Mar 21

The EFF has it half right about open wireless

I’ve posted a couple of times about my wireless network – how I have it set up, how I’ve set it up wrong before,  how I’ve decided to keep it closed, how I’ve failed to actually keep it closed, etc. But guess what? I’m back with another installment of my wireless musings. I closed it up last time I wrote, but then I opened it because it was “easier” and now I’m probably headed back to be a scrooge until I find a good solution. So here’s a bit of background.

I run an internet related business and have a pretty decent connection running into my house. For business purposes I have several people / systems hooked up to one or more routers and they all use that internet connection.  Now, the easiest thing for me to do is to just leave the wireless network open so that no one needs to know any passwords to use it or anything like that. It would make that particular part of my life much easier if everyone could just connect and me not have to be involved in the process at all. But, alas, as I mentioned previously, there are some people out there who take advantage of the open access point. I really mean TAKE ADVANTAGE OF, not just USE. So, I go from trying to do something nice (leave the access point open) to just being annoyed at people for using excessive bandwidth and reducing the amount that my servers have at their disposal to do their job.

So bandwidth is one issue, but there’s also the issue of liability. It gives me a modicum of comfort know that the EFF thinks people with open routers should be treated as an ISP – you should get the same protection. But I haven’t really seen anything that says that you WILL get the same protection. To me, this means that if someone tries to do any of several nefarious activities utilizing my network connection that I may or may not be able to claim that the bits simply crossed over my router and be released of responsibility. I may open myself up to a hassle (or worse)… and for what? It also just now occurred to me as I type this that ISPs must maintain logs of usage for a certain amount of time. If I run an open access would I be responsible for maintaining such logs of usage? I would think that it would significantly reduce people’s desire to participate in providing open wifi if they had additional regulations to deal with.

I’ve mentioned two issues with the open router question. One is the bandwidth issue and the other is the liability issue. For the bandwidth issue I’ve recently read about (you networking gurus don’t get all high and mighty with me… I try not to know everything about this stuff and really I just want something that WORKS and that I don’t have to know HOW it works… you’ve probably known about this software for years) some custom firmware [DDWRT] that you can install on routers that allows for a LOT finer control. So, for example, you could set up a list of mac addresses to get unlimited bandwidth and then limit unknown mac address (likely your guests) to a different, lower bandwidth and even apply a usage cap per mac address. I don’t know if my router can accept this software, but I’m going to look into it. Doing so would at least alleviate the bandwidth hog issues and leave me to only worry about the liability issue.

I am working on finding a “hard and fast” answer to the liability question so if any of you out there have a resource for me that answers unambiguously how things would actually work then I’d like to hear from you. Ideally it would be case law, but educated discussion on the matter would be welcome also.

Aug 28

Some thoughts on Software Patents

I have read a lot of what I consider to be fairly convincing arguments relating to software patents and whether the courts should “allow them” or “ban them”. Before I had the insight I’m going to share below I was definitely a fence hopper, but I think I have finally satisfied myself with an answer. It takes a wee bit of imagination and a willingness to be somewhat philosophical to get there, but I think the thought process will get you there.

 

If you’ve seen “The Matrix” you know that almost the entire movie involves real people living and acting in a virtual world. If you’ve seen “The Matrix Reloaded” you’ll remember a scene where a ship is returning to realworld city of Zion and they are getting ready to enter the gates to the city. The city is very mechanical and computers are utilized to control everything, but do the people of Zion who operate the computers sit behind a keyboard? No they don’t. Instead they “plug in” in the real world transferring they minds into the virtual world in which someone (presumably other humans) has programmed all of these controls. The controls cool thing about these controls is that not only can they be laid out like a keyboard, but they can also be like a lever. It’s their own virtual world so they can build it however they want. They just need to be presented with an environment that they can manipulate to get “the job” done.

 

Now imagine current earth humans being able to allow their mind to live or work inside of a virtual world. Everything in that virtual world is actually software! Nothing is physical though it could be designed to look it and feel it. It may be designed such that your physical actions (ie grabbing a lever and pulling / pushing it) causethe software to behave in different ways, but it’s still not actually physical. How you interact with that software simply causes some state change in the outside world, but what you are interacting with IS software. Yes, the changes you introduce by manipulating the controls made available to you will cause some other software to cause changes in the outside world which will in turn cause a change to the view of the world presented to the those in the virtual world (and in the physical world). But it’s still software making it all work. The tools are software. The connections are software. The actor could even be software.

