Snocap, a company involving Napster founder Shawn Fanning, is trying to enable new peer-to-peer networks that identify copyrighted works and charge users for receiving them, according to Jeff Leeds' story in Friday's New York Times. Snocap is not itself building the P2P network(s), but is supplying the payment and song-identification technology.

Based on press accounts, it appears that the Snocap uses audio fingerprinting technology, which reduces an audio track to a short binary description and then looks that description up in a database containing the descriptions of many known works. The Snocap application will check the fingerprints of the songs it is sharing, and will charge the user accordingly.

In my Rip/Mix/Burn lecture, I talked about how Napster had solved one half of the digital music problem – how to distribute the music – but had ignored the other half – how to manage payment. It turned out that distribution was by far the easier problem to solve; and Napster just left the payment problem for later. You couldn't pay on Napster, even if you wanted to. Now Snocap will give you a way to pay, at least for songs whose copyright owners register them with Snocap.

Let's think about how a P2P system based on Snocap might work. When users want to share a file, Snocap will compute the file's audio fingerprint and look up that fingerprint in the database. One of three things will happen:

• the file is in the database and the copyright owner has stated conditions for its use,
• the file is in the database and the copyright owner hasn't told Snocap anything about the rules for its use, or
• the file isn't in the database.

In the first case, the system will clearly enforce the copyright owner's rules. In the second case, the system knows what the file is, and the file is almost certainly copyrighted, so the system would probably have to deny access to the file.

The third case is the really interesting one. One could argue that the system should deny access here too, since the file is probably copyrighted by somebody, and ignorance of the copyright owner's identity is no excuse for infringement.

But what if the system allows the distribution of unrecognized files, arguing that the copyright owner is free to register the file with Snocap if he really wants to be paid? Is this enough to shield the P2P operator from liability if the file is infringing? This might make an interesting moot-court case.

But perhaps the P2P operator's main concern is not to comply with the law, but to reduce the probability of facing a big lawsuit (whether or not that lawsuit has merit). In that case, all that really matters is whether Snocap allows the P2P vendor to kiss up to the big record companies – as long as their content is in Snocap's database, then they won't have grounds to sue the P2P vendor. If this is really the innovator's best strategy, it's a sad commentary on the state of copyright law.

At the moment we don't know much about Snocap or how it would be used in P2P networks. Once we see P2P networks using Snocap (if we ever do), we'll be able to see how they have chosen to address these questions.

UPDATE (7:30 PM): This post originally assumed that Snocap itself was creating a P2P network, rather than just creating the song identification and payment tools. It's now updated to fix this error. Thanks to Derek Slater for pointing out my earlier error.

Ben Edelman offers a nice dissection of the latest End User License Agreement (EULA) from Gator. It has to be one of the worst EULAs ever written. Below are some highlights; see Ben's post if you want more details.

[Background about Gator: Many people say Gator's product is spyware. Gator has a habit of threatening those people, to get them to say "adware" instead of "spyware". Draw your own conclusions.]

For starters, the EULA is nearly 6000 words, or 63 on-screen pages. Worse, Gator has taken affirmative steps to make the EULA harder to read, harder to understand, and harder to save. They eliminated helpful formatting, such as boldface section titles, and they removed a button that let you capture the EULA text in Notepad for searching or printing. (Both features were present in previous iterations of the Gator EULA.)

The EULA forbids the use of packet sniffers to determine what information the Gator software is sending out about you.

Worst of all, the EULA forbids you from removing the Gator software, except by removing all of the programs that came bundled with Gator. (It's not clear how you're supposed to figure out which programs those are.) Even if you remove all of the programs bundled with Gator, this would only invoke the removal program that Gator provides, which may or may not actually remove all of Gator from your system.

EULAs like this seem designed to create as many unsuspecting or inadvertent violations as possible. James Grimmelmann argues that this is just a tactic to give Gator legal ammunition in case their users sue them, the idea being that anybody suing Gator would face counterclaims for breach of the EULA. That seems plausible, but I doubt it's the whole story.

To the extent that the EULA gives Gator legal leverage over its users, that leverage could be used to deter criticism of Gator, and not just lawsuits. Experience has shown that some companies, especially ones with dodgy products, do use what legal leverage they have against their critics. If I planned to criticize Gator in detail, I would worry about this issue.

