Good copy, Bad copy

Escrito el 18 de June de 2007
Escrito en Uncategorized | Dejar comentario

This short post is just to recommend one interesting video I just found, called Good Copy, Bad Copy, about the current state of copyright and culture.

The link to this video is http://www.goodcopybadcopy.net/

I think that all of you will find it interesting

Google and Street View photographs

Escrito el 18 de June de 2007
Escrito en Uncategorized | Dejar comentario

Some people are starting to think of Google as a new Big Brother, an entity that knows what kind of searches we do in the Internet, and with that information, is able to know our tastes. New services like Google Street View are raising this kind of concerns. Using this service enables us to view far more than a simple aerial or geographic map. Now we can find and spy real people walking in real streets, and that seems like a problem for some of this people. 

Since this service started, some communities tried to find interesting photos, as happened in Google Earth and Google Maps. There were even photographs of girls showing their underwear while entering their autos, and they were available to internauts who knew the coordinates of this photograph.

Nevertheless, not all people who don't want to appear in Street View are in the same situacion, but they still have their rights. This position is shared by Kevin Bankston, lawyer of the EFF. The problem came when he found that Google included the need for an ID, which was used to identify who was asking the take down of one particular photo. Kevin stated that he prefered to leave the photograph alone rather than sending Google his ID.

Now it seems that Google has changed its policy, and now this document isn't a requirement for this take-down notice. With this story it becomes apparent that Web 2.0 is creating new cases where Law, rights and innovation collide in some interesting ways.

Nobody gives money for free

Escrito el 18 de June de 2007
Escrito en Uncategorized | Dejar comentario

If we have to stablish which fact has helped scam and phishing in the Internet, we can avoid Social Engineering. Sometimes we want to believe that one message is completely true, even if the most realistic answer is that it's not (like Mulder's poster: I want to believe). As you can check in Extra Content, some of this phishing schemes are  perpretated using similar or the same design as the legitimate messages, trying to make receptors think they have received a message from Ebay, Paypal or any other enterprise. They even include warnings against phishing, so it's hard to think we are in front of a false message.

Scam uses problems in some underdeveloped countries, death of rich men without heirs, or presidents trying to take their money out of war zone. They ask for our data and bank account, and most times, for a little fare of a few hundreds, just to pay for transaction expenses. The problem comes when we pay this money, and we don't hear from them again.

Today, while checking my mailbox, I found another scam message, based on some old news. This message uses a combination of true data (accident, and the person who died in this accident). Mixing truth and lies our history now seems completely true if we don't think for a little while. They even choose a man whose wife and son died in the same accident, helping his story raise its credibility.

While I was searching for more information about this particular scam, I've found some good news regarding scam: more than 100 people have been arrested for participating in Internet fraud in Amsterdam. When we receive a mail offering us millions of dollars (or euros, for that matter) for only about some seconds of our precious time, we must know that if something looks too good to be true, it probably isn't true.

Virtual worlds, real rights

Escrito el 11 de June de 2007
Escrito en Uncategorized | Dejar comentario

Sometimes it's not that easy to say what's the difference between our imagination and the real world. This fact has been explored in books like Don Quixote or Alice in wonderland, and in movies like the recent Pan's labyrinth, where the director uses special effects and makes a call for our imagination, so that we can't really know if fairies did appear indeed in this movie, or it was just a dream.

Internet added a new medium to this problem. In one hand, we had our perfect real world, where we live, work, and spend our money. In the other hand, we have a virtual world, where impossible is just a click and a few seconds away. We usually try to keep this two worlds apart, since it wouldn't be that nice to start shooting our lasers at invaders from mars, or rescuing our bride from an ugly evil troll who keeps her in a dark dungeon. Nevertheless, computer had an advantage, we could simply switch our computer off, and there it goes! Everything is forgiven, what is done in our little virtual world, remains in our little virtual world. But this changed a while ago.

