Forgot your password?
typodupeerror
Encryption Security Media Music

Clay Shirky: RIAA Succeeds Where Cypherpunks Fail 342

Posted by michael
from the sufficient-motivation dept.
scubacuda writes "Clay Shirky has an interesting take on encryption: 'The RIAA is succeeding where the Cypherpunks failed, convincing users to trade a broad but penetrable privacy for unbreakable anonymity under their personal control. In contrast to the Cypherpunks "eat your peas" approach, touting encryption as a first-order service users should work to embrace, encryption is now becoming a background feature of collaborative workspaces. Because encryption is becoming something that must run in the background, there is now an incentive to make its adoption as easy and transparent to the user as possible. It's too early to say how widely casual encryption use will spread, but it isn't too early to see that the shift is both profound and irreversible.'"
This discussion has been archived. No new comments can be posted.

Clay Shirky: RIAA Succeeds Where Cypherpunks Fail

Comments Filter:
  • by tcopeland (32225) * <{moc.dnalepoceelsamoht} {ta} {mot}> on Thursday December 18, 2003 @11:46AM (#7754418) Homepage
    ...for some reason it's not listed (at least, I couldn't find it) on the front page of shirky.com yet:

    http://www.shirky.com/writings/riaa_encryption.htm l [shirky.com].
  • Seems obvious. (Score:5, Insightful)

    by Violet Null (452694) on Thursday December 18, 2003 @11:47AM (#7754430)
    The Cypherpunks never went around suing people (that is, actually costing them money) who weren't using encryption to mask their illegal activities. The RIAA is.

    Real world practicality will always be a much better motivator than abstract idealism.
    • But... (Score:5, Insightful)

      by Nijika (525558) on Thursday December 18, 2003 @12:08PM (#7754642) Homepage Journal
      Abstract idealism often tells the future. The Cypherpunks can once again send up a resounding "told ya so!"
      • Re:But... (Score:5, Insightful)

        by mekkab (133181) on Thursday December 18, 2003 @12:23PM (#7754800) Homepage Journal
        Abstract Idealism often predicts nothing. It tells the future, but it tells a future that never happens. What about my flying car? Vacations to the moon and mars? The 5 hour work-week?

        A running joke with a colleague of mine is that if this "engineering thing" doesn't work out, we'll become professional nay-sayers. Predict doom, gloom, and failure, and when something we predict happens (statistically speaking, we have a 50/50 shot)we can say "I told ya so!"
      • >Abstract idealism often tells the future.

        Abstract idealism is too general to accurately predict anything.
    • Re:Seems obvious. (Score:5, Interesting)

      by plover (150551) on Thursday December 18, 2003 @12:28PM (#7754860) Homepage Journal
      What will be most interesting is if the crypto "wars" play out through all the theorized stages of attack, counterattack, and man-in-the-middle attacks that the cryptographers have worked out over the past 20 years. We already expect the RIAA won't take kindly to encrypted networks sharing their music, so we should expect to see some countermeasures.

      So what will be their strategy? Will they first attempt to "join" these networks, posing as users looking for Britney's latest, and entrapping systems that serve up the bits? Will they put out bogus trojaned clients on the services? "Dude, download LockTella 1.9, it's l33t!!" only to find that it hoovers up passwords and music lists, and forwards them on to DUDE@RIAA.COM?

      Will cypherpunks come to the rescue, providing signed versions of the clients? Will the users finally understand the need to verify the signatures before running them? It's a big stick -- "run an untrustworthy client, get a lawsuit."

      And finally, will this come full circle, leading to a true "Web of Trust" as originally envisioned by Zimmerman et al with PGP? I can see the further parallels to Prohibition, with entry to speakeasies controlled by passwords like "John said to tell you I'm OK" whispered through a hole in the door.

      This could be a very interesting time to live in.

      • Re:Seems obvious. (Score:5, Insightful)

        by jaxdahl (227487) on Thursday December 18, 2003 @12:49PM (#7755115)
        Or just boycott the RIAA and be a good guy and support cheap music, not downloading music you don't own. Or learn how to make your own music.
      • Re:Seems obvious. (Score:4, Informative)

        by Kallahar (227430) <kallahar@quickwired.com> on Thursday December 18, 2003 @01:11PM (#7755321) Homepage
        The reason that the RIAA is coming down so hard on file sharing is that there are so many people doing it. Years ago before napster came about, there were just as many songs available online. However, they were harder to get. Your average person wouldn't know where to go or how to get them. If RIAA is able to get the piracy back down to that level then they'll back off.

        It only takes one person to break the encryption and put a song up on the net, but if he's likely to get sued/arrested then he'll think twice, and only those "in the know" will know where to go to get the songs.
      • RIAA and MPAA, being comprised of entertainment executives and their lawyers which are known to be the lowest form of life on earth, would instinctively ... attempt to "join" these networks, posing as users looking for Britney's latest, and entrapping systems that serve up the bits? Will they put out bogus trojaned clients on the services? "Dude, download LockTella 1.9, it's l33t!!" only to find that it hoovers up passwords and music lists, and forwards them on to DUDE@RIAA.COM ....

