Clay Shirky: RIAA Succeeds Where Cypherpunks Fail 342
scubacuda writes "Clay Shirky has an interesting take on encryption: 'The RIAA is succeeding where the Cypherpunks failed, convincing users to trade a broad but penetrable privacy for unbreakable anonymity under their personal control. In contrast to the Cypherpunks "eat your peas" approach, touting encryption as a first-order service users should work to embrace, encryption is now becoming a background feature of collaborative workspaces. Because encryption is becoming something that must run in the background, there is now an incentive to make its adoption as easy and transparent to the user as possible. It's too early to say how widely casual encryption use will spread, but it isn't too early to see that the shift is both profound and irreversible.'"
Seems obvious. (Score:5, Insightful)
Real world practicality will always be a much better motivator than abstract idealism.
Cypherpunk is a stupid name (Score:1, Insightful)
Encryption is good, as long as the people using it are good. When people use encryption to hurt other people, it becomes a serious liability.
Apple, meet Orange (Score:3, Insightful)
RIAA-style privacy is basically a Housing Company telling you that they'll take care of everything, and that you don't need to worry because you're probably safe. Note, of course, that the RIAA companies are the types whose security has been foiled by such stunning feats of ingenuity as writing on a CD with a magic marker, or an algorithm written by a 16-year-old that can be implemented using as much space as fits on the side of a pencil.
What the RIAA gets people to adopt is the style of "no-brainer" security people are used to when they get their lockers broken into at the gym, as opposed to asking us to take some frickin' responsibility for ourselves as the Cypherpunks would urge.
changing laws (Score:5, Insightful)
to a first approximation, every PC owner under the age of 35 is now a felon.
This may or may not be an exaggeration, I have no idea, but Shirky makes a good point. When the vast majority of a society is violating a certain law, it is a sign that the law, not the society needs to change.
At this time, it seems that the RIAA is winning, and we are moving inexorably towards a world where large corporations control what people do with there computers. However, because there is so little popular respect at the moment for copyright law, it follows that eventually those laws will change.
Over the next 5-10 years, I predict that many laws will be completely rewritten to better accommodate the changes that the internet has brought upon society. Many of these changes will be for the better, and the end result will almost certainly be a more free and open society. Unfortunately, democracies are slow to act, so there will be years more of legal confusions and abuses of power before things finally straighten out.
Re:Cypherpunk is a stupid name (Score:5, Insightful)
Well, DUH, it's a tool, nothing more.
You can say the same about cars, knives, guns and just about anything else.
I prefer visible encryption (Score:5, Insightful)
Sad, but the truth. (Score:4, Insightful)
Adversaries help in spite of themselves (Score:5, Insightful)
The RIAA has blunders at least twice. First it shutdown Napster 'way late (because it wasn't easy), now it is harassing KaZaa users with even less success. The next incarnation will be even tougher. They ought to be putting their energies into a paradigm shift like iPod. Or maybe even running their business competantly, with decent A&R budgets and better terms for musicians and customers since their distribution monopoly has faded.
Re:Cypherpunk is a stupid name (Score:5, Insightful)
Encryption, like all technology, is amoral.
Good and evil come from people. This is ultimatly where most legislation fails at stopping evil. You legislate away the technology that evil uses in the hopes of stopping it. However, evil rarely follows laws. So the laws are draconian to compensate for evil not following thems. The end result is that good does not benifit from said technology while evil thumbs thier nose at good.
Encryption will be used for evil, regardless. If you do not outlaw it then the playing field will be level.
But... (Score:5, Insightful)
snake oil (Score:5, Insightful)
Not really. There's been several explosions of various file/disk encryption products. Your handheld device isn't a Somebody(Something?) until it's got at least a dozen "encrypted" personal information storage widgets for it.
The problem is that encryption is 90% snake oil. Usually it's written by someone who thinks they know encrpytion- and encryption isn't, to coin the phrase, like a hand grenade; close doesn't count. Zimmerman is famous for his saying that "anyone who claims to have unbreakable encryption doesn't"(apologies for paraphrasing).
Encryption also does little when physical security can't be controlled; Dallas Semi had the right idea with their iButtons, which brought reasonably secure key storage to the masses(if opened, for example, it erased itself) but it's gone pretty much nowhere; you just don't see them in widespread use(unlike, say, a proximity card or magswipe). I suspect even USB keys now vastly outnumber iButton devices.