There are many online servers where this magical switch doesn't exist anymore, so that our egocentrical needs aren't the most important fact now (the virtual world doesn't needs us to live), and one of the best examples are persistent worlds. In this kind of world, our computer just connects to a huge server, where a world goes continually, even while we are not connected. If we simply add some concurrent users to this new cocktail, we can create a Massive Multiplayer server. Now our actions doesn't involve only ourselves, we can steal, kill or do whatever we want with other players, create new communities, or even work at a new job (who hasn't thought about becoming a dwarf blacksmith?). We can even affect real world, by selling items we acquire in-game, so the frontier between real world and virtual world, seems to disappear. If we take this in account, what is now real? And what kind of rights does our virtual-self have?

We will take an example using World of Warcraft (WoW for short), one of the best known MMORPG. This world enables us to create an avatar, a way to display our intentions and personality in this world. This avatar can raise level and abilities, but we need to invest our time to do so. First levels are piece of cake, but once we raise to higher ones, it starts to get more and more difficult to find enemies and enough experience to get stronger. Since this time wasted in the game gets bigger and bigger, some players decided to play as this tired gamers, so they could raise levels spending their money instead of their precious time. Money, weapons, levels, anything could be bought. This new players started to get more and more coordinated, and now we can even find companies using third-world handwork for their activities, one of which is Internet Gaming Entertainment (IGE). In Wow, this kind of activity isn't allowed, but it's hard to be completely sure there is some gold farming going around involving a player, but the company in charge tries to block accounts involved in this activy.

Nevertheless, this company has continued its gold farming, and so much money has been gathered this way, that the money in possession of legal players have been devaluated. Like in the real world, when there's too much money, its price starts to get lower and lower. This is a bad result, but it happened in this virtual world, so there's no problem, right? Well, according to some players, it isn't.  A player has filed an injuction over IGE for their gold farming activies in WoW world . A virtual infringement, but that will get judged in a real Court.

Now, another case, involving the also known world 'Second Life'. This world has some similarities with WoW (persistent world, multiplayer), but there's an important differente. Linden Labs, the company in charge of this world, allows and even takes part in negotiations involving games' items and real world money. Here, our activities do have a real effect in our world, I think all of you can see it. Well, the problem here appeared when a player got some land using a known bug of Linden's servers. When this was discovered, his account was blocked, applying Second Life's Terms Of Use. But it seems that this player, a lawyer with some free time on his hands, doesn't agree with this actuation. He filed an injuction because of his possession rights of this virtual land, that was answered by Linden Labs, who asked for the dismiss for lack of jurisdiction and presented a motion to compel arbitration. This has ended with a Pennsylvanian Court, denying Linden Lab's motions. The interesting part of this case is that there's no real land, just a few 0 and 1 in the central servers. Nevertheless, and as we can find in this documents, the items are virtual, but the dispute is real.

Lawyer's concern about how to regulate virtual trades is also getting bigger, as we can find in documents like these one, a very interesting document about how to tax virtual world actions. If its items have a real cost, they should be taken in consideration. Of course, if we can have any kind of reduction using this, I hope to get informed. 

And to finish this post, I want to talk about the new Internet Spyware Prevention Act (ISPY), that has been proposed to take cybercrimes under RICO Act jurisdiction. This new law takes cybercrimes in consideration under the same law as organized crime , and will involve actions like DOS attacks, zombie networks, and similar activities produced using illegal accesses to machines. 

I think that this topic is quite interesting, and hope to be able to develop it in a more extensive manner. If Law and IT really have some point in common, it must exist in one of this Virtual Worlds.

How would you feel if your neighbor knew your income?

Escrito el 6 de June de 2007
Escrito en Uncategorized | Dejar comentario

There are times when we win so much money that we want our neighbors to know. We buy big cars, big Tvs and other gadgets just to show off. Our gardens are greener, and we want everyone to see. But not everyone would like that another person knows their income, even more if it's not too high of course. Most people think of this as a private data, whose access must be controlled and only approved  when there's a justified reason. In some countries, like Spain, there are Data Protection laws, which regulate the way and procedure used to access this kind of data. Nevertheless, laws aren't the same everywhere, as we can see when we are talking about how each country protects data.

Today we are talking about Sweden, where personal income is public information. You can check anyone's income by personal request to the National Tax Board. One of the stated requirements is that you must ask for it in person. This way it's easier to control the access to their database, but things started to complicate when some companies implemented services which enabled people to access this information online and anonimously.