        Hopefully, however, the
        • RIAA agents posing as file sharers and enticing others to load and run trojans that compromise their PCs and privacy in order to look for and obtain incriminating evidence is blatant entrapment and such evidence would/should be inadmissable in a court case.

          I see that you're not a lawyer... nor a citizen concerned enough to learn about his national laws. There used to be widespreah myths about entrapment, but I thought the illegal-drug culture in the US had spread the truth (as a defensive measure).

          Here
    • It is really SAD (Score:3, Insightful)

      by argoff (142580)

      The Cypherpunks never went around suing people (that is, actually costing them money) who weren't using encryption to mask their illegal activities. The RIAA is.

      Am I the only one here who thinks that it is really sad that we are changing for the better not because of how we grow personally, but rather because we half to - to avoid having our freedoms being taken away? It just seems so wrong - I really feel sorry for those who won't be able to keep up.

      • This is evolution of a very basic kind. There are new predators stalking about, so to survive the animals in question need to develop camouflage or some other defense. The ones that do will be able to head to the watering hole without much worry, the ones that don't will either have to find a new watering hole farther away or will get eaten up I'm afraid.
  • The posting is pointing to the cypherpunks website, not to the article. Me no grok.
  • Apple, meet Orange (Score:3, Insightful)

    by Squideye (37826) on Thursday December 18, 2003 @12:00PM (#7754550) Homepage Journal
    Before I read the article, I'll just point out that the Cypherpunks' "eat your peas" approach actually gives the users control over how their anonymity and security takes place. Sure it gives you more responsibility -- you have to buy the locks yourself -- but it also gives you control over how it happens. You basically only have to trust the person who made the lock, but you can have the blueprints so that you know it works.

    RIAA-style privacy is basically a Housing Company telling you that they'll take care of everything, and that you don't need to worry because you're probably safe. Note, of course, that the RIAA companies are the types whose security has been foiled by such stunning feats of ingenuity as writing on a CD with a magic marker, or an algorithm written by a 16-year-old that can be implemented using as much space as fits on the side of a pencil.

    What the RIAA gets people to adopt is the style of "no-brainer" security people are used to when they get their lockers broken into at the gym, as opposed to asking us to take some frickin' responsibility for ourselves as the Cypherpunks would urge.
  • changing laws (Score:5, Insightful)

    by toasted_calamari (670180) <burningsquid@NOsPaM.gmail.com> on Thursday December 18, 2003 @12:00PM (#7754551) Homepage Journal
    from the article:
    to a first approximation, every PC owner under the age of 35 is now a felon.

    This may or may not be an exaggeration, I have no idea, but Shirky makes a good point. When the vast majority of a society is violating a certain law, it is a sign that the law, not the society needs to change.

    At this time, it seems that the RIAA is winning, and we are moving inexorably towards a world where large corporations control what people do with there computers. However, because there is so little popular respect at the moment for copyright law, it follows that eventually those laws will change.

    Over the next 5-10 years, I predict that many laws will be completely rewritten to better accommodate the changes that the internet has brought upon society. Many of these changes will be for the better, and the end result will almost certainly be a more free and open society. Unfortunately, democracies are slow to act, so there will be years more of legal confusions and abuses of power before things finally straighten out.
    • Re:changing laws (Score:5, Insightful)

      by Jafafa Hots (580169) on Thursday December 18, 2003 @12:30PM (#7754878) Homepage Journal
      I wish I could be as optimistic as you... but personally I think we'll have a "War on Piracy" to go with our "War on Drugs" rather than more sensible laws.
    • Re:changing laws (Score:5, Interesting)

      by poot_rootbeer (188613) on Thursday December 18, 2003 @12:55PM (#7755178)
      When the vast majority of a society is violating a certain law, it is a sign that the law, not the society needs to change.

      Most people routinely travel 5-10 miles above the speed limit on the highway -- regardless of what the posted limit is. Should we change the limit from 65 to 75 so most of us aren't breaking the law anymore? Should we consider the studies that show traffic fatalities increase when speed limits are raised?

      It's human nature to choose the course of action that benefits one's self the most, but if that action has a net effect of reducing benefits to others (by not compensating them for their work, or by killing them in a car crash), it is right for the state to restrict your ability to follow that course of action.
      • Re:changing laws (Score:5, Interesting)

        by MisterMook (634297) on Thursday December 18, 2003 @01:29PM (#7755469) Homepage
        That's exactly what happened when they raised the speed limit from 55mph though, stopped the ban on alchohol, started examining segregation, and probably a whole bunch more that my soda blurred brain can't think of right now. If a minority chooses to do a thing then it's a cancer, if the whole organism begins to act a certain way and the minority are the people who don't...Is it selfish for a society to not act hypocritically? If all of society begins to act a certain way and the left hand chooses not to, should society sit idly as the left hand stabs the right because it's not acting the same as before? Now the question comes, is filesharing the issue and if it is such a prominent component of something that hasn't been identified properly as the issue, then what is that issue? A huge segment of society obviously is chosing to act this way, is it selfishness or consensus?
      • Studies have shown that the average speed in excess of the posted limit has dropped from more than 10mph to about 1mph on roads that raised their limits from 55mph to 65mph. Arguments about its impact on highway deaths go both ways, but it's hard to imagine that, since the actual speed driven remains virtually unchanged, more accidents can be attributed to the change.

