Jonathan Zittrain is giving his inaugural lecture at Oxford University tomorrow, 25 April, at 5pm at the Oxford University Examination Schools, High Street (building 22 on the map):

The lecture will propose a theory about what lies around the corner for the Internet, how to avoid it, and how to study and affect the future of the internet using the distributed power of the network itself, using privacy as a signal example.
The lecture will be webcast, with a live stream available ten minutes before the event starts.

[Read more] (1 comments)

April 03, 2006 | Suw Charman Anderson

Unveiling the new ORG logo

Thanks very much to Denise Wilton, Chris Morrison and their collaborators both on and off the Haddock mailing list for designing the new ORG logo. If you want to have a stab at a new WordPress themes, or 'support ORG' buttons, then email me for a zip of all versions.

[Read more] (3 comments)

March 30, 2006 | Suw Charman Anderson

ORG lists down -- but now back up

Unfortunately, we've been having some technical difficulties with the ORG servers over the last couple of weeks, resulting in the Discussion list going down. We are trying to get this fixed as soon as possible. Sorry about the outage! UPDATE: Org lists back up again! We've actually moved the ORG lists on to a new server, so the email address and sign-up/admin pages are subtly different now. Email: -- please remember to change your address books, although the old email address will redirect automatically. And sign-up/admin pages for the Discuss and Announce lists: Unfortunately, whilst we have migrated your subscriptions, we have not been able to migrate your digest settings, so if you were on digest, you'll have to pop back in and reset that. You will also find that your passwords will have changed, but you should have had a new one by email by now (except for the Announce list - you can get that from the admin interface if you need it).

[Read more]

March 30, 2006 | Suw Charman Anderson

Cory Doctorow donates Razr mobile phone

Cory Doctorow, ORG Advisory Council member, famous novelist, copyright activist and one of the driving forces behind BoingBoing, has kindly donated a Razr mobile phone and a signed first edition of his novel Eastern Standard Tribe, to the Open Rights Group for us to auction. We have duly put both together as one lot on eBay, with a starting price of just

[Read more] (2 comments)

March 29, 2006 | Suw Charman Anderson

ORG becomes a provisional member of EDRi

The Open Rights Group has now become a provisional member of European Digital Rights (EDRi), a coalition of 21 privacy and civil rights organisations from 14 different countries. Says the EDRi site:

Members of European Digital Rights have joined forces to defend civil rights in the information society. The need for cooperation among European organizations is increasing as more regulation regarding the internet, copyright and privacy is originating from the European Union.

Some examples of regulations and developments that have the attention of European Digital Rights are data retention requirements, spam, telecommunications interception, copyright and fair use restrictions, the cyber-crime treaty, rating, filtering and blocking of internet content and notice-and-takedown procedures of websites.

European Digital Rights takes an active interest in developments regarding these subjects in all 45 member states of the Council of Europe.

EDRi also publishes EDRigram, 'a bi-weekly newsletter about digital civil rights in Europe' (you can sign up on their home page).

EDRi is planning to have a General Assembly in Berlin early in September, when the current EDRi members will make their final decision on whether ORG can become a full member. We look forward to attending and to getting to know our European counterparts much better.

I think it's important too to keep an eye on what is happening not just across the water in the States, but also in Europe. Bad ideas, and bad legislation, has a habit of travelling, and the concept of geographically isolated policy is old and out of date. What happens in Ireland, or France, or Germany can happen here, and visa versa, so it's important that we become part of the wider digital rights communities.

