In class we discussed how our intuition contradicts itself for net neutrality. We generally feel that ISPs should be allowed to build their own networks and use them as they see fit. (e.g. build 2 pipes — one for internet and one for proprietary video content. This is the same as 1 pipe, twice as large where they restrict half the bandwidth for video.) At the same time we feel they shouldn’t be allowed to discriminate against certain traffic that might compete with their own services, or charge companies like Google to have their content carried faster. We found that these viewpoints will often contradict each other. Why can’t an ISP add new capacity to their network and then sell that bandwidth exclusively to “preferred” providers? Also, many design tradeoffs must be made, perhaps between bandwidth and latency, and some applications like VOIP or streaming video might be adversely affected by prioritizing one over the other. As an otherwise legitimate design decision, the ISP could design their network for exclusivity in a particular market.

Having given some thought to this contradiction over the past few weeks, I think the problem lies in the abstractions regarding “the Internet” and how we purchase access to it. While we might picture the internet as a giant cloud and we purchase a connection into that cloud with a particular capacity, the real Internet is not so uniform. We buy a connection to our ISP, who has connection points to some larger ISP, who runs part of the backbone and connects to the backbone’s of other ISPs. So some points on the internet at “closer” than others and we can observe the difference. The most obvious is comparing the speed at which we can connect to U.S.-based as compared to those overseas.

For the longest time however, most end-users have been mostly blind to the non-uniformity of the internet. Before wide-spread broadband and fast university connections, we were all on slow modems. Our connection to the local ISP was the bottleneck to get to anyone. Once we got past that and onto the “net”, it didn’t matter very much who we were talking to, where they were, or how we were connected to them. Furthermore, the ISP could have many dialup customers connected aggregated over their own connection to the internet backbone since each user was limited in speed. With broadband, that picture is beginning to change, and the abstraction of the cloud internet will erode even further as individuals have fiber-optic connections in the “last-mile”. It is becoming simple for each user connected to an ISP to have more capacity to the ISP than the ISP can provide him to the rest of the internet or farther away points. As a result, the closer someone is to me on the network, the faster I can communicate with them. If Google happens to use the same ISP that I do, I will get a faster connection than others, without any intentional network discrimination taking place.

This distinction isn’t all bad. For efficiency of the network and reducing cost, it might make sense to design high-bandwidth applications closer to the end users. As an ISP with a customer who wants video content that uses 2 megabits of bandwidth (2 Mbps), I can have an extra 2Mbps in bandwidth to the internet backbone if the provider is remote, or provide that connection directly on my network to a closer provider. The latter would save quite a bit of money since I already have a fast connection within my own network.

Now hopefully we all can visualize the problem a little more, I suggest that we change our abstraction about purchasing “Internet” connections. We need to look at more details. Instead of buying a single Internet connection through an ISP for x Mbps, we should split it up into two components: our connection to the ISP (x Mbps), and our portion of the ISP’s connection to the “Internet” (y Mbps), where x>y . We can still abstract the connections that make up the rest of the internet, the design tradeoffs and even the aggregation of bandwidth, but now we would recognize that my connection to the ISP, and anyone else directly connected to them, is faster than to the rest of the network. For neutrality, we simply ask (or require) that the internet portion of my connection (y Mbps) be blind to the content and destination. We can then give the ISP discretion about what x & y should be and what services they want to offer me directly, and let the market set prices.

So now my ISP can sell me a 20/15 Mbps connection for $20 per month, with 20 Mbps direct to the ISP and 15 Mbps to the rest of the internet. I can use my 15 Mbps to search, buy video, use VOIP, etc from anyone I like, knowing how my capacity is limited.  The 40/30 Mbps plan might cost $40 per month, but the ISP could offer me an upgrade to a 40/15 Mbps connection for only an extra $5 per month. Now if I buy their cable TV service which takes 10Mbps, I still have my full 15 Mbps of internet bandwidth, whereas if I choose another cable TV service, I may limit myself to 5 Mbps. The market will help determine what each component of the connection is worth.

Also, this would help make internet connections less of a commodity product. I might choose the cheapest ISP, or I can pick the one that has a direct connection to Vonage and Google, knowing that I’ll need less bandwidth for other things. Maybe the ISP will even pay Google for the privilege, instead of the other way around. The ISP that wants to limit my Internet connection so I’m forced to buy their cable TV service will either reduce my internet bandwidth, or raise the price, and in doing so might price themselves out of the market.

I’m not sure if anyone else is still writing, but it would be great if someone wants follow-up and look at this from the other side. In this model of buying network connections, will the ISP, by setting prices, bandwidth, and choosing when and how to upgrade their network, be able to discriminate against their competition in spite of a content-blind internet component.

I tried to figure out what would be a good reading list for a discussion about electronic voting and quickly became overwhelmed with the amount that was out there. I think it could be a very interesting discussion since there are a number of recently passed and pending legislation in this area. Some focus strictly on paper voting records for electronic voting machines but others are much broader.

The Black Box Voting website keeps an up-to-date collection of news events regarding electronic voting issues. The corresponding book gives a pretty good overview of some of the issues and PDF files of the chapters are available for free download. The book was published in 2004, so is a bit out of date. Chapter 2 and the appendix contain a listing of e-voting problems throughout the country. It is a bit scary to read about all of those machine problems and I think Chapter 2 would be a good read for the class (it’s a very easy 22 pages)

http://www.blackboxvoting.org/

Verified Voting is another good website for e-voting. It keeps track of the legislation (in all stages) regarding e-voting.

http://www.verifiedvoting.org/

NJ has a e-voting bill that requires a permanent paper record that can be verified and kept for audits (by 2008). Most states have new legislation with various requirements with regards to e-voting machines. There are also a variety of federal e-voting laws that are in Congress. The class should read the current NJ bill (which is very short) and some of the federal legislation.

One of the more aggressive paper verified e-voting bills, H.R.550, the “Voter Confidence and Increased Accessibility Act of 2005″ was introduced by Rep. Rush Holt (the House representative for Princeton) Maybe he could even come to speak about the bill (in a class specific session or a more general setting). It would also be a nice touch to schedule this week in November if this class is offered during the fall semester.

I’m not sure if this would combine too many issues, but this topic could be done right after the week on copyright and the class could do a reading about Diebold and DMCA takedown notices. In 2003, Diebold, one of the larger e-voting machine manufactures, was sending DMCA notices of copyright violation to website posting Diebold corporate documents. The documents suggested that the company knew about security problems with the machines before they were sold. Diebold was asserting that the documents had copyright and the posting of that material was in violation.

The Electronic Freedom Foundation also has a large collection of e-voting documents. http://www.eff.org/Activism/E-voting/

Last month, the French National Assemble passed legislation that was meant to prevent one company, via Digital Rights Management (DRM), from dominating the online music market. The legislation would force Apple, Sony, Audible.com and other companies offering DRM music to share their DRM technologies so competitors can offer music playback devices and online music stores that worked with the DRM software. The bill requires providing the DRM source code to allow conversion from one form to another.