        Personally I think that, aside from the whole erosion of respect for the law thing that is usually argued, the lower overhead from stopping
    • Re:changing laws (Score:5, Insightful)

      by multimed (189254) <.mrmultimedia. .at. .yahoo.com.> on Thursday December 18, 2003 @12:59PM (#7755221)
      When the vast majority of a society is violating a certain law, it is a sign that the law, not the society needs to change.

      This is certainly an excellent rule of thumb and our legislators should follow popular opinion to laws or at least in theory, they won't be re-elected. Just keep in mind that this is concept should never be taken as an absolute. The Founding Fathers were concerned with what the potential for what they called "tyranny of the majority," South Africa being the typical example.

      Regarding legislation to change copyright laws to make them more reasonable, it's just not going to happen for two major reasons. First, I really don't think there will ever be enough critical mass of informed, upset people. Probably 90% of the population either doesn't care or just assumes that copyright is a natural phenomena rather than an artificial constraint created as a means to an end--creation of works and the betterment of society. And second, the entertainment industries have too much money and are unified on this issue. Compare this to the do-not-call legislation. That is an example of what it takes for a grass roots movement to defeat an industry lobbyist on a big issue. The entertainment industries have tons more money than the DMA and telemarketing phone calls were in people's faces, constantly annoying them into complaining to their legislator. For the vast majority of the people they don't ever see any impact of unbalanced copyright laws on their lives.

    • Re:changing laws (Score:3, Informative)

      by mjh (57755)

      When the vast majority of a society is violating a certain law, it is a sign that the law, not the society needs to change.

      I like the way that John Parry Barlow [eff.org] expresses this idea:

      "Neither the best efforts of Judge Patel - nor those of the Porsche-driving executives of the Recording Industry Association of America, nor the sleek legal defenders of existing copyright law - will alter this simple fact: No law can be successfully imposed on a huge population that does not morally support it and posses

  • by JUSTONEMORELATTE (584508) on Thursday December 18, 2003 @12:02PM (#7754571) Homepage
    The RIAA isn't setting out to do this, it's happening as a result of peoples' fear of a RIAA lawsuit.

    --
  • by Tangurena (576827) on Thursday December 18, 2003 @12:02PM (#7754580)
    Nice article. Unfortunately, apathy will ultimately reign supreme. People want to turn on their computer to get something. They don't want to be car mechanics in order to be able to drive a car. If the p2p software comes preconfigured to use encryption, then it will get used. If it has to be enabled, then it won't happen very often. It does not really matter if I want to use PGP, if no one else I communicate with is willing or able to install and use it.
    • The point of the article is that there are now enough users (even if only a small percentage) that want the encryption. Therefor the developers as including it as the the default. And as you stated users don't change the defaults. Encryption is just there.
    • WASTE! (Score:5, Informative)

      by jacobito (95519) on Thursday December 18, 2003 @12:46PM (#7755081) Homepage
      That's why I'm hoping that private, encrypted p2p systems like WASTE or Foldershare take off! I don't think either of those systems are quite ready for mass acceptance, but they certainly point in the right direction -- private, encrypted file sharing networks that anybody can use.
  • by Noryungi (70322) on Thursday December 18, 2003 @12:04PM (#7754597) Homepage Journal
    Anybody else thinks that, if encrypted file-sharing becomes a reality, the RIAA will simply implode?

    From the article:
    to a first approximation, every PC owner under the age of 35 is now a felon.

    Now remember what the Cypherpunks said a few years ago?

    If crypto is outlawed,
    only outlaws will have encryption


    There you have it: goodbye RIAA. We hardly knew ya. You made us all felons, and by doing so, you opened the floodgate that were going to drown you.
    • there's multiple problems with anonymous, encrypted peer to peer whitout users oversights.

      1. your IP address is still visible (lesser of all)
      2. WHO are you trusting to view your files? who's to say it's not a RIAA-mandated agency ?

      3. WHO are you trusting to download from?

      4. even if you KNOW who you're talking to, if you don't manually verify, on a secure medium, the key used. how do you know there's no middle-man? the dsniff tool widely show this (sshmitm) by assuming users always click "yes" when promp
      • there's multiple problems with anonymous, encrypted peer to peer whitout users oversights.

