The Internet backlash

We are witnessing a backlash against the progressive potential of the Internet

With a mixture of technological fixes and legal pressures, large institutions are trying extend copyright protection in order to regain control over the flows of information. However, these efforts to maintain an outdated copyright regime are technically inefficient and socially dysfunctional. In the long run, they are part of a loosing battle.

For a long time, the Internet could reasonably be seen as a progressive technology. It was a force in democratizing communication by giving an ever increasing number of people the means to access and distribute information very efficiently, both locally and globally. It also facilitated the creation of new types of flat, bottom-up organizations and large informal associations that did not require institutional hierarchies to coordinate their internal communication. This inspired great hopes for the strengthening of democracy, the emergence of a global civil society and the free exchange of information as the basis for a more equitable creation of knowledge.

Initially, the large corporations and international institutions, accustomed to having the global stage to themselves, were blind to the emergence of a new social space. Notoriously, McDonald's was not interested in registering mcdonalds.com in 1994. Even as the mega-institutions began to become aware of the new competition challenging their rule, they were confused and seemed unable to react. The Internet was fast-paced and flexible, while the powers-that-were seemed like dinosaurs, too big, too slow and too inflexible to survive in the rapidly changing environment. The Multilateral Agreement on Investment (MAI) was the first international treaty to be challenged by a globally coordinated alliance of local opposition. It imploded in 1998. Around the same time, the belief that those players who are adapted to the Internet would sweep away traditional organizations took over the business world and was translated - in part naively, in part cynically - into the dot-com boom which crashed in March 2000 and hasn't recovered since.

As the dust begins to clear from the early years of optimistic hyperbole, a very different picture is emerging. Through mergers and alliances, the big dinosaurs are becoming even bigger. However, they are also becoming more flexible, not the least through the integration of the new modes of communication. In addition, they have launched an all-out offensive to change the technological basis of the Internet and oppress new social practices that challenge their dominance.

The advent of the Internet has often been likened to the spread of the printing press and its democratization of knowledge. To stay within this metaphor, one could say that we are now suffering through a counterreformation. Comparable to the indices of banned books created by the Catholic church in an attempt to maintain its monopoly, we see now the banning of technologies and the persecution of their creators because they threaten the status quo of traditionally dominant institutions. At the heart of the battle between the progressive and regressive forces on the Internet is the issue of intellectual property.

Making the Internet safe for business

Initially, the Internet seemed to bring a great flowering of intellectual activity and a free sharing of knowledge. This reflected the importance of academics and hobbyists in the early development of the technology. They believed that information wants to be. The Internet seemed able to withstand all kinds of attacks, including censorship, an outgrow of its military roots which designed the network to survive a nuclear assault. In retrospect it's easy to see that these otherwise very different groups share one thing: they have little need for the protection of intellectual property. They are not in the business of selling nor do they build their activities around trademarks and brands. Now that conventional media companies are consolidating their dominance over the Internet, they are doing their best to change this legacy and the technology that was inspired by it.

The common theme across many attempts to redefine the technological basis of the Internet is the desire of copyright holders to extend their control over what a user can do with their content. The underlying argument is that content is not really sold, but licensed with restricted usage conditions to the consumer of, say, a music CD. Traditionally, these restrictions covered only the commercial use, while protecting most non-commercial use by individual people as "fair use". Increasingly, the "fair use" exceptions are being removed by technologies that are designed to prevent any use beyond what is explicitly licensed.

The first step in this control vision is to prevent individual users from inserting copyrighted content into the open circulation. Major record companies have begun to issue music CDs encoded to prevent the transfer of the audio files into the mp3 format popular for file sharing. The fact that the quality of the original CD is compromised through the new secure encoding format seems of minor concern to the labels. (Kopierschutz um jeden Preis?)