Apple was very concerned with the new legislation, calling the bill “state-sponsored piracy.”

“The French implementation of the EU Copyright Directive will result in state-sponsored piracy. If this happens, legal music sales will plummet just when legitimate alternatives to piracy are winning over customers. iPod sales will likely increase as users freely load their iPods with ‘interoperable’ music which cannot be adequately protected. “

Apple does not want to provide its DRM technology and is threatening to vacate the French market with its iTunes and iPod products if the bill is passed in this form.

I can see inter-operability as a valid objective. Companies often use DRM as a way to lock consumers into a specific line of products, like iTunes music store and iPod music player. DRM increases the cost of switching to another music player because the new music player will unlikely play the music purchased from iTunes. Also, the iPod will be unlikely to play music purchased from other online music sites with DRM.

Conversion between different DRM technologies is a difficult (if not impossible) process. Putting aside the technical difficulties, different DRM technologies may provide different features. If one version (A) does not allow copying, but version B allows copying the file 3 times and version C allows unlimited copying within 2 weeks, how should copying be managed when converting between A, B, and C?

Just last week, in the French Senate, a similar bill was proposed. This new bill would require basically the same sharing of DRM compatibility, but has a significant clause that would allow companies to avoid sharing.

The new bill would create a new French authority to handle compatibility disputes. This agency would have the ability to enforce compatibility between specific DRM music formats. The significant change is that the agency would only do so if the DRM causes operational issues “additional to, or independent of, those explicitly decided by the copyright holders.”

Basically, Apple (and others) can alter the contract with the copyright holders of the music to specifically state that the DRM and corresponding compatibility issues are acceptable to the copyright holders. I’m not sure how difficult it will be to amend the contracts of online music sold to the French iTunes, but it seems that if this version passes, additional paperwork would be better then vacating the market.

Just today, the Senate passed its version of the DRM compatibility bill. Now, representatives from the two houses of government will meet to compromise on the differences between the bills.

Avi’s recent post “The New Ads” asserts the death of the 30 second ad and points to viral advertising as the new frontier in pushing products. While his points are well taken, focusing exclusively on the new forms that commercials will take as television moves online misses the larger picture: content, not just advertisements, is sure to evolve.

Between Tivo, Slingbox, piracy, ad-blockers, desensitization and competition from an ever-increasing array of media, it certainly looks like television producers are in for a rough period. Only very recently, with the introduction of itunes, the online broadcast of sports events and ABC’s next-day streaming of popular shows, have they started to take advantage the new distribution channels the internet offers. Even more nascent is the use of the internet to supplement media content.

ABC has been a pioneer in this area, particularly with Lost, its breakout hit, now in its second season. For the uninitiated, Lost follows a couple dozen survivors from the crash of Oceanic Airlines Flight 815, who are trapped on a mysterious island. When the show first launched, ABC created a web site for Oceanic Airlines complete with the ability to look up flights and make reservations to create buzz about the show. More recently, in anticipation of the summer break between seasons, ABC has launched “The Lost Experience,” a game set to run in parallel to the show that includes web sites, commercials airing during the show, billboards, phone calls and other interactive multimedia.  The show has also made a serious effort to have its cast and writers engage the fan-base by taking part in online forums and actively responding to feedback and theories about the show.

In a way, The Lost Experience can be seen as the direct descendent of Majestic, a PC game that EA introduced and then swiftly abandoned about 5 years ago. Majestic was a fully immersive mystery game; not only would you play around on the computer to try to figure things out, but the game would contact you by email, phone, fax and IM and would tailor its content to you specifically. For instance, the game might send you a handwritten, threatening letter that mentions your family by name. While Majestic proved to be staggeringly unpopular, largely a function of being too involved, it and its derivates represent the sort of total immersion that will likely become increasingly common as the internet enables new content, not just new ads.

Competition should only be encouraged insofar as it produces positive outcomes for consumers. The Beta/VHS war illustrates that the best product may not necessarily win out and that consumers will be shortchanged throughout the fight because they may end up with obsolete equipment. But the most galling aspect of this whole competition is the content providers who are lining up on one side or the other, limiting competitors’ access to their media in order to bolster the prospects of their chosen technology.

While Sony and Toshiba should be free to compete on quality, price, time to market, customer support, backwards compatibility and any number of things related to the data storage technology, competing on the basis of content should be prevented by antitrust regulators. Lining up exclusive rights to studio content in return for a cut of the royalties prevents consumers from enjoying content they otherwise would without purchasing both devices. And the particular content that is being restricted has no inherent compatibility with Blu-ray or HD-DVD; it is as if Sony managed to line up VISA to ensure that customers hoping to buy their HD-DVDs could only pay with Mastercard.

While regulators would not typically permit a monopolist to tie his product in exclusively with another in hopes of capturing some royalties from that secondary market (hold your Microsoft jokes), studios are typically thought to operate in competitive markets without monopoly power. Regulators need to realize that media is not so perfectly substitutable and is in some ways an addictive good (which has increasing marginal returns with consumption, as opposed to diminishing ones). As such, there is an important role for them to play in making sure studios are neutral in their provision of content, a role they seem to be shirking from in the Blu-ray / HD-DVD battle.

I want to talk about the recent Google complaint that Microsoft is bundling its MSN search engine as the default search engine in the new version if Internet Explorer (IE7). Google complained :

“We don’t think it’s right for Microsoft to just set the default to MSN on install,” Marissa Mayer, vice president for search products and user experience at Google, said then.

This may start to sound like the previous two antitrust cases, but there are a few key differences. Google is complaining about the default setting in the internet browser, not the Windows operating system. While IE is the most popular browser, Microsoft does not have as strong a monopoly in the internet browser market as it does in the operating system market. Aside from pure market share, the burden to users switching browsers is much lower. This weakens the monopoly claims because users are not locked into just one browser.

The Department of Justice looked into the claims of unfairness with regards to the default search engine. Just recently the DOJ concluded that the default search engine is easy to change, so does not represent a problem.

The court document noted that personal computer makers are free to set the default search engine to any service they choose. …[the browser] included “a relatively straightforward method for the user to select a different search engine from the initial default.”

To me, this seems like the right decision. Google, however, is still unsatisfied and commented that if Microsoft wanted to make it easy for users to switch, they could have made the default search box configurable with just one click.

Videos can be can uploaded in a variety of formats. For example, Google Video currently accepts

AVI, ASF, QuickTime, Windows Media and MPEG formats … Specific video codecs we accept include H.264, H.263, MPEG 1/2/4 and motion JPEG. [cite]

YouTube is a bit less specific, but does accept the same file types. Once uploaded, the video is converted into a Macromedia Flash video. This conversion, I believe, was a key component of the popularity of these sites. Most web browsers have the Flash plug-in and providing the video in this format decreases the hurdles to watching a video. They could have streamed the video via a Windows Media player or Quicktime Media player, but the Flash version allows for a wider audience base. The quality of the video is not very good, but it seems like a nice compromise of bandwidth and quality since the costs are all paid for by the companies (it does not cost anything to the user to upload a video). For those who have never used YouTube or Google Video, here is a video I found of the Princeton University marching band on Google Video.

