The House has now joined the Senate in passing the Family Movie Act; the Act is almost sure to be signed into law soon by the President. (The Act is bundled with some unrelated provisions into a multi-part bill called the Family Entertainment and Copyright Act. Here I'll focus only on Section 201, called the Family Movie Act, or "FMA".)

Some people who haven't read the FMA, or haven't thought carefully enough about what it says, decry it as censorship. In fact, it is best understood as an anti-censorship proposal.

The Register, under the headline "Congress legalizes DVD Censorship" summarizes the FMA as follows:

It will soon become legal to alter a motion picture so long as all the sex, profanity, and violence have been edited out, thanks to a bill called the Family Movie Act...

Let's look at what the FMA actually says:

[The following is not an infringement of copyright:]

the making imperceptible, by or at the direction of a member of a private household, of limited portions of audio or video content of a motion picture, during a performance in or transmitted to that household for private home viewing, from an authorized copy of the motion picture, or the creation or provision of a computer program or other technology that enables such making imperceptible and that is designed and marketed to be used, at the direction of a member of a private household, for such making imperceptible, if no fixed copy of the altered version of the motion picture is created by such computer program or other technology.

There is nothing here (or elsewhere in the FMA) that says you can only skip the dirty bits. The FMA says that you can skip any portions of the movie you like, as long as the portions you skip are "limited". You can skip the clean parts if you want, as long as they make up only a limited portion, which may be the case for some movies. If the motion picture has commercials in it, you can skip the commercials. If you don't like the soccer scenes in "Bend It Like Beckham", you can watch the movie without them.

The soccer-free version of "Bend It Like Beckham" is speech. The FMA allows that speech to occur, by preventing a copyright owner from suing to block it. And the FMA does this in an ideal way, ensuring that the copyright owner on the original work will be paid for the use of their work. That's the purpose of the "from an authorized copy" and "no fixed copy" language – to ensure that a valid copy of the original work is needed in order to view the new, modified work.

Let's review. The FMA prevents no speech. The FMA allows more speech. The FMA prevents private parties from suing to stop speech they don't like. The FMA is not censorship. The FMA prevents censorship.

Last week I and 98,000 other lucky individuals received the following letter:

University of California, Berkeley
Graduate Division
Berkeley, California 94720-5900

Dear John Alexander Halderman:

I am writing to advise you that a computer in the Graduate Division at UC Berkeley was stolen by an as-yet unidentified individual on March 11, 2005. The computer contained data files with names and Social Security numbers of some individuals, including you, who applied to be or who were graduate students, or were otherwise affiliated with the University of California.

At this time we have no evidence that personal data were actually retrieved or misused by any unauthorized person. However, because we take very seriously our obligation to safeguard personal information entrusted to us, we are bringing this situation to your attention along with the following helpful information.

You may want to take the precaution of placing a fraud alert on your credit file. This lets creditors know to contact you before opening new accounts in your name. This is a free service which you can use by calling one of the credit bureau telephone numbers:

Equifax 1-800-525-6285     Experian 1-888-397-3742     Trans Union 1-800-680-7289

To alert individuals that we may not have reached directly, we have issued a press release describing the theft. We encourage you to check for more details on our Web site at http://newscenter.berkeley.edu/security/grad. The following Web sites and telephone numbers also offer useful information on identity theft and consumer fraud.

California Department of Consumer Affairs, Office of Privacy Protection:
http://www.privacy.ca.gov/cover/identitytheft.htm

Federal Trade Commission’s Website on identity theft: http://www.consumer.gov/idtheft/

Social Security Administration fraud line: 1-800-269-0271

Unfortunately, disreputable persons may contact you, falsely identifying themselves as affiliated with US Berkeley and offer to help. Please be aware that UC Berkeley will only contact you if you ask us, by email or telephone, for information. We recommend that you do not release personal information in response to any contacts of this nature that you have not initiated.

UC Berkeley deeply regrets this possible breach of confidentiality. Please be assured that we have taken immediate steps to further safeguard the personal information maintained by us. If you have any questions about this matter, please feel free to contact us at idalert@berkeley.edu or toll free at 1-800-372-5110.

Sincerely,
Jeffrey A. Reimer
Associate Dean

In a few days I'll post more about my experience with the "fraud alert" procedure.

