April 2007

American.com 2.0

by on April 3, 2007

It’s sure to be the best thing since ALF 3! American.com‘s “2.0” happy hour!

Host: David Robinson
Location: Panache Restaurant
1725 Desales St. NW, Washington, DC View Map
When: Thursday, April 5, 6:00pm
Phone: 202 657 9892

Please join us to celebrate the launch of the new, improved American.com. Those in attendance will include David Robinson, managing editor; Marianne Wasson, associate editor; Ben Newell, editorial assistant; members of the web design team; and most importantly, a bunch of our contributors.

Panache has agreed to extend its happy hour until 8 PM — featuring $5 martinis and house wines. Come raise a glass…

About the site:

American.com is the web site of The American—AEI’s magazine of business and economics. We have a new look and a great mix of stories, from an expert take on the Blackstone IPO to reflections on Islamic banking to a review of a new book on the economics of wikis. We offer original content—and links to the best business coverage from around the web—every day.

Lisa Lerer of Forbes was nice enough to do a feature story this week about my views on the panic over social networking and the push for age verification of such sites. Her piece is entitled “Why MySpace is a Safe Space,” and begins as follows: “Adam Thierer doesn’t look like much of a revolutionary. But last month he challenged both Washington and conventional wisdom with a fairly radical proposition: Perhaps MySpace and the Internet aren’t so scary for kids, after all.”

I don’t really regard what I’ve been saying in my recent essays or big new PFF study as “revolutionary.” Rather, if you spend any time studying this issue and these sites in a dispassionate, educated way, I think the conclusions I draw seem quite reasonable. Unfortunately, I don’t think many policy makers or critics have spent any serious time on these sites or seriously explored the relative danger of online social networking sites relative to offline social networking places. A classic “moral panic” has developed because of this: An older generation fears a new medium that it does not use or understand.

Anyway, read my discussion with Lisa for more details.

My TLF post last week on the new draft of the GPL v.3 (or as I referred to it, GPL Vendetta) sparked a number of exchanges. Neil McAllister at InfoWorld said in his article that V should be for Vindication, not vendetta. And in his post Tim Lee responded to Mark Blafkin’s thoughts on the draft GPL v.3. Mark has a recent response of his own where he ruminates on Richard Stallman’s alleged libertarianism.

All this interesting and passionate discourse leads me to wonder why we care so much about the GPL? Of the many tech policy issues, this one strikes a visceral nerve with a vocal cadre of techies. I’m less visceral and more analytically removed (not to imply that others aren’t analytical). I care not because I’m a programmer, but because markets care – the GPL has made major inroads into commercial enterprises! And as a lawyer, I care about how attorneys will be counseling their clients on the GPL 3 (as embodied in the current draft). In this regard, there’s an interesting SearchEnterpriseLinux.com article that features an interview of Jeff Seul, an IP attorney, where he states:

With other open source licenses out there, like the Mozilla public license, and the Apache license, you discover that they are brief and are in plain English. The GPLv3 is 12 pages with a 60-page explanatory document. I don’t know how people are going to cope with a 12-page licensing agreement with 60 pages of ancillary text – that’s 70-plus pages of text and it’s ambiguity run amok. If I ever had a client come to me, and they said they wanted to build a business around the GPLv3, and were asking for a legal opinion on it, this lawyer would not have the confidence in it to give them clear legal advice.

I wholeheartedly support the ability of the FSF to dictate its licensing terms – but ultimately the software market will – as counseled by lawyers – be the final arbiter of the GPL 3.

When Good Analogies Go Bad

by on April 3, 2007

There’s been a big to-do the last few days over Craig Newmark’s article analogizing network neutrality to your ability to call the pizza joint of your choice without interference by your phone company. Cory, Julian, Ezra, and Tom all weighed in. Julian thinks that this scenario isn’t so problematic because companies can already buy extra phone lines to help their customers get through faster. Ezra insists that companies should be competing on the basis of pizza quality and delivery time, not their ability to shop for telecommunications services.

The thing I find frustrating about this discussion is that the usefulness of an analogy depends crucially on its similarity to the real world. And in this case, the pro-regulatory side has been so vague about what the real-world fear is that we can’t even begin evaluating whose analogy is more apt. Tom begins to get at this when he encourages us to differentiate between changes designed to make the network work better and changes that are simply designed to extort more money out of application service providers. An even better reaction is this post by son1:

Continue reading →

Leave it to the blogosphere (in the person of one David McElroy) to instantaneously debunk my ham-handed April Fool’s Day post claiming a security breach in the the NAPHSIS EVVE system. Congratulations, David. (Who says it’s such a good thing to have smart readers?!)

The National Association for Public Health Statistics and Information Systems has developed and implemented the Electronic Verification of Vital Events system to allow immediate confirmation of the information on a birth certificate presented by an applicant to a government office anywhere in the nation irrespective of the place or date of issuance.

That sounds neat, but it is being incorporated into the REAL ID national ID system apparently without regard to the security issues involved. If we are going to use driver’s licenses for security purposes, each link in the chain of issuance is then a potential vulnerability.

What if the NAPHSIS EVVE system and others like it were comprimised and made to confirm the issuance of birth certificates that didn’t actually exist? We could have untold numbers of licenses issued based on fraud. The system we have now, which provides a modicum of security, could collapse as fraudulently acquired driver’s licenses proliferate.

Two weeks ago, at the meeting of the Department of Homeland Security’s Data Privacy and Integrity Advisory Committee, I asked Stewart Baker, Assistant Secretary for Policy at DHS, what counter-measures might be employed by attackers on the REAL ID national ID system. He said, “We have done some thinking about that . . .” I’m not sure our confidence should be inspired by that.

Every weakness in the system should be explored carefully. I summarized some of them in Appendix A of my testimony at the Homeland Security and Governmental Affairs Committee last week.

It’s true: EMI’s entire music catalog will be available DRM-free next month:

Apple® today announced that EMI Music’s entire digital catalog of music will be available for purchase DRM-free (without digital rights management) from the iTunes® Store (www.itunes.com) worldwide in May. DRM-free tracks from EMI will be offered at higher quality 256 kbps AAC encoding, resulting in audio quality indistinguishable from the original recording, for just $1.29 per song. In addition, iTunes customers will be able to easily upgrade their entire library of all previously purchased EMI content to the higher quality DRM-free versions for just 30 cents a song. iTunes will continue to offer its entire catalog, currently over five million songs, in the same versions as today—128 kbps AAC encoding with DRM—at the same price of 99 cents per song, alongside DRM-free higher quality versions when available.

Some details:

Continue reading →

Again, I quote with permission from Jim on the ipcentral blog:

Obviously, last week’s release of new draft of GPLv3 was a big deal in the software world, but the discussion has taken a strange turn. The tech media all did their job — reporting, interviewing, analyzing. But the discussion boards, both “community” and business, are oddly uninformative.

Some big questions swirl around how GPLv3 would work in the real world, and, above all, how would it affect the customers’ and the whole tech world’s need for both interoperability and transaction costs that are low and predictable.

Continue reading →

E-Voting Write-up

by on April 2, 2007 · 0 comments

Over at Ars, I give a qualified endorsement to the Holt e-voting reform bill:

Serious concerns were raised regarding the flaws with the printers used to produce paper audit trails. Norris cited a Las Vegas survey in which fewer than 40 percent of voters actually checked the paper record of their vote before leaving the polling place. An election official in North Carolina reported that there were hundreds of printer failures in that state during the 2006 election. He cited a Georgia study about the logistical challenges of storing, tracking, and manually counting thousands of votes recorded on unwieldy rolls of paper tape.

Continue reading →

The Wall Street Journal says ($) that EMI and Apple will announce tomorrow that “significant amounts” of EMI’s catalog will be available on iTunes sans copy protection. Fantastic. If this proves true, they’ll have earned at least one new customer—me.

Early this morning, I came across an AP story about a breach of the NAPHSIS EVVE system. At this point, it looks like it has been taken down and I can’t find it anywhere on the Web – I could imagine national security folks wanting to contain the PR damage. I’ll reproduce it below from my cache. If anyone can find it on the Web – especially an update – please let me know in the comments.

I think the implication of this are huge. Beyond billions in welfare fraud going to whatever criminal organization might have placed this software, we have a security hole a mile wide in the passport issuance system, social security cards, and drivers’ licenses. Good thing this has been caught now. Imagine if REAL ID were in place and we were relying on this system for ID security.

Continue reading →