All the encryption in the world won't do you any good if you can't store the keys securely...and these days, all it takes is a janitor with a CDROM with linux that 'phones home' and sends back choice tidbits...or an ipod.....or a USB hard drive..or a USB memory key...or a blank CDR, since so many machines come with CD burners now...
Right... (Score:2, Insightful)
I guess it makes sense, but I'm not going to be putting the RIAA into my prayers at night because of it.
No no NO no!!!!! (Score:5, Insightful)
The problem is not people intercepting your mp3s - the problem is sharing an mp3 with a guy working for the RIAA or in my case the CRIA and they get your IP and then they go to your ISP in an attempt to get you booted off the net, exactly as happened to me.
For instance - on Sourceforge there is a sooperencypted IRC project for safe sharing.
Useless.
All the RIAA spies have to do is go on the net, get that software, join the queue for mp3s then rat you out exactly as specified above.
What we NEED is a way to share files in such a manner as the receiver has no idea what your IP is.
This is not going to be easy. (And please don't mention Freenet ok?)
Gotta love the irony (Score:1, Insightful)
I wish the major news media could be made aware of this irony... but the money says otherwise.
Re:But... (Score:5, Insightful)
A running joke with a colleague of mine is that if this "engineering thing" doesn't work out, we'll become professional nay-sayers. Predict doom, gloom, and failure, and when something we predict happens (statistically speaking, we have a 50/50 shot)we can say "I told ya so!"
Comment removed (Score:5, Insightful)
Re:Cypherpunk is a stupid name (Score:3, Insightful)
Technologies like weaponised anthrax?
Well, yes. Anthrax in the hands of the "good guys" will be used to do research on how to prevent fatalities in the event that one of the "bad guys" tries to use it.
Get it?
Re:snake oil (Score:2, Insightful)
Encryption is good, but not the complete answer. (Score:2, Insightful)
To defeat the RIAA all that is needed is a challenge that requires a HUMAN response. Right now they use robots- but they can't compete if they have to examine an image and type what it is (takes a real person).
A better approach than that, but harder and less efficient is something like Freenet-
but it really needs to use ed2k type links and incorporate a search for keys. And of course be written in C, so I don't have to install a bloated Java environment.
Perhaps Freenet might die if the RIAA decides to inject massive amounts of crap and download it (making their chunks popular and erasing existing files on the network.
So, freenet + human required = good, almost unbreakable.
Re:Seems obvious. (Score:5, Insightful)
Re:Cypherpunk is a stupid name (Score:5, Insightful)
A weapon can be considered technology, and it is still amoral.
A Weapon and/or technology, can only be put to use by people for thier own purpose, good or evil.
"Outlaw guns and only outlaws will have guns", etc... Look how well outlawing guns in Washington, DC has worked.
Weaponised anthrax could be put to good use, such as using it to find an antidote to protect people from it.
Re:Yahoo and Hot Mail should turn on by default (Score:2, Insightful)
If you don't start encrypting today, you don't contribute to reach the critical mass. If everybody thinks like that, widespread use of encryption is gonna take a long time to come.
If Hotmail or Yahoo starts making encryption easy to use, many people would wonder what sort of business they are encouraging/supporting.
Oh, and Microsoft would probably "enhance" their encryption with other "features", making compatibility with other services impossible anyway.
He's Right! (Score:4, Insightful)
Saying that using encryption is good doesn't change the fact that regular people see no use for encrypting everything.
People will send their CC numbers through regular email! How can we get people to use encryption? Transparency, transparency, transparency.
If I send, "agoij(*UOLHa^&&%alhkAHI3%&%&jdha8tFHD98ht4Fls 8" to Mom she'll delete it. If I send it, and she reads, "Buy me an iPod for Christmas", she'll still delete it, but at least she got the message with no labor on her side.
Until encryption is enabled by default, and is transparent to the user, clueless users will rule the way you communicate. Sadly, this puts much of the onus on Microsoft, which won't do anything until there is a huge! public backlash - then come out with a easily broken implementation of it. :(
Encryption use isn't about privacy, it's about necessity. When the great unwashed (wait, that's Linux users ;) - when the masses are FORCED to use it, that's when it will get used.
Apple could do what MS can't - have an 'Encrypt for OS X users' checkbox on their mail app. Then with some 'return receipt' automagically encrypt messages to other OS X users. (I'm not a programmer, can you tell?).
To sum up, users want to be safe, secure, and anonymous, but they don't want to do anything to make it happen. 'Eat what you get, and use what you have" is the pervasive attitude.