There are two solutions to this overEULAfication problem. A court could throw out this kind of egregious EULA, or at least narrow its scope. Alternatively, users could raise the price of this behavior by refusing to use overEULAfied products. Realistically, this will only happen if users are given the tools to do so.

The best kind of tool for this purpose is information. I would love to see a "EULA doghouse" site that listed products with excessive EULAs, or that rated products by the content of their EULAs. At the very least, EULA evaluation could become standard procedure for people writing reviews of software products. Unfortunately, there hasn't been much progress on this front.

There's a budding format war in the movie industry, over which video medium will replace the DVD. The candidates are called HD-DVD and Blu-Ray. For some reason, HD-DVD advocates are claiming that their format can better resist unauthorized copying.

As far as I can tell, there is essentially zero evidence to support this claim. In fact, as James Grimmelmann neatly argues, there is really no reason to think that either of these technologies will be effective at stopping peer-to-peer sharing. Here's James:

Already I'm confused. What will changing the physical format of non-interactive discs do to "stem rampant piracy?" The new format will have to be readable by some class of devices. It will have to be writable by some other class of devices. The level of "rampant piracy" of DVDs has never been a function of the weakness of CSS; the level of rampant piracy of HD-DVDs won't be a function of the weakness or strength of the encryption algorithm.

Making HD-DVDs harder to copy than DVDs would take one of three things:

• It's not practical to get at the bits except to throw them immediately up on the screen. But this would mean no HD-DVD readers or writers for computers – and the equipment vendors have been saying that HD-DVD drives for computers are one of their major markets.
• The discs (or disc substitutes) are in some way "smart" and do a two-way handshake with the computer so that you can't, as with CSS, extract a key once and use it forever. But that would raise the manufacturing costs immensely, which defeats one of the major design goals.
• The discs are individuated and the readers have to check in with home base to be authorized to read a particular disc and get its particular key. But this would require every HD-DVD device to have an Internet connection.

Actually, they would probably have to do all three of these things, and more, to make any dent in P2P copying. The system will be attacked at its weakest point. If they fix only one or two of their many problems, the remaining one(s) will still be fatal.

Reporters and industry analysts are still surprisingly gullible about DRM vendors' claims. What we have here is essentially a replay of the early security claims about DVDs, which turned out to be spectacularly wrong.

Perhaps people are drawing the wrong lesson from the failure of DVDs to prevent copying. It's true that the CSS encryption system used on DVDs turned out to be laughably weak. But, as James notes, that wasn't even the biggest problem in the DVD anti-copying strategy. Indeed, if you replaced CSS with an utterly unbreakable encryption system, DVDs would still have been easy to copy, by capturing the data after it was decrypted, or by reverse-engineering a player to learn the secret decryption key.

Here's a good rule of thumb for reporters and analysts: If somebody claims to have solved a security problem that nobody has ever solved in practice before, don't believe them unless they present independently verified evidence to support their claim.

Lycos Europe is distributing a screen saver that launches denial of service attacks on the websites of suspected spammers, according to a Craig Morris story at Heise Online. The screen saver sends dummy requests to the servers in order to slow them down. It even displays information to the user about the current attack target.

This is a serious lapse of judgment by Lycos. For one thing, this kind of vigilante attack erodes the line between the good guys and the bad guys. Spammers are bad because they use resources and keep people from getting to the messages they want to read. If you respond by wasting resources and keeping people from getting to the websites they want to read, it's hard to see what separates you from the spammers.

This kind of attack can be misdirected at innocent parties. The article says that Lycos is attacking sites on the SpamCop blocklist. That doesn't fill me with confidence – this site has been on the SpamCop blocklist at least once, despite having nothing at all to do with spam. (The cause was an erroneous complaint, coupled with a hair-trigger policy by SpamCop.)

We also know that spammers have a history of trying to frame innocent people as being sources of spam. A basic method for doing this is common enough to have a name: "Joe job". Attacking the apparent sources of spam just makes such misdirection more effective.

And finally, there's the question of whether this is legal. The Heise Online article reaches no conclusion about its legality in Germany, and I don't know enough to say whether it's legal in the U.S. Lycos argues that it's not really a denial of service attack because they're careful not to block access to the sites completely. But they do brag about raising the sites' costs and degrading the experience of the sites' users. That's enough to make it a denial of service attack in my book.