Keeping content off the Internet, however, is a limited approach. The longer-term strategy is to implement a technology to control the online circulation of content. One approach, trusted systems , has been advocated by Mark Stefik at Xerox PARC. His idea is to create encrypted "repositories" on the user's hard disk into which copyrighted content is downloaded. The essence of the idea is that a copyrighted work can only be used when it is connected to a repository. This repository, based on the digital licenses the user has to purchase, controls what can be done with the digital works, e.g. whether it can be copied or not, or if there are fees involved in the copying process. The digital content could be programmed in a way that it communicates back to the central repository of the issuer. Thus so-called super distribution, the distribution through file sharing and other user-driven mechanisms, can be turned into an additional sales channel.

Such a system, euphemistically called "trusted", would act like a comprehensive control system in which the central authority's trust is vested only in its own surveillance capability based on the physical, communicational and behavioral integrity of the repository. An Orwellian vision, indeed.

At the moment, such comprehensive schemes are still far-fetched. Most of the currently available technologies are less ambitious. A technology developed by a US company, Relatable , tracks audio files by inserting an acoustic fingerprint into the file. The unique fingerprint for each audio file is based on an analysis of the acoustic properties of the content itself. Each acoustic fingerprint can identify a track precisely, regardless of whether any associated text identifiers are present or accurate. Primitive evasion techniques such as changing the file name no longer work. To protect content on a website a technology called Vyoufirst has been developed. It basically does away with the open source characteristics of html by inserting proprietary tags into the file, thus giving publishers control over what the user can do with the website beyond reading it. Publishers of electronic books can reach unprecedented control over readers by using a technology called Vitalviewer , which encodes books in a way that they can be read for a limited time only, after which the license has to be renewed

These examples are a small part of what amounts to a comprehensive attempt to make the Internet safe for business, to extend the control of copyright owners far beyond what is possible offline, and do away with much of the liberties made possible by the current state of the Internet. The goal is to once again centralize control over the flows of information into the hands of large institutions.

Criminalizing the culture of the Internet

The big content industries know that it is ultimately impossible to create watertight technological solutions. Every encryption scheme can be broken, particularly since the need for ease-of-use prevents the implementation of military-strength solutions. The ability to modify and copy data is too central to all aspects of computing to be seriously restricted on a hardware level, even though a consortium of hardware manufactures lead by IBM was exposed last December to be working on a scheme known as Content Protection for Recordable Media (CPRM) to be included in the up-coming standard for computer hard disks.

Aware of impossibility to create a technically sound prevention of copyright infringement, the content industries are pushing for ever more restrictive regulation to outlaw attempts to circumvent, or even to make transparent, their ultimately unstable technologies. A major victory was reached with the 1998 enactment of the Digital Millennium Copyright Act (DMCA), an American law which provides the template for similar legislation in other countries such as Australia and Canada. It updates and extends not only what the law considers unauthorized access to copyrighted information, but also criminalizes technologies that can be used for copyright infringement (independent of whether they have been developed for this purpose), it outlaws standard practices such as the reverse engineering (deconstruction for the purpose of examination) of protection technology and the distribution of information concerning any such attempt.

As the first DMCA cases wind their way through the courts, the wide- ranging negative implications of this law become visible. For example, the attempt to protect unsound technologies through the law seriously restricts the freedom to do research, publish and innovate, as well as the freedom of speech more generally. Using the provisions against reverse engineering, the Hacker Magazine 2600 was dragged into court and pressured to remove all links to a piece of code called DeCSS which allowed users to circumvent the Contents Scramble System (CSS) on DVDs. The DeCSS is necessary to watch movies on a Linux machine or play disks a user bought in Japan on European computers [9]. Last April, a group of academics around Edward Felten, Princeton University, was scheduled to make a presentation on the Secure Digital Music Initiative (SDMI) ) challenge. The SDMI, an association of major music labels, issued the public challenge to break the digital watermarks with which to protect music files. When the team of academics announced to present the vulnerabilities found in the code, the SDMI, using the same DMCA provisions, pressured the universities to have their researchers drop the presentation. Again using the same provisions, Dmitry Sklyarov a Russian programmer, was arrested in the US for giving a presentation on the weaknesses of Abode's eBook technology.