Now, as I’m sure you can imagine, this type of service attracts a large number copyright violations. Google Video has all of the DMCA (Digital Millennium Copyright Act) rules on their FAQ site and requires uploaded video to be “verified” before it posted. YouTube also has a copyright and DMCA section in their help, but they do not require a verification process.

Google says the verification is for technical and policy reasons, but I imagine it is more for the first. There are a large number of uploaded videos each day so it seems infeasible that a human would go through and watch each video for copyright violations. There are a number of pirated videos on these sites and that also suggests that each video is not watched before posted. These sites have been quick to obey DMCA takedown notification for copyright violations and remove the offending content.

YouTube recently put a limitation on the size of the videos that can be uploaded. They began a 10-minute limitation (unless you have a Director Account) to curb the copyright violations. The thinking was that real user-created video is usually small, but professionally created (where the owner would not want the video distributed for free) was large. I think they were specifically targeting television episodes (which are about 20 minutes for a half-hour show without commercials). YouTube hasn’t posted evidence either way, but I imagine this restraint did not do much to stop the actual violations, because now the shows are split into multiple uploads. It may have been more of a public image motivation. As long as these companies continue to remove the offending content upon notification from the copyright owner, they should be safe from lawsuits.

The service allows one “parent” phone to make requests for four “children” phones. To setup tracking on the children phones, a request is sent to the phone notifying the user that this phone will be setup with this tracking service. The user has to confirm the request (with a confirmation number). I’m guessing that most parents who subscribe for this service would do this setup by themselves before handing over the cell phone to the child.

After the initial setup, the parent account can make a request to the service and view on a map the location of all four cell phones. This can either be viewed via a regular computer the Sprint website, or for certain phones, can be viewed directly on the parent cell phone.

Sprint made an interesting design choice to reduce some of the intra-family privacy issues when a request is made. If the Family Locator service can successful locate a child’s cell phone, that phone is sent a message notifying it that the parent phone has requested its location. This seems like it will at least prevent parents from secretly monitoring their children (I don’t have the service, but it does not look like it can be disabled). I imagine this kind of technology can cause a whole host of trust problems between the parents and children, but at least the tracking will be done openly.

Sprint also offers a Saftey Check feature. From the Sprint website, the parent account can setup a periodic tracking request to the children phones. If the phone is not within a specific area when the request is made, an alert is sent to the parent’s phone. This Safety Check is setup for situations like arriving at school safely or being home before curfew. I find it funny that Sprint FAQ recommend keeping the child’s phone on vibrate during the Safety Check times so the constant tracking notification does not interrupt classroom activities.

The Safety Check works with positive logic – ensuring that a child is within a certain area at a certain time. I think it would be easy to implement a feature that would check and only alert a parent if the phone is within one of the forbidden zones. I bet some parents would pay for the ability to setup a registered-sex offender or bad-influence-friend alert.

Sprint does specifically remind parents that the tracking only works when the phone is on. I think Sprint should also remind parents that this is only tracking the cell phone, not the child. It is very easy for the child to leave the tracking cell phone in school when he/she decides to cut class. The underlying technology is GPS when available and then cell phone tower locations. It is only as accurate as the technology it is using (from a few yards to a few hundred yards). This type of variation may make the houses nearest to the school the hottest party spots.

As I stated before, ClearPlay allows for users to setup their DVD player to filter certain content during the playback of the DVD. Users must purchase a DVD player with filtering capabilities (such as this one from amazon.com) and subscribe to ClearPlay to receive new filters. The information about how to filter each particular DVD can be obtained from ClearPlay (via various subscription models). They do a pretty good job of offering filtering for new releases and have a list of over 1900 movies. Once the specific filtering information is obtained by the DVD player, users can configure a filtering menu to specify the type of content that can and cannot be seen. There are four main categories: violence, sex and nudity, language, and other (which, for example, include certain types of drug use). Each category can also be further configured:

Under language, for instance, viewers can filter for six levels, including “vain reference to the deity” or “strong profanity.” [1]

I have never watched a ClearPlay filtered DVD, but here is a nice excerpt from a PC Magazine review :

Spiderman has, I’d say, one truly worrisome or suggestive scene for kids under 13. Mary Jane Watson is walking home alone in the rain when she’s accosted by a bunch of hooligans who, as the scene progresses, appear to want to rob or rape her. Spiderman arrives in the nick of time to save the day in pretty violent fashion. There’s punching, kicking, and more, but no blood. With the bad guys vanquished, Spiderman steals away into an alley. Mary follows him. She’s dripping wet. So wet in fact, that her top is virtually see-through. She and Spiderman engage in a steamy, prolonged kiss, and then he takes off.

Here’s how the same scene played out with the filter on. The guys still chase Mary, but the intensity of the scene is muted because it’s been cut down a bit. Spiderman arrives and beats the guys up, but this scene is also somewhat shorter, with some of the most bone-crunching blows removed—oddly, both versions did include Mary delivering a kick to the crotch to one of the attackers. The scene in the alley receives some serious tightening, and any glimpse of Mary’s see-through blouse has been excised.

The nice thing about all this is that you could never tell when the cuts were happening. There was no delay, no hiccup in playback. I would imagine that trying to maintain some semblance of continuity in a profanity-laced scene could prove more challenging.

This technology seems like a natural replacement for manually pausing or fast-forwarding through certain scenes that parents do not wish their children to view. The Directors Guild of America, however, does not believe that and in 2002 brought a lawsuit against ClearPlay. They claimed that the ClearPlay technology was creating an unauthorized derivative work of the content and this was in violation of copyright law.

“ClearPlay software edits movies to conform to ClearPlay’s vision of a movie instead of letting audiences see, and judge for themselves, what writers wrote, what actors said and what directors envisioned,” The Directors Guild of America said in a statement.

“Ultimately, it is a violation of law and just wrong to profit from selling software that changes the intent of movies you didn’t create and don’t own,” the statement said. [1]

The lawsuit was filed against ClearPlay and other companies that offer similar filtering and is still pending in U.S. District Court for Colorado. Here are the EFF links to the case documentation.

Since the case has been filed, new legislation has been enacted to specifically address some of these issues. Now this is where things get interesting. In 2005, Congress passed S. 167: The Family Entertainment and Copyright Act of 2005. The relevant section of this bill specifically enables technology that allows :

the making imperceptible, by or at the direction of a member of a private household, of limited portions of audio or video content of a motion picture, during a performance in or transmitted to that household for private home viewing, from an authorized copy of the motion picture

This bill specifically allows filtering technology such as ClearPlay. It is currently unclear if the lawsuit will continue given this new legislation. S.167 answers the question about this specific type of filtering technology, but did not give a conclusion of the scope of the derivative work restrictions on copyright.