        Those are not problems of the encryption, nor even of the system which employs it. The problems you mention result from trusting an untrustable contact.

        It's not an IP address you're trying to conceal, (having an IP is not illegal) it's the activity occuring at that IP address which you're concerned with. Similarly, if you get your content only from and offer your content only to trustable people, then you don't ha

    • Anybody else thinks that, if encrypted file-sharing becomes a reality, the RIAA will simply implode?

      Not before they attempt to lobby Congress to pass laws banning encryption use by the masses.

  • by dnoyeb (547705) on Thursday December 18, 2003 @12:04PM (#7754599) Homepage Journal
    I do not like hiden encryption. I like to know everything is working and not get to confortable. Don't want to be cought ignoring that lock icon on your browser these days.
  • A bit rambling... (Score:5, Interesting)

    by fruey (563914) on Thursday December 18, 2003 @12:05PM (#7754606) Homepage Journal
    What the article is basically saying is that because people are now losing their anonymity in a more obvious way, because they're getting sued... then they are more likely to turn to crypto.

    However it's a rather tenuous link to say that the RIAA succeeded where Cypherpunks failed. Advocates are one thing, but really the rise of P2P applications and the growing Internet user base are what have caused P2P to become a real PITA for the RIAA. Therefore they make high profile legal cases to grab media attention. However, they could not realistically target piracy any more than the police raids on weekend markets in London will stop home-burned DVDs from being sold on a stall.

    So, some people will use encryption just like Del Boy and Rodney (UK reference to Only Fools and Horses) used a suitcase for their wares and ran whenever the Police came close by. But massive public adoption of cryptography will only be because it will be built in for a reason (rather than optional) and because processors are fast enough to encrypt/decrypt on the fly with long keys... and still, it's a prediction. It's not mainstream yet - and the main thing this guy is forgetting is that the RIAA will bait and trap users with or without encryption on the wires.

    • First, encryption is already "built in" to Windows via the Crypto API. However, I don't know who is using it (apart from Microsoft) for anything, simply because trusting Microsoft with security has not proven to be the winning horse at too many races.

      I understand your point that encryption won't be widespread until it's "built-in", and that's been the bane of widespread adoption of crypto. But the whole point of this article is that if the most popular filesharing services adopt encryption, users will i

  • by redelm (54142) on Thursday December 18, 2003 @12:07PM (#7754630) Homepage
    This is yet another manifestation of how adversarial relations backfire. As Nietzsche said "What doesn't kill you makes you stronger". Unless you can force a total a total paradigm shift (Bush invading Iraq), lesser measures will be counterproductive (Iraq sanctions). Do not start a fight you cannot win.

    The RIAA has blunders at least twice. First it shutdown Napster 'way late (because it wasn't easy), now it is harassing KaZaa users with even less success. The next incarnation will be even tougher. They ought to be putting their energies into a paradigm shift like iPod. Or maybe even running their business competantly, with decent A&R budgets and better terms for musicians and customers since their distribution monopoly has faded.

    • by e-gold (36755) <jray AT martincam DOT com> on Thursday December 18, 2003 @12:40PM (#7754999) Homepage Journal
      Well said, but the RIAA is (IMO) way too fat in middle management to ever be able to give musicians the better terms we all instinctively know that they deserve. The answer (and yes, I'm both biased and financially self-interested -- but no, I don't speak for e-gold or anyone else but Jim Ray) is for musicians to "take-back the guitar-case" (the money is where the REAL control lies) and set up their own internet tipjars. It's been possible and easy for a few years, and finally they're going to learn to think in new ways about how to get paid by a planet-wide audience. They have had the technology for a while (since 1996 in some form or other).

      Imagine a 'one-hit wonder' like Normal Greenbaum's "Spirit in the Sky," garnering 7 million or so direct tips for a quarter worth of gold (most tips would probably be more, if you actually liked the song enough to bother tipping the artist, and Norman's old "Spirit in the Sky" tune kinda rocks IMNSHO). I'm talking about more than a million dollars -- AFTER taxes. I have no idea what Norman's made from the song, but I doubt he did that well...
      JMR

      Speaking ONLY for Jim Ray.
  • snake oil (Score:5, Insightful)

    by SuperBanana (662181) on Thursday December 18, 2003 @12:11PM (#7754677)
    but it isn't too early to see that the shift is both profound and irreversible

    Not really. There's been several explosions of various file/disk encryption products. Your handheld device isn't a Somebody(Something?) until it's got at least a dozen "encrypted" personal information storage widgets for it.

    The problem is that encryption is 90% snake oil. Usually it's written by someone who thinks they know encrpytion- and encryption isn't, to coin the phrase, like a hand grenade; close doesn't count. Zimmerman is famous for his saying that "anyone who claims to have unbreakable encryption doesn't"(apologies for paraphrasing).