As these cases accumulate, three things become increasingly clear. First, the great majority, if not all, technological solutions for the protection of copyright available are unsound. While they might prevent unauthorized use by technically unskilled users, none of them is capable of giving to the copyright holders the complete control over content they never had before but now demand. Second, once the protections have been removed, or the knowledge of how to remove them has been made available, alternative distribution models are so efficient that even non-commercial practices - a user giving access to the collection of MP3 files on her home PC - are, at least potentially, serious competition to commercial distribution. Finally, the less protection can be achieved through technological means, the more reliance is necessary on repressive means to put the genie back into the bottle. However, trying to enforce copyright through an growing array legal provisions quickly conflicts with a wide range of civil liberties that are regarded as crucial for the functioning of democracy.

In one sentence, the maintenance of technologically obsolete copyright regimes requires a police state.

Fighting the backlash

Despite this increasingly bleak picture, there are reasons to be optimistic. The first counterreformation was unsuccessful in preventing new knowledge from spreading and so will this one be unable to maintain the status quo through repression. As the late Wau Holland (Hacken als Form der Gesellschaftskritik) remarked, computers are basically machines for manipulating and copying data. Linked through the Internet, computers form a giant copying machine. Technically, the fight to control the copying and distribution of widely available data is a battle against this core functionality of computers in general. This is a loosing proposition. Information concerning computer security is readily available to anyone sufficiently literate and dedicated. Chances of any protection technology surviving in an environment in which people have lots to gain from breaking it are getting smaller by the day.

The strategy to boost weak code by repressive laws is socially dysfunctional. The negative side-effects are growing and becoming tangible for the majority, while the gains remain elusive, even for the minority of copyright holders that is supposed to profit from the new laws. There is an increasing awareness that to criminalize whole categories of socially useful behaviour - creating new and potentially disruptive technologies, reverse engineering, public discussion about the state-of-the-art in encryption - is too costly to be acceptable, both from a civil rights as well as from a research and development point of view. As Lawrence Lessig wrote in the NYT: Using software code to enforce law is controversial enough. Making it a crime to crack that technology, whether or not the use of that ability would be a copyright violation, is to delegate lawmaking to code writers. Yet that is precisely what the D.M.C.A. does. The relevant protection for copyrighted material becomes as the technology says, not as copyright law requires. This is bad law and bad policy. It not only interferes with the legitimate use of copyrighted material, it undermines security more generally. Research into security and encryption depends upon the right to crack and report. Only if weaknesses can be discovered and described openly will they be fixed.

With each new case that ends up in a court or on the front page of newspapers, the opposition against criminalizing truly innovative netculture is becoming broader and broader. IBM and the rest of the consortium, for example, had to shelf, at least for the moment, the above mentioned technology to implement copyright protection on a hardware level. The researchers who were initially pressured not to publish their findings on the SDMI challenge are now allowed to make the presentation at the Usenix Security Symposium in Washington, D.C. The SDMI seems to have realized that it was creating very poor public relations. The coalition defending the Russian programmer who had cracked the eBook encryption has grown so broad that now even includes Adobe, the maker of the eBook. The case, however, is still pending as Sklyarov has been released on bail.

The content industry is fighting a loosing battle trying to shore up an outdated copyright regime. However, in the mean time it can do a lot of damage. To minimize the duration of this fight, and the devastation it creates, it is imperative to broaden even further the coalition against the criminalization of critical research, public discussion and innovative social practices. Napster has shown both the power of new modes of distribution and the danger of entering mainstream without a business model. New distribution models have to be developed that balance the various interests more adequately under the conditions of open communication networks. Perhaps MojoNation , which combines peer-to-peer technologies with micropayment, might be a step in the right direction. Until such a new model is found, the big content industries and other vested interests will continue to keep an upper hand by unleashing their armies of lawyers. Once new models are found, even the largest legal teams will no longer protect from the simple truth of evolution: adapt or die.