P2P Legal


Published on

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • I’ve spent 35 years in what we once quaintly called ‘the computer industry’. I’ve been active in the various forms of eBusiness since the late 1980s. My consultancy work during the last decade has been in strategic and policy aspects rather than tech and apps. I spent a decade as a senior Info Systems academic, and continue as a Visiting Professor in several institutions. And I’m also an active public interest advocate. My approach to the topic today will reflect what I’ve learnt in each of those roles.
  • My purpose in this Keynote is to examine some serious challenges confronting m>Business. I’m going to do that by looking at recent history. We need to learn lessons from the missed opportunities and slow growth in many areas of eCommerce and eGovernment over the first decade of the Internet era.
  • The much-used ‘value chain’ concept appeared for the first time only in 1985. Until then, the dominant modelling form used in business had been the essentially static chart of organisational structure, or ‘organigram’. The importance of Porter’s model was to shift the emphasis from the static to the dynamic. Process was what mattered, and organisation was only a means to an end.
  • The much-used ‘value chain’ concept appeared for the first time only in 1985. Until then, the dominant modelling form used in business had been the essentially static chart of organisational structure, or ‘organigram’. The importance of Porter’s model was to shift the emphasis from the static to the dynamic. Process was what mattered, and organisation was only a means to an end.
  • P2P Legal

    1. 1. P2P Technology and Its Legal and Policy Implications Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor at U.N.S.W., A.N.U., Uni. of Hong Kong http://www.anu.edu.au/people/Roger.Clarke/... .../II/P2P-LegPol-0507 {.html, .ppt} Baker & McKenzie Cyberspace Law & Policy Centre U.N.S.W., 27 July 2005
    2. 2. P2P Technology and Its Legal and Policy Implications Themes <ul><li>Where It Came From; and What It Is </li></ul><ul><li>How It’s Different </li></ul><ul><li>What It Can Be Used For </li></ul><ul><li>What It Is Used For </li></ul><ul><li>Its Implications </li></ul><ul><li>Copyright-Owner Adaptation </li></ul>
    3. 3. Star Topology / Master-Slave Architecture 1950s Onwards
    4. 4. The ARPANet’s Peer-to-Peer Topology 1969 Onwards Multi-Organisational
    5. 5. Client-Server Architecture 1980s Onwards Intra-Organisational
    6. 6. Client-Server Architecture mid-1980s Onwards, esp. mid-1990s Onwards Internet-Mediated
    7. 7. Key Developments Since the Mid-1990s <ul><li>Workstation Capacity (now rivals Hosts) </li></ul><ul><li>Workstation Diversity desktops, laptops, handhelds, smartcards, ... phones, PDAs, cameras, ... fridges, carburettors, ... RFID tags, ... </li></ul><ul><li>Broadband Connectivity (now widespread) This enables dispersion and replication of devices capable of providing services </li></ul><ul><li>Wireless Connectivity (rapidly increasing) This enables Mobility which means Devices change networks which means their IP-addresses change </li></ul>
    8. 8. Wireless Comms Using Electromagnetic Radiation <ul><li>Wide Area Networks – Satellite (Geosynch, Low) </li></ul><ul><ul><li>GS is Large footprint, very high latency (c. 2 secs) </li></ul></ul><ul><li>Wide Area Networks – Cellular (to 20km per cell) </li></ul><ul><ul><li>1 – Analogue Cellular, e.g. AMPS, TACS </li></ul></ul><ul><ul><li>2 – Digital Cellular, e.g. GSM, CDMA </li></ul></ul><ul><ul><li>3 – ‘3G’, e.g. GSM/GPRS and W-CDMA </li></ul></ul><ul><li>Wide Area Networks – ‘ WiMax ’ , IEEE 802.16 </li></ul><ul><li>Local Area Networks – ‘ WiFi ’ (10-100 m radius) </li></ul><ul><ul><li>e.g. IEEE 802.11x esp. 11b,g / Apple Airport </li></ul></ul><ul><li>Personal Area Networks (1-10 metres) </li></ul><ul><ul><li>e.g. Bluetooth (or beamed infra-red) </li></ul></ul>