One of the reasons, I believe, the lawsuit may still continue is CleanFlicks. I mentioned before that the lawsuit was brought against ClearPlay and other filtering companies; CleanFlicks is one of the others. The CleanFlicks model is to make a one-time filtering of the DVD content from an authorized (rental) copy and create a new DVD. This filtered DVD is then rented or sold to subscribers. The filtered content is not removed during playback, but rather permanently removed from the media. I don’t believe that this scenario is specifically allowed from S.167, so we are now back to the question of derivative work. I think it will be very interesting if this case continues through the courts.

            I have had the opportunity to play around with this new service a bit.  Its construction is very clever for a few reasons.  First, they do not post a new episode of a show until the next morning after the show has aired.  This means the fastest way to gain access to the show is still to watch it live when it is aired.  However, for many viewers this is not possible or not convenient for one reason or another.  This service allows them to view the episode later on without having to remember to set their VCR or Tivo to record.  In effect, this service allows ABC to take some control over time shifting. 

            For ABC it would seem there would be a number of advantages to offering this service.  First, many of their popular shows build on an ongoing plotline from week to week.  New viewers will often feel lost if they begin watching the series in the middle of the season.  This service allows those who discover the show midway through the season to catch up.  Other viewers who might have to just miss a single episode would also be able to stay caught up in the series without having to remember to record the missed episode.  All of these different considerations can only lead to increased overall ratings.  Even if some users switch from watching the show live to watching the show online the overall number of viewers should still increase.  If one is a fan of a particular show, one will not watch it less because it is available more.

            The one potential way for the number of viewers to decline is if less people are exposed to new shows through commercials.  However, this new system can expose people to even more shows.  For example, when going to ABC’s homepage to find an episode of one show advertisements for all of the other shows can be placed throughout the website or even as commercials during the show. 

            ABC’s method for including commercials during internet viewing is very clever.  There are three or four sections in each show that are briefly interrupted by commercials.  Each commercial spot lasts for only 30 seconds.  By making the commercial interruptions so brief, ABC accomplishes two things.  First there is a better chance people will actually pay attention to the commercials because their brevity provides less incentive for a person to find some other activity to occupy themselves during a commercial. The commercials are also short enough that people will not view at as too much of a nuisance compared to recording a show themselves and then fast forwarding or downloading a commercial free copy illegally. 

            Time shifting has been around for a long time and now with products such as Sling Box place shifting is likely here to stay as well.  With this in mind ABC has found a way to embrace these two technologies and take control of them.  The one major hindrance to the service thus far when I have used it is connection problems.  There are times when the network slows down to the point where an episode can no longer play.  It is unknown where the bottlenecks that hinder playback are occurring.  However, these bottlenecks could potentially add to the debate surrounding network neutrality as networks might prefer to pay extra to give their shows priority over the network to ensure quality. 

First, let’s take a look at the geo-location technologies currently in use. A large part of the software used now is available from proprietary providers such as Quova and Digital Element. This proprietary software is based on determining the location of a particular IP address. This information has to be gathered by analyzing the locations of IP addresses all over the world. Note that while there are ways to conceal location (such as using a proxy server), the software can flag internet users who are doing so. Interestingly, another mechanism for determining physical geo-location without using IP addresses was patented in September, 2005. The patent holder: the NSA. The NSA website briefly profiles its “Network Geo-Location Technology” which as described here measures latency to build up a network latency topology map. This map can then be used to look up a computer based on the time it takes to connect to that computer. (This system can also be avoided using some kind of proxy service). The patent on this method of geo-location is one which the NSA has made available to be licensed for industry use.

Consider some of the possible uses for geo-location technologies (some taken from this article and the websites of Quova and Digital Element): Credit card companies or banks can use this software to detect fraud. Gaming operators can adopt this technology to comply with laws regarding trade practices over international and state borders. Sites such as eBay can use this to restrict which products are available in which locations (think Nazi paraphernalia and France). Hosts of digital worlds could keep track of the international transference of real money through in-game assets, and online providers of digital content can use it to comply with contracts that require them not to broadcast shows in certain areas (according to this article, major league baseball is a Quova customer that uses the product to make sure locally-broadcast games don’t lose their exclusivity by being unconditionally available online).

Aside from all of these applications for law enforcement, the companies that offer geo-location software market it for its ability to improve the user experience of the web. Namely, they cite the advantages of being able to give a user local search results, for example to guide a user to a store closest to them, and to target online advertising (ad-serving is currently the most common use of geo-location technology). Digital Element’s website claims that 25% of all Internet searches are local in nature, and that targeted ads have been shown to sell up to 30-40% more than general ads. Even if these numbers are exaggerated, it’s hard to argue that such location technologies have value to advertisers, search engines, and others.

The problem with geo-location technologies is that there’s a fine line between using general geographic data add desirable features or to make sure border-dependent laws are enforced on the web, and infringing on privacy and collecting personal information. Depending on the edition of Quova’s software, information obtained can be anywhere from simply geographic information in the basic edition up to much more in the security edition (“geographic information and confidence factors, demographic information, connection type, connection speed, IP routing type, AOL flag, ASN, carrier name, top-level domain, second-level domain, registering organization, a list of anonymizing proxies, hostnames, and routers”), and the services offered by Quova includes a variety of audit services for data collection (marketed as a means to help online business owners manage their business). We have to ask how much information should be available, and to whom.

While the current capabilities of both systems do raise questions about privacy and information availability, the question really comes up when we consider potential improvements on these technologies. While for marketing uses (among others) being able to locate some user / IP address to a general geographic area is sufficient, there are certainly other uses that would benefit from more exact geo-location technology such as emergency service for VoIP users, or the ability to more exactly locate someone committing fraud. The downside is that in different hands (or even in the hands of law enforcement officials depending on your point of view), the ability to accurately locate anyone using the internet is a dangerous tool, certainly one that you would not want to be commercially available. Using proxy servers may be an effective method of avoiding being located, it would also means the loss of all the positives of geo-locating technology.

The applications and benefits of geo-location technologies are quite substantial, and potentially provide a means to deal with many of the policy-related issues of internet regulation we’ve discussed this semester. As the technologies develop however, care needs to be taken with respect to the capabilities of such software available through general distribution.

Nielsen was founded in 1926 by Author Nielsen, first doing product testing and later moving into market research as a way to determine how products were selling. In 1936, it purchased the technology for an “Audimeter:”

the machine was capable of making a minute-by-minute record of when a radio was on and where the dial was set.

Does that device sound familiar? In 1942, Nielsen launched the Nielsen Radio Index based on data collected from Audiometers placed nationwide in 800 homes. Flash forward three decades, and in 1973, Nielsen Media Research launched

a new metering technology called “Storage Instantaneous Audimeter” for nationwide service. The new Audimeter automatically recorded and stored minute-by-minute tuning records for channel, time of day, and duration of tuning.

Currently, Nielsen uses a combination of user diaries (where the members of a household record what and when they watch television) and these home set top boxes. Recently, there have been a few new methods to monitor the way in which people are watching television, and I’ll explain those in a bit. I was amazed that until a few years ago, the technology and methodology used to measure television viewers, which in turn is used to determine advertising costs (a $70 billion industry), was essentially developed in 1926.

