InfoTech & Public Policy

In class last week, we talked about the use of geo-location technologies with respect to directing emergency calls of someone using VoIP. A little looking into how these technologies are available and what they’re used for, and it seems that there are applications to many of the topics we’ve talked about this semester. When so much of the problem of internet governance stems from the anonymity of internet users and the ease with which internet traffic can transcend borders, knowing the location of an internet user changes the game.

First, let’s take a look at the geo-location technologies currently in use. A large part of the software used now is available from proprietary providers such as Quova and Digital Element. This proprietary software is based on determining the location of a particular IP address. This information has to be gathered by analyzing the locations of IP addresses all over the world. Note that while there are ways to conceal location (such as using a proxy server), the software can flag internet users who are doing so. Interestingly, another mechanism for determining physical geo-location without using IP addresses was patented in September, 2005. The patent holder: the NSA. The NSA website briefly profiles its “Network Geo-Location Technology” which as described here measures latency to build up a network latency topology map. This map can then be used to look up a computer based on the time it takes to connect to that computer. (This system can also be avoided using some kind of proxy service). The patent on this method of geo-location is one which the NSA has made available to be licensed for industry use.

Consider some of the possible uses for geo-location technologies (some taken from this article and the websites of Quova and Digital Element): Credit card companies or banks can use this software to detect fraud. Gaming operators can adopt this technology to comply with laws regarding trade practices over international and state borders. Sites such as eBay can use this to restrict which products are available in which locations (think Nazi paraphernalia and France). Hosts of digital worlds could keep track of the international transference of real money through in-game assets, and online providers of digital content can use it to comply with contracts that require them not to broadcast shows in certain areas (according to this article, major league baseball is a Quova customer that uses the product to make sure locally-broadcast games don’t lose their exclusivity by being unconditionally available online).

Aside from all of these applications for law enforcement, the companies that offer geo-location software market it for its ability to improve the user experience of the web. Namely, they cite the advantages of being able to give a user local search results, for example to guide a user to a store closest to them, and to target online advertising (ad-serving is currently the most common use of geo-location technology). Digital Element’s website claims that 25% of all Internet searches are local in nature, and that targeted ads have been shown to sell up to 30-40% more than general ads. Even if these numbers are exaggerated, it’s hard to argue that such location technologies have value to advertisers, search engines, and others.

The problem with geo-location technologies is that there’s a fine line between using general geographic data add desirable features or to make sure border-dependent laws are enforced on the web, and infringing on privacy and collecting personal information. Depending on the edition of Quova’s software, information obtained can be anywhere from simply geographic information in the basic edition up to much more in the security edition (“geographic information and confidence factors, demographic information, connection type, connection speed, IP routing type, AOL flag, ASN, carrier name, top-level domain, second-level domain, registering organization, a list of anonymizing proxies, hostnames, and routers”), and the services offered by Quova includes a variety of audit services for data collection (marketed as a means to help online business owners manage their business). We have to ask how much information should be available, and to whom.

While the current capabilities of both systems do raise questions about privacy and information availability, the question really comes up when we consider potential improvements on these technologies. While for marketing uses (among others) being able to locate some user / IP address to a general geographic area is sufficient, there are certainly other uses that would benefit from more exact geo-location technology such as emergency service for VoIP users, or the ability to more exactly locate someone committing fraud. The downside is that in different hands (or even in the hands of law enforcement officials depending on your point of view), the ability to accurately locate anyone using the internet is a dangerous tool, certainly one that you would not want to be commercially available. Using proxy servers may be an effective method of avoiding being located, it would also means the loss of all the positives of geo-locating technology.

The applications and benefits of geo-location technologies are quite substantial, and potentially provide a means to deal with many of the policy-related issues of internet regulation we’ve discussed this semester. As the technologies develop however, care needs to be taken with respect to the capabilities of such software available through general distribution.

In this post, I want to address some of the issues related to new digital distribution and place-shifting technologies that were discussed in class last week. While these technologies certainly will be affecting and changing the way that people watch TV, I’m not sure they pose such a strong threat to the broadcast industry.