[Read more] (1 comments)

March 28, 2006 | Suw Charman Anderson

Guardian Changing Media: Digital Rights Management

I was yesterday at the Guardian's Changing Media conference, at which our very own Dr Ian Brown spoke on DRM. These are my notes, cross-posted from my own blog, Strange Attractor. Can digital rights management achieve its security goals? Chair: Nick Higham Dr Ian Brown, UCL (and also ORG) Nick Higham ONe of the things that alarms content owners is what this new technology means for their copyright, their intellectual property, their security. Dr Ian Brown is a computer security researcher at UCL. Ian Brown, UCL I want to limit myself today to "will DRM do everything that they are sold as doing?". There are much wider issues to do with DRM, but I want to focus on this specific area. DRM is an umbrella term for quite a wide range of technologies that give content owners some control over their content. Some control, not full control - you certainly can't expect to put your new Britney Spears CD out and not see it online within five minutes. DRM is also not about copyright, because it goes further than copyright law. Copyright law also varies from area to area, for example there is no right to private copy in the UK, but yet people do it anyway. DRM goes further than trying to prevent this, but can control the way people access, print, and copy ebooks, for example. DRM is present in Windows Media Player, Adobe e-books, RealPlayer, iTunes, etc. French law which is saying that DRM has to be interoperable between platforms, e.g. can't put iTunes music on a third party media player. The basic tech behind DRM is simple - you encrypt the data in a way that is impossible to unscramble directly, even people with the computing power of major western governments. You give the encryption keys to the user via the medium of the media player, e.g. your DVD player has decryption keys so that it can decrypt DVDs. This controls access to the data of the files. The other type of tech is digital watermarking, which allows people to embed information in audio and video files in a way that is invisible to the user, and hard to remove. Can embed information that controls when the media can be used, e.g. can only be played on computer with xyz ID. Also allows the media owners to track who copies stuff. DRM is actually very difficult to do. Making it work overall as a system in the way that content owners would like, is a very difficult problem. Some of the underlying reasons for that: - data is encrypted, but has to be decrypted at some point so you can use it. So at some point your tech has to decrypt it and create an unprotected version of that content. - watermarks can be removed. All of the watermarks that have been created are fairly primitive and have been a failure. People trying to break these technologies find it easy, and there are fundamental reasons why this is easy - if you distribute a file which is on the one hand the same - all Britney Spears CDs that are the same - but have individual bits that are different, can compare and find the watermark. - DRM tries to reduce the functionality of your computer as regards specific streams of data, but old equipment doesn't have the DRM on it, so legacy computers are going to be more functional than new ones. Previous DRM solutions: - secure digital music initiative: was tested against world's hackers, and the hackers won. One research team in Princeton broke all of the proposed technologies. Most sensible companies would have rethought it, but instead STMI tried to sue the academics that had done this work, the conference organisers, etc. The researchers gave a press conference saying that they weren't going to publish the research because their houses are at risk. STMI said they had broken the DMCA. Researchers got support and published the research anyway. - CD protection: several record labels have released CDs that play on your hifi but not your computer. Most of these techs are trivially circumvented - one you hold down the shift key as you put the CD in, or draw a black line round your CD. Would have been illegal to tell you this 2 years ago - now it's only illegal to tell you how to break software DRM. - CSS: broken by a Norwegian teenager who was arrested under trespass law, so the courts threw it out. - Sony BMG (XCP and MediaMax): big news over last few months. Sony BMG installed two DRM