    9. 9. P2P – The Motivation <ul><li>“ P2P is class of applications that take advantage of resources (storage, processing capacity, content, human presence) available at the edges of the Internet” </li></ul><ul><li>A program is both Client and Server: </li></ul><ul><ul><li>a workstation provide services to others </li></ul></ul><ul><ul><li>e.g. a music playstation can be a mixer too </li></ul></ul><ul><li>So Workstations also acts as Hosts </li></ul>
    10. 10. Multiply-Connected Topology / P2P Architecture 1970s but esp. Late 1990s Onwards Internet-Mediated
    11. 11. P2P – Towards a Technical Definition <ul><li>P2P is a network architecture in which each node is capable of performing each of the functions necessary to support the network and in practice many nodes do perform many of the functions </li></ul>
    12. 12. The Essential Nature of P2P <ul><li>In principle, Every Device is a Client and a Server </li></ul><ul><li>In practice, Many Devices perform Server-functions </li></ul><ul><li>Collaboration is inherent </li></ul><ul><li>Clients can find Servers </li></ul><ul><li>‘ Single Points-of-Failure’ / Bottlenecks / Chokepoints are avoided by means of networking dynamics </li></ul><ul><li>Enough Devices with Enough Resources participate as Servers for discovery, and as Servers for services </li></ul><ul><li>'Free-Riding' / 'Over-Grazing' of the 'Commons' is restrained through software and psych. features </li></ul>
    13. 13. Why P2P Is Attractive <ul><li>Much-Reduced Dependence on individual devices and sub-networks (no central servers) </li></ul><ul><li>Robustness not Fragility (no single point-of-failure) </li></ul><ul><li>Resilience / Quick Recovery (inbuilt redundancy) </li></ul><ul><li>Much-Improved Scalability (proportionality) </li></ul><ul><li>Improved Servicing of Highly-Peaked Demand (more devices on the demand-side implies there are also more server-resources) </li></ul><ul><li>Resistance to Denial of Service (D)DOS attacks (no central servers) </li></ul>
    14. 14. P2P Applications 1. Of Long Standing <ul><li>ARPANET services generally , from 1969, which were built over a peer-to-peer architecture </li></ul><ul><li>message transfer agents , since 1972 (SMTP), which perform both server and client functions </li></ul><ul><li>USENET since 1979, now Internet Netnews </li></ul><ul><li>Fidonet file / message transfer system, since 1984 </li></ul><ul><li>Domain Name System (DNS) , since 1984, a collaborative scheme, each server also a client </li></ul>
    15. 15. Recently-Emerged P2P Applications 2. Processing Services (cf. Grid Computing) <ul><li>Pattern-Searching of Data (e.g. SETI@home) </li></ul><ul><li>Data-Space Searching , in particular as part of a collaborative key-discovery process (e.g. EFF's DES cracking project) </li></ul><ul><li>Numerical Methods , large-scale / brute-force (e.g. fluid dynamics experiments, meteorology) </li></ul><ul><li>Gaming , multi-player, networked </li></ul><ul><li>Message Transfer : </li></ul><ul><ul><li>conferencing/chat/instant messaging </li></ul></ul><ul><ul><li>cooperative publishing </li></ul></ul>
