Clay Shirky: RIAA Succeeds Where Cypherpunks Fail

scubacuda writes "Clay Shirky has an interesting take on encryption: 'The RIAA is succeeding where the Cypherpunks failed, convincing users to trade a broad but penetrable privacy for unbreakable anonymity under their personal control. In contrast to the Cypherpunks "eat your peas" approach, touting encryption as a first-order service users should work to embrace, encryption is now becoming a background feature of collaborative workspaces. Because encryption is becoming something that must run in the background, there is now an incentive to make its adoption as easy and transparent to the user as possible. It's too early to say how widely casual encryption use will spread, but it isn't too early to see that the shift is both profound and irreversible.'"

Here's a link to the article...

[tcopeland]

...for some reason it's not listed (at least, I couldn't find it) on the front page of shirky.com yet:

http://www.shirky.com/writings/riaa_encryption.htm l [shirky.com].

Re:can someone explain

[securitas]

what eating peas has to do with encyprtion? I'm totally lost.

Shirky means that using encryption is good for you and that's the approach that proponents (Cypherpunks) have used, even though using encryption has historically been difficult and an unpleasant experience for the average user. Hence the "eat your peas" reference, similar to parents who try to get children to eat vegetables which they find distasteful (an unpleasant dining experience).

How about "Fear of RIAA"

[JUSTONEMORELATTE]

The RIAA isn't setting out to do this, it's happening as a result of peoples' fear of a RIAA lawsuit.

--

You didn't read the article

[Sloppy]

The reference to RIAA is not about their use of encryption in the form of DRM. It's about how conflict with the RIAA has resulted in many mainstream non-nerd people using privacy-enhancing tools (and more broadly: gaining a pro-privacy mentality).

Re:Digging their own graves...

[Feyr]

there's multiple problems with anonymous, encrypted peer to peer whitout users oversights.

1. your IP address is still visible (lesser of all)
2. WHO are you trusting to view your files? who's to say it's not a RIAA-mandated agency ?

3. WHO are you trusting to download from?

4. even if you KNOW who you're talking to, if you don't manually verify, on a secure medium, the key used. how do you know there's no middle-man? the dsniff tool widely show this (sshmitm) by assuming users always click "yes" when prompted about unknown or changed hosts keys, that's sysadmins we're talking about, imagine joe-nowhere now?

Re:Cypherpunk is a stupid name

[Anonymous Coward]

Yep - dihydrogen monoxide is much nicer than dihydrogen dioxide.

Re:Interesting, but apathy will prevail

[mitheral]

The point of the article is that there are now enough users (even if only a small percentage) that want the encryption. Therefor the developers as including it as the the default. And as you stated users don't change the defaults. Encryption is just there.

Re:snake oil

[Proaxiom]

The problem is that encryption is 90% snake oil.

Where does that claim come from? I'm pretty sure it's not true because more than 10% of encryption is PGP (not counting government crypto, anyway), and PGP isn't snake oil.

It's pretty easy to find snake oil, just read the Doghouse section of Bruce Schneier's monthly Crypto-Gram [counterpane.com]. But there are also a lot of good companies out there providing a lot of crypto solutions (although admittedly most of them actually license the technology from a small handful of good companies, like RSA and Certicom).

Encryption also does little when physical security can't be controlled

But the issue at hand, with regard to the RIAA and anonymity, is about network security. The RIAA finds it much easier to subpoena your ISP than to sneak into your house and steal your USB keys.

Good and ubiquitous crypto certainly isn't the end-all-and-be-all of security, as you point out, but it would indeed make for 'profound and irreversible' changes in the Internet, in the vulnerability landscape, and in the threat models of pretty much everyone on it.

Musicians! "Take back the guitar case!"