technologies, XCP from a UK company and used virus-like technology to embed itself deep in Windows. Very difficult to remove. After a lot of consumer protest, they released an uninstaller, which made things worse, and eventually they released something that did allow you to remove it. MediaMax installed even if you said no you didn't want to install it, and reported back to MediaMax what audio files you use. Sony have had to settle a number of class action cases already. The US govt's said don't install it. Lots of gov't computers infected, so the US gov't not impressed. So DRM is crap. But supposedly it will improve soon. Intel, IBM, HP etc. want to put this stuff into hardware. Trusted Computing. Thinking about all sort of problems of getting round. MS want it everywhere - your computer, phone, PDA, even your watch. - The analog hole is a big problem: No way not to turn digital bits into an analogue version for human consumption. Lots of 'anti-piracy' ads in cinemas because they can't do anything about it. - Break One Play Anywhere: Even if only one person in the world can break it, they'll share it and you really can't stop P2P. Napster originally weren't designed with lawsuits in mind, but now they are and they are very difficult to shut down. Lots of networking technology that will stop this. Some business models that DRM could support: - Live events: you don't care if it's shared the next day, it's live that counts. - Highly select, time-sensitivie audiences, customised information provided to individual recipients, e.g. Oscar judges. Last year for the first time it was found that an Oscar screener was leaked, and the judge who leaked it was fined. Customised data that only needs protecting for a short time. - Highly interactive systems, such as games. Even if someone breaks it, it doesn't matter, because they can't keep breaking it. Very polarised debate. Nick: So DRM is not workable? Ian: Content companies have been mis-sold on this. Software companies have sold DRM as solving problems it can't solve. As people come to understand the technology they see that it's the business models that need to change. Q: I agree that DRM is not unbreakable. But we don't need it to be unbreakable. Can DRM be useful? I would say yes. Ian: Yes, I think your good point is moot, because no one has produced a system that prevents low-quality copies. But it's an anti-consumer technology. There aren't many consumers who have an understanding of UK copyright law. Nick: Consumers are happy to buy low quality. It's not a disincentive. Ian: Early Napster files were very low quality but they didn't put people off. Q: An observations, it's a bit like the war against drugs. Entrenched position. What is stopping people exploring the possibility of radically new business models, and what might thos be? Ian: The problem is that the big rights holders have expended a lot of energy in lobbying to get the law changed, global copyright law has changed, treaties have changed. They got the DMCA passed. The EUCD. US didn't need to pass those laws to fit the treaties, but the copyright holders lobbied for it. There are alternatives, there are indie labels that use non-DRM materials, and the market should be able to decide. Nick: But the trouble is that sometimes the market can't decide. Ian: Well, that's Q: Consumer associations have expressed concerns about the rights of the citizens. Do you think their concerns are misplaced? Ian: No. It doesn't stop at deterring copyright infringers, it also makes life difficult for say, visually impaired people. RNIB gave evidence at APIG and said they have problems with ebooks. Q (me): DRM lobbiests more into supporting vertical niche markets than protecting copyright. Ian: Damaging to copyright law and public's respect for it, this 'newspeak' that goes on around DRM. Industry make blood-curdling pronouncements, conflating opening up standards with protecting copyright which is very damaging. I believe in copyright, but I don't think DRM is the way to enforce it. Q: What about revenue sharing? Ian: I can't talk about it in detail, but it's a positive move. If you have legitimate P2P services, then yes, that might work. This has always been the flip side to DRM - how do you make a business model not from scarce goods, but from abundance. Grateful Dead, for e.g., or U2 find their music is a loss-leader, and they make their money from merchandise.