To begin, there’s reason to believe that the demand for some of the new place-shifting technologies (like sling-boxes) won’t be that high. As was mentioned in class and in Andrew’s post, TiVo wasn’t nearly as widely adopted as was expected, and a significant majority of TV viewing is live. I expect the customer base for something like the sling-box would be significantly lower that TiVo – limited to the technology savvy few who would rather buy and play with a new device than pay an extra cable bill, or the businessman who spends a lot of time on the road.

Secondly, regardless of the new technology available, there’s a certain degree to which live broadcasting (commercials and all) just isn’t replaceable. Devoted OC watchers are still going to want to see that new episode when it comes out on Thursday night, Yankees fans will be there watching that game as it’s being played even if it means they can’t fast-forward through the commercials, and the news just isn’t as current if you record it and watch it later. While the possibility of digital distribution may mean that it’s more difficult to locally target advertising, an audience watching TV online would be a good target for advertising online products, and viewers may be willing to give their location in order to get local programming, news, weather, etc., enabling targeted advertising too.

Additionally, the new technologies, such as digital distribution, if taken advantage of by broadcasters, could provide opportunities to profit that weren’t available before. The networks that have made deals with iTunes, or who otherwise choose to make their content available for sale online take advantage of consumers who want to own an episode, but don’t have TiVo, or aren’t willing to pay the 60 dollars for the whole season on DVD. Price discrimination could be used to offer higher-priced, commercial-free versions of episodes to viewers who find the convenience worth the extra cost. The internet also means an expanded possible viewer-base. Plus, in general, the demand for high-quality programming isn’t going to decrease. If it takes big networks to produce the type of show viewers want, and the demand for that programming is there, consumers may be willing to pay more for their monthly service.

To shift to a slightly different topic, I want to discuss briefly a couple of the implications of implementing a broadcast flag that might not be immediately obvious. Firstly, the wikipedia article on “broadcast flag” points out that the law effectively prevents individuals from building their own receiving devices, and that a hardware rule is itself not sufficient. GNU Radio, for example contains open source software to facilitate the creation of software defined radios. The GNU Radio site even provides instructions on how to use their software to record and demodulate HdTv signals.

An additional consequence is that it is likely that broadcast flag legislation would not be limited to video content. Specifically, since the broadcast flag legislation was introduced, the RIAA has fought to have the idea extended to digital radio too, leading to the introduction of the Audio Broadcast Flag Licensing Act of 2006. Such legislation is opposed on the basis that it limits the Fair Use provisions of US copyright law, requiring explicit authorization rather than seeking to stop illegal activity (see article). In general, broadcast flag legislation needs to be considered based not only on the immediate consequences it would have for device makers (both hardware and software based), but also on the precedent it would set. While I would have been skeptical of broadcast legislation to begin with, these additional implications certainly make it even less attractive a solution.

In this post I want to discuss a bit further the tradeoff between security and functionality, and the suggestion in class and in other blog posts that concern for security (perhaps prompted by making a consumer liable for security breaches on their machine) might lead to demand for simplified, more secure systems.

In another computer science class early in the week, a professor of mine asserted that one of the reasons that Java applets did not take off as an alternative platform to Windows was that Sun did try to deal with security, and the resultant limitations were frustrating to applications developers. A quick search on “applet security” led me to the FAQ page on Applet Security provided by Sun. Interestingly, the page begins by explaining that “The goal for the JDK is to enable browsers to run untrusted applets in a trusted environment. Our approach is to be conservative at first, and to add functionality when it can be added securely…” The very first question on the FAQ list is “What are applets prevented from doing?” It seems then that in developing its technology, Sun was aware of the choice between functionality and security, consciously chose security, and that users’ first concern is what it can’t do as a result.

I think the limited success of Java applets is just one case that illustrates that more secure systems will not rise out of demand in the market as it is. The result is that legislation is needed if a market is to arise for more secure systems and as Scott discussed, making users liable would be one option. While I do think liability would increase demand for security, I’m not convinced that it would effectively open a market for systems of varying security and functionality.

A first hesitation is that it would not be desirable for either software producers or consumers to have too many options with varying degrees of security and functionality. For the producer, it would be costly to have a wide range of options (unless there were features that could be easily “turned off”, with the immediate result of creating a more secure system). Users without much technical background would likely want to be able to make a purchase knowing they were getting a fairly secure and functional and secure system without having to understand or choose between too many options.