It was just last year (in 2005) that Nielsen began taking DVRs into account when tracking television viewers. They began to break down the viewers into “Live” and “Live Plus Same Day” and “Live Plus Seven Days.” As Andrew pointed out in his post, 70% of viewers are still viewing live TV, but what does that really mean in terms of advertisement viewers?

Also in 2005, Nielsen began releasing the minute-by-minute viewing habits of its samples which allows for analysis of specific commercials in specific programs. The minute-by-minute analysis has been collected since the first Audimeter in 1926, yet it was only released (or able to be purchased) beginning last year.

Nielsen also has been reluctant to offer “commercial ratings.” These ratings would show the effectiveness of commercials and have a huge impact on advertisement pricings (they would take into affect the DVR aspects and aggregated minute-by-minute viewings). The current thought is that these commercial ratings will be released by for the beginning of next season’s television.

Nielsen is also looking at other ways of monitoring viewers, including programming on cellphones, iPods, or via internet broadcasting. They are also looking at a measurement of “engagement.” This would account for how much attention a viewer paid to the show/commercial rather than solely if the television was on. Although an advertisement may be on television, if nobody is actually watching it or retaining information about it, it is not as useful.

It seems that Nielson, so essentially the entire industry, is way behind in being able to measure these new methods of television viewing. Although the DVR technology is only a decade old, minute-by-minute analysis and the corresponding “commercial ratings” could have been released much earlier than last year. Nielsen essentially has a monopoly on the television ratings (when was the last time you heard something other than the Nielsen ratings related to TV?) and that seems to be slowing innovation. In late 2005, erinMedia brought an anti-trust case again Nielsen citing anticompetitive practices to impede innovation, although the case has not gotten very far. Nielsen is under the threat of government scrutiny (see Senate FAIR Ratings Act), although nothing has come from that either. It seems that the introduction of new ways to view television may be threatening the Nielsen monopoly as advertisers are becoming more unhappy (and vocal) about the lack of ratings information, but so far, there have been no significant challengers to the Nielsen monopoly.

As with any flow of easy money, this makes some people very angry. Trademark lawyers insist the typosquatters are eating into advertising profits that should belong to the victim site. Many consumer advocacy minded figures, such as Harvard researcher Ben Edelman, indicate the practice of profiting from user error is just plain evil. I want to examine whether current policy applies to this case, and whether there’s a need for new cybersquatting laws.

Legal action is established in three major cases:
(1) The content is of an adult nature, in a domain name that gives no indication of such content. The site’s owner is in violation of the The Protect Act and liable to fines or 2-4 years if imprisonment. The Google AdSense Program Policies explicitly prohibit this as well, so we can rule out this case - most of the sites are blank except for ads and links.

(2) The content is harmful to users, containing viruses or spyware that downloads itself onto the host computer. Both Yahoo and Google’s ad programs forbid this. Nevertheless Yahoo was recently accused of trying to use its relationship with ad-ware sites to generate extra revenue around earnings time. Let’s assume Google sticks to its own policies, but leaves harmless ad-filled pages alone.

(3) The domain name and content violate trademark law. Existing law has developed through two major allegations, trademark infringement and dilution. The Berkman Center for Internet and Society provides a summary:

Elements required for trademark infringement:
1. Prior rights in the trademark - through use or registration.
2. Commercial use
3. Likelihood of confusion

Elements required for trademark dilution (added by Congress in 1995 and reinforced in 1999)
1. Marks must be famous
2. Commercial use
3. Protects against blurring or tarnishment
* Blurring: blurring occurs when the defendant’s use of the plaintiff’s mark causes the public to no longer think only of the plaintiff’s product upon seeing the famous mark, but rather to associate both the plaintiff and defendant with the mark.
* Tarnishment: tarnishment occurs when an association of a famous mark with inferior quality or unsavory products tarnishes the mark.

I agree with Google’s trademark lawyers that “obvious” misspellings, such as “BistBuy” instead of BestBuy and “blgospot” instead of BlogSpot, are confusing to nobody, ruling out trademark infringement claims. Given the uniform apperance of these ad pages, it’s usually obvious you have come to the wrong place, so there’s no question of trademark dilution - although I personally have wondered whether a truly “professional” company wouldn’t be sure to buy up any domain names that are common misspellings, and have them redirect to the company’s website (try orbits.com, gooogle.com).

Google likes to claim it has no control over possible trademark violators using the Ad-Sense network, which I find hard to believe:

Hagan, Google’s trademark lawyer, said that software formulas aren’t smart enough to identify trademark infringements.
“It’s subjective when you look at domain names to decide how many letters off does it have to be to form a trademark or conjure up that trademark,” she said.

(The Web’s Million-Dollar Typos)

My fellow students who are more familiar with the inner workings of Google should check me here, but I think Google’s algorithms have this one down, particularly since the Google’s service Oingo.com specializes in domain parking and generates lists of common misspellings automatically. Additionally, I’ve noticed the efficiency with which Google regulates click fraud, and closes Ad-Sense accounts when traffic to the site has suspicious patterns. I think the company could easily control this practice if necessary, but its current practice of simply removing the sites if a trademark owner complains generates a lot more revenue in what is, if Google truly follows its policy of removing infringing sites, a victimless transaction.

The argument that Google’s domain parking and partnership with typosquatters generates profits “unfairly,” ignores the nature of “websurfing.” In my mind a user who misspells a domain is like someone who has gone down the wrong alley on his way to a store. Though the victim site’s owner may have a claim to all the revenue once a web user reaches his site, he has no claim to revenues generated along the way. Of course this all changes if the site knowingly imitates the victim website, of which phishing is an extreme example, emphasizing the need for Google to police such actions.

Furthermore, there’s no legitimate claim that typosquatting takes revenue away from the trademark owner. Because no confusion or trademark dilution has occurred, it’s unlikely that the appearance of a misspelled site will stop the user from continuing to the site he intended to go to.

A popular allegation is that typosquatter profit is “unfair” because it relies on aggregating, through buying many domain names, the profits earned by accidental clicks on ads. Yet I don’t think anyone would disagree that content websites also pay-per-click, maybe more, based on users who click accidentally. Profiting from user error is perfectly legal so long as a reasonable effort is made to inform the user against this error. And it’s this “reasonable effort” that I wonder couldn’t lead to a few “rules and regulations”

For example, typosquatters and domain parking services that knowingly generate misspellings of a trademark, could be required to redirect to the real site in a clearly visible manner. They could also be required to declare that they are not this website. I think a mere “did you mean to go to www.BestBuy.com?” could prevent a great deal of litigation.