Re:changing laws (Score:5, Insightful)
This is certainly an excellent rule of thumb and our legislators should follow popular opinion to laws or at least in theory, they won't be re-elected. Just keep in mind that this is concept should never be taken as an absolute. The Founding Fathers were concerned with what the potential for what they called "tyranny of the majority," South Africa being the typical example.
Regarding legislation to change copyright laws to make them more reasonable, it's just not going to happen for two major reasons. First, I really don't think there will ever be enough critical mass of informed, upset people. Probably 90% of the population either doesn't care or just assumes that copyright is a natural phenomena rather than an artificial constraint created as a means to an end--creation of works and the betterment of society. And second, the entertainment industries have too much money and are unified on this issue. Compare this to the do-not-call legislation. That is an example of what it takes for a grass roots movement to defeat an industry lobbyist on a big issue. The entertainment industries have tons more money than the DMA and telemarketing phone calls were in people's faces, constantly annoying them into complaining to their legislator. For the vast majority of the people they don't ever see any impact of unbalanced copyright laws on their lives.
Re:No no NO no!!!!! (Score:4, Insightful)
Unless it's email, in which case the sender ought to be fully and accurately identified.
Am I the only one who sees a problem with reaching simultaneously for More Anonymity AND More Accountability?
Re:Cypherpunk is a stupid name (Score:3, Insightful)
It is really SAD (Score:3, Insightful)
The Cypherpunks never went around suing people (that is, actually costing them money) who weren't using encryption to mask their illegal activities. The RIAA is.
Am I the only one here who thinks that it is really sad that we are changing for the better not because of how we grow personally, but rather because we half to - to avoid having our freedoms being taken away? It just seems so wrong - I really feel sorry for those who won't be able to keep up.
Why not? (Score:4, Insightful)
This is not going to be easy. (And please don't mention Freenet ok?)
Because it's got kiddie porn? Well, sorry, but you can't pick and choose anonymity. If there are logs the police can use to tell who shared that, the RIAA can subpoena the same logs to that show you shared mp3s. You can't have your cake and eat it too.
Another thing is that Freenet is dead slow, in a CPU and memory-hungry Java-implementation, and in general not that great. But it's likely to improve...
The only other alternative I see that is pseudoanonymous is having a set of trusted friends, routing not only requests but also the data over it. That way, no part of the chain knows more than where it's coming from and where it's going Bob simply routed a connection between John and Bill. John doesn't know about Bill, Bill doesn't know about John. Bob doesn't know if the chain starts with John or ends with Bill or anything. Of course, this would also be a lot slower than direct P2P as is the norm today.
Kjella
E-commerce did it already (Score:5, Insightful)
Now people talk about how they expect encryption to get outlawed. I think Amazon's $19B market cap which depends directly on encryption and eBay's $38B which essentially requires it (not to mention all of the companies which do some of their business online) will prevent this. Then there are VPNs, telecommuting, overseas content outsourcing, and so forth. Encryption is, at this point, something the US economy depends significantly on, and it's not going to get outlawed any time soon.
Re:Speaking of encrypting files (Score:3, Insightful)
--Michael
Re:Digging their own graves... (Score:3, Insightful)
Not before they attempt to lobby Congress to pass laws banning encryption use by the masses.
Re:E-commerce did it already (Score:3, Insightful)
Re:Cypherpunk is a stupid name (Score:5, Insightful)
Well, you do (for one), or at least you would if you thought things through.
Almost no one whom you'd consider to be "Evil" considers themselves to be evil. And they would likely tag some people as "Evil" even if you would disagree with their assessment. And almost no one would agree with you on what is good and what is evil completely. To do that, they'd have to be you.
Which means that if the world were to function by your own self-centered definition of good and evil, you'd be all alone.
Nature itself doesn't have a concept of good or evil. Which means regardless of wether we'd each want a level playing field, it's ultimately a level playing field on which we must play.
Now "society" is just one of the teams on this playing field; a big team, I'd admit, and one you're likely so familiar with as to believe that no others exist, but it's just a team nonetheless. As you point out, your society has created your society's laws and has it's own interest in seeing that people on any other team are placed at a disadvantage. After all, it has to protect those "rights" which your society holds so dearly.
Is it possible that members of some other society might have their own values, profess their own beliefs, and institute their own laws to protect the rights they hold so dear? Some of these might conflict with the values, beliefs, and laws of your society; does that make them "Evil"?
Only a troll would believe so.