 

Once these types of systems are possible, and especially once they are common place, there could be a rush of what, in the physical world of today, we would call innovative people coming up with new widgets that can be used inside of this virtual world. These innovations will almost surely come with a price that would be paid by the programmer. In that case there would be a need for protection under some type of law in order to encourage people to create, test, and perfect them. Do we have a system that provides this sort of protection today? Yes, we do, and it is the patent system. It would also be applicable to this sort of situation considering the new types of “tools” that people would “physically” interact with inside the virtual world. All manner of things are possible in the real world today that we just knew wasn’t possible before (until someone innovated a way to do it), and the same will be true in the virtual world. Ways of doing things never even thought of will be, given the right motivation, not only thought of but implemented and improved upon. Different ways of looking at problems will cause unique solutions to become apparent. The solutions would be “obvious” once pointed out, but would be nonobvious prior. Why would someone dedicate their time to looking for alternate solutions if the answer will net them no reward? History shows us that they won’t… not to the same degree anyway.

 

Q: What about a hammer vs a “virtual hammer”? Would you really allow a patent on a virtual hammer that does the same thing in software world that it does in the real world? That seems like everything would get repatented with the only difference being that it is “in software”.

 

A: This question stems from one of the common errors untrained people make when judging patent validity. You can’t just look at the title, or the summary. Think about it. A software hammer wouldn’t be the same thing as a hardware hammer would it? Software doesn’t have physical nails to drive. But maybe a software hammer can be made such that it easy automates the binding of two or more components using a single connective module. Something that used to take 10 virtual actions can be easily rolled  up into the action of hitting the objects with a hammer. The hammer basically just does all of those steps that “physically” had to be done before and elminates them through some ingenious “piece of code”. Testing this peice of code and finding just the right tweaks for it came with a cost of thousands of lost operations (cpu cycles), mangled data, and even memory leaks that had to be dealt with before it became stable to be used in the virtual world. Why would someone give up these precious resources if it would not gain them some advantage? Now that it is done it is a easily copyable solution so what’s to stop another from copying it and using it without having put their own butts on the line? Copyright doesn’t do the trick as code can be rewritten (hell, translate it to another language and you’ll have to modify it to do so). You’re still using the same algorithm, but it obviously not the same code. Yes it is and you shouldn’t be allowed to steal the code, change the language, and call it new.

 

It is my belief that as things become more virtualized and as virtual reality starts to become both more real and more immersive that we will see more need for patents on things in the virtual world. These things are no doubt software. But they are also no doubt in need of protection.

 

To be continued… or is this one step too far?

 

And if we know that software should be patentable in the case of said eventual world, then software should be patentable now due to the simple fact that the simulation argument leads there.

 

May 14

To lock down or not lock down

A while back I did a post about making sure that you lock down your wifi so that people do not do nefarious things on your connection and get you into trouble. Well, apparently that was not the best “legal” suggestion. Apparently, if your wifi is open and someone does something wrong then, well, it could have been anyone that was using your IP. But if your wifi is closed and something is done wrong (beginning at your IP address) then you are viewed as that much more likely to be the target of an investigation. Afterall, who could have been using your IP? Your wifi was closed!

According to the Electronic Frontier Foundation (EFF), keeping your router OPEN may offer more legal protection than having it closed.

If you run an open wireless network, you may be able to receive significant legal protection from Section 230 of the CDA (against civil and state criminal liability for what others publish through the service) and Section 512 of the DMCA (against copyright claims based on what others use the service for). While these protections are not complete, EFF regularly engages in impact litigation to help ensure that these laws offer as strong protection to network operators as possible.

The fact is that wireless router security is often viewed as something you just set up and then leave alone and it works to keep the bad guys off your line. However, wireless security is relatively weak and much of it can be broken. It won’t be long before the bad guys have access to your locked router and start making trouble. When they do, it will look like YOU are the one making trouble. On the one hand, you hate to give the bad guys a free ride, but on the other hand you would hate to get punished for what they do if they stole your ride and did something inappropriate with it.

I continue to go back and forth on this one. I have gone months with my router open, and then some time with it closed. I usually have to close it due to too much bandwidth being used. My netflix will start lagging (don’t mess with my Sarah Conner Chronicles!) or whatever and I know that someone is getting a little happy with my bandwidth.

It makes me nervous both ways to be honest. I have several houses with teenagers that live around me, all with wireless reach. Do I want them going to sites or performing illegal activities over my router? Nope. Do I want them using up all my bandwidth? Nope. Do I want to be nice and allow for free access? Yes. Do I want to have someone crack my WEP, gain access to my router, and then do unruly things so that it appears it was me? No way! So what I do? What would you do?

My plan is to in general go open wireless. Sometimes I’ll close the open access if I have bandwidth hogging issues and then I’ll open it back up once I think they’ve gotten the point. If you come around and don’t find an open network currently available don’t be discouraged. I have likely gone into non-sharing mode for a short time in order to get the bandwidth hogs to move along and will reopen for public use soon enough. Really, this isn’t much of a change. I like to provide a needed service, and I understand the need for open wireless points. Now that I see there are even legal “goodies” to go along with having it open I feel even better about the way I’ve operated historically and will continue to lean towards open, available wireless.