Ratsite.se is perhaps one of the most known examples of this kind of service. Since its opening in november, it has gathered over 600.000 registered users and 50.000 daily searches. Ratsite provided a free of charge and anonymously way to check credit information, and many people used it because curiousity is a strong guide for our behaviour. The possibility to know in just a few seconds more about their friends (or enemies) helped this community grow. There were so many queries that the National Tax Board decided to react to this abuse. Even though we are talking about public information, access to it should be limited to motivated ones. This tool mustn't be used as a way to find a good laugh. We all have searched sometime for a friend's name in Google, and we found lots of interesting information (perhaps not so interesting), but this is a different situation. We are talking here about accessing a very particular data, whose access is regulated by Law. This is why it was decided this way of offering this service couldn't be no more.

Starting 11th June, users whose data is consulted will be notified by mail of who checked their information, in a way of trying to stop this abuse. Losing their anonymousity, and with the possibility of letting their ID known to the people whose information they access, some people won't just check profile over profile without stop. This way queries won't be anonymous, with the exception of companies' legitimate credit checks for commercial purposes. We must add that this kind of searches will also stop being free, so if you want to search, you'll have to pay. Webpages offering this service, including Ratsite, have voluntarily adopted this measures, since the National Tax Board threatened to stop electronical access to the database.

As the National Tax Board spokeswoman stated, their obligations included supplying this information, but not that it must be accesible through the Internet. Time is very expensive, and losing the possibility to access this kind of data through computer means is a very strong threat.

Japan and Copyright: The dangers of sharing with ourselves

Escrito el 31 de May de 2007
Escrito en Uncategorized | Dejar comentario

Japan is well known for its technology industry, which is one of the most advanced in the world. The problem comes when we find that japanese legislation isn't as 'modern' as its technology.

Of course Laws can't adapt instantly to society changes. Nevertheless, it's a must to correct and improve them as fast as possible, so we can avoid situations that shouldn't be accepted. Laws must adapt to society changes, and they do, but sometimes their evolution is so slow, they are a few steps back from where they must really be.

In Japan, copyright protection normative isn't as flexible as the european laws are, and the same goes for IT hosting companies' responsibilities. This aspects have become evident in a recent case, where it was stablished that a company could be responsible for a potential copyright infringement. But first, we should take a look at the situation that created this conclusion, so we can find out what is interesting about this particular case.

Japanese cellphones are very advanced when we compare them to european ones. When we had simple cellphones, with alphanumeric screens, they already had high resolution screens, with polyphony tones, nice cameras, and many more extras. Even now, the best phone here can't compare to some of the cheapest ones there. This kind of evolution in technology helped to create new possibilities, new services, and a new world for entrepreneurs using their mobile phones (as happened with the Internet). New and faster cpu's for cellphones enabled them to play high quality mp3 and similar files, even while streaming them. Some companies found this very interesting, so they tried to find how they could get some money out of it.

One of these services is the one provided by Image City, called MYUTA. Using this service enables us to upload our songs to a private account in their servers, so we can then hear these files from almost anywhere using our cellphones. The diagram in this post shows how this service works. We create a file using our computer, upload the file, the server encodes the file, and then we play it from an authorized phone. This way only we would have access to this file from our phone, so there shouldn't be any public communication here, since we could say we are just 'sharing our own created content with ourselves'.

Even though in some webpages we can read that Image City has been condemned, it isn't completely true. The reality is that this company asked for a declarative judgment, where it would be stablished that you couldn't potentially infringe any copyright by using this service, so there would be a certain security while continuing their activity. But in the end, the results weren't what they thought. The High Court of Tokio rejected Image City's claim since this service is able of copyright infringement.

The reasoning of this rejection is based in how this service works. We upload our music files to a company owned server, to our private account. This upload is considered as a communication to a third party (the company), even while the company declared that only users had true access to the files. Since the files were hosted in Image City's servers, it was the company that transmited the files, and not us, so it was an almost impossible task to be sure the receiver was the person they thought. Of course the company had proactive measures, so they could control how the content was accessed, but the person receiving the file continued to be an unspecified individual (or even a group, who knows what they will use the file for).