An additional problem is that the strong preference in today’s market for functionality over security seems to indicate that even if liability makes a secure system more desirable, there is a certain extent to which most users will be unwilling to compromise functionality. The result would be a demand for simply more security, a demand which could be satisfied either by software companies offering systems with extra security features at an extra cost, or an increased market for independently sold anti-virus or other security enhancing software. The problem is that both require that users pay more. Certainly we want to a void a situation in which those who end up being held liable for security breaches are those who did not have the money to spend on extra security.

Before advocating liability as a solution, we need to ask how willing the average consumer will be to sacrifice functionality. If the preference for functionality seen to date would hold even if users were responsible for security, liability may not produce the solution we’re looking for.

Thus far, most of our discussion of network neutrality has focused on the issue of whether current broadband Internet Service Providers should be able to limit or charge for the use of their networks. I would like to bring a slightly different perspective to this discussion by focusing on the effects of potential network neutrality legislation on the development of new, ultra-high-speed networks and the applications that might be dependent on such architectures.

As introduction, I would like to speak briefly about Internet2, and the Abilene Backbone Network. Basically, Internet2 is a consortium led by over 200 universities (including Princeton) partnered with over 60 major companies (including Microsoft, Warner Brothers, the RIAA, etc.) intending to create a super-speed computer network to be used to facilitate research and higher education. The Abilene Network, the infrastructure currently used is at 10Gbps (which one article estimates to be about 1,000 times faster than today’s commercial internet). This article speaks about recent demonstrations of this technology at “Internet2 Day” held on March 23^rd at the University of Alaska. The demonstrations included “Performance Beyond Place,” which included a percussion duet, with one performer present in Alaska, and the other visible on a projection screen (actually playing in Los Angeles), and a string quartet playing from Miami Beach.

The existence of such developing technologies indicates that the infrastructure currently in place is not likely to be all that is demanded in the long term. As such, in discussions of network neutrality, it is necessary to consider not only the implications for the broadband ISPs and content providers currently in place, but also for those that are still under development.

A major goal that has been kept in mind through many of our discussions this year is creating policy that will promote innovation. If we wish there to be continued expansion of infrastructure with capabilities beyond that of current broadband internet (such as the Abilene Network), we need there to be incentive to provide it. If an ISP is required to have a totally neutral network, surely the incentive to be a provider is diminished. On the other hand, we also need to provide incentive for the development of applications that could take advantage of improved infrastructure, and surely knowing that they would need to provide all the infrastructure for their applications (if other providers had complete property rights to their networks) would be a strong disincentive.

When the infrastructure itself is a new technology and its developers seek customers who will pay to be wired, a solution in which applications developers pay the service provider seems as thought it could be mutually beneficial; the creators of the infrastructure gain more customers since users will have more incentive to become wired, and the creators of the application gain because they pay to have infrastructure put in place, but save from not having to do it themselves.

In summary, an effective policy toward network neutrality will not discourage development either of new infrastructure nor of new applications by content providers. A solution in which a service provider can charge for the use of their wires could satisfy this condition, and could still contain provisions to ensure a good degree of network neutrality – such as requiring the service provider to make their networks available (at a price) to any content provider, and by not allowing anti-competitive behavior.

In my post, I would like to continue the discussion of the regulation of online gaming. As has been discussed in class and in previous posts, a major issue is whether regulation is appropriate when in-game events have consequences in the real world. Specifically, I will focus in this post on the regulation of economic transactions that involve virtual worlds, transactions which increasingly have real-world impact as games such as Second Life enable currency exchange between in-game currency and real-world money, and the purchase and sale of in-game property for a real cost.

I think that a reasonable approach to dealing with regulation of virtual worlds is to make a clear distinction between in-game and out-of-game transactions and to regulate each in their respective domain. Though some of the points regarding the difficulty of regulation cite the overlap between in-game and out-of-game transactions, I think that such a distinction is possible and wish to defend the feasibility of regulation on these lines.