All of this is not to say that this system is completely exempt from having any vulnerabilities, it is simply to say that realistically, most people are not interested in your personal phone calls or clips of you scratching yourself on a street corner.  However, there are some concerns in my mind, many of which were brought up in class.  For example, word or phrase searching is likely a bad method for tracking terrorist activities since terrorists are now trying to employ the use of code words to cover their tracks.  And although I find it difficult to imagine that the NSA, with its magnanimous amount of funding and resources, is performing simple phrase comparisons on e-mails, it might be a better idea to analyze the traffic rather than the content.  This way instead of being fooled by tricky messages, they can become more familiar with the underlying communications network and possibly disrupt operations that way. 

And so while technically, the eavesdropping may or may not be soundly conducted, the practical implications it carries are immense and should be accepted.  What are the real policy issues associated with eavesdropping, privacy or longevity?  I think the distinction should be clear that living life should be more important to someone a small amount of privacy.

NYTimes has an article. Thought people might find the video funny and the article interesting.

The UK is unlike other countries (like the good old US of A) where public broadcasters are supposed to provide programming that commercial companies would or could not broadcast, and BBC programs are expected to receive high ratings and  remain competitive within the commercial market.  The dramatic change in focus was announced at the company’s most recent Annual Report to Parliament, and changes are well underway.

The BBC’s new vision is perhaps best summarized by the BBC’s director general, Mark Thompson, in his remarks to the Royal Television Society, “We need to rethink the way we conceive, commission, produce, package and distribute content.”  He went on to say that the BBC will pursue and aggressive strategy over the next six years to build on the work of MySpace.com and other Web sites that help users interact.  The Wall Street Journal printed that, “users will be able to create their own space on the BBC Web site where they can post Web logs, home videos, and links to BBC TV and radio shows.”  In addition the BBC has already announced plans for personalized Internet radio stations (similar to Pandora).

The motivating factors behind the BBC’s move aren’t hard to find.  The simple fact is viewers are turning to the Web first for their news and entertainment.  Earlier this year cyberjournalist.net reported that in an ongoing survey of which source users go to for their news first that the website was first by an overwhelming majority.  Further, there are simple metrics indicating that while the BBC’s Web services are flourishing, Alexa’s TrafficRank system reported in January that bbc.co.uk was the 11^th most popular English Language website in the world., its broadcast operations are floundering.

This move for the BBC actually makes for a nice ending to my commentary this semester.  Throughout this term I have quietly been pursuing my own agenda, as early as my second post I was talking about placeshifting.  From there I went on to discuss some successful strategies for advertisers in the world of narrowcasting to a discussion of some service providers who I thought were pushing the envelope in providing consumers what they are looking for.  After a short NPRM sidetrack I talked about ABC’s shift to providing television online that was free but with commercials.  And now the BBC!  Look clearly I’m a little weirdly passionate about this stuff, but I think we have seen some real signs that things are moving along.  Progress has been slow, but steady.  I can only wonder what will be said on the same topic next year.

I will conclude with a brief word of thanks to Professor Felten and my classmates.  Guys, this was one of the best classes I’ve taken at Princeton.  And while I learned a lot from the readings, the ideas that I have really taken away and held onto are the ones espoused by you.  Thanks again.

(Incidentally, many internet service providers—many universities included—that come under CALEA are also making the same argument. It is difficult to blame them for doing so– the cost of upgrading networks to comply with the new laws is high, and some institutions simply cannot spend a hundred million dollars to make their networks less secure.)

The US government has traditionally maintained exceptionally tight control over the telecommunications sector (initially through the state-sanctioned monopoly that was AT&T, and subsequently through agreements with the numerous companies that were spun off from Ma Bell after divestiture in 1984). This control has meant that the government is able to tap phone calls with relative ease by accessing a network that is well defined and well controlled. The entry of VoIP into the picture, however, has merged the telephone network with the wild-west world that is the internet, where tracking someone is a difficult (if not impossible) task. It’s only natural that the government would want to make sure that its ability to monitor telephone calls does not dissipate by making sure that any company providing a gateway between telephone networks and the internet maintains the government’s ability to monitor phone conversations.

The government’s ability to actually enforce internet telephony monitoring is, however, severely limited by the widespread availability of encryption. Even if Vonage allows wiretapping, nothing is stopping a determined hacker in say, Eastern Europe, from engineering a system that allows for the encryption of internet to telephone communications. Users will flow from the unencrypted Vonage to the encrypted solution. In fact, such an alternative already exists. In 2003, the founders of KaZaA coded “Skype”. This software allows end to end encrypted communication between phones and any computer on the internet for a small fee. The service is very popular in Europe, with Skype outselling competing non-encrypted internet telephony products. Although convenience is currently an issue for Skype (it is, for example, not possible to plug a standard phone into the Skype system in the way it is possible to do so for Vonage-type services), these issues are slowly being dealt with as wireless phones that come preloaded with Skype start hitting the European markets. It won’t be long before such products become available in the US as well, sounding the death knell not only for privacy challenged services from companies such as Vonage, but for legislation such as CALEA.

I don’t have a personal MySpace profile, but a band I manage does. We post our new recordings on the profile, and use it to let people out there know that we exist. It’s a handy tool: we got a great deal on a recording studio appointment because a studio executive in Philadelphia came across our profile and heard a couple of our songs. I’d had a fairly positive experience with MySpace up until that point, so when parents started making noises about it being unsafe, I couldn’t understand why they were getting so bent out of shape. I decided to do a bit of digging.

It turns out that there are quite a few different neighborhoods on MySpace, and that my band’s profile existed in one of the better ones. However, upon wandering a few links along the social network of one of our band’s friends, I came upon a different neighborhood where the average poster was 13 years old, had the IQ of a wet paper towel, and felt the need to “express” him or herself with pictures of the most revealing nature. An uncharitable person would say that these brats deserve what they get, but that’s hardly a constructive stance.  To say that these kids were vulnerable to exploitation would be an understatement. Nothing is too private to not post on these profiles: full name, age, school, home address… all are available at the click of a mouse.

One girl even had her social security number posted. I can’t begin to imagine how that becomes a topic of interest on an online forum. Under normal circumstances, I would make some attempt at lowbrow humor here, but even I know not to joke about the safety of children. A few months ago, an article in the Economist stated that there have not yet been any cases of children being lured astray by sexual predators in the US as a result of MySpace interaction. After my tour of MySpace, I can only hope that the luck holds. I’m not hopeful though—unless something is done soon to remedy the situation, someone will get hurt, and it will be very, very messy.

So what exactly can be done to remedy the situation? This isn’t like the Facebook flap a few months ago where a few adult college students were caught by police after posting pictures of themselves partying a little too hard. We are talking about safeguarding children who have gained adult tendencies but none of the common sense that is associated with adulthood. MySpace could institute a minimum age for membership, but we all know exactly how effective that is: I remember registering for a 15 and up Yahoo! Mail account when I was 12 years old. I’m sure kids today are a great deal savvier than I was back then.

Whatever the solution, parents—not politicians—should play the largest part in it. Unfortunately, many parents simply don’t understand the threats out there, and furthermore, children are often smarter than their parents when it comes to technical matters. Parents can lay down the law all they want regarding MySpace, but a determined child will almost certainly find a loophole, whether it be by using a different social network, or by using a friend’s computer. I don’t know much about parenting, but I’d imagine a candid talk about the risks associated with revealing too much personal information to strangers would be more productive than a simple blanket ban on all social networking sites.

