Computing Research Policy Blog

Another Data Point in the P2P Debate


Researchers from Harvard Business School and the University of North Carolina released a study today that suggests that illegal downloading of songs via P2P networks is not having a significant effect on legitimate music sales and in many cases may help album sales. The Washington Post has the story.
A few choice paragraphs:

Songs that were heavily downloaded showed no measurable drop in sales, the researchers found after tracking sales of 680 albums over the course of 17 weeks in the second half of 2002. Matching that data with activity on the OpenNap file-sharing network, they concluded that file sharing actually increases CD sales for hot albums that sell more than 600,000 copies. For every 150 downloads of a song from those albums, sales increase by a copy, the researchers found.
“Consumption of music increases dramatically with the introduction of file sharing, but not everybody who likes to listen to music was a music customer before, so it’s very important to separate the two,” said Felix Oberholzer-Gee, an associate professor at Harvard Business School and one of the authors of the study.
Oberholzer-Gee and his colleague, University of North Carolina’s Koleman Strumpf, also said that their “most pessimistic” statistical model showed that illegal file sharing would have accounted for only 2 million fewer compact discs sales in 2002, whereas CD sales declined by 139 million units between 2000 and 2002.
“From a statistical point of view, what this means is that there is no effect between downloading and sales,” said Oberholzer-Gee.

Senate Bill Would Allow DOJ to Target Filesharers


Tech Daily (sub. req’d) reports on a Senate bill introduced yesterday by Sen. Patrick Leahy (D-VT) that would allow the Justice Department to file civil lawsuits and bring criminal charges against song-swappers using peer-to-peer networks. Complaints from content providers about the relatively few numbers of criminal prosecutions for file trading apparently led Leahy to introduce the bill (S. 2237 — should be available online shortly). Currently, the government has to prove that song traders demonstrate “willful conduct” to bring criminal charges. Leahy’s bill apparently lowers that threshold. Judiciary Chairman Orrin Hatch is a co-sponsor. RIAA and MPAA are on board:

“This legislation provides federal prosecutors with the flexibility and discretion to bring copyright-infringement cases that best correspond to the nature of the crime,” said Mitch Bainwol, CEO of the Recording Industry Association of America.
     “I commend Senators Patrick Leahy and Orrin Hatch for their vision and leadership in combating the theft of America’s creative works,” said Jack Valenti, CEO of the Motion Picture Association of America.

More info as it becomes available….

Bush Announces Broadband Policy


Speaking in New Mexico today, President Bush announced his support for rolling out universal broadband service within three years. From Reuters:

“We ought to have universal, affordable access to broadband technology by the year 2007,” Bush said. “And then we ought to make sure as soon as possible thereafter consumers have plenty of choices.”
“It’s important that we stay on the cutting edge of technological change, and one way to do so is to have a bold plan for broadband,” he said. Bush did not elaborate on how he would accomplish the 2007 goal.

In addition, Bush urged that broadband access be tax free. It looks like the issue, long dormant for this White House in particular, may become a campaign issue:

Minutes after the president spoke, Democratic presidential contender John Kerry mentioned broadband as a key growth area during a campaign speech laying out his economic policy.

The scorecard for IT campaign issues so far then: IT offshoring (to protect or not to protect); Universal Broadband (how to roll it out, who should pay); maybe soon IT R&D? 🙂

The Spread of the Witty Worm


The folks at UCSD Computer Science and Engineering and the Cooperative Association for Internet Data Analysis (CAIDA) put their “Network Telescope” to good work in analyzing the spread of the Witty Worm. From their analysis:

  • Witty was the first widely propagated Internet worm to carry a destructive payload.
  • Witty was started in an organized manner with an order of magnitude more ground-zero hosts than any previous worm.
  • Witty represents the shortest known interval between vulnerability disclosure and worm release — it began to spread the day after the ISS vulnerability was publicized.
  • Witty spread through a host population in which every compromised host was doing something proactive to secure their computers and networks.
  • Witty spread through a population almost an order of magnitude smaller than that of previous worms, demonstrating the viability of worms as an automated mechanism to rapidly compromise machines on the Internet, even in niches without a software monopoly.
  • The conclusion is ominous:

    Witty demonstrated that any minimally deployed piece of software with a remotely exploitable bug can be a vector for wide-scale compromise of host machines without any action on the part of a victim. The practical implications of this are staggering; with minimal skill, a malevolent individual could break into thousands of machines and use them for almost any purpose with little evidence of the perpetrator left on most of the compromised hosts.