The current regulations as they are seem to support such an approach. In terms of the purchase of property or goods, this would mean that the only thing subject to out-of-game regulation (such as income tax) would be the difference in value between the (real) money put into the game and the money taken out of the game (so the real-estate developer from Second Life discussed in class would be ok keeping capital in the game). The conditions of such an exchange would then be subject to the terms of the EULA, another out-of game agreement. In this sense if, for example, Linden Labs made some change to Second Life that significantly devalued property held by someone in the game, or if Second Life simply disappeared due to a problem with the servers, the Participant would have no way to recover the lost value of in-game items since the Second Life Terms of Service contains provisions that remove it from any such liability. In such a scenario, a user who lost money would have essentially just made a bad investment.

As has been previously discussed, in the case of an attack on the game’s functionality (such as the creation of destructively self-replicating objects in Second Life), the game maker may wish to seek action against the attacker, and individuals who lost value in the game may wish to seek action against either the attacker or the game provider. In Second Life, the Terms of Service expressly prohibit a participant from transmitting “Content that contains any viruses, Trojan horses, worms, spyware, time bombs, cancelbots or other computer programming routines that are intended to damage, detrimentally interfere with, surreptitiously intercept or expropriate any system, data or personal information,” so it would be valid for Linden Labs to seek real-world legal action against the creators of the object. The Terms of Service additionally removes Linden Labs from responsibility to users for any losses in value the in-game goods due to such a third-party attack, so a user could not seek damages against Linden Labs, but could against the attacker.

The question then arises of what damages the company or an individual Participant could claim since much of the loss might be in in-game currency or property. Maintaining the separation between in-game and out-of-game transactions, neither the company or individual participants could claim losses due to the loss of in-game objects (or money) themselves, but they could seek damages for any real world income that they expected to have on their in-game holdings. The Second Life Business Opportunities Page suggests that a fair number of participants make some real-life income in this way (“here are just a few in-world business occupations which Residents founded and currently run, and make part or all of their real life living from…”). The game maker could seek damages on real-world losses by claiming, for example, that the attack damaged their participant base, and therefore any income that would have been derived from subscription costs, purchase of in-game property which can be sold to consumers for a real U.S. dollar amount, or any loss in revenue due to fewer land holders and therefore payers of the real-money property taxes.

We might imagine that individual participants may think it would be unreasonable to have to directly seek losses against an attacker responsible for shutting down a game, or to be unable the seek damages against a game creator for changing the game in a way that substantially devalued their property (because of the Terms of Service). I would suggest that if this were significant enough of a problem, we could imagine that some kind of “insurance” policies might arise. For example, if enough participants stopped investing real money into property in Second Life for fear of its loss in value, Linden Labs may find it beneficial to offer “insurance” that would pay real money for in-game losses in order to increase property purchases and holdings and thus their revenue from property sales and taxes. Linden Labs could presumably then also seek damages for the amount they had to pay out (in real money) due to the insurance policy against a third-party that damaged their service.

Such a system in which only out-of-game agreements and increases/losses is regulated in the real world would enable in-game transactions to still be made according to in-game standards of behavior, while making real-world laws applicable as soon as in-game assets, income, or losses/payments have an out-of-game impact.

During our class on copyright a couple weeks ago, we discussed music and file sharing on college campuses.  We also discussed one of the proposals in the paper by Lichtman and Landes which involved increasing the price paid to an Internet Service Provider, distributing the extra money to copyright holders, and allowing file sharing.  The possibility of creating a limited system of this type (for example within a university), or offering it as a commercial service, was also mentioned.   Coincidently, in an e-mail I recently got from my sister (a freshman at the University of Delaware), she mentioned that Delaware had recently gotten into an agreement with the “Ruckus” download program which enables students to get music for free.

I looked a little bit more into Ruckus, and it seems to be somewhat similar to the system we had mentioned.  Ruckus Network is designed specifically for college students.  Through the licensing agreements that is has negotiated with various media companies, it is able to advertise the 1.5 million songs it has available for free download and hundreds of videos and tv shows is has available inexpensively ($15/term at UD) to the students at the nearly 40 universities with which it is partnered.