UPDATE 11:45pm – I should add that I gave Berkeley my 'personal data' when I applied to their computer science PhD program in 2003. (I ended up at Princeton.) Why, two years later, are they still holding on to this information?

A story is circulating about a Finnish company called Viralg, which claims to have a product that "blocks out all illegal swapping of your data". There is also a press release from Viralg.

This shows all the signs of being a scam or hoax. The company's website offers virtually nothing beyond claims to be able to totally eradicate file swapping of targeted files. The "Company" page has no information about the company or who works for it. The "Customers" page does not mention any specific customers. The "Testimonials" page has no actual testimonials from customers or anybody else. The "Services" page refers to independent testing but gives no information about who did the testing or what specifically they found. The "Contacts" page lists only an email address. There is no description of the company's technology, except to say that it is a "virtual algorithm", whatever that means. Neither the website nor the Viralg press release nor any of the press coverage mentions the name of any person affiliated with Viralg. The press release uses nonsense technobabble like "super randomized corruption".

The only real technical information available is in a patent application from Viralg, which describes standard, well-known methods for spoofing content in Kazaa and other filesharing networks. If this is the Viralg technology, it certainly doesn't provide what the website and press release claim.

My strong suspicion is that the headline on the Slashdot story – "Finnish Firm Claims Fake P2P Hash Technology" – is correct. But it's not the hashes that look fake, it's the technology.

Last week, specifications were released for AACS, an encryption-based system that may be used on next-generation DVDs. You may recall that CSS, which is currently used on DVDs, is badly misdesigned, to the point that I sometimes use it in teaching as an example of how not to use crypto. It's still a mystery how CSS was bungled so badly. But whatever went wrong last time wasn't repeated this time – AACS seems to be very competently designed.

The design of AACS seems aimed at limiting entry to the market for next-gen DVD players. It will probably succeed at that goal. What it won't do is prevent unauthorized filesharing of movies.

To understand why it meets one goal and not the other, let's look more closely at how AACS manages cryptographic keys. The details are complicated, so I'll simplify things a bit. (For full details see Chapter 3 of the AACS spec, or the description of the Subset Difference Method by Naor, Naor, and Lotspiech.) Each player device is assigned a DeviceID (which might not be unique to that device), and is given decryption keys that correspond to its DeviceID. When a disc is made, a random "disc key" is generated and the video content on the disc is encrypted under the disc key. The disc key is encrypted in a special way and is then written onto the disc.

When a player device wants to read a disc, the player first uses its own decryption keys (which, remember, are specific to the player's DeviceID) to unlock the disc key; then it uses the disc key to unlock the content.

This scheme limits entry to the market for players, because you can't build a player without getting a valid DeviceID and the corresponding secret keys. This allows the central licensing authority, which hands out DeviceIDs and keys, to control who can make players. But there's another way to get that information – you could reverse-engineer another player device and extract its DeviceID and keys, and then you could make your own players, without permission from the licensing authority.

To stop this, the licensing authority will maintain a blacklist of "compromised" DeviceIDs. Newly manufactured discs will be made so that their disc keys can be unlocked only by DeviceIDs that aren't on the blacklist. If a DeviceID is added to the blacklist today, then players with that DeviceID won't be able to play discs that are manufactured in the future; but they will still be able to play discs manufactured in the past.

CSS used a scheme rather like this, but there were only a few distinct DeviceIDs. A large number of devices shared a DeviceID, and so blacklisting a DeviceID would have caused lots of player devices in the field to break. This made blacklisting essentially useless in CSS. AACS, by contrast, uses some fancy cryptography to increase the number of distinct DeviceIDs to about two billion (2 to the 31st power). Because of this, a DeviceID will belong to one device, or at most a few devices, making blacklisting practical.

This looks like a good plan for controlling entry to the market. Suppose I want to go into the player market, without signing a license with the licensing authority. I can reverse-engineer a few players to get their DeviceIDs and keys, and then build those into my product. The licensing authority will respond by figuring out which DeviceIDs I'm using, and revoking them. Then the players I have sold won't be able to play new discs anymore, and customers will shun me.