[e-gold]

Well said, but the RIAA is (IMO) way too fat in middle management to ever be able to give musicians the better terms we all instinctively know that they deserve. The answer (and yes, I'm both biased and financially self-interested -- but no, I don't speak for e-gold or anyone else but Jim Ray) is for musicians to "take-back the guitar-case" (the money is where the REAL control lies) and set up their own internet tipjars. It's been possible and easy for a few years, and finally they're going to learn to think in new ways about how to get paid by a planet-wide audience. They have had the technology for a while (since 1996 in some form or other).

Imagine a 'one-hit wonder' like Normal Greenbaum's "Spirit in the Sky," garnering 7 million or so direct tips for a quarter worth of gold (most tips would probably be more, if you actually liked the song enough to bother tipping the artist, and Norman's old "Spirit in the Sky" tune kinda rocks IMNSHO). I'm talking about more than a million dollars -- AFTER taxes. I have no idea what Norman's made from the song, but I doubt he did that well...
JMR

Speaking ONLY for Jim Ray.

WASTE!

[jacobito]

That's why I'm hoping that private, encrypted p2p systems like WASTE or Foldershare take off! I don't think either of those systems are quite ready for mass acceptance, but they certainly point in the right direction -- private, encrypted file sharing networks that anybody can use.

Re:Seems obvious.

[Kallahar]

The reason that the RIAA is coming down so hard on file sharing is that there are so many people doing it. Years ago before napster came about, there were just as many songs available online. However, they were harder to get. Your average person wouldn't know where to go or how to get them. If RIAA is able to get the piracy back down to that level then they'll back off.

It only takes one person to break the encryption and put a song up on the net, but if he's likely to get sued/arrested then he'll think twice, and only those "in the know" will know where to go to get the songs.

Re:Speaking of encrypting files

[gilgongo]

> PGP's freeware version comes with a "Create Self Decrypting Archive"

Win32 only I believe though. At least, last I tried it didn't ask me what target platform the executable should be compiled to :-)

Re:Unbreakable anonymity?

[Stray7Xi]

The RIAA (or chinese government) can put a lot of nodes on the network to spy on the requests, proxies. RIAA just has to have computer to keep sending out requests for only illegal data. Eventually nodes will forward through the RIAA's proxy to the RIAA's requester.

As long as an arbitrary (untrusted) node can see who the source and destination is, it won't work.

Re:Unbreakable anonymity?

[gnu-generation-one]

"Encrypt the packets? Fine. You can still trace their origin."

Sign the packets. Broadcast them, and anyone who receives them broadcasts them to anyone else who's interested. You don't need to hide the fact you're sending packets if there's no way of knowing whether you originated them or not. You're just a part of the network, routing traffic for anyone who's interested. You're no more liable for filtering it than the Tier-1 routers are.

You sent that packet? No I didn't I forwarded it. From whom? Don't know, it's automatic.

Konspire2B

Re:changing laws

[zeasier]

Over the next 5-10 years, I predict that many laws will be completely rewritten to better accommodate the changes that the internet has brought upon society. Many of these changes will be for the better, and the end result will almost certainly be a more free and open society.

Alternative lisencing scemes [creativecommons.org] have already been created, which are the copyright equivalent to the GPL. These alternative copyright systems will compete with full copyright instead of replaceing it. As more and more artists put their work into liberal lisencing scemes it will become harder for others to do business the old fashoned way. The fact that these alternative lisences exsist ensure the future of full copyright, because now producers and consumers have a choice. For this reason there will always be some content locked out of the public domain. Old fashoned copyright law will not change, but it's perseption and proliferation of use will.

Take the Microsoft anti-trust case for example. It's no coinsedence that the issue puttered out at the same time Linux was gaining in popularity. It seems that legal alternatives, (the GPL) and public action beat the government to the punch. For the most part, copyright will follow the same path.

Re:changing laws

[mjh]

When the vast majority of a society is violating a certain law, it is a sign that the law, not the society needs to change.