Another fact we should take in consideration is that this server automatically encoded the files we uploaded, transforming the file so we could easily hear them in our cellphones. This encoding could be interpreted as a modification of the audio file without authorization (they aren't the legal owners, it isn't really us who are encoding the files to use them, at least from their point of view), and could be a reason for copyright holders to sue the company.

If this interpretation is considered completely true, other services like Yahoo Briefcase and .mac could be sued for potential copyright infringement, since the service offered is of the same nature. This kind of problems won't help the evolution of new possibilities for mobile services.

If you know japanese, you can consult the original decision in  http://www.courts.go.jp/hanrei/pdf/20070528141551.pdf or read an article about this case.

Is there any really effective DRM?

Escrito el 29 de May de 2007
Escrito en Uncategorized | Dejar comentario

Copyright owners are becoming more and more concerned about how consumers use their creations, making illegal copies, or sharing them through P2P networks without their authorization. This concern has grown even more now that there’s a computer system in almost every home. CD and DVD recorders are now so cheap, that there’s no difference at all between the cost of a simple reader and a CD/DVD writer. This new changes in IT society has helped develop a new concept: DRM (Digital Rights Management).

Even though some of you may not know this concept, you may be more familiar with CSS (Content Scrambling System), a DRM used to copyprotect DVD movies. Thanks to CSS, we shouldn't be able to copy content protected with this powerful system. Nevertheless, this new system was circumvented by DeCSS, a very simple (and little) program which made users able to make copies of their CSS protected content.

Although this security measure wasn’t really effective anymore, public powers were aware of this kind of programs, so they had them condemned in DMCA and european normative, where it was stablished that using programs specifically designed to circumvent copy protection systems would be condemned under Intellectual Property Protection Laws. We could now think that DeCSS is an illegal program, but this wouldn’t be completely true according to an unanimous sentence from a Finland Court, that ruled it isn’t illegal to use a program to eliminate CSS protection schemes since this measure isn’t effective anymore. But, what does effective mean?

If we apply the Digital Millenium Copyright Act (DMCA) 17 U.S.C. § 1201 an effective measure is the one that in the ordinary course of its operation somehow restricts the access to or the exercise of copyright in the work. It seems to be enough that the copyright owner intends to protect the work with a technological measure, no matter if consumers can easily circumvent the measure. Nevertheless, we have quite a different approach in the new European Unicion Directive regulating Intellectual Property. In its Art. 6.3 we have a new definition, where one measure is effective when the use of a protected work or other subject-matter is controlled by the rightholders through application of an access control or protection process, such as encryption, scrambling or other transformation of the work or other subject-matter or a copy control mechanism, which achieves the protection objective.

Now we have a problem, what can we interpret as 'widely available'? And is there any really 'effective measure'?

Stablishing the number of copies of one program available is an almost impossible task. When we are talking about the real world, we can observe that in drug or fake money investigations we can easily stablish the amount we are talking about, so we can find out if it’s relevant under Penal Law. But that’s not so easy when we are talking about the Internet. Using our own Pcs we can create perfect copies of software and audiovisual content, virtually identical to the original. We can then share our copies from just one website (but many users can download this one copy), or we can copy and share it with our friends (an ambit where we can’t find logs). This immateriality difficults our need to know how many programs are really shared through the Net. If this is so hard, what can we use to stablish the number? Some Online Crawler results? This way wouldn’t be too effective, since some webpages block access to netcrawlers so they are hidden from the general public.

It’s true that today i can go to my favourite search engine, type “record DVD” and find many programs to be used in my computer (even while using alternative OS like Linux or BeOS), but we could say the same about almost any copyright protection measure. It a countermeasure exists, it can be found in the Internet. On the other hand, we don’t even have to access the Net, they were already famous many years ago. Who doesn’t remember those old copyprotected diskettes recorders? In only one disk they were able to copy programs and games which were protected from our typical ‘diskcopy’. Even at schools boys shared their programs with their friends, so we could talk about ineffective measures in a strict away in these situations too. I find more questionable another interpretation, the one that talks that this ‘uneffectiveness’ can be only applied to software obtained through the Internet, and not to hardware specialized devices (like signal regeneration devices for our ‘old’ VHS). This interpretation follows stablishing that the use of this kind of devices can’t be done without knowledge that there is an anticopy measure stablished by the copyright owner, making it impossible tu use this principle. Nevertheless, when we use a program like DeCSS and many other clones that exist, we most times know we can’t create a copy without using these program thus stablishing our effective knowledge of the DRM measures. There are some programs that have big warnings about ‘hey, you are going to copy a copyright protected content. If you want to continue, you better have authorization”. Does this mean the measure is more effective? It’s still easy to find how to create our copy browsing for a little while.

