Craig Brozefsky on Sat, 13 May 2000 00:33:10 +0200 (CEST)

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: <nettime> Napster Hurts Free Software

Florian Cramer <> writes:

> I doubt that this is coming as easy or naturally as you suggest and many
> others have in the past ten years. The well-known saying that the Internet
> would interpret censorship as a bug and root around it implies a
> (technicological, political and epistemological) autonomy of the Internet
> that doesn't exist. Lawrence Lessig has made many good points concerning
> this which are unneccessary to repeat here. The worldwide police action
> against the authors of the ILOVEYOU worm and Metallica's reverse
> identification and legal persection of Napster users should give some good
> impressions of what degree of control is already feasible in the Internet.

It does indeed.  Unless things have changed in the last few hours they
still have no real evidence or suspect in the ILOVEYOU virus case
despite said international police action, and what they do have was
revealed thru idiotic evidence left in the code.  Napster users who
desire so are already bypassing Napster's ban, or simply moving to
gnutella which does not have the weakness of a centralized authority
capable of banning accounts (but does have other weaknesses).

Your point however cannot be so easily dismissed.  It will take real
work on the part of developers, as well as effort on the part of users
to maintain the level of (imaginary?) freedom they presently enjoy.
This work is to be carried out in legal, cultural, and technical
domains.  It's not sufficient for us to repeat the "internet routes
around censorship" mantra 10 times a day.

I feel the technical domain provides the basis for all other attempts
at ensuring freedom of access to information and anonymity.  Legal or
cultural guarantees are meaningless when the stakes get high, but
provide the most general protection for those who are not inclined to
either use high impedance technologies to acquire said freedom, or are
simply operating under a much less severe threat model.  Yet even in
those situation, the basic technological foundations of TCP/IP, SSL,
OS (in)security, controlled distribution of host information, and
informally anonymous distributed protocols must be there or the legal
and cultural guarantees will not arise.

The technical work continues tho, and as the stakes get higher the
general public starts becoming aware of more advanced techniques for
hiding what information they seek, and what they do with it.  The rise
of gnutella and Freenet are just the beginning, as informally
anonymous distributed protocols they do not really provide the freedom
some users desire, but for the purposes of copyright infringement via
the sharing of mp3s and the like, it's sufficient in the present
environment where the threat profile is quite lax for individuals.

Such marginally illegal practices as music and software piracy act as
proving grounds for these technologies, and also help to introduce
them to the public.  The gaggles of mp3 pyrates help us test the
scalability to something like gnutella or FreeNet, and provide a cover
of white-noise for those who may have more pressing anonymity and
distribution needs.  The sea of mp3s is a swell place for putting
stego'd copies of outlaw data and ensuring it gets distributed far
and wide.

When the heat gets turned up they will start turning towards things
like the Eternity Service[1] and Zero Knowledge Systems[2], URL
obfuscating services, and distributed HTTP anonymizers.  These
services provide protection under an even greater threat level, some
would require the resources of an intelligence agency from a
industrialized nation to extract incriminating information from them.

So there is indeed alot of work to be done, both in deploying the
technologies that will take us thru the next round of the arms race to
control people's free access to information (pirated or not), and also
in the dissemination of these technologies to wider audiences.

> > If recording companies really try to impose trusted client on us, geeks
> > will crack it faster than you can say "40-bit export limit." They will
> There is no more 40-bit export limit. At least in theory, decent
> proprietary cryptography is possible now and can't be broken as
> easily if it's implemented in a technically non-stupid way. 

Key strength is but one component in a trusted client system.  There
has never been a copyright protection system that hasn't been busted.
I don't see that changing given the environment such systems must run
in, and the tools and skillz that can be brought to bear upon them.
The intellectual property hoarders must balance consumer convenience
and desire with security.

The gaming console industry has had total control of their hardware
platform (something PC software/hardware vendors will never have), and
in some cases total control of the software that ran on their systems.
Even then, you can purchase mod chips to bypass the IP protection
mechanism on any console, getting rid of the region coding as well as
the manufacturers attempts at stopping people from playing CD-R copies
of their software.  

Given the track record in the game console market and the control they
were able to exercise, it seems unlikely that the PC platform will
ever be able to produce a "trusted client" system worth a damn.  Intel
has backed out of it's scheme to produce unique IDs for CPUs, a
important part of a trusted client system able to identify a
particular computer, under pressure from consumers.  Remember that we
have multiple CPU, motherboard, and peripheral vendors for any
component of the PC architecture, spread across many different

That said, cracks and hacks are not viable solutions for everyone.
But they do perform an important task, making people aware of the
possibilities and cognizant of the limitations that they are being
forced to accept.  Just as any adolescent with an internet account
today is aware of what mp3s can do and the fact that people are
attempting to stop their use, more and more people will become aware
of the control that is being exerted over their use of intellectual
property and other information.

> Free Software has been a successful project because it opted exactly for the
> above choice. If people had happily chosen Warez instead, there would be no
> GNU/Linux. (The recording industry is stupid. mp3 and Napster are the most
> efficient reinforcement tools of mainstream musical taste and hence the best
> stardom vehicles. Try to get Stockhausen's "Kontakte" via Napster.)

I see that for you, as well as Bruce, it boils down to an issue of
proper respect for intellectual property.  This insistence led Bruce
to make a bunch of groundless arguments about the deleterious effect
of music piracy on Free Software.  Are you preparing to do the same
thing?  Unless developers start spending too much time scrounging
around for Haujobb mp3s instead of debugging, I see no connection
between the two.  This doesn't mean that Free Software developers need
not be active in the legal domain and can safely assume they code in a

The causal argument Bruce made, and which you seem to be attempting to
support are suspect because the IP monopolists were already pursuing
the DMCA and UCITA before Napster and even mp3 started floating
around.  Indeed, the arms race between copy protection and warez pups
has been raging for decades, and we know who is winning that.  


[2] Zero Knowledge Systems

Craig Brozefsky                      <>
Free Scheme/Lisp Software
"Hiding like thieves in the night from life, illusions of 
oasis making you look twice.   -- Mos Def and Talib Kweli

#  distributed via <nettime>: no commercial use without permission
#  <nettime> is a moderated mailing list for net criticism,
#  collaborative text filtering and cultural politics of the nets
#  more info: and "info nettime-l" in the msg body
#  archive: contact: