net.wars: Download speed traps

by Wendy M Grossman | posted on 14 January 2005

A friend of mine was complaining recently about the speed traps in her US state and their essential unfairness. "But," I said eventually, "couldn't people avoid getting the tickets by, you know, not speeding?"

Wendy M Grossman

Yes, she agreed, they could. But - and she went into a catalogue of unfair practices. Sudden drops in the speed limit in unexpected and illogical locations, with the signs barely visible. Irrational speed limits. Towns that derived most of their revenues from speeding tickets and the court costs her state requires convicted motorists to pay. Unethical stuff that goes way beyond the usual understanding of a speed trap as a police car lying in hiding behind a big, ol' flyover bridge.

So I guess it's harder not to speed than I thought.

I was reminded of this conversation when I read the stories about the Trojans hidden in Windows Media Player files, along with a few alleging that the Trojans might be the work of anti-piracy company Overpeer. Why Overpeer? Articles like this one claim that the company is responsible for seeding the P2P networks with spoofed files to frustrate would-be downloaders in search of copyrighted content. The company's own Web site is, to say the least, uncommunicative about any details of what its products do.

One of the madder legislative proposals of the last few years was to allow rightsholders (hey! that's all of us!) to hack into networks looking for unauthorised copies. Well, OK, this is why people call them "Congresscritters": money talks and legislation wanders down a horn behind it. (Mondegreen: "God moves in mysterious ways/He wanders down a horn"). We all knew it was wrong.

Just as we all know there's something damn well wrong with putting Trojans in DRM-wrapped video or music files, whoever does it, so that when they go online, ostensibly to check their licenses are valid, they instead surreptitiously download and install spyware, adware, or some other kind of nastyware. Though I'm grateful this vulnerability has emerged while DRM is still young, before too many people have gotten into the habit of using it. So among the more emotionally charged objections to DRM - it interferes with fair use rights, it hands over way too much control to rightsowners and software developers at the expense of the public - there is a serious, important practical objection. It can be dangerous in terms of security. Just the way the fake danger trumpeted in text-only hoax virus messages became a real one when email software began decoding attachments automatically, today's DRM design vulnerability has allowed what have been safe files to be turned into potentially dangerous ones.

"But," I hear you cry, "couldn't you avoid all this by just not downloading files from peer-to-peer networks?" Not really. P2P networks generally don't specialise in distributed DRM-wrapped files but open ones. Some P2P networks make available hashes so you can check the integrity of the file you're downloading. There are, as they say, ways. In a world where P2P networks are awash in fake files, for-pay services can use the claim that they provide better safety and reliability as a selling point, like driving on a toll road.

There is a legitimate public interest in ensuring that drivers proceed safely, and most people support speed limits and some level of enforcement thereof, even though probably every driver out there has gone above the limit sometime. There is similarly some acceptable level of police effort to catch speeders: few would oppose arresting someone going 200 miles an hour in a school zone. The line between the questionable behaviour described above, or, many people feel, UK speed cameras and the reasonable stuff, such as watching danger spots and stopping , isn't always easy to draw. But it probably goes somewhere around the point where someone starts lying about what's a safe speed (by posting obviously unreasonable limits) solely to create the conditions for entrapping motorists.

Similarly, there is a legitimate public interest in allowing creators and artists - who these days are often not the rightsholders - a temporary monopoly on controlling and profiting from their work so they can afford to go on creating. There is, in my view, also a legitimate public interest in allowing access to those works; many net.wars columns have defended file-sharing. There are certainly behaviours few would argue should be legal: I have no hesitation in describing a commercial bootleg DVD operation as piracy, and would do the same for a commercial file-sharing network that charged consumers and refused to pay artists. I would not buy such a service.

If we grant, as the present system does, that third parties may buy or lease the artists' rights, then it follows that there must be some level of enforcement of those rights that's reasonable. We know today's lawsuits and harassment aren't it, and we know (with a reaction much like the "yuck factor" they talk about in setting public policy on such scientific advances as human cloning) that actions that would be unacceptable if they were performed by hackers instead of rightsholders also aren't it. If DRM adds a whole new level of vulnerability to today's computers and networks it will have to be scrapped as an enforcement method, just as you wouldn't put speed bumps in the middle of the interstate.

Technorati tags:       
The fire hydrant wasn't there! - You can discuss this article on our discussion board.

Wendy M. Grossman’s Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, follow on Twitter or send email to netwars(at) skeptic.demon.co.uk (but please turn off HTML).