Quinthar

Border Control: Ripe for Copyright Enforcement

PC World reports that Australia is considering a plan to scan for pirated music at border crossings, just one of many treats in a broader international treaty propping up the war on pirates, or citizens, or somebody.

Ignoring whether that plan makes any sense at all, how would it be done?  One way they could do this would be to switch to a "proof of payment" system, and use sampling for fast scans.  Basically, pick a random 10% of songs on the device, check their waveform fingerprints against some copyright database, and then verify that there is a digital signature embedded in the MP3's ID3 tag proving that the name of the customer who bought the song matches the name on the passport.

However, I don't really see this actually happening in any wide scale.  To make it workable too many things would need to happen, one of which is the music labels actually adopting digital purchases for real and then forcing all legit distributors to include information in each file.  It's not technically impossible, and would have been quite easy had they decided to do it in '98 when all the online merchants were begging for instructions and permission to make legit services.

Furthermore, the obvious response to this is to just put all pirated music in a hidden encrypted volume.  I'd expect somebody would come out with an application for "unlocked" iPhones that lets you enter a password to unlock the hidden volume, designed in such a way that without the right password it's impossible to know the hidden volume even exists.

The upshot is -- once again -- technical advantage goes to the pirates, as they can retool far faster than the TSA.  It would take years and years of complex negotiation on the part of a hundred corporations and government agencies, and it would all be rendered completely irrelevant by a simple, free iPhone application released by a nameless Russian programmer.

So once again, to anybody who's listening, give it up.  Copyright enforcement is and will be forever hopeless in this modern age.  Find another way to flourish.

-david barrett

PS: Just because it's fun to see your predictions validated, let me share an email I sent to a private mailing list a couple months back that seems strangely prescient.  (Though admittedly, only somewhat prescient because it's not that hard a leap to make.)

-------- Original Message --------
Subject: Re: An Essay Concerning MPAA Understanding of 'Making Available' in the P2P Context
Date: Thu, 26 Jun 2008 12:42:23 -0700
From: David Barrett <dbarrett@quinthar.com>

I'll take a stab at my own question and say "yes", but the shift will go from pursuing distributors to pursuing downloaders.  And I think they'll next try some sort of "proof of payment" scheme, such as used by public transportation:

In San Francisco, there are MUNI trains that you can board anywhere and get off anywhere; there's no physical requirement to buy a ticket. However, you're legally obligated to have one, and if you fail a spot inspection by an officer of the law, you'll pay serious fine.

I wonder if that's the model they will attempt next if "making available" fails.  Basically, all stores will move to individually-tagged songs and movies where proof of purchase is encoded in the content itself.   (This is impractical in the old world of physical media distribution, but becomes more feasible as we move to on-demand downloads).

One way to do this would be with watermarks: so long nobody has incentive to remove them, they'll stick around fine.  But then again, you could probably do it with just ID3 tags and digital signatures (a message "Bob has bought track <SHA1>" signed by Time Warner's public key would suffice).  Technically it's an easy problem to solve.

The problem will come in the audit: both how to audit the devices in question, and when to do it.

As for how, the challenge (as always) is to distinguish between content in the public domain and content you need permission from the copyright owner to have.  One possibility would be to build an opt-in waveform fingerprint of all copyrighted works that elect to participate in this proof of payment scheme.  This won't truly catch everything (and won't catch anything released before the scheme launched), but even if it catches only the new releases with some regularity, that starts to make an effective tool for general compliance enforcement.

So, auditors could conceivably have a device that has USB and iPod connectors that plug into basically anything, scan all content for waveform matches, confirms the file has a proof of payment certificate, and alerts if not.

Ok, so all this could technically be built by a sufficiently incented (or incensed?) party.  This brings us to the next question: when would the audit occur?

This is where it'd probably fail on constitutional grounds.  A scan under most circumstances would be "unreasonable search and seizure". But one place that is notoriously exempt: border control.  They can basically take anything and do anything for as long as it takes.