    Encryption also does little when physical security can't be controlled; Dallas Semi had the right idea with their iButtons, which brought reasonably secure key storage to the masses(if opened, for example, it erased itself) but it's gone pretty much nowhere; you just don't see them in widespread use(unlike, say, a proximity card or magswipe). I suspect even USB keys now vastly outnumber iButton devices.

    All the encryption in the world won't do you any good if you can't store the keys securely...and these days, all it takes is a janitor with a CDROM with linux that 'phones home' and sends back choice tidbits...or an ipod.....or a USB hard drive..or a USB memory key...or a blank CDR, since so many machines come with CD burners now...

    • Re:snake oil (Score:5, Informative)

      by Proaxiom (544639) on Thursday December 18, 2003 @12:30PM (#7754874)
      The problem is that encryption is 90% snake oil.

      Where does that claim come from? I'm pretty sure it's not true because more than 10% of encryption is PGP (not counting government crypto, anyway), and PGP isn't snake oil.

      It's pretty easy to find snake oil, just read the Doghouse section of Bruce Schneier's monthly Crypto-Gram [counterpane.com]. But there are also a lot of good companies out there providing a lot of crypto solutions (although admittedly most of them actually license the technology from a small handful of good companies, like RSA and Certicom).

      Encryption also does little when physical security can't be controlled

      But the issue at hand, with regard to the RIAA and anonymity, is about network security. The RIAA finds it much easier to subpoena your ISP than to sneak into your house and steal your USB keys.

      Good and ubiquitous crypto certainly isn't the end-all-and-be-all of security, as you point out, but it would indeed make for 'profound and irreversible' changes in the Internet, in the vulnerability landscape, and in the threat models of pretty much everyone on it.

    • Re:snake oil (Score:2, Insightful)

      by mitheral (10588)
      None of that stuff is going to help the RIAA or your ISP who is just sniffing the wire. Yes the alphabet soup guys will be able to get a warrant and break your system but think about the cost involved. Until copyright infringement becomes a asset forfiture crime there is no incentive for the goverment.
  • Right... (Score:2, Insightful)

    by Anonymous Coward
    ...and Hitler actually unified many diverse nations inadvertently by forcing them to work together.

    I guess it makes sense, but I'm not going to be putting the RIAA into my prayers at night because of it.
  • No no NO no!!!!! (Score:5, Insightful)

    by TerryAtWork (598364) <research@aceretail.com> on Thursday December 18, 2003 @12:21PM (#7754777)
    This is not the problem!!!!

    The problem is not people intercepting your mp3s - the problem is sharing an mp3 with a guy working for the RIAA or in my case the CRIA and they get your IP and then they go to your ISP in an attempt to get you booted off the net, exactly as happened to me.

    For instance - on Sourceforge there is a sooperencypted IRC project for safe sharing.

    Useless.

    All the RIAA spies have to do is go on the net, get that software, join the queue for mp3s then rat you out exactly as specified above.

    What we NEED is a way to share files in such a manner as the receiver has no idea what your IP is.

    This is not going to be easy. (And please don't mention Freenet ok?)

    • by poot_rootbeer (188613) on Thursday December 18, 2003 @01:00PM (#7755230)
      What we NEED is a way to share files in such a manner as the receiver has no idea what your IP is.

      Unless it's email, in which case the sender ought to be fully and accurately identified.

      Am I the only one who sees a problem with reaching simultaneously for More Anonymity AND More Accountability?

    • Why not? (Score:4, Insightful)

      by Kjella (173770) on Thursday December 18, 2003 @01:08PM (#7755299) Homepage
      What we NEED is a way to share files in such a manner as the receiver has no idea what your IP is.

      This is not going to be easy. (And please don't mention Freenet ok?)


      Because it's got kiddie porn? Well, sorry, but you can't pick and choose anonymity. If there are logs the police can use to tell who shared that, the RIAA can subpoena the same logs to that show you shared mp3s. You can't have your cake and eat it too.

      Another thing is that Freenet is dead slow, in a CPU and memory-hungry Java-implementation, and in general not that great. But it's likely to improve...

      The only other alternative I see that is pseudoanonymous is having a set of trusted friends, routing not only requests but also the data over it. That way, no part of the chain knows more than where it's coming from and where it's going
      .... <-> John <-> Bob <-> Bill <-> ...
      Bob simply routed a connection between John and Bill. John doesn't know about Bill, Bill doesn't know about John. Bob doesn't know if the chain starts with John or ends with Bill or anything. Of course, this would also be a lot slower than direct P2P as is the norm today.

      Kjella
    • You mean like Win NY [google.com], as mentioned by slashdot here [slashdot.org].

      Now if only it was in english.
  • by Weaselmancer (533834) on Thursday December 18, 2003 @12:28PM (#7754852)

    I read the article and can find nothing there suggesting how I can trade anything for unbreakable anonymity, or even how unbreakable anonymity could even be implemented.

    Encrypt the packets? Fine. You can still trace their origin.