    16. 16. Recently-Emerged P2P Applications 3. Access to Digital Objects <ul><li>Software fixes/patches </li></ul><ul><li>Software releases </li></ul><ul><li>Virus Signatures </li></ul><ul><li>Announcements , e.g. of technical and business information, entertainment, sports results, promotional messages, advertisements </li></ul><ul><li>News Reports , by news organisations, and by members of the public </li></ul><ul><li>Emergency Services traffic </li></ul><ul><li>Backup and Recovery </li></ul><ul><li>Games Data , e.g. scenes and battle configurations </li></ul><ul><li>Archived Messages , for conferencing/chat/IM, and cooperative publishing </li></ul><ul><li>Learning Materials , in various formats </li></ul><ul><li>Entertainment Materials , in various formats </li></ul>
    17. 17. The Predominant Use 1998-2005 <ul><li>Consumer sharing of entertainment materials: </li></ul><ul><ul><li>recorded music, in MP3 and other formats </li></ul></ul><ul><ul><li>video, as bandwidths increase </li></ul></ul><ul><li>Copyright-owning corporations assert, with substantial evidence, that a large proportion of those file-transfers is being performed in breach of copyright law </li></ul>
    18. 18. Indicators of Scale <ul><li>In Sep 2002, 31m Americans used P2P to share music </li></ul><ul><li>In 2003, FastTrack peaked at 5.5m users and 60% of the market, then fell due to publicity about lawsuits </li></ul><ul><li>By 2004: </li></ul><ul><ul><li>P2P data volumes estimated at 10% of traffic (Web 50%, all email incl. spam 3%) </li></ul></ul><ul><ul><li>simultaneous users c. 10m </li></ul></ul><ul><ul><li>c. 50 m searches per day </li></ul></ul><ul><ul><li>FastTrack still had 4m users (40% of market) and enabled access to 2m files, >10 terabytes </li></ul></ul><ul><ul><li>50% of files audio, 25% video, 25% other </li></ul></ul>
    19. 19. P2P Networks and Protocols http://en.wikipedia.org/wiki/Peer-to-peer#Networks.2C_protocols_and_applications BitTorrent network: ABC, Azureus, BitAnarch, BitComet, BitSpirit, BitTornado, BitTorrent, BitTorrent++, BitTorrent.Net, G3 Torrent, mlMac, MLDonkey, QTorrent, SimpleBT, Shareaza, TomatoTorrent (Mac OS X) [2], TorrentStorm eDonkey network: aMule (Linux, Mac OS X, others), eDonkey2000, eMule, LMule, MindGem, MLDonkey, mlMac, Shareaza, xMule, iMesh Light, ed2k (eDonkey 2000 protocol) FastTrack protocol: giFT, Grokster, iMesh (and its variants stripped of adware including iMesh Light), Kazaa by Sharman Networks (and its variants stripped of adware including: Kazaa Lite, K++, Diet Kaza and CleanKazaa), KCeasy, Mammoth, MLDonkey, mlMac, Poisoned Freenet network: Entropy (on its own network), Freenet, Frost Gnutella network: Acquisitionx (Mac OS X), BearShare, BetBug, Cabos, CocoGnut (RISC OS) [3], Gnucleus Grokster, iMesh, gtk-gnutella (Unix), LimeWire (Java), MLDonkey, mlMac, Morpheus, Phex Poisoned, Swapper, Shareaza, XoloX Gnutella2 network: Adagio, Caribou, Gnucleus, iMesh, MLDonkey, mlMac, Morpheus, Shareaza, TrustyFiles Joltid PeerEnabler : Altnet, Bullguard, Joltid, Kazaa, Kazaa Lite Napster network: Napigator, OpenNap, WinMX Applejuice network: Applejuice Client, Avalanche, CAKE network: BirthdayCAKE the reference implementation of CAKE, Direct Connect network: BCDC++, CZDC++, DC++, NeoModus Direct Connect, JavaDC, DCGUI-QT, HyperCast [4], Kad Network (using Kademila protocol): eMule, MindGem, MLDonkey, LUSerNet (using LUSerNet protocol): LUSerNet, MANOLITO/MP2P network: Blubster, Piolet, RockItNet, TVP2P type networks: CoolStreaming, Cybersky-TV, WPNP network: WinMX Other networks: Akamai, Alpine, ANts P2P, Ares Galaxy, Audiogalaxy network, Carracho, Chord, The Circle, Coral[5], Dexter, Diet-Agents, EarthStation 5 network, Evernet, FileTopia, GNUnet, Grapevine, Groove, Hotwire, iFolder[6], konspire2b, Madster/Aimster, MUTE, Napshare, OpenFT (Poisoned), P-Grid[7], IRC @find and XDCC, used by IRC clients including: mIRC and Trillian, JXTA, Peersites [8], MojoNation , Mnet, Overnet network, Peercasting type networks: PeerCast, IceShare - P2P implementation of IceCast, Freecast, Scour, Scribe, Skype , Solipsis a massively multi-participant virtual world, SongSpy network, Soulseek, SPIN, SpinXpress, SquidCam [9], Swarmcast, WASTE, Warez P2P, Winny, AsagumoWeb, OpenExt, Tesla, soribada, fileswapping, XSC