This idea – attacking spammer sites – is one that surfaces occasionally, but usually cooler heads prevail. It's a real surprise to see a prominent company putting it into action.

[Link via TechDirt. And did I mention that TechDirt is a great source of interesting technology news?]

UPDATE (Dec. 6): Lycos has now withdrawn this program, declaring implausibly that it has succeeded and so is no longer needed.

An AP story nicely summarizes the controversy over the U.S. government's plan to add RFID chips to U.S. passports, starting in 2005.

The chips will allow the passport holder's name, date of birth, passport issuance information, and photograph to be read by radio. Opponents claim that the information will be readable at distances up to thirty feet (about nine meters). This raises privacy concerns about government monitoring, for example of attendance at political rallies, and about private monitoring, especially overseas.

I would certainly feel less safe in certain places if I knew that anybody there could remotely identify me as a U.S. citizen. I would feel even less safe knowing that anybody could get my name and look me up in a database or Google me.

A U.S. government representative says that there is "little risk" to privacy "since we plan to store only currently collected data with a facial image." In other words, they're going to take information currently available only to people to whom I hand my passport, plus some extra information, and make it available to everybody who comes near me. Gee, that makes me feel much better.

There is some discussion of encrypting the information, or requiring the passport holder to enter a PIN number to unlock the information. Either of these is some help, but unless the system is designed very carefully, it could still allow dangerous leakage of information.

What I don't understand is why passports should ever be readable at a distance. Passports should reveal their information only to people or devices who can make physical contact to the inside of the passport. Certainly that's enough for the immigration agent at the airport, or for any official who asks to inspect the passport. If the officials are doing their jobs, they'll want to see the physical passport and hold it in their hands anyway.

Oddly, the government's response to concerns about remote passport reading is to try to limit when the passport can be read remotely. They propose storing the passport in a conductive plastic bag that blocks radio signals, or building a conductive screen into the passport's covers so that it can be read remotely only when the passport is opened. Either approach adds unnecessary risk – the passport might be read by somebody else when it's opened.

The right solution, which opponents should advocate, is to remove radio tags from passports altogether, and replace them with contact-readable electronic information.

A Federal judge in California recently dismissed wiretapping charges against a man who installed a "keylogger" device on the cable between a woman's keyboard and her computer. I was planning to write a reaction to the decision, but Orin Kerr seems to have nailed it already.

This strikes me as yet another example of a legal analyst (the judge, in this case) focusing on one layer of a system and not seeing the big picture. By fixating on the fact that the interception happened at a place not directly connected to the Internet, the judge lost sight of the fact that many of the keystrokes being intercepted were being transmitted over the Net.

The Electronic Frontier Foundation has named its first advisory board. I'm on it, along with Michael Froomkin, Paul Grewal, Jim Griffin, David Hayes, Mitch Kapor, Mark Lemley, Eben Moglen, Deirdre Mulligan, Michael Page, Michael Traynor, and Jim Tyre.

A Xerox engineer says that color printers from Xerox and other companies print faint information in the background of printed-out pages, to identify the model and serial number of the printer that printed the pages. According to a story, the information is represented as a set of very small yellow dots. (We already knew that some printers did this. The article tells us more about how it's done.)

We have a Xerox color printer here (a Phaser 860). We tried printing out a page and looking for the dots, but we couldn't find them, even with the aid of a magnifying glass and blue LED light. If anybody can find the dots on their output, please let me know.

There are still several unanswered questions about this scheme:

Do they use encryption, and if so, how? Even if we can find the dots and read out the digital bits they represent, we may not be able to tell what information those bits are encoding. They might be putting the model and serial number onto the page in such a way that we can learn to read them. Or perhaps they are encrypting the information so that we can't read out the identifying information but we can at least recognize whether two pages were printed on the same printer. Or perhaps they encrypt the information so that we can't tell anything without having some secret key.

If there is a secret key, who knows it? The key might be disclosed to the government so that they can extract the model and serial number from a page at will. (And if the U.S. government has the key, which other governments do?) Or the key might be known only to the printer vendor, so that the government needs the vendor's help to decode the dots. If they use public-key cryptography, then the decoding key might be known only to the government and not to the printer vendor.