    Let's say that you do RSA key pairs, and build them into some sort of P2P. When two people connect, they swap public keys and encrypt the stream.

    There is nothing that says that the person who is leeching a file from you isn't Hillary Rosen. Traceroute, and you're still nailed.

    The only way to be truly anonymous in a P2P application would be to have the application auto proxy a neighbor. Here's how that would work.

    User WantMusic jumps on the new P2P net and broadcasts a desire to download "myfavoritesong.mp3", and their RSA public key along with the request. Some other user, MusicBank, has the song. Rather than having the client pull the data directly from MusicBank, have MusicBank push the data to the client. Each outbound packet from MusicBank would at random select someone else on the net and say "Take this packet of data and pass it along to user WantMusic at this IP address."

    If the someone else happened to be Hillary Rosen, all she would get is a packet of unreadable data - she doesn't have the private key. She could know who it was from, and where it was going but have no idea what it was. Might be music, might be the Linux kernel.

    If Hillary jumps on the net and tries to download myfavoritesong.mp3, all she could do is traceroute a bunch of packets to 2nd party proxies. By the definition of the protocol, they don't have the file. They're innocent. She still doesn't know MusicBank has the file.

    The disadvantage to this protocol is that it'd be slow. Each packet would have to hit a proxy. Instead of server->client, it'd be server->proxy->client. You could expect downloads to be at least 1/3 slower.

    If I had the time, I'd write this sucker.

    Weaselmancer

    • To improve the speed you could have the server which contains the file send a some number of packets directly, and the rest via proxy. If you get packets hitting your system, you can't tell if they went direct or went via a proxy. Then you could have say 1/4 send direct at full speed, and 3/4 via a proxy.
      • Not a bad idea, but a statistical attack would bust that protocol.

        Traceroute all the packets, and if you find that 25% come from one source, then they have the file. And you're busted.

        Weaselmancer

    • The RIAA (or chinese government) can put a lot of nodes on the network to spy on the requests, proxies. RIAA just has to have computer to keep sending out requests for only illegal data. Eventually nodes will forward through the RIAA's proxy to the RIAA's requester.

      As long as an arbitrary (untrusted) node can see who the source and destination is, it won't work.
    • by gnu-generation-one (717590) on Thursday December 18, 2003 @02:18PM (#7755934) Homepage
      "Encrypt the packets? Fine. You can still trace their origin."

      Sign the packets. Broadcast them, and anyone who receives them broadcasts them to anyone else who's interested. You don't need to hide the fact you're sending packets if there's no way of knowing whether you originated them or not. You're just a part of the network, routing traffic for anyone who's interested. You're no more liable for filtering it than the Tier-1 routers are.

      You sent that packet? No I didn't I forwarded it. From whom? Don't know, it's automatic.

      Konspire2B

    • Isn't that (Score:4, Informative)

      by Mark_MF-WN (678030) on Thursday December 18, 2003 @04:18PM (#7757091)
      Isn't that exactly how Freenet works?
  • I fear the the gov't may very well outlaw encryption for the masses outright. I mean, what with terrorists and all, it wouldn't be terribly difficult for them to shove that down our throats.
  • Sealed lips (Score:5, Interesting)

    by daminotaur (732705) on Thursday December 18, 2003 @12:35PM (#7754943)
    Shirky: "In any system where a user's identity is in the hands of a third party, that third party cannot be trusted." The classic Mafia version of this is: "Two people can keep a secret as long as one of them is dead." Most people don't think that way, and even if they did they are unlikely to trust any technological system that promises absolute anonymity. The cypherpunks' fantasies are no more ready for prime time now than ever. Main problem is that anonymous communication is a chimeral fantasy, and any scheme to even experiment with their implementation is complex and onerous to all but people who like to read Schneier for fun, and play secret agent. Above all, cypherpunks chase anonymity like it's a virtue, when most of the worst aspects of the net are caused by anonymity and unaccountability.
  • I think the fastest way to get encryption turned on by default is to have these major email providers (like Yahoo and Hotmail) to turn on encryption by default. If they did so, then there will be enough momentum for the other providers to do so too, and anyone using encryption would not stand out as a potential trouble-maker ....

    The reason why it is importatnt to have a critical mass of communications in encryption is becuase otherwise the people encrypting sorely stand out. If I decide (which I would love to) start encrypting today, many people would wonder what sort of shady business I have gotten into. Not to mention Ashcroft would be after me, with a claim that I am some Lone-Wolf terrorist ...

    My point is that there should be there has to be enough people encrypting for it to become feasible. If I am one of the people encrypting while others are not then I am the proverbial needle in a haystack. Any magnet can easily pull me out by my jugular ... If I am one of the many other people encrypting then I am just another hay in the hystack ... much harder then to grab me by my b**** ....

    • The proverbial case "the chicken or the egg"
      If you don't start encrypting today, you don't contribute to reach the critical mass. If everybody thinks like that, widespread use of encryption is gonna take a long time to come.