Yet even at this point, we're making a judgment call saying that one kind of "society" can be more "good" than another in a way that a "non-society" could never approach. That's a widely held belief, but there's still a lot of time left on the clock. Maybe Douglas Adams was right and some day we'll decide that even the trees were a bad idea, and we should have all stayed in the oceans..."
If you continue to insist that the playing field be tipped selfishly in your favor, then you must admit that, over time, more and more people will become aligned against you in their own self interest. Each time you exclude someone by calling them (or their team/society) "Evil" you build a greater force which sees you the same way. And the stronger you hold your beliefs, the more motivate they are to hold theirs.
I could not possibly have said it better myself.
errrr (Score:4, Insightful)
The time for user implemented crypto came and went, PGP had potential to put the public good ahead of corporate and government interests.
Re:Unbreakable anonymity? (Score:2, Insightful)
Simply not having the file on your hard drive doesn't mean that you haven't broken a part of the copyright law.
This isn't to say that I think the law is reasonable, but to say that you haven't skirted the law with your suggested protocol.
Re:No no NO no!!!!! (Score:3, Insightful)
It is also inevitable that at one point, someone untrusted will join the network. Then he can gatter information to build a case against sharers in the web of trusts. You probably have no way of knowing who is the stool and you'll have to scrap your web of trysts and rebuild it from scratch.
So web of trusts will never work. You'll hve better luck with stuff like freenet that can garantee anonymity.
There is a meme for this (Score:5, Insightful)
putting the genie back in the bottle.
it's expression alone indicates the likelyhood of success.
Re:Cypherpunk is a stupid name (Score:2, Insightful)
You are completly correct if good and evil are relative terms that represent no real values.
However, the very fact that you are trying to convince me that your point is more 'good' than mine tells me you don't agree with that fact. Your use of terms with values attached such as troll and selfish defeat your own argument.
Please understand that I do not mean that believing in good and evil gives one the right to crush what is considered evil by any means available. Nor may we or must we make value statements about every event and cultural norm or mores -- that is just bigotry. One cannot take the missuse of the belief of good and evil, however as an argument agianst thier existance as a real things.
With that said I do not want a level playing field: I do not want cops to be on a level playing field with criminals (I want criminals locked up and cops paid well) and I do not want to be on a level playing with theives (I will lock my doors).
My point is simply this: if we are convinced that something is right (good as opposed to evil) the only way that we will fight for our beliefs is to be better at using the tools good and evil have in common. One will never succeed by whining and complaining -- don't get mad, just get better educated.
Is it still a sig if it just says:Blah, Blah, Blah
Re:It seems to me... (Score:2, Insightful)
Preferably the wind should carry it towards a suburban area so that it lands in someone's garden, then whoever finds it isn't seen acting suspiciously.
Worst write-up ever? (Score:5, Insightful)
Its a conspiracy (Score:1, Insightful)
Check out http://www.negativland.com/albini.html to give you an idea of who is actually benefiting from RIAA.
All I know is that since RIAA issued a subpoena to a 12 year old girl for having 2 illeagal MP3s, I will never again pay for music, EVER!!
It's not about your mom (Score:2, Insightful)
You are right in your assumption that most people don't care about encryption for day to day email and whatnot. But that is not the issue. The issue is for spreading information that might get you in trouble. If I wrote an email to my mom to get an iPod i would not care if someone intercepted it and saw it. Encryption would never find a use in this instance.
Now say I want to send my friend some email giving him insider information that we will both (illegally) make money off of. That email I WOULD want encrypted. The best argument against such encryption (that I have seen modded high in this thread) is to say that the best use for hidden information is for actions that are immoral in nature. To that I argue that the internet is formed (or not formed really) from the social codes of the world. Its immoral to you but not someone across the world in a different culture. The Chinese Government would laugh at the RIAA if it asked it to stop music downloads.
And therein lies the issue. Main stream encryption won't come from Microsoft just like mainsteam P2P didn't. Because its more likely (in a big company like MS's eyes) to be used to steal the new office software that secure a home office. Main stream encryption will spread the same way napster was. Just as geeks then told nongeeks "Hey try this napster thing, you install it and it will let you get free music," encryption will be spread by an added sentence to the geek-nongeek conversation. "Hey try this kazaa (or what ever is the next big P2P app) thing, you install it and it will let you get free music. Also install (insert encryption program here)so that you can get away with it."
Encryption prevents the powers that be from bring down the hammer for not following order. That has nothing to do with something you mom probably wants to be involved with. Yet for some reason I like it cause I hate the man (even though I do like his stuff).