Ruckus has taken a number of measures to deal with the issues of licensing and copyright that come out in the information available to UD students about the service.  Firstly, the music distributed by Ruckus is protected by Microsoft’s Digital Rights Management (DRM).  This means that the music is encrypted and cannot be played without a valid license, can be played only on Windows machines (it will not work on Linux or Macs) in compatible applications, cannot be played on iPods (though it can on some other portable players with a $20 subscription to the Ruckus-To-Go service), and cannot be burned to CD.  Furthermore, the licenses issued must be renewed every 30 days (5 days for movies).  This can be done simply by playing an expired song, and can be done an unlimited number of times as long as a user is a Ruckus subscriber, but it does mean that if a user wishes to continue to play their music when Ruckus is not being offered for free by the university (after graduation, or during the summer, for example), they must pay to continue their subscription.

For most students looking for access to media, convenience and cost are what they’re going to be looking for.  The cost of music offered by Ruckus is unbeatable, and for movies, and tv it is quite cheap.  In terms of convenience, much of its convenience stems from the fact that it is legal – it can be used without any worry about the RIAA or any difficulty involved with finding illegal access to copyrighted materials.  That said, it clearly does not remove all demand for finding music illegally – especially for non-Windows and iPod users, or students wanting to maintain a music library without needing to pay for continued use of the songs when the free university service is not available to them.

What Ruckus shows is that the demand to find legal venues for file sharing is opening up a market for companies to provide such service commercially by themselves making deals with copyright holders.  Given the limitations of Ruckus, it seems as though there is space for other competitive systems to emerge with other ways of managing the copyright issues and different (and fewer?) constraints on use.  Perhaps Ruckus is an early entrant into a market for file sharing services where the conveniences of legality will increasingly be worth the limitations that result from copyright compliance.

In class it was mentioned that an alternative copyright system would be a kind of “some rights reserved” system, different from the “all rights reserved” that current copyright policy entails.

One such system that currently exists as such is Creative Commons. The idea behind Creative Commons was to enable authors, artists, etc. to make their works available to the public while maintaining their copyright and imposing some limitations. It offers a number of different licenses based on the limitations the creator wishes to place – a combination of the following four: Attribution (give the creator credit), Noncommercial (don’t make money off the product), No Derivative Works (redistribute it only in its original form), and Share Alike (distribute derivative works under a CC license with the same conditions applied to the original). Through Creative Commons, a work may also be released to the public domain.

There are a couple of notable things about Creative Commons that seem particularly relevant to our discussion of copyright and P2P. Firstly, the nature of the Creative Commons system makes it fully supportive of P2P distribution of the products that are under CC licenses. In fact, the CC website says “we see peer-to-peer file sharing software as an excellent distribution mechanism for Creative Common works, especially in large music, picture, and movie files that the authors might not have the bandwidth or tools necessary to distribute themselves.” For material distributed on the internet, a digital code is provided along with the license with the intention that it will make it easier for search engines, etc. to locate licensed material and to determine the limitations placed on its use.

Further, the Creative Commons site provides a page to help users find CC licensed works available on the web. The Find page includes a search option to enable Google or Yahoo searches for licensed material, and a list of directories containing licensed works. Directories are included for audio, text, images, video, educational material, and filesharing, and some of the directories listed are ones that have been mentioned in class (Flickr, and Morpheus to name a couple).

It has been mentioned in class and in previous blog posts that it would be a mistake to crack down on the illegal uses of P2P for copyright violation to the point where the technology itself is stifled and positive uses are unable to develop. Creative Commons finds that an important aspect of its system is that it allows new creators to build upon previous works (see the “Building on the Past” video), and there is evidence that its existence has lead to the development of novel uses of technology to facilitate the spread of information and creativity. For example, the “Reticulum Rex” video which talks about the progress of CC after its first year of licensing describes licensed MIT course material being translated and used by an academic program in Vietnam, and a “duet” created when a violinist found a song that she liked and rerecorded it with her own music added in. The Beastie Boys are even releasing acapella tracks to encourage fans to make noncommercial remixes. One of Creative Commons’ newest creations is a site, ccMixter, designed to encourage new creation by remixing CC-licensed material. While a new way to remake a Beastie Boys hit may not be the epitome of realized technological potential, these examples to show that the value of Creative Commons is that it enables people to legally experiment with and develop creative new applications for available technologies.

Creative Commons has taken a valuable step by making “some rights reserved” licenses available to artists, etc. they have made it more attractive for creators to make their material available to the public. While we can’t expect all creators to buy into this system that makes their works publicly available without compensation, we can seek to encourage further development of systems that facilitate the legal use of P2P technologies.