      If I decide (which I would love to) start encrypting today, many people would wonder what sort of shady business I have gotten into

      If Hotmail or Yahoo starts making encryption easy to use, many people would wonder what sort of business they are encouraging/supporting.
      Oh, and Microsof

  • by Anonymous Coward
    Suppose all file sharing apps had encryption- if an individual can get on the network, then so can the individuals and robots working for the RIAA.

    To defeat the RIAA all that is needed is a challenge that requires a HUMAN response. Right now they use robots- but they can't compete if they have to examine an image and type what it is (takes a real person).

    A better approach than that, but harder and less efficient is something like Freenet-

    but it really needs to use ed2k type links and incorporate a searc
  • He's Right! (Score:4, Insightful)

    by teamhasnoi (554944) <.teamhasnoi. .at. .yahoo.com.> on Thursday December 18, 2003 @12:56PM (#7755182) Homepage Journal
    I'm going to encrypt everything! Oh wait. How is Mom going to read my emails?

    Saying that using encryption is good doesn't change the fact that regular people see no use for encrypting everything.

    People will send their CC numbers through regular email! How can we get people to use encryption? Transparency, transparency, transparency.

    If I send, "agoij(*UOLHa^&&%alhkAHI3%&%&jdha8tFHD98ht4Fls 8" to Mom she'll delete it. If I send it, and she reads, "Buy me an iPod for Christmas", she'll still delete it, but at least she got the message with no labor on her side.

    Until encryption is enabled by default, and is transparent to the user, clueless users will rule the way you communicate. Sadly, this puts much of the onus on Microsoft, which won't do anything until there is a huge! public backlash - then come out with a easily broken implementation of it. :(

    Encryption use isn't about privacy, it's about necessity. When the great unwashed (wait, that's Linux users ;) - when the masses are FORCED to use it, that's when it will get used.

    Apple could do what MS can't - have an 'Encrypt for OS X users' checkbox on their mail app. Then with some 'return receipt' automagically encrypt messages to other OS X users. (I'm not a programmer, can you tell?).

    To sum up, users want to be safe, secure, and anonymous, but they don't want to do anything to make it happen. 'Eat what you get, and use what you have" is the pervasive attitude.

  • Since we all know that only terrorists use encryption, maybe the RIAA is a front for a terrorist organization whose true goal from the very beginning was to encourage more widespread use of encryption. If everyone's using encryption, Law Enforcement won't be able to use the old trick of monitoring people using encryption because they obviously have something to hide! Ha! I'm on to you, you terrorist bastards!

    (Checks to-do list for today, hmm, semi-plausably accuse a *AA organization of being terrorists...

  • Is there a product that allows you encrypt a file...any file...so all the receiver needs is a key, like a password, to recover the original file? One that doesn't require the user to have a specific client utility?

    My first thought was adding a password to a zip file, but that would require WinZip or similar file utility. Adding a password to the directory is easy enough but then your web host would have access to the originals. And, yes, I'm thinking about files I could leave on a web server as opposed

    • PGP's freeware version comes with a "Create Self Decrypting Archive" option that does exactly what you want. It wants you to use big passwords, but I think its okay with you using smaller ones as well.

      --Michael
      • > PGP's freeware version comes with a "Create Self Decrypting Archive"

        Win32 only I believe though. At least, last I tried it didn't ask me what target platform the executable should be compiled to :-)

  • by iabervon (1971) on Thursday December 18, 2003 @01:09PM (#7755303) Homepage Journal
    The RIAA isn't responsible for making encryption commonly deployed; sending credit card numbers to websites is. The pattern is essentially the same, however. The cryptographers work on stuff, the security people say you really need to use encryption, but people generally don't actually do anything about it until something of value to them is stolen, at which point encryption becomes widely used and transparent. A few years go by, and everybody forgets that what they're using is encryption.

    Now people talk about how they expect encryption to get outlawed. I think Amazon's $19B market cap which depends directly on encryption and eBay's $38B which essentially requires it (not to mention all of the companies which do some of their business online) will prevent this. Then there are VPNs, telecommuting, overseas content outsourcing, and so forth. Encryption is, at this point, something the US economy depends significantly on, and it's not going to get outlawed any time soon.
    • But that kind of encryption only protects you aginst eavesdroppers along the line, and is not a system for anonymous communication. Ebay has a record of everything I bought, bid on, paid for, etc. As they should. All bulletproof anonymous systems are not and cannot be made transparent--they require one's grandmother to maintain key rings, certificates, illusory webs-of-trust and all kinds of wonkish things that are ridiculous to deal with if one is doing nothing wrong. And that, of course, is the bottom li
  • by I-R-Baboon (140733) on Thursday December 18, 2003 @01:27PM (#7755454)

    "Those who cannot remember the past are condemned to repeat it." -George Santanya