    20. 20. P2P Multi-Protocol Applications http://en.wikipedia.org/wiki/Peer-to-peer#Networks.2C_protocols_and_applications eMule (Edonkey Network, Kad Network) (Microsoft Windows, Linux) aMule (eDonkey network) (Linux, Mac OS X, FreeBSD, NetBSD, OpenBSD, Windows and Solaris Op Environmt) Epicea (Epicea, BitTorrent, Edonkey Network, Overnet, FastTrack, Gnutella) (Microsoft Windows) GiFT (own OpenFT protocol, and with plugins - FastTrack, eDonkey and Gnutella) and xfactor (uses GiFT) (Mac OS X) Gnucleus (Gnutella, Gnutella2) (Microsoft Windows) Hydranode (eDonkey2000) (Microsoft Windows, Linux, Mac OS X) iMesh (Fasttrack, Edonkey Network, Gnutella, Gnutella2) (Microsoft Windows) Kazaa (FastTrack, Joltid PeerEnabler) (Microsoft Windows) Kazaa Lite (FastTrack, Joltid PeerEnabler) (Microsoft Windows) KCeasy (Gnutella, Ares, giFT) MindGem (Edonkey Network, Kademlia) MLDonkey (BitTorrent, eDonkey, FastTrack, Gnutella, Gnutella2, Kademlia) (MS Windows, Linux, Mac OS X, Palm OS, Java) mlMac (BitTorrent, eDonkey, FastTrack, Gnutella, Gnutella2) Morpheus (Gnutella, Gnutella2) (Microsoft Windows) Poisoned (FastTrack, Gnutella) Shareaza (BitTorrent, eDonkey, Gnutella, Gnutella2) (Microsoft Windows) WinMX (Napster, WPNP) (Microsoft Windows) XNap (OpenNAP, GiFT, Limewire, Overnet, ICQ, IRC) (Java) Zultrax (Gnutella, ZEPP)
    21. 21. Technical Concerns about P2P <ul><li>Address Volatility : old addresses may not work (hence trust based on repetitive dealings is difficult) </li></ul><ul><li>Absence of Central Control , hence risk of anarchy </li></ul><ul><li>Security Challenges: </li></ul><ul><ul><li>Malware, embedded or infiltrated </li></ul></ul><ul><ul><li>Surreptitious Enlistment (at least potential) </li></ul></ul><ul><ul><li>Vulnerability to Masquerade </li></ul></ul><ul><ul><li>Vulnerability to Pollution Attacks (decoys) </li></ul></ul>
    22. 22. Business and Government Concerns about P2P <ul><li>Address Volatility, plus Inadequate Identifiers , hence: </li></ul><ul><ul><li>respondents are difficult to identify and locate </li></ul></ul><ul><ul><li>reduction in user accountability </li></ul></ul><ul><li>Absence of Central Control , hence: </li></ul><ul><ul><li>reduction in technology-provider accountability </li></ul></ul><ul><ul><li>no single point for a denial of service attack </li></ul></ul><ul><li>Challenge to Authority over Users: </li></ul><ul><ul><li>to Copyright-Owners </li></ul></ul><ul><ul><li>to Censors </li></ul></ul>
    23. 23. The P2P Battleground – 1998-2005 <ul><li>MP3 </li></ul><ul><li>Napster </li></ul><ul><li>Gnutella, KaZaA, et al. </li></ul><ul><li>CD-quality digital sound </li></ul><ul><li>in files sized 1 MB/minute </li></ul><ul><li>a central catalogue of a distributed database , to facilitate sharing of MP3 files </li></ul><ul><li>a distributed catalogue of a distributed database , to facilitate sharing of (MP3?) files </li></ul>
    24. 24. Use of the Law to Destroy Napster 1999-2002 <ul><li>Napster was P2P-with-a-chokepoint, because it relied on a central directory of file-names and host-identities </li></ul><ul><li>Court action resulted in closure of the directory, and hence the collapse of the system as a whole </li></ul><ul><li>Many P2P applications have some central facility that can be attacked in such a manner, including AOL Instant Messenger and ICQ </li></ul>