As a computer engineer, I’ve found many different implementations of copyright protection schemes, but we all know that there isn’t any DRM able to survive eternally, it's just a matter of time. When engineers create a perfect DRM system, some internauts create the way to neutralize it, as we can observe from the HD-DVD DRM. This case was a little different, since companies tried to block the keys known to the general public by changing them. Nevertheless, this measure was born dead. Temporal effectiveness was negative in this case since the keys were made available even before the new movies hit the shops.

It’s just a Court sentence, and it doesn’t stablish any jurisprudence, but it’s quite interesting though. We’ll have to checkout how this case continues.

Online Censorship approach

Escrito el 22 de May de 2007
Escrito en Uncategorized | 2 comentarios

Internet Filtering and which technical procedures are the best to be used to control the information is one of the subjects I've been quite interested since my days in computer engineering. Internet's design and how its protocoles work makes it hard to create a way to fully control any possible way to access one specific webpage. Anonymous proxies, spoofing and other ways are used to circumvent this security measures. When engineers create a better control system, users find a way to simply go around it. Finding a way to control all network queries, while trying not to affect navigation speed is quite a big problem from a technical point of view.

And today, While I was surfing the Net, i found a very interesting post written by Dr. Urs. Gasser, discussing the best way to approach to Internet Filtering. And this arises a big question: Where does the public right of access to culture end?

The problem is that while Internet is globalized, which means that without control any person from anywhere can access the same content, laws regulating culture access aren't. Even today there are some groups where rights aren't completely stablished and freedom of speech and access to culture is completely controlled by the Government in charge. In some countries, access to culture is even used as a political tool, so free access to the Internet is often seen as the enemy to beat. The one who controls the information, can control the world, as we could say.

While it's true that some control must be applied to the Net, at least for major infractions, we can find lots of different approaches depending on who has the power. As we can see  in some countries' profiles from the OpenNet Initiative, the approach to Internet control isn't the same everywhere, sometimes using ways  that can't be globally accepted. Nevertheless, the problem isn't only found in countries far far away, as even some some European Union proposals have been interpreted as a way to stablish censorship. People think of Internet as an anonymous way to access any type of information they want to, so an approach to some kind of control over the content accessed isn't only a technical problem, it's a political problem too, trying to make it clear to the internauts that they won't be monitored by the Big Brother.

Even more intestesting is the analysis using only 6 basic questions that Dr. Urs. Gesser and St. Gallen Research Center have come up:

  1. Who is obliged or committed to block of filter content?
  2. How do the obliged actors become aware of the content that has to be blocked?
  3. Who determines what content has to be blocked, and how?
  4. What technical means (such as, e.g., IP blocking, URL filtering, etc.) are used?
  5. What are the procedural requirements and safeguards in the filtering process?
  6. Who sets the rules, under which conditions?

Here we have a concern about technical and political approaches. We must think about the bandwidth taken by some control systems, and the connection delays created by others. Completely controlling all connections from one country isn't easy. And who will pay the bill for this control? ISPs have constantly stated they don't want to be the police, although some times have blocked access to some webpages while in a Penal procedure.

Even though it isn't exactly the same case, in Spain we had a transparent proxy for a while, which was used to speed up connections to webpages. The problem came when the proxy couldn't control all connections and sometimes crashed. This happened with only one ISP (Telefonica, the biggest in Spain), so now try to think what could happen in countries with more clients, and more connections to control. The cost in infrastructures will be very big, and the time and effort needed will be huge. First of all, we should find an effective way of IP load-balancing in this kind of approach, and then develop new laws according to them.

This said, I think one of the biggest problem isn't the approach but time. Most of the political measures are decided based on the time needed, so that they can be finished while they are in charge. A change like this will need a little bit more than a few years for sure, so political groups should see this not as a disadvantage, trying to take it down since it was approved by the other group, but as an advantage for the general public. Not an easy task, that's for sure.