I like the way that John Parry Barlow [eff.org] expresses this idea:

"Neither the best efforts of Judge Patel - nor those of the Porsche-driving executives of the Recording Industry Association of America, nor the sleek legal defenders of existing copyright law - will alter this simple fact: No law can be successfully imposed on a huge population that does not morally support it and possesses easy means for its invisible evasion."

- Quoted from this wired article. [wired.com]

Re:Shirky, Clay Shirky - who the hell is he?

[popo]

He's another guy who goes "Big Picture" and "Philosophical" because the nuts and bolts of technology, programming, and in this case encryption are (and always will be) beyond him.

He's a lightweight.

If you're still confused: See "Esther Dyson"

You can't hide the IP's in a P2P network

[shihonage]

...because P2P is about exchange, and people need to know whom to send information to. What you CAN do however, is to make it very difficult to prove that the data in question ORIGINATED FROM YOUR IP. This can be done by massively modifying a standard P2P network, so that each client randomly serves as a relay for sending data or parts of data to another client. It's like tossing a ball around between friends and not letting RIAA catch it. I need piece #32 of Terminator4.avi, and so I send a request. Client #398 responds, saying that it can provide piece #32, while actually it receives it from client #UNKNOWN (ip you're not aware of) and sends it to you. The fact is that client #398 is most likely not a part of downloading of Terminator4.avi at all, and you will not find it on it's hard drive. It just participates in a scheme of global file distribution, serving as a temporary proxy, a shield for the client that actually does have it. There's no way you can accuse client #398 of transferring warez, because it only transferred a small chunk of encrypted data. Even if decrypted, its matching to a certain pattern inside Terminator4.avi can be a pure coincidence. Or it can even be a sum of several blocks inside the file, in which case it will not match any "whole" piece of the file at all. At this point, of course, an RIAA member can set up a computer, join this network, and try to catch the cases where HIS client is used as the relay, in which case his client becomes aware of a certain person's IP address, and that person sends the file chunk to the RIAA computer so that it can transfer it to the recipient. This can be made difficult, by requiring each new member of the network to have sufficient amount of "illegal" files (and not just the same file many times over!) actually shared with others for free, before it becomes fully a part of the network. This would require RIAA computer to have actual "illegal" files on it, and quite a few of them. If they fill it with fakes, they will either be unpopular and never become a part of the network, or, if some people actually acquire the entire file, they'll get a sufficient amount of "blacklisting" from the network to never be allowed to join it. So, RIAA will be forced to use warez in order to find warez sharers. Still, the problem of them acquiring IP's that way remains. Perhaps it can be solved by allowing recursive relays, where a chunk, instead of being proxied by one client, can travel through an indetermined amount of clients, say, up to 10, before it actually reaches its destination. However certain measures will have to be taken to prevent an "empty loop", where clients keep requesting the file from one another, and neither has it...

Isn't that

[Mark_MF-WN]

Isn't that exactly how Freenet works?

Re:obvious yes... but legal?

[Minna Kirai]

RIAA agents posing as file sharers and enticing others to load and run trojans that compromise their PCs and privacy in order to look for and obtain incriminating evidence is blatant entrapment and such evidence would/should be inadmissable in a court case.

I see that you're not a lawyer... nor a citizen concerned enough to learn about his national laws. There used to be widespreah myths about entrapment, but I thought the illegal-drug culture in the US had spread the truth (as a defensive measure).

Here's a few little facts about entrapment:

1. It can only be committed by an agent of the government. (The RIAA is not the government)
2. Even if it's a cop or other gov. agent trying to trap you, there still is no "entrapment" defense if he can show evidence suggesting (not proving) that you had a pre-existing inclination to perform the offense.
   Not entrapment: "Here's $20, give me some cocaine".
   Entrapment: "Here's $20000, kill that guy"

It also looks like illegal search and seizure--and an unconstitutional invasion of privacy and misuse of private property.

The Constitution only restricts the actions of governments, not private groups like the RIAA. (And it doesn't guarantee privacy either.)