    25. 25. Categories of P2P <ul><li>Pure </li></ul><ul><li>Functions and objects are distributed across many nodes, so no one node is critical to the network's operation; so control is very difficult – USENET, Fidonet, Freenet, Gnutella(1) </li></ul><ul><li>Compromised / ‘Two-Tier’ </li></ul><ul><li>Functions and objects are distributed; the index is substantially but not fully distributed – FastTrack, Gnutella(2) </li></ul><ul><li>Hybrid </li></ul><ul><li>Functions and objects are distributed; the index is heirarchical (the DNS) or centralised (Napster, BitTorrent) </li></ul>
    26. 26. Use of the Law to Constrain P2P Generally 2002- <ul><li>A critical central service is a chokepoint. If it’s within jurisdictional reach (and the US is highly aggressive in extending its laws beyond its territories), then it can be attacked through the courts </li></ul><ul><li>Gnutella, KaZaA and some other P2P services decentralise their directories as well as their storage </li></ul><ul><li>Court action intended to preclude such P2P services will need gain injunctions against production, dissemination and use of the tools and/or protocols </li></ul>
    27. 27. Challenges for Copyright-Owners <ul><li>Unauthorised Reticulation </li></ul><ul><li>Unauthorised Adaptation </li></ul><ul><li>Identification of copyright objects </li></ul><ul><li>Tracking the movement of objects </li></ul><ul><li>Identifying Devices that store those objects and that traffic in them </li></ul><ul><li>Identifying the Person responsible for a breach, with the device used to perform the act that constitutes the breach </li></ul><ul><li>Location of the responsible Person </li></ul><ul><li>Bringing Suit (e.g. jurisdiction) </li></ul><ul><li>Collection and Presentation of Evidence sufficient to win even civil, let alone criminal cases </li></ul><ul><li>Proposing Interventions that could be awarded by court injunction </li></ul>
    28. 28. P2P Architecture’s Resilience and Robustness <ul><li>The removal of a device as a result of the execution of a warrant or injunction is indistinguishable from other forms of denial of service attack </li></ul><ul><li>But in John Gilmore’s words: </li></ul><ul><li>“ The Internet treats censorship as damage, and routes around it” </li></ul>
    29. 29. Copyright-Owner Fightback Phases <ul><li>Legal – Lawsuits and Publicity </li></ul><ul><li>Political – Copyright Expansionism </li></ul><ul><li>Technological – Digital Rights Management </li></ul><ul><li>Reduction of the Power at the Edges </li></ul><ul><li>New Business Models </li></ul>
    30. 30. What’s Different about Copyright Objects Now, and in the Future <ul><li>Digital not physical / Bits not atoms </li></ul><ul><li>Copying is intrinsic to transmission </li></ul><ul><li>Copying is performed by the consumer </li></ul><ul><ul><li>=> Consumers now need a copyright licence </li></ul></ul><ul><li>Copies for personal use are indistinguishable from copies for re-sale, and copies for adaptation </li></ul><ul><li>Copiability and Adaptability are intrinsic </li></ul><ul><ul><li>=> Appropriation is a virtue, but still a vice </li></ul></ul>
    31. 31. Copyright Expansionism <ul><li>Accidental extension through buffers, cache </li></ul><ul><li>Lawyers’ ‘nastygrams’ and misuse of process </li></ul><ul><li>Lobbying for, and Enactment of, Laws: </li></ul><ul><ul><li>extending copyright laws </li></ul></ul><ul><ul><li>criminalising hitherto civil law breaches </li></ul></ul><ul><ul><li>enlisting law enforcement agency support </li></ul></ul><ul><ul><li>transferring enforcement costs to the State </li></ul></ul><ul><li>DMCA-based Gaoling, no bail, delayed charges, charges withdrawn once chilling effect achieved </li></ul><ul><li>Embedment in Marketspace Mechanisms </li></ul><ul><li>of Existing, Expanded and Imagined Rights </li></ul>