Nevertheless, the questions are quite interesting, so I'll have to take some time when I finish with exams (as a teacher and as a student) to look into them.

Bittorrent user loses appeal

Escrito el 21 de May de 2007
Escrito en Uncategorized | Dejar comentario

Legal procedures are often used as a kind of menace against general public, trying to make the dangers of using P2P networks clear, so that they stop sharing their audiovisual libraries. Most times it's just a blind warning, without any real Law to use against users. This can be observed in countries like Spain, where  one Attorney General Circular stablishes how IP laws must be interpreted, excluding acts carried by private users for private use and not for profit purposes. The same exception can be found in the new European Directive about IP.

Sometimes, one of the most important characteristics of Penal Law is forgotten. Penal Law is ultima ratio, which means it's only applied when we are talking about major infractions, so it can't be used everytime one side wants to. We must remember that a Penal Law procedure can finish with a prison sentence, or in some countries, even death sentences, the most powerful attacks against individual rights, so there must be some control over the possibilities of using this kind of procedures.

The problem comes when we analyze the situation in other countries like China. Their Laws are quite different from ours.This country is now quite concerned about copyright infringements, even though China is the traditional home of bootleg creators, and this fact is creating a huge rising in the number of legal procedures we can find and study. One of the most known cases is the one involving Chan Nai-Ming, a bittorrent network user. He's the reason of this post, since the Court of Final Appeal has ruled out his appeal, and his sentence has been upheld. Because of this decision, Chan Nai will have to finish his 3 months in prison sentence, caused by sharing only 3 movies using bittorrent's network.

Ricky Fung, the body’s Chief Executive Officer said, “Those uploaders and downloaders who wish to rely on the grey areas of the law will have no more excuses". The problem is that applicable laws aren't the same in each country, even though Internet is the same for everyone (if there isn't censorship). I don't think that a sentence in China will make a lot of Internet users stop using P2P networks. Obfuscated IP connections and encryption will help to stay anonymous, so it will be very hard to attack real infringers.

Nevertheless, we must remember that in some countries there are legal uses of P2P (like private use copy), so learning IT related Laws is a must for Judges and Courts.

Online ads and privacy

Escrito el 14 de May de 2007
Escrito en Uncategorized | Dejar comentario

Internet is a new and profitable market for publicists, where they can offer a wide range of products to a huge number of potential users. Technology evolution has helped too, creating new ways of using the Internet, like what we can call 'personalized ads', ads that have the public known interests' in mind. The problem comes when we consider where does communication privacy concept start. Of course it's easy to find out that this kind of publicity has lots of advantages, as ads will involve the interests of their public instead of being generic-oriented.

Many of you may think you have never suffered any personalized ad, just a few annoying popups, but that's not the truth. Reality is that you probably have seen some, even without realizing it. It's easy to stablish this fact as reading Gmail's Terms of use, and specially point 8, that says:

"Advertisements. As consideration for using the Service, you agree and understand that Google will display ads and other information adjacent to and related to the content of your email. Gmail serves relevant ads using a completely automated process that enables Google to effectively target dynamically changing content, such as email. No human will read the content of your email in order to target such advertisements or other information without your consent, and no email content or other personally identifiable information will be provided to advertisers as part of the Service."

I know that just a few people read those long terms of use before accepting them (bad boys), but they are there for a reason. In this point, Gmail tells us they will be sending ads related to our mails' content. Yes, it's true they are using an automated process, but inside all those mails  they are processing, there could be some information i don't want anyone to know. Of course, there were some other services like Google Web History. The problem grew when Google and DoubleClick joined, now controlling a huge percentage of online ads. Now, Google with their automated processes, and DoubleClick for their ads, could potentially have access to privacy data, protected under the Law. That's what made some associations to file a complaint with the FCC regarding data protection.

All this post is just an introduction to a very interesting article in the New York Times (free register) about Online Ads and privacy. This article could be summarized using Jennifer Granick, executive director of Stanford Law School Center for Internet and Society, words:

"But there are huge costs, and many dangers. To approach individuals with customized advertising, you have to know who they are. Or at least, you have to gather enough personal information about them that their identity could be easily figured out"

Página siguiente »