    This strikes me very much familiar along with the "war" on drugs. A previous post touched on this lightly as well. Be it encryption, invite only LAN MP3 share parties, USENET, or any of the other countless work arounds out there...By brandishing their lawyers [slashdot.org] they are in fact creating an underground which society has demonstrated they want to exist, and it will. Instead of trying to make use of this phenomenon, they want to bully people and focus their creative energies on how they can sue. Sounds eerily familiar to the ban of alcohol which founded organized crime in the US and gave a beautiful model for drug running today. In an effort to slay a beast, a new monster was created and the beast was welcomed with open arms in the long run and taxed accordingly to make it profitable and put into a mostly controlled environment. Of course it's not possible to put music into a controlled environment, but iTunes was able to make downloading music a business. Guess they should have focussed on hedging that new market instead of helping to create an underground they will never be able to control or profit from. (Go to concerts if you want the artists to get your money, and boycott RIAA backed media)

  • Encryption is now considered a weapon by the State Department.

    I wonder how long it will be before the State Department and the content cartel go head to head over the issue: the content cartel arguing that they need unbreakable encryption to protect their content, and the State Department arguing that they need to limit encryption strength to catch "terrorists". The results will be interesting.

  • by PureFiction (10256) on Thursday December 18, 2003 @01:40PM (#7755561)
    are a 802.11b card, a 1W amplifier, and a nice 16dBi vagi antenna:
    http://peertech.org/coder/vagi-amp-laptop.jpg [peertech.org]
  • errrr (Score:4, Insightful)

    by Archfeld (6757) * <treboreel@live.com> on Thursday December 18, 2003 @02:37PM (#7756120) Journal
    without reading I see one issue, sure encryption IN the background is proceeding, especially that which you have no control over, and while it serves the surface function it leaves the user FURTHER under the control of a 'gatekeeper'.
    The time for user implemented crypto came and went, PGP had potential to put the public good ahead of corporate and government interests.
  • by shihonage (731699) on Thursday December 18, 2003 @03:48PM (#7756787)
    ...because P2P is about exchange, and people need to know whom to send information to. What you CAN do however, is to make it very difficult to prove that the data in question ORIGINATED FROM YOUR IP. This can be done by massively modifying a standard P2P network, so that each client randomly serves as a relay for sending data or parts of data to another client. It's like tossing a ball around between friends and not letting RIAA catch it. I need piece #32 of Terminator4.avi, and so I send a request. Client #398 responds, saying that it can provide piece #32, while actually it receives it from client #UNKNOWN (ip you're not aware of) and sends it to you. The fact is that client #398 is most likely not a part of downloading of Terminator4.avi at all, and you will not find it on it's hard drive. It just participates in a scheme of global file distribution, serving as a temporary proxy, a shield for the client that actually does have it. There's no way you can accuse client #398 of transferring warez, because it only transferred a small chunk of encrypted data. Even if decrypted, its matching to a certain pattern inside Terminator4.avi can be a pure coincidence. Or it can even be a sum of several blocks inside the file, in which case it will not match any "whole" piece of the file at all. At this point, of course, an RIAA member can set up a computer, join this network, and try to catch the cases where HIS client is used as the relay, in which case his client becomes aware of a certain person's IP address, and that person sends the file chunk to the RIAA computer so that it can transfer it to the recipient. This can be made difficult, by requiring each new member of the network to have sufficient amount of "illegal" files (and not just the same file many times over!) actually shared with others for free, before it becomes fully a part of the network. This would require RIAA computer to have actual "illegal" files on it, and quite a few of them. If they fill it with fakes, they will either be unpopular and never become a part of the network, or, if some people actually acquire the entire file, they'll get a sufficient amount of "blacklisting" from the network to never be allowed to join it. So, RIAA will be forced to use warez in order to find warez sharers. Still, the problem of them acquiring IP's that way remains. Perhaps it can be solved by allowing recursive relays, where a chunk, instead of being proxied by one client, can travel through an indetermined amount of clients, say, up to 10, before it actually reaches its destination. However certain measures will have to be taken to prevent an "empty loop", where clients keep requesting the file from one another, and neither has it...
  • by gilgongo (57446) on Thursday December 18, 2003 @06:09PM (#7758185) Homepage Journal
    I'm a big fan of Clay, and I'm on his NEC mailing list (I read his article when it came in today), but I think this piece has some unusually (for him) shaky arguments in it.

    What I'd like to see is his site as a blog that we could then discuss his essays on. He wouldn't have to take any notice of what we said, but seeing as he's big into online communities and communication networks, you think he might be into the idea.

    I know, I'll mail him. Where's his public key?

  • by Kris_J (10111) * on Thursday December 18, 2003 @06:21PM (#7758270) Journal
    I had to read the /. write-up about three times to workout what it was going on about. Couldn't have just said "RIAA ativities over the last year or so may have finally brought encryption and privacy concerns to the attention of the masses. Interesting article here"? I think that's what it's trying to say.

If money can't buy happiness, I guess you'll just have to rent it.

Working...