PC World reports that Australia is considering a plan to scan for pirated music at border crossings, just one of many treats in a broader international treaty propping up the war on pirates, or citizens, or somebody.
Ignoring whether that plan makes any sense at all, how would it be done? One way they could do this would be to switch to a "proof of payment" system, and use sampling for fast scans. Basically, pick a random 10% of songs on the device, check their waveform fingerprints against some copyright database, and then verify that there is a digital signature embedded in the MP3's ID3 tag proving that the name of the customer who bought the song matches the name on the passport.
However, I don't really see this actually happening in any wide scale. To make it workable too many things would need to happen, one of which is the music labels actually adopting digital purchases for real and then forcing all legit distributors to include information in each file. It's not technically impossible, and would have been quite easy had they decided to do it in '98 when all the online merchants were begging for instructions and permission to make legit services.
Furthermore, the obvious response to this is to just put all pirated music in a hidden encrypted volume. I'd expect somebody would come out with an application for "unlocked" iPhones that lets you enter a password to unlock the hidden volume, designed in such a way that without the right password it's impossible to know the hidden volume even exists.
The upshot is -- once again -- technical advantage goes to the pirates, as they can retool far faster than the TSA. It would take years and years of complex negotiation on the part of a hundred corporations and government agencies, and it would all be rendered completely irrelevant by a simple, free iPhone application released by a nameless Russian programmer.
So once again, to anybody who's listening, give it up. Copyright enforcement is and will be forever hopeless in this modern age. Find another way to flourish.
PS: Just because it's fun to see your predictions validated, let me share an email I sent to a private mailing list a couple months back that seems strangely prescient. (Though admittedly, only somewhat prescient because it's not that hard a leap to make.)
-------- Original Message --------
Subject: Re: An Essay Concerning MPAA Understanding of 'Making Available' in the P2P Context
Date: Thu, 26 Jun 2008 12:42:23 -0700
From: David Barrett <firstname.lastname@example.org>
I'll take a stab at my own question and say "yes", but the shift will go from pursuing distributors to pursuing downloaders. And I think they'll next try some sort of "proof of payment" scheme, such as used by public transportation:
In San Francisco, there are MUNI trains that you can board anywhere and get off anywhere; there's no physical requirement to buy a ticket. However, you're legally obligated to have one, and if you fail a spot inspection by an officer of the law, you'll pay serious fine.
I wonder if that's the model they will attempt next if "making available" fails. Basically, all stores will move to individually-tagged songs and movies where proof of purchase is encoded in the content itself. (This is impractical in the old world of physical media distribution, but becomes more feasible as we move to on-demand downloads).
One way to do this would be with watermarks: so long nobody has incentive to remove them, they'll stick around fine. But then again, you could probably do it with just ID3 tags and digital signatures (a message "Bob has bought track <SHA1>" signed by Time Warner's public key would suffice). Technically it's an easy problem to solve.
The problem will come in the audit: both how to audit the devices in question, and when to do it.
As for how, the challenge (as always) is to distinguish between content in the public domain and content you need permission from the copyright owner to have. One possibility would be to build an opt-in waveform fingerprint of all copyrighted works that elect to participate in this proof of payment scheme. This won't truly catch everything (and won't catch anything released before the scheme launched), but even if it catches only the new releases with some regularity, that starts to make an effective tool for general compliance enforcement.
So, auditors could conceivably have a device that has USB and iPod connectors that plug into basically anything, scan all content for waveform matches, confirms the file has a proof of payment certificate, and alerts if not.
Ok, so all this could technically be built by a sufficiently incented (or incensed?) party. This brings us to the next question: when would the audit occur?
This is where it'd probably fail on constitutional grounds. A scan under most circumstances would be "unreasonable search and seizure". But one place that is notoriously exempt: border control. They can basically take anything and do anything for as long as it takes.
Granted, this cedes the vast majority of domestic piracy. But their goal isn't to eliminate the potential for piracy; their goal is to make it such a pain that people still choose to buy. If they first make it impossible to travel internationally without first cleansing all devices of pirated works, this will start to bite. And after that, they'll find other excuses to audit devices: airport security for domestic flights?
PCI and SOX compliance audits? Build auditing straight into the iPhone itself?
The big question in my mind is whether everybody just gives up on copyright before then and "just says no" to proof of payment and spot copyright checks.
By and large, society as a whole has already given up on copyright, as evidenced by overwhelming adoption of piracy. It's possible that if pressed to make a decision that we'll simply refuse to pass any law that allows for reasonable enforcement. Then businesses that depend on enforcement will die and get replaced with those that don't, and gradually the courts will limit the scope of copyright to where it can be realistically enforced.
Anyway, so I see a copyright-free (or copyright-very-limited) future as a legitimate possibility. And society might just refuse to allow the proof-of-payment scheme to go into force.
So, let me conclude with my prediction: if "making available" fails (and if they truly accept this -- not necessarily a sure bet), then major copyright holders will marshal their forces and attempt to create a "proof of payment" system with enforcement starting at border crossings and gradually increasing from there. This will trigger a showdown with society at large as it really begins to weigh how much it cares about copyrights, and the people who hold them. And I think it's very possible that society decides the cost of copyright enforcement outweighs its benefit and essentially curtail copyright in all areas where it stopped making sense, long ago.
Poor Pandora, and we loved you so. (And by "we" I mean "they", as I wasn't a user.) Regardless, I wonder if there's an inevitable cycle at play:
1) Business tries to do it legit
2) Business goes bankrupt due to impossible pricing
3) Pirate does it the easy way
4) Pirate gets sued to oblivion
5) Pirate does it the hard way.
6) ... it's free for the rest of eternity
If so, when it comes to web radio, it seems we're passing stage 2. Next up should be a round of central pirate stations -- essentially large-scale shoutcast installations -- which briefly flourish followed by being wiped out. The third wave should come in a couple years -- maybe some sort of centralized preference engine tied to decentralized streaming straight from trackerless torrents? Sounds like a fun project!
- david barrett
Fantastic article in the New Yorker (via Slashdot) discussing the "Tragedy of the Anti-Commons" -- summarized as "The commons leads to overuse and destruction; the anticommons leads to underuse and waste."
The term has apparently has been around for a while, but that I hadn't heard it before.
Regardless, I'm particularly interested in the theory at the end for why the anti-commons goes underused, to everybody's detriment. Basically, everybody over-estimates the value of their individual component, meaning the entire joint venture becomes more expensive to execute than it's actually worth. Fascinating stuff.
- david barrett
Saw this article on the ease of framing arbitrary computers/users as pirates and I immediately thought: they should identify the IPs of bunch of congressmen, RIAA members, judges, and reporters and flood them with fake DMCA takedown notices. (Or, rather, real notices for fake downloads.) What better way to get the attention of your representative than with a frivolous lawsuit?
- david barrett