[Read more]

March 21, 2006 | Suw Charman Anderson

French lead the way on music downloads

French MPs are examining measures that would force the sharing of copy-protection software with the aim of ensuring that any music can be played on any player regardless of format or source:

The French bill says that proprietary copy-protection technologies must not block interoperability between different systems.
Rightly, the French are worried about monopolies. DRM is cast by the industry as a way of stopping 'piracy', but it's blindingly obvious that the most compelling reason for DRM is to lock people into a vertical niche markets - if you have an iPod and you buy all your music from the iTunes Music Store, you become dependent on future iPods and iTunes to play your music. Yes, there are workarounds, but if you've invested hundreds of pounds on hundreds of tracks, burning them to CD and then re-ripping them is not an attractive option. Forcing interoperability would be great for the consumer and, ultimately, I believe it would be great for the industry too. I had a really interesting chat yesterday with a researcher from the BBC's Money Programme about new business models for the creative industries, and it really set me to thinking about where they have gone wrong. The industry's existing business models are based on scarcity - they control production and distribution of creative works, and the value is (or rather, was) in the scarcity of those works. Because you couldn't obtain them any other way, you had to buy them from the producer. New business models will have to be based on abundance. Instead of controlling the flow of product on to the market, the industry is going to have to accept that as soon as they have a product, it's going to be digitised and distributed whether they like it or not. This abundance, this ability to easily copy bits, is not going to go away, and it will never be thwarted by either technological methods or legislation. Instead, business models have to take into account ease of acquisition, value for money, quality, and speed of access. They will have to make their products - including their entire back catalogues - desirable, accessible, high-quality and simple to purchase. Who really wants to faff about with a P2P network and risk getting some nasty malware on your PC if you can buy what you want right here, right now, at a reasonable price? It is my belief that one reason that the creative industries are so far off the path of success in this economy of abundance is a thing called the 80-20 Rule: 80% of your profit (allegedly) comes from 20% of your customers/products. Thus has business attempted to cut out the less profitable 80% of their customers/products. You can see this in the way that record labels focus almost exclusively on their top-selling acts, seek to replicate those acts in their new signings, and dump any band who fails to recoup the costs of their first single (or album, if they are lucky enough to get that far along in the process). This focus on the 20% means that the industry discards the 80%, without ever considering the fact that if they made their 80% more easily accessible, they could turn a decent profit on that too. If you've ever examined the blogosphere or social networking or any of those other web phenomena, you'll be familiar with the power law distribution, aka the Long Tail, another name for the 80-20 Rule. In blogs, it says that the minority of blogs get the majority of links and traffic. The stupid blog commentator thus focuses on that minority, believing that because they get the majority of the Google-juice, that that is where the power is. In actual fact, they should focus on the Long Tail. The majority of area underneath a power law curve is under the tail, not the head, and this is where we get into power law marketing, or niche marketing. And this is where the creative industries are losing out big stylee. Digitise your back catalogues, make them easily accessible, affordable for bulk buying, and you can immediately tap into the sort of format re-purchasing that started in the late 80s when the price of CD players dropped out of the luxury goods niche and people started replicating their tape or vinyl collections on CD. Now people want to replicate their tape/vinyl/CD collection in MP3, but they remember buying CDs of music they'd already bought 20 years before, and they resent the idea of paying full price for it a third time. Unlike CDs, however, bits don't cost all that much to create or distribute, and there is no compelling reason for consumers to pay full price. The technology for digitising music has been created; the technology for distributing digitised music has been created; the incentive for buying digitised music has been created. What more is the industry waiting for? The belief that music is property and that download is theft and that consumers are criminals is pervasive in the creative industries. They have a misplaced faith that DRM is going to solve their woes. Instead, they need to discard DRM and start thinking creatively about how to distribute their music to as many people as possible, and turn those people into fans who will then reach into their pockets and hand over real money for something that has real value. I doubt that they will do this voluntarily, but if this French bill is passed, it may just give them the push they need.

[Read more] (9 comments)

March 20, 2006 | Suw Charman Anderson

Neil Gaiman gets cease-and-desisted

Neil Gaiman, Patron of the Open Rights Group, got a rather clueless 'cease and desist' letter today:

A mysterious communication arrived via my agent. It's a letter purporting to be from a lawyer which, as far as I can tell, seems to be ordering me to take down a link to a website, without actually ever giving the actual URL of the website I am meant to have linked to. The letter also seems to be suggesting that I own or control or have something to do with a website ( that I manifestly don't, as the simplest websearch or WHOIS check would tell you. In addition it talks about me infringing the trademark and copyright, by linking, of a mostly forgotten movie.
Neil's scanned the letter so you can read it in full and appreciate the astonishing professionalism shown by lawyers Branfman & Associates, (Warning! Site plays cheesy music!), who say they "focus on transactions and litigation pertaining to intellectual property", although obviously not all that well. Meantime, Cory points out on BoingBoing the exact flaws in their accusation:
Crazy, confused "lawyers" from the San Diego firm of Branfman and Associates claiming to represent the creators of the "Attack of the Killer Tomatoes" movies have sent a threatening letter to Neil Gaiman, claiming that he linked to their site (he didn't) and that doing so is illegal (it isn't).
And Neil figures out the playground-level logic behind it:
[...] they have probably decided that because the people at put my photo, holding a demonic tomato, up on their site, that I own it. What an astonishingly small amount of research they must do before firing off these bizarre letters.
Ironically, Branfman & Associates are located at 12750 High Bluff Drive, which is about all this letter amounts to. Also covered by MetaFilter.

[Read more]