This plan won't stop filesharing, though. If somebody, somewhere makes his own player using a reverse-engineered DeviceID, and doesn't release that player to the public, then he will be able to use it with impunity to play or rip discs. His DeviceID can only be blacklisted if the licensing authority learns what it is, and the authority can't do that without getting a copy of the player. Even if a player is released to the public, it will still make all existing discs rippable. New discs may not be rippable, at least for a while, but we can expect new reverse-engineered DeviceIDs to pop up from time to time, with each one making all existing discs rippable. And, of course, none of this stops other means of ripping or capturing content, such as capturing the output of a player or infiltrating the production process.

Once again, DRM will limit competition without reducing infringement. Companies are welcome to try tactics like these. But why should our public policy support them?

UPDATE (11:30 AM): Eric Rescorla has two nice posts about AACS, making similar arguments.

A bill (HB 3245) introduced in the Texas state legislature would exempt meetings discussing "matters relating to computer security or the security of other information resources technologies" from the state's Open Meetings Act.

This seems like a bad idea. Meetings can already be closed if sufficient cause is shown. The mere fact that computer security, or matters relating to it, will be discussed should not in itself be sufficient cause to close a meeting. Computer security is a topic on which Texas, or any state or national government, needs all the help it can get. The public includes many experts who are willing to help. Why shut them out?

The bill is scheduled for a hearing on Monday in the Texas House State Affairs Committee. If you live in Texas, you might want to let the committee members know what you think about this.

(Thanks to Adina Levin for bringing this to my attention.)

Yesterday at CFP, I saw an interesting panel on the proposed radio-enabled passports. Frank Moss, a State Department employee and accomplished career diplomat, is the U.S. government's point man on this issue. He had the guts to show up at CFP and face a mostly hostile audience. He clearly believes that he and the government made the right decision, but I'm not convinced.

The new passports, if adopted, will contain a chip that stores everything on the passport's information page: name, date and place of birth, and digitized photo. This information will be readable by a radio protocol. Many people worry that bad guys will detect and read passports surreptitiously, as people walk down the street.

Mr. Moss said repeatedly that the chip can only be read at a distance of 10 centimeters (four inches, for the metric-impaired), making surreptitious reading unlikely. Later in the panel, Barry Steinhardt of the ACLU did a live demo in which he read information off the proposed radio-chip at a distance of about one meter, using a reader device about the size of a (closed) laptop. I have no doubt that this distance could be increased by engineering the reader more aggressively.

There was lots of back-and-forth about partial safeguards that might be added, such as building some kind of foil or wires into the passport cover so that the chip could only be read when the passport was open. Such steps do reduce the vulnerability of using remotely-readable passports, but they don't reduce it to zero.

In the Q&A session, I asked Mr. Moss directly why the decision was made to use a remotely readable chip rather than one that can only be read by physical contact. Technically, this decision is nearly indefensible, unless one wants to be able to read passports without notifying their owners – which, officially at least, is not a goal of the U.S. government's program. Mr. Moss gave a pretty weak answer, which amounted to an assertion that it would have been too difficult to agree on a standard for contact-based reading of passports. This wasn't very convincing, since the smart-card standard could be applied to passports nearly as-is – the only change necessary would be to specify exactly where on the passport the smart-card contacts would be. The standardization and security problems associated with contactless cards seem to be much more serious.

After the panel, I discussed this issue with Kenn Cukier of The Economist, who has followed the development of this technology for a while and has a good perspective on how we reached the current state. It seems that the decision to use contactless technology was made without fully understanding its consequences, relying on technical assurances from people who had products to sell. Now that the problems with that decision have become obvious, it's late in the process and would be expensive and embarrassing to back out. In short, this looks like another flawed technology procurement program.

Yesterday the RIAA announced lawsuits against many college students for allegedly using a program called i2hub to swap copyrighted music files. RIAA is trying to paint this as an important step in their anti-infringement strategy, but it looks to me like a continuation of what they have already been doing: suing individuals for direct infringement, and trying to label filesharing technologies (as opposed to infringing uses of them) as per se illegal.

The new angle in this round of suits is that i2hub traffic uses the Internet2 network. The RIAA press release is careful to call Internet2 a "specialized" network, but many press stories have depicted it a private network, separate from the main Internet. In fact, Internet2 is not really a separate network. It's more like a set of express lanes for the Internet, built so that network traffic between Internet2 member institutions can go faster.