Granted, this cedes the vast majority of domestic piracy.  But their goal isn't to eliminate the potential for piracy; their goal is to make it such a pain that people still choose to buy.  If they first make it impossible to travel internationally without first cleansing all devices of pirated works, this will start to bite.  And after that, they'll find other excuses to audit devices: airport security for domestic flights?
PCI and SOX compliance audits?  Build auditing straight into the iPhone itself?

The big question in my mind is whether everybody just gives up on copyright before then and "just says no" to proof of payment and spot copyright checks.

By and large, society as a whole has already given up on copyright, as evidenced by overwhelming adoption of piracy.  It's possible that if pressed to make a decision that we'll simply refuse to pass any law that allows for reasonable enforcement.  Then businesses that depend on enforcement will die and get replaced with those that don't, and gradually the courts will limit the scope of copyright to where it can be realistically enforced.

Anyway, so I see a copyright-free (or copyright-very-limited) future as a legitimate possibility.  And society might just refuse to allow the proof-of-payment scheme to go into force.


So, let me conclude with my prediction: if "making available" fails (and if they truly accept this -- not necessarily a sure bet), then major copyright holders will marshal their forces and attempt to create a "proof of payment" system with enforcement starting at border crossings and gradually increasing from there.  This will trigger a showdown with society at large as it really begins to weigh how much it cares about copyrights, and the people who hold them.  And I think it's very possible that society decides the cost of copyright enforcement outweighs its benefit and essentially curtail copyright in all areas where it stopped making sense, long ago.

-david

1 comment:

quinthar said...

I got the following questions privately, here are the answers:

- A song lacking a watermark isn't necessarily illegal

I'm suggesting waveform fingerprints, not watermarks. So regardless of whether you got the song from a pirate network, recorded off the radio, ripped from a CD, etc -- it'd all have the same waveform (ie, the same actual core song). The technology isn't perfect here, but might be "good enough" for this purpose.


Furthermore, any song whose waveform doesn't match the database of known copyrights would be given a free pass. As someone else suggested, this database would probably only include fingerprints for the top 1M songs or something -- enough to catch pirates, but not enough to do a comprehensive audit of all music.


- What if someone gives me the song as a gift?


As for the case of somebody else buying you an MP3, I agree, there would be lots of details to work out -- details that in all probability are too cumbersome to ever put this system into practice. But for that particular detail, I imagine the system would sign the certificate with the name of whoever is being given the copyright license, not the name of who bought it.


- What if somebody sends me a promo disk?

As for the case of being given music, being flagged by this wouldn't mean you're immediately thrown in prison. Rather, it's one of many metrics border control would use to determine if you should be pulled aside for closer examination. If only 0.1% of your music comes up with matching waveforms but no licenses, then they'd ignore you -- at worst you're a small time pirate and not worth their time. But if it's like 99%, they'd take a closer look. If it turns out you can legitimately say "I work in the music industry, I get sent free promo disks all the time, etc, etc" then you're free to go.


Anyway, yes, it's a terrible plan that will never actually happen for a thousand reasons. But the big labels seem addicted to those sorts of plans, so that's why I tossed out my prediction that they'd give it a go. (Assuming they survive that long, that is.)

- Jan 2014 (1) - Mar 2012 (1) - Nov 2011 (1) - Oct 2011 (1) - Apr 2011 (1) - Mar 2011 (3) - Feb 2011 (2) - Jan 2011 (9) - Nov 2010 (1) - May 2010 (1) - Mar 2010 (1) - Feb 2010 (1) - Jan 2010 (1) - Dec 2009 (1) - Nov 2009 (1) - Oct 2009 (1) - Sep 2009 (1) - Aug 2009 (2) - Jul 2009 (1) - Jun 2009 (4) - May 2009 (3) - Apr 2009 (3) - Mar 2009 (10) - Feb 2009 (5) - Jan 2009 (3) - Dec 2008 (5) - Nov 2008 (5) - Oct 2008 (5) - Sep 2008 (4) - Aug 2008 (5) - Jul 2008 (11) - Jun 2008 (8) - Feb 2008 (1) - Aug 2007 (1) -