This is also perhaps one of the few situations where I would approve of one of those public interest education campaigns in the media. Not as ridiculous as the “Marijuana Funds Terrorism” campaign, but one that outlines the risks of irresponsible MySpace use in a way that is accessible to both children and their parents.

Tom Clancy burned out a long time ago. The last good book he wrote was Red Storm Rising, and that came out in the 80s. Since then, he’s been churning out workaday novels with ridiculously predictable plots, such as the “Net Force” series of books. To be fair, these books describe an interesting world in the near future where people gain access to a pervasive internet by plugging into virtual reality scenarios. Unfortunately, these ideas are drowned out by shallow characterizations and a writing style tailored to appeal to hormonally charged 13 year olds.

Regardless, I found myself stuck in a Barnes and Noble reading one of these books the other day after missing a bus. In the book, a disgruntled Russian hacker sets up a virtual world in which it is possible to purchase property and services in exchange for virtual currency bought with real-world dollars. However, the most alarming aspect of this online world (for real world governments, at any rate), is the virtual world’s “citizenship” program, which allows the common net surfer to trade in his or her real world citizenship for that of the virtual “nation.”

At this stage, the story goes downhill. Mr. Clancy chooses to skirt the provocative issues raised in the first half of the book by making the entire virtual world a smokescreen for a diabolical scheme to gain security contracts (seriously, contract fraud?), thus giving the US government an excuse to send in paramilitary operatives to kill the bespectacled programmer. (Refer to this link to see why I started laughing uncontrollably at this stage).

For all its implausible plotting, the book got me thinking thinking. In our blog posts, some of us have talked about the exchange of money in virtual worlds, while others have discussed at length the issue of how the government may or may not interfere in the running of virtual worlds. Still others have addressed the issue of compulsive gaming. But no one has assessed the possibility that a virtual world may be so appealing that people will switch their allegiances from a real world country to a virtual entity.

Yes, yes, laugh it up—I know it sounds ridiculous, but heard me out. We already have virtual worlds where it is possible to generate enough money to sustain real world lifestyles, and where it is possible to create products and possess intellectual property rights over those products. It would appear that at the very least that the foundations are in place for the establishment of a sophisticated virtual economy that could sustain not only an individual’s online avatar, but his or her real world existence. We also know that many people find their virtual personas to be more satisfying than their real world existences. Think about how people buy bits of real estate on the moon from random websites… it’s entirely possible that a few borderline cases would declare their allegiance to a virtual nation if given the chance to do so. With the introduction of immersive sensory VR equipment (under active development by many, many companies), it is even possible that others who would previously have laughed at the idea of “living” in an illusory virtual world may choose to move to more virtual locales.

What I’m interested in is the real world response to these people. Obviously, the first response from real world residents would be disbelief and derision—but what would this achieve? The newly minted virtual citizens would be comfortably ensconced in their new country, safe from the badgering of their real world counterparts.

If enough people switched allegiances to the virtual country, the government of whatever real world country they were logging into the virtual world from would be faced with many dilemmas. Would the renouncement of citizenship be recognized as valid? If the renouncement was deemed valid, but the virtual nation not recognized, what would the status of the virtual citizens be in the real world? Would it be legal to tax these people? If not, how would the government deal with those people who take up virtual citizenship for the sole purpose of evading real world taxes? Inherent in all of these questions is the very knotty issue of whether or not a virtual country can actually possess any real world validity. It’s a question that I, as a lowly engineer, am ill equipped to answer and one on which I’d like to hear back from all of you.

Of course, the chances of all this happening anytime soon are virtually nil. It is much more likely that any website offering virtual citizenship is a front for a document fraud scheme (“We will issue your new VirtuaLand passport as soon as you renounce your citizenship by giving us your US passport”), or some such nefarious activity. Perhaps Mr. Clancy wasn’t so far off, after all…

After a few days of hanging around in their chat rooms, I began to realize that there were two kinds of “hackers.” One was the kind of person who clearly knew his or her stuff (i.e. could give you tips on how best to create a buffer overflow exploit); the other was the guy who romped into the channel and shouted out to everyone, “DOES ANY1 HERE NO HOW TO HAX0R HOTMALE LOL!!!11”

This person annoyed everyone. Not only did he lack proper spelling and netiquette; he also pretended to know a lot of things about hacking (even though his knowledge of amounted to ripping other peoples’ solutions off BBS boards and using them to break into his girlfriend’s account so that he could find out whether or not she was cheating on him). I soon learned that these idiots were known as script kiddies, and that talking to them was the conversational equivalent of hammering a nail into your thigh: it hurt.

What I’m getting at is that these people had very few technical skills, and were therefore forced to resort to other means in order to get their hands on sensitive information. These means often included unintentionally brilliant acts of social engineering. Consider this social engineering attack by a script kiddie that has been immortalized in nerd cultures the world over:

Cthon98> hey, if you type in your pw, it will show as stars
Cthon98> ********* see!
AzureDiamond> hunter2
AzureDiamond> doesnt look like stars to me
Cthon98> *******
Cthon98> thats what I see
AzureDiamond> oh, really?
Cthon98> Absolutely
AzureDiamond> you can go hunter2 my hunter2-ing hunter2
AzureDiamond> haha, does that look funny to you?
Cthon98> lol, yes. See, when YOU type hunter2, it shows to us as *******
AzureDiamond> thats neat, I didnt know IRC did that
Cthon98> yep, no matter how many times you type hunter2, it will show to us as *******
AzureDiamond> awesome!
AzureDiamond> wait, how do you know my pw?
Cthon98> er, I just copy pasted YOUR ******’s and it appears to YOU as hunter2 cause its your pw
AzureDiamond> oh, ok.

We come away with a couple of interesting points from this rather entertaining exchange. First, the average user who manages to plug in a DSL modem and fire up a browser has very little understanding of the kinds of security landmines that litter the internet.  Secondly, no matter how many times you tell people to keep passwords to themselves, they’ll be perfectly willing to give them away under the right (or wrong, depending on your point of view) circumstances. The importance of password secrecy will only sink in once that nice prince from Nigeria makes off with their life savings. No amount of education will prevent that one person from giving away his password and blowing network security out of the door.

The final, and in my mind most important insight to be gained is an understanding of the danger posed by a script kiddies. Many of them break into computers because they think its cool, using tools that they really don’t understand. Their poor understanding of the tools they wield means that they are indiscriminate in their choice of targets, often doing more damage than they thought they were setting out to do. Consider, for example, the case of 16 year old “Mafiaboy” who used freely available tools to orchestrate a distributed denial of service attack on Yahoo, Amazon and Dell websites, losing the targeted sites over $1.7 billion in under a day. Furthermore, because there are so many more script kiddies than real hackers, script kiddies do much more damage. Once you get rid of these juvenile menaces, the internet will become a much safer place.