Mar 02

Pirate Bay case update and some related legal questions

I have been interested in the Pirate Bay trial that has been going on, but it has now taken on a whole new level of interest to me because they are releasing the actual arguments being utilized on each side. I was reading this article about the trial and read the following which kind of brought some questions to mind:

Roswall dropped several charges on the second day of the trial for the purpose of streamlining the case, Ars was told, which leaves contributory copyright infringement as the main charge. The Pirate Bay might not host content itself, but if its main use is as a middleman that arranges illegal peer-to-peer transfers, Roswall said that the site could be held responsible.

“A person who is holding someone’s coat while they assault someone else is complicit in the crime,” he said, according to Swedish paper The Local.

And Monique Wadsted, the lawyer for the movie industry, told the court that it was a basic point of Swedish law that one can’t just walk around with eyes closed when one knows that crimes are being committed.

Wadsted also claimed that The Pirate Bay was built for piracy, and she noted that site admins do in fact police the site for child pornography, inactive torrents, and misleading descriptions. Given that sort of control over the material, is it credible simply to see The Pirate Bay as a hand-off forum that allows all sorts of user postings for which it cannot be held liable?

The defense is continuing to claim that the European Union e-commerce directive passed in 2000 protects them from liability. The relevant part of the directive is Article 12, the “mere conduit” section, which says that a “service provider” is not liable for the information transmitted by its users.

The rule applies only to “service providers,” raising the question of whether The Pirate Bay qualifies, and it only applies when three conditions are met: the service provider must not 1) initiate the transfer, 2) select the receiver of the transfer, 3) modify the transfer in any way.

So what is it that I find interesting? All of it actually. What If someone wanted to start a service that helped drug dealers (not big pharma… the ones that are currently illegal) hook up with those that wanted to buy drugs. If they simply created a website that facilitated the two hooking up and took NO PROFITS from either party would the website be breaking the law? Would I be breaking the law if I DID get paid by advertisers? What if I took a cut of the transaction itself? The last one I think yes, but I’m not sure… the other two I lean towards “no”, but I’m not sure. IANAL – so what do I know? What if I didn’t know about the drug dealers? What if they were just using it to exchange illegal things and I didn’t know?

In the article the prosecuter claims “if [a website’s] main use is as a middleman that arranges illegal peer-to-peer transfers ” then it can be held liable for damages. I assume this <illegal peer-to-peer transfers> could be substituted to be anything that is <illegal>. Fine, what if it’s intended main use is as a chat room, but it just happens to provide a mechanism for pushers and buyers to find each other?

It seems kind of arbitrary for anyone other than the creator to define somethings “main use”. That’s like saying a car’s “main use” is to run over pedestrians just because it happens sometimes. Even if it happens a lot that is not it’s “main use”. It doesn’t really follow that I, the inventor or provider, can invent or provide a service for one use and that someone else call what I did illegal because the way some portion of society chooses to use it is in some other way than what I intended. My understanding is that is in general EXTREMELY difficult to provide “motive” or “intent”.

Is the service a “mere conduit” as defined? I don’t know. I’ve never used it. I make enough money to buy most of my own crap now, and I rarely listen to new music. I do hate for the Pirate Bay that they apparently did remove some material. At that point they actually might have changed their status from “mere conduit” to “data managers” or something like that.

Even for those not in Sweden this could set some huge precedent. I will have to check the American law for further clarification, but to be on the safe side I would say anyone wanting to create a website that allows people to get what they want (files, information, dates [think “dating”], whatever) should atleast make sure they meet the definition of “service provider”. The three requirements were (as listed in the article) that a service provider must:

  1. NOT initiate the transfer
  2. NOT select the receiver of the transfer
  3. NOT modify the transfer in any way

Does (1) mean you cannot be the sender? Or does (1) mean you cannot send to a receiver that has not solicited it? If it is the former, then it seems that (3) means you cannot delete something posted by another user because the sender just uses your platform. If someone else initiates the transfer (ie. A user) and you delete it that would be viewed as a modification. If that is true then it would be in a providers best interest to ignore any Cease And Desist letters, subpoenas, whatever for fear of violating their status as a provider and thus opening themselves up to even more litigation. This is crazy hard to figure out what to do.

Also, the rules do not say that a provider cannot profit. So going back to my drug dealer example it would seem a “service provider” would be able to profit as long as they didn’t skim any of the “product” or any of the money from the buyer. I am guessing that an additional part of being legally NOT LIABLE as a service provider would require that the item being pushed throught the “conduit” is not illegal. Thus, actually setting up a meeting between a user and a pusher would likely be illegal. (What if the site just said “I can recommend a guy” and let them work it out from there? I don’t know.)

This is why “data law” is so much harder (and more interesting) than other types of legal issues. It’s a relatively young area with a lot of gray area. Add on to that the fact that platforms on which it is practiced is always changing and it makes for some very interesting and provactive conversation opportunities.