    32. 32. Digital Rights Management Technologies Passive Technologies <ul><li>Object-Protection under the owner's control </li></ul><ul><li>Object-Protection while it is in transit </li></ul><ul><li>Means of Tracing Rogue Copies: </li></ul><ul><ul><li>'Watermarking' technology (to uniquely identify the publication) </li></ul></ul><ul><ul><li>'Fingerprinting' technology (to uniquely identify the particular copy) </li></ul></ul><ul><li>Object-Protection under a licensee’s control </li></ul>
    33. 33. Digital Rights Management Technologies Active Technologies – 1 of 2 <ul><li>Notification to the licensee of their rights at the time that the object is accessed </li></ul><ul><li>Identification of licensees </li></ul><ul><li>Authentication of identities </li></ul><ul><li>Destruction / Disablement of the data object in the event of licence expiry or breach (cf. the sterility gene in proprietary GM crops) </li></ul>
    34. 34. Digital Rights Management Technologies Active Technologies – 2 of 2 <ul><li>Enforcement Mechanisms, client-side </li></ul><ul><ul><li>Prevention, e.g. preclude actions that breach permissions for printing display </li></ul></ul><ul><ul><li>Recording of actions that exercise permissions under the licence </li></ul></ul><ul><ul><li>Recording of (attempts to) breach the licence, e.g. making copies beyond the limit </li></ul></ul><ul><ul><li>Reporting of (attempts to) breach the licence </li></ul></ul>
    35. 35. Ways to Reduce the Power at the Edge <ul><li>Make workstations ‘diskless’ or ‘thin’ </li></ul><ul><li>Prevent software from being stored, and require users to download a copy each time it is used (the Application Service Provider – ASP – model) </li></ul><ul><li>Connect remote devices via asymmetric links, high-bandwidth downwards, low upwards (SDSL’s 1:1 ratio cf. ADSL and cable’s 2:1, 4:1 and even 8:1) </li></ul><ul><li>Insert in every consumer-device: </li></ul><ul><ul><li>identifiers </li></ul></ul><ul><ul><li>location and tracking technology </li></ul></ul><ul><li>Upgrade / Replace the Internet Protocol Suite </li></ul>
    36. 36. A More Constructive Closed Approach <ul><li>Identify customers’ price resistance-point (by finding out ‘what the market will bear’) </li></ul><ul><li>Set prices accordingly (and thereby sustain payment morality) </li></ul><ul><li>Discourage and prosecute breaches where the purpose is commercial </li></ul><ul><li>Take no action over breaches by consumers (time-shifting, format-change, sharing?) </li></ul><ul><li>A Case Study: </li></ul><ul><ul><li>Apple iTunes charges USD 0.99 per track!?? </li></ul></ul>
    37. 39. Domain Name System (DNS) <ul><li>Devised in 1983 to: </li></ul><ul><ul><li>separate (domain-)name from (IP-)address </li></ul></ul><ul><ul><li>make it easier for humans, e.g. xamax.com.au cf. </li></ul></ul><ul><li>A dispersed set of interconnected devices that maintains an index of names-and-addresses </li></ul>
    38. 40. Moving Outside the DNS <ul><li>The DNS was devised when each Host had a stable IP-address, and was seldom unavailable </li></ul><ul><li>If nodes are unstable or IP-addresses change rapidly then apps need something other than the DNS </li></ul><ul><li>Workstations aren’t always available and Mobile Workstations change IP-address </li></ul><ul><li>So many P2P applications don’t use the DNS </li></ul>