Unfortunately, the first indication that a script kiddie is on the loose is often a ten thousand computer zombie botnet launching a costly DDoS attack on some innocent site. The only way to prevent them from doing mischief is to lock down the common exploits used by script kiddies to compromise computers. And to do that, we either need to improve the security consciousness of the average computer user, or get software and hardware manufacturers to lock their products down “out of the box.”

Could someone please get Microsoft on the phone?

The reason I bring up this rather personal and embarrassing story is to frame my response to the problem of compulsive online gaming. Many people on forums such as Slashdot seem to think that it is a non-issue. Video games, they say, are for children. They are harmless to adults, and as such, don’t merit serious attention from overburdened public agencies. Bizarrely, these are the same people who also argue that video games are the source of all violence and misanthropy among America’s youth. Go figure.

Don’t get me wrong: I am a strong believer in personal freedom. If a person decides to play MMORPGs all day long to the exclusion of all else, it is his or her choice to do. At some stage however, the instinct to prevent a fellow human being from spiraling into virtual oblivion kicks in and trumps ideology. To normal, well-adjusted people, stories of gaming-induced suicides and absenteeism seem ridiculous. But as several other posters have pointed out, these people were so thoroughly drawn into their virtual worlds that their virtual existence actually becomes their real existence. Stories like this only serve to show why people find these worlds so engrossing. An excerpt:

“In his death throes Hakkar [a WoW “boss” enemy] hits foes with a “corrupted blood” infection that can instantly kill weaker characters. 

The infection was only supposed to affect those in the immediate vicinity of Hakkar’s corpse but some players found a way to transfer it to other areas of the game by infecting an in-game virtual pet with it. 

This pet was then unleashed in the orc capital city of Ogrimmar and proved hugely effective as the Corrupted Blood plague spread from player to player. 

Although computer controlled characters did not contract the plague, they are said to have acted as “carriers” and infected player-controlled characters they encountered.” 

The important thing to note here is that Blizzard’s programmers didn’t intend for the plague to spread. It would appear that once players are introduced into the mix, online worlds takes on a will of their own, resulting in experiences that are more than just “games.” Perhaps we don’t need MMORPG-ers Anonymous just yet, but with online games attracting more than ten million players worldwide, the day is not far off when society is going to have to deal with the issue of compulsive gaming in the same way it has tried to deal with other seemingly addictive activities such gambling or drugs.

This is the kind of behavior that gives television executives peptic ulcers. Honestly, I can see where they are coming from: they spend hundreds of millions of dollars developing several television shows each year, all in the hope that one or two of them will meet with audience approval and recoup the costs of production, and perhaps turn a profit. To protect their bottom line, they need to protect their advertising revenue streams—they simply can’t afford to give away advertisement-free versions of their products.

One gets the feeling that television broadcasters are at the same place the RIAA was when Napster was at the peak of its popularity back in 2000: they are pushing tired products upon consumers who not only understand that they are in charge, but are willing to go to great lengths to provide for themselves the level of flexibility and convenience that media providers are either unwilling or incapable of providing.

However, instead of suing their customers into oblivion, and trying to preserve the status quo, the television industry (or at least parts of it) has decided to take a different tack. According to several sources, ABC will be offering four of its fall lineup prime time TV shows online—for free. Yes, you can now get your fill of suburban hausfraus being naughty, as well as Jennifer Garner kicking 21 flavors of butt online. For free.

It is an inspired plan, and one I can’t believe has taken so long for broadcasters to stumble upon. The idea is simple: ABC puts its shows online the night after it airs on television. Advertisements are embedded in the streaming video, and the flash player is rigged so that the user cannot fast forward through them. Using this scheme, ABC is able to avoid cannibalizing its existing television advertisement revenues, and also gains a foothold in the online advertisement market. The online advertisements may, depending on the popularity of the online service, be more lucrative than their television counterparts. After all, nothing is stopping a television viewer from going to the bathroom during an ad; an online viewer, on the other hand, must manually press play after the end of an online ad, thus increasing product recognition for the product being advertised. The possibility even exists for market segmentation, as ABC has demonstrated by limiting online access to only US audiences. Only a determined foreigner with access to a US proxy can watch the online offerings.

The only downside I can see to this entire plan is the fact that video is not of a very high quality, and the fact that it is limited to a flash player. Given that it is free and legal, however, I am willing to make allowances. It certainly beats having to make another trip to Dean Herbold’s office for copyright infringement any day of the week.

There are ethical ramifications here to be sure, but what interests me more is the kind of technology required to monitor terabytes upon terabytes of information passing through a switching center at any given moment.

According to the EFF, the NSA compelled AT&T to install equipment manufactured by a private company Narus Inc. Narus’ latest generation of products is capable of monitoring over 10 billion bits of data per second. For those of you are into weird units of measurement, this equipment gives the operator the ability to monitor about about one Library of Congress worth of information every twenty seconds. In more concrete terms, one of these terminals is able to monitor all of the network traffic of ten Princeton sized campuses simultaneously.

Of course, the ability to simply log the traffic is of little use—the sheer volume of data involved means that any useful patterns are hidden by a torrent of irrelevant information. To this end Narus bundles software that is capable of carrying out analysis on the logged data that goes beyond the usual “this is an email packet” or “this is a Bittorrent packet.” By using something called semantic data analysis, their software is capable of categorizing not only what kind of packet is passing through the monitoring point, but what it means. This is done through a complex correlation analysis involving traffic patterns of not only the monitoring point in question, but the traffic patterns at other stations.

In a sign of the times, Narus has also incorporated a Lawful Intercept and Regulatory Compliance module into their monitoring software, supposedly enabling telecommunications carriers to rapidly respond to requests from law enforcement agencies for information on network traffic. A quick look at flowchart for the operation of this module implies something much more nefarious:

Notice that a “lawful authorization” entity basically has the ability to trigger the forwarding of data from the telecommunications provider’s delivery service to the law enforcement agency’s collection module. There does not appear to be any process of confirmation or feedback communication from the telco to the entity holding lawful authorization in the diagram, or any definition of what “lawful authorization” actually means. The implication is that any government entity can, if it so chooses, monitor and spy on network traffic without network users (or, apparently, the telecom provider) knowing that their communications are being watched.

Of course, Narus and the telecommunications industry would have you believe that these are all tools that are used to monitor network threats (viri, DDOS attacks and the like), and not to snoop on unsuspecting network users. And at first, this sounds reasonable. As Narus says on its website, explosive Internet growth in recent years has transformed worldwide communications, yielding tremendous efficiencies and benefits, as well as many risks. Network tools have to be updated and improved to deal with these risks.

Unfortunately, occurrences like these, where former Directors of the NSA are made directors on Narus’ board reduce the credibility of such arguments. Narus is tied into the highest levels of the national security apparatus, and given the government’s recent move towards weakening wiretap laws, it seems likely that Narus’ products are being developed more to facilitate covert government monitoring of network traffic on major telecommunications networks, and less to ensure the upkeep and integrity of the Internet.

Thanks for your patience.