(The Washington Post article gets this point seriously wrong, calling Internet2 "a faster version of the Web", and saying that "more and more college students have moved off the Web to trade music on Internet2, a separate network ...".)

Internet2 has probably been carrying a nonzero amount of infringing traffic for a long time, just because it is part of the Internet. What's different about i2hub is not that some of its traffic goes over Internet2, but that it was apparently structured so that its traffic would usually travel over Internet2 links. In theory, this could make transfer of any large file, whether infringing or not, faster.

The extra speed of Internet2 doesn't seem like much of an issue for music files, though. Music files are quite small and can be downloaded pretty quickly on ordinary broadband connections. Any speedup from using i2hub would mainly affect movie downloads, since movie files are much larger than music files. And yet it was the music industry, not the movie industry, that brought these suits.

Given all of this, my guess is that the RIAA is pushing the Internet2 angle mostly for policial and public relations reasons. By painting Internet2 as a separate network, the RIAA can imply that the transfer of infringing files over Internet2 is a new kind of problem requiring new regulation. And by painting Internet2 as a centrally-managed entity, the RIAA can imply that it is more regulable than the rest of the Internet.

Another unique aspect of i2hub is that it could only be used, supposedly, by people at univerisities that belong to the Internet2 consortium, which includes more than 200 schools. The i2hub website pitches it as a service just "by students, for students". Some have characterized i2hub as a private filesharing network. That may be true in a formal sense, as not everybody could get onto i2hub. But the potential membership was so large that i2hub was, for all intents and purposes, a public system. We don't know exactly how the RIAA or its agents got access to i2hub to gather the information behind the suits, but it's not at all surprising that they were able to do so. If students thought that they couldn't get caught if they shared files on i2hub, they were sadly mistaken.

[Disclaimer: Although some Princeton students are reportedly being sued, nothing in this post is based on inside information from those students (whoever they are) or from Princeton. As usual, I am not speaking for Princeton.]

The technology for measuring TV and radio audiences is about to change in important ways, according to a long and interesting article, in yesterday's New York Times Magazine, by Jon Gertner. This will have implications for websites, online media, and public life as well.

Standard audience-measurement technology, as used in the past by Nielsen and Arbitron, paid a few consumers to keep diaries of which TV and radio stations they watched and listened to, and when. Newer technology, such as Nielsen's "people meters", actually connect to TVs and measure when they are on and which channel they are tuned to; family members are asked to press buttons saying when they start and stop watching. People meter results were surprisingly different than diary results, perhaps because people wrote in their diaries the shows they planned to watch, or the shows they liked, or the shows they thought others would want them to be watching, rather than the shows they really did watch.

The hot new thing in audience measurement involves putting quiet watermarks (i.e., distinctive audio markers) in the background of shows that are broadcast, and then paying consumers to wear beeper-like devices that record the watermarks they hear. A key advantage of this technology, from the audience monitor's viewpoint, is that it records what the person hears whereever they go. For example, current Nielsen ratings for TV only measure what people see on their own television at home. Anything seen or heard in a public place, or on the Internet, doesn't factor into the ratings. That is going to change.

Another use of the new technology puts a distinctive watermark in each advertisement, and then record which ads people hear. When this happens – and it seems inevitable that it will – advertisers will be willing to pay more for audio ads in public places and on the Net, because they'll be able to measure the effect of those ads. Audio ads will no longer be coupled to radio and TV stations, but will be deliverable by anybody who has people nearby. This will mean, inevitably, that we'll hear more audio ads in public places and on the Net. That'll be annoying.

Worse yet, by measuring what people actually hear, the technologies will strengthen advertisers' incentives to deliver ads in ways that defeat the standard measures we use to skip or avoid them. No longer will advertisers measure attempts to deliver audio ads; now they'll measure success in delivering sound waves to our ears. So we'll hear more and more audio ads in captive-audience situations like elevators, taxicabs, and doctors' waiting rooms. Won't that be nice?