Do they try to track who buys each printer? If they can extract the serial number, they might want to know who has that printer. They could try to track the passage of each individual printer through the supply chain, to get an idea of who might have bought it. They might also build a database of information gleaned through service calls and warranty registrations.

What we know already is enough to make privacy advocates itchy. It's probably possible to design a system that raises fewer privacy issues, while still allowing certain limited use of printer-specific marks as courtroom evidence. For example, one could build a system so that somebody who has physical possession of a printer, and physical possession of a printed page, and access to a special crypto key, can tell whether or not that page was printed by that printer, but can't learn anything else.

Yesterday, a team of social scientists from UC Berkeley released a study of the effect of e-voting on county-by-county vote totals in Florida and Ohio in the recent election. It's the first study to use proper social-science modeling methods to evaluate the effect of e-voting.

The study found counties with e-voting tended to tilt toward Bush, even after controlling for differences between counties including past voting history, income, percentage of Hispanic voters, voter turnout, and county size. The researchers estimate that e-voting caused a swing in favor of Bush of up to 260,000 votes in Florida. (A change of that many votes would not be enough to change the election's result; Bush won Florida by about 350,000 votes.)

No e-voting effect was found in Ohio.

The study looks plausible, but I don't have the expertise to do a really careful critique. Readers who do are invited to critique the study in the comments section.

Regardless of whether it is ultimately found credible, this study is an important step forward in the discourse about this topic. Previous analyses had shown differences, but had not controlled for the past political preferences of individual counties. Skeptics had claimed that "Dixiecrat" counties, in which many voters were registered as Democrats but habitually voted Republican, could explain the discrepancies. This study shows, at least, that the simple Dixiecrat theory is not enough to refute the claim that e-voting changed the results.

Assuming that the study's authors did their arithmetic right, there are two possibilities. It could be that some other factor, beyond the ones that the study controlled for, can explain the discrepancies. If this is the case, we can assume somebody will show up with another study demonstrating that.

Or it could be that e-voting really did affect the result. If so, there are several ways this could have happened. One possibility is that the machines were maliciously programmed or otherwise compromised; I think this is unlikely but unfortunately the machines are designed in a way that makes this very hard to check. Or perhaps the machines made errors that tended to flip some votes from one candidate to the other. Even random errors of this sort would tend to affect the overall results, if e-voting counties different demographically from other counties (which is apparently the case in Florida). Another possibility is that e-voting affects voter behavior somehow, perhaps affecting different groups of voters differently. Maybe e-voting scares away some voters, or makes people wait longer to vote. Maybe the different user interface on e-voting systems makes straight party-line voting more likely or less likely.

This looks like the beginning of a long debate.

TiVo has announced that it will overlay banner ads on viewers' TV screens when they fast-forward while replaying recorded shows. Many commentators (such as Cory Doctorow) have criticized this move, though Kevin Werbach says it's no big deal.

As a TiVo user, I'm not sure what to think about this. I would be happier if TiVo didn't do it, but I'm not surprised that they're trying to sell the ad space available to them.

There are actually two reasons I want to skip ads. First, I don't want to wait around while the ad is on. Second I sometimes don't want to see the ad content at all. (This is especially likely if there are kids around.) If TiVo's new ads are only shown while I'm fast-forwarding anyway, then they won't make me wait any longer than I would without the new ads. But they'll still push the banner ads in my face, which might be annoying, depending on the nature of the ads.

I wonder, though, whether TiVo isn't interfering with its customers' viewing more than it thinks. Savvy TiVo users who are sports fans know that there's a lot of dead time in televised games, even beyond the ads. For instance, fast-forwarding between batters of a baseball game (and between pitches if the pitcher is slow or the batter steps out of the batter's box) can cut the viewing time for a game in half. Things are still happening during those periods, but they're perfectly visible on fast-forward. If TiVo starts slapping banner ads over parts of the screen during these periods, this will interfere with the viewing experience.

The biggest question, I think, is whether the introduction of these ads is a single step, or the first step in a systematic redesign of the TiVo interface. The latter would be a mistake. Many TiVo users (including me) have already paid for the service, having bought a TiVo recorder and a lifetime subscription to the service, and they won't take kindly to any reduction in the quality of the service. And TiVo will face more competition in the future as MythTV gets closer to being consumer-ready.