    And finally:

    The patch model for Internet security has failed spectacularly. To remedy this, there have been a number of suggestions for ways to try to shoehorn end users into becoming security experts, including making them financially liable for the consequences of their computers being hijacked by malware or miscreants. Notwithstanding the fundamental inequities involved in encouraging people sign on to the Internet with a single click, and then requiring them to fix flaws in software marketed to them as secure with technical skills they do not possess, many users do choose to protect themselves at their own expense by purchasing antivirus and firewall software. Making this choice is the gold-standard for end user behavior — they recognize both that security is important and that they do not possess the skills necessary to effect it themselves. When users participating in the best security practice that can be reasonably expected get infected with a virulent and damaging worm, we need to reconsider the notion that end user behavior can solve or even effectively mitigate the malicious software problem and turn our attention toward both preventing software vulnerabilities in the first place and developing large-scale, robust and reliable infrastructure that can mitigate current security problems without relying on end user intervention.

    Interesting stuff…

    Encouraging Words from Sen. Domenici (R-NM)


    Thanks to Richard Jones of the American Institute of Physics for sending around remarks Sen. Pete Domenici (R-NM), former chair of the Senate Budget Committee (now chair of the Energy and Natural Resources Committee), made on the Senate floor in support of increased funding for basic research.
    “The time has come to spend money on basic research, just as we have on medical research,” Domenici said.
    Read the complete remarks by following the link below.

    Read more

    Some TIA-related work goes on, but not privacy work?


    The Boston Globe has a piece on the apparent disposition of some TIA-related (DARPA .pdf) work in the wake of Congress’ move last year to eliminate DARPA funding for the controversial program. The program, an attempt to “design a prototype network that integrates innovative information technologies for detecting and preempting foreign terrorist activities against Americans,” came under fire from a number of groups, including CRA, who saw the eventual deployment of such a system as a serious threat to American civil liberties and security. (However, CRA also argued, in a letter to the House and Senate negotiators, that while a prohibition on deploying the technology might be appropriate, prohibiting research into these areas would not be in the national interest.)
    Though Congress cut funding at DARPA for TIA-related research at DARPA and eliminated the office at the agency that housed the project, language in the FY 2004 Defense Appropriations bill did allow related research to continue at unspecified intelligence agencies. The article notes that this work is apparently going forward, though parallel work DARPA had undertaken to insure there were privacy protections in any TIA-related system is apparently not.
    It’s difficult to know with any certainty whether privacy-related research is actually being funded by any of the intelligence agencies (though it’s clear from the article that work that had been funded by DARPA in the area has not been continued). This lack of transparency is an unfortunate consequence of the research moratorium imposed by Congress, and one of the reasons CRA opposed it….

    Business Week Special Section on “America’s Tech Might: Slipping?”


    Business Week is running a special report on US R&D policy and how America may be slipping down the curve compared with other countries. Some choice quotes:

    For anyone concerned about strengthening America’s long-term leadership in science and technology, the nation’s schools are an obvious place to start. But brace yourself for what you’ll find. The depressing reality is that when it comes to educating the next generation in these subjects, America is no longer a world contender. In fact, U.S. students have fallen far behind their competitors in much of Western Europe and in advanced Asian nations like Japan and South Korea.
    This trend has disturbing implications not just for the future of American technological leadership but for the broader economy. Already, “we have developed a shortage of highly skilled workers and a surplus of lesser-skilled workers,” warned Federal Reserve Board Chairman Alan Greenspan in a March 12 address at Boston College. And the problem is worsening. “[We’re] graduating too few skilled workers to address the apparent imbalance between the supply of such workers and the burgeoning demand for them,” Greenspan added.
    As a result, “the future strength of the U.S. science and engineering workforce is imperiled,” the National Science Board warned in a sweeping report issued last year.
    – from “America’s Failure in Science Education
    William Harris spent most of his career in the U.S. teaching chemistry or working at the National Science Foundation, where he was responsible for doling out $750 million a year in federal grants. But three years ago, Harris, now 59, moved to Ireland, the land of his forebears, to help turn it into a technology power.
    He became director general of Science Foundation Ireland (SFI), which since its founding in 2000 has attracted dozens of internationally renowned scholars from the U.S., Britain, Germany, and Russia. The newcomers get labs, promises of fast response to requests for assistance, and, most important, money for research into cutting-edge areas such as nanotechnology. SFI has $1 billion to play with — an enormous resource for a country of just 4 million people.
    FERTILE CULTURES.  The intent is to emulate America’s success as a worldwide technology leader — a transformation that not just Ireland but China, South Korea, India, and Israel, among others, intend to replicate. As these countries make their run for glory, they could eat into America’s dominance, experts say. “The U.S. has more aggressive competition than it has had in the past decade or so,” notes Erich Bloch, a principal at Washington Advisory Group, management consultancy in Washington, D.C.
    Already, the European Union has outstripped the U.S. in the number of scientific papers it publishes in major journals every year. That’s a key barometer of a region’s reputation in the scientific world, says R.D. Shelton, president of technology assessment for the nonprofit World Technology Evaluation Center in Baltimore. And the international pressure will only grow as other governments support their domestic companies with ambitions in telecommunications, semiconductors, and nanotechnology, among other initiatives.
    – from Challengers to America’s Science Crown

    Though the articles note (and the interview with White House Office of Science and Technology Policy Director John Marburger also mentions) that information technology R&D has been a focus of US federal R&D efforts, it’s also worth pointing out that the Bush Administration request for IT R&D in FY 2005 is for a reduction of 1 percent in spending vs. FY 2004. And that level is still $685 million below the funding level recommended by the President’s Information Technology Advisory Committee way back in 1999.
    Here’s more detail from CRA’s Computing Research News Online.

    Latest CRA-Bulletin is Out!


    The latest issue of the CRA-Bulletin has been e-mailed to subscribers. You can find a web version here.
    CRA-Bulletin is a free, occasional electronic bulletin to inform you about events we think are of interest to the computing community. You can find instructions on how to subscribe at the bottom of this page.

    CA Attorney Gen. Circulates Anti-P2P Letter Authored by MPAA?


    Wired has an eye-opening article on a draft letter circulated by the California Attorney General’s office to other state attorneys general that suggests peer-to-peer software producers are making a “dangerous product” and that the failure of technology makers to warn consumers could constitute a deceptive trade practice. More intriguing is that Wired obtained a copy of the draft document (a Word file) and reports that the document’s metadata suggests it was either authored by or reviewed by the Motion Picture Association of America.
    The letter represents a continuation of the attack on P2P technologies themselves — rather than a focus on the illegal activities — begun by groups like MPAA and RIAA. From the letter (which is intended for P2P software producers):

    It is widely recognized that P2P file-sharing software currently is used almost exclusively to disseminate pornography, and to illegally trade copyrighted music, movies, software and video games. File-sharing software also is increasingly becoming a means to disseminate computer worms and viruses. Nevertheless, your company still does little to warn consumers about the legal and personal risks they face when they use your software to “share” copyrighted music, movies and computer software. A failure to prominently and adequately warn consumers, particularly when you advertise and sell paid versions of your software, could constitute, at the very least, a deceptive trade practice.

    Fred Lohman, of The Electronic Frontier Foundation, is quoted a bit later in the article in reaction:

    It’s one thing for the MPAA to come up with a theory like that, but it would be quite another for a state attorney general to adopt it. The principle has no limit — you can use Internet Explorer to violate the law or unintentionally access pornography, so does he want to suggest that Microsoft is also breaking the law? Why stop at the Internet — should Ford be held liable for failing to warn drivers that exceeding the speed limit will expose them to citations?”

    Here are the other behaviors the letter writers believe characterize P2P programs:

    Whether it is the widespread availability of pornography, including child pornography, the disclosure of sensitive personal information to millions of people, the exposure to pernicious computer worms and viruses or the threat of legal liability for copyright infringement, P2P file-sharing software has proven costly and dangerous for many consumers.

    Not a very optimistic view of the technology….
    Anyway, it’s not surprising that MPAA may have been involved in drafting the document, but that doesn’t make it any less unseemly. If nothing else it shows they still have a bit to learn about digital content.

    Please use the Category and Archive Filters below, to find older posts. Or you may also use the search bar.

    Categories

    Archives