Yesterday a House subcommittee on "Courts, the Internet and Intellectual Property" held hearings on interoperability of music formats. (The National Journal Tech Daily has a good story, unfortunately behind a paywall.) Witnesses spoke unanimously against any government action in this area. According to the NJTD story,

[Subcommittee chair Rep. Lamar] Smith and other lawmakers who attended the hearing agreed with the panelists. The exception was Rep. Howard Berman of California, the subcommittee's top Democrat, whose district encompasses Hollywood. He suggested that the confusing proliferation of non-compatible copy-protection technologies could be impeding the development of a legal digital-music marketplace.

What's going on here? Rep. Smith's opening statement gives some clues about the true purpose of the hearing.

Legitimate questions have been raised regarding the impact of digital interoperability on consumers. In the physical world, consumers didn’t expect that music audio cassettes were interoperable with CD players. Consumers switching from music cassettes to CDs bought the same music for $10 to $20 per CD that they already owned. Consumers accepted this since they felt they were getting something new with more value – a digital format that made every reproduction sound as good as the first playback.

Music is quickly becoming an online business with no connection to the physical world except for the Internet connection. Even that connection is increasingly becoming wireless. Some of the same interoperability issues that occur in the physical world are now appearing here. Consumers who want to switch from one digital music service to another must often purchase new music files and, sometimes, new music players.

For example, music purchased from the iTunes Music Store will only work on Apple’s iPod music player. Music purchased from Real cannot be accessed on the iPod. Last year, both companies became involved in a dispute over Real’s attempt to offer software called Harmony that would have allowed legal copies of music purchased from Real’s online music store to be playable on Apple’s iPod music player. Apple objected to this effort, calling it “hacker like” and invoking the DMCA. Apple blocked Real’s software from working a short time afterwards.

This interoperability issue is of concern to me since consumers who bought legal copies of music from Real could not play them on an iPod. I suppose this is a good thing for Apple, but perhaps not for consumers. Apple was invited to testify today, but that they chose not to appear. Generally speaking, companies with 75% market share of any business, in this case the digital download market, need to step up to the plate when it comes to testifying on policy issues that impact their industry. Failure to do so is a mistake.

As a result of disputes like the one between Apple and Real, some have suggested that efforts to boost digital music interoperability should be encouraged by regulation or legislation. Others have urged Congress to leave the issue to the marketplace and let consumers decide what it best for them.

The hearing is clearly meant to send a "we're watching you" message to Apple and others, urging them not to block interoperability.

Of course, if full interoperability is really the goal, we already have a solution that is hugely popular. It's called MP3. More likely, what the subcommittee really wants to see is a kind of pseudo-interoperability that allows products from a limited set of companies to work together, while excluding everyone else. It's hard to see how this could happen without a further reduction in competition, amounting to a cartelization of the market for digital music services.

The right public policy in this area is to foster robust competition among digital music services of all kinds. A good start would be to remove existing barriers to competition, for example by repealing or narrowing the DMCA, and to ensure that the record companies don't act as a cartel in negotiating with music services.

Alex, and others reporting on the Supreme Court arguments in the Grokster case, noticed that the justices seemed awfully interested in active inducement theories. Speculation has begun about what this might mean.

News.com is running a piece by John Borland, connecting the court discussion to last year's ill-fated Induce Act. The Induce Act, which was killed by a unanimous chorus of criticism from the technology world, would have created a broad new category of liability for companies that failed to do enough (by vaguely defined standards) to prevent copyright infringement.

(The news.com piece has a terrible headline: Court mulls P2P 'pushers'. This fails to convey the article's content, and it drops the loaded word "pushers", which appears nowhere in the article. The headline writer seems to acknowledge that the word doesn't fit, by putting it in scare-quotes, which only highlights the fact that nobody is being quoted. Don't blame John Borland; the headline was probably written by his editor. This isn't the first time we've seen a misleading headline from news.com.)

There's a big difference between the Induce Act and the kind of narrow active inducement standard that was suggested to the court. Indeed, the main advocate to the court of an active inducement standard was IEEE-USA, which testified against the Induce Act. Here, as always, the details matter. A decision by the court to adopt an active inducement standard could be very good news, or very bad news, depending on the specifics of what the court says.

The worst case, in some respects, is probably the one Fred von Lohmann mentions in the article, in which the court endorses the general idea of an inducement standard, but doesn't fill in the details. If that happens, we'll be stuck with years and years of litigation to figure out what the court meant. Regardless, it seems likely that after the court announces its decision, Congress will consider Induce Act II.