[DMCA-Activists] Jay Sulzberger: FTC P2P Workshop Requests to Participate

[Seth Johnson]

Jay's request to participate in the FTC's Workshop on "P2P
Filesharing," details of which may be found at:

> http://www.ftc.gov/bcp/workshops/filesharing/index.htm
> http://www.ftc.gov/os/2004/10/041015p2pfrn.pdf


Seth

---------- Forwarded message ----------
Date: Mon, 15 Nov 2004 23:48:18 -0500 (EST)
From: Jay Sulzberger <address@hidden>
To: address@hidden
Cc: Jay Sulzberger <address@hidden>
Subject: P2P File-Sharing Workshop - Request to Participate,
P034517.

My name is Jay Sulzberger.  I ask that I be on one of the panels
dealing with mitigation of risks, risks said by some to be
particular to "P2P networks".

I indicate below some of the positions I will argue for if I get
on a panel.

>From http://www.ftc.gov/os/2004/10/041015p2pfrn.pdf:

  The FTC's workshop, "Peer-to-Peer File-Sharing Technology:
Consumer Protection and Competition Issues," will continue the
Commission's long-standing efforts to assess the impact on
consumers and businesses of new and significant technologies,
such as peer-to-peer (P2P) file-sharing technology. P2P
file-sharing technology provides individuals with the ability to
share files, including music, video, or software files, with
other users.  The files do not reside in a central location, but
rather are stored on the hard drives of the users of the
software. [see note 1] Users download particular file-sharing
software that gives the user access to selected files on the
computer hard drives of other users on the same P2P file-sharing
network.  Users may also place files that they have labeled into
a shared folder on their hard drive, thereby making these files
available for sharing with users of the same network.  By
eliminating the need for a central storage point for files, P2P
file-sharing technology allows for faster file transfers and
conservation of bandwidth.


There are two meanings to the words "peer-to-peer (P2P)
file-sharing network".  The first, original, and primary meaning
is the Net we have today, as envisioned by Licklider at ARPA in
the early Sixties of the Twentieth Century.  A new, secondary,
and misleading meaning is the small number of widely used systems
for swift indexing, presentation of the catalog, and distribution
of, mainly, popular songs.  Some of the songs are under standard
mass market restrictive copyright rules, others lie in the public
domain, and some are licensed under less restrictive copyright
rules.  The details of the flow of bits, packets, data, and
meta-data are less important than the breathless and seemingly
endless articles on the "P2P phenomenon" assume/imply/declaim;
there are many private and public and part-private part-public
networks, with various patterns of bit-flows, built on the Net,
e.g., Akamai, CPAN, DNS, DoubleClick, mailing lists, various
VPNs, the recent un-designed net and sub-nets of blogs, and
more.  We who have used the net for decades know that the net is
a peer to peer network.  My computer can transmit and receive
information, that is, files, to and from your computer, without
dealing with any third party, at the levels of law or money or
custom. This is the original meaning of "peer to peer".  That
some people, for love or money, have built and published
software, riding atop the Great Peer to Peer Net, which makes the
collection and distribution of the Bootylicious works of
Destiny's Child, and other music, particularly easy, is not
surprising, and it is not new.  Usenet meets the most stringent
criteria which define the small set of applications now called
peer to peer, and Usenet was, if memory serves, up and running by
1980.

I shall not address your questions individually, but rather I
will attempt a general answer to the question

"How come so many home machines are so badly infested by parasite
programs?"

This question is the right question to ask, because in this form
it allows of better answers, which suggest better remedies. 
Asking whether P2P applications [new terminology] are a better
substrate for worms, viruses, key-loggers, etc. than http daemons
and browsers as commonly used five years ago, frames the question
too narrowly, and imposes a statistically incorrect and legally
labile distinction.  The right partition lies at the level of the
OS, and at the level of law and custom and culture.  Today if you
run a source secret OS, such as any of the recent Microsoft OSes,
you have almost no practical control over what is running on your
hardware, and legally and economically, no recourse, so long as
you run the incompetent OS.  By an odd interpretation of
copyright law, you are not legally permitted to seek effective
repairs of your OS.  Thus there is no market in effective repairs
of Microsoft's defective product.  Certainly many companies sell
partial and inadequate remedies in the forms of "anti-virus",
"firewall", "ad-blocker", etc. software.  These companies enjoy
the advantage that their products never succeed at their tasks;
you will always need to update the after-the-mass-infestations
lists of virus fingerprints, and every add-on firewall is soon
defeated by the traditional cooperation of worm writers and
Microsoft's reliable team of devil may care designers and
coders.  Yet for computer sophisticates there is an effective
remedy.  On low cost IBM personal computer style hardware, you
may today run a free operating system, such as GNU/Linux, or one
of the free BSDs.  In practice, among those who run such free
operating systems, the rate of infestation is significantly
lower, certainly a factor of one hundred times lower, than among
those who run Microsoft OSes.  In addition we spend much less
time fiddling trying to harden our systems.  Many distributions,
such as Knoppix, a variant of Debian GNU/Linux, are decently
defended out of the box.  There are two reasons our systems are
better than Microsoft's source secret systems:

1. The design of Microsoft's OSes is less good than the design of
today's free Unices.  Our execution is better too.

2. We know we can own our own computers.  We know we can get
practical control of our systems.  We know that if a problem
arises we can, with complete probity, and without legal trammels,

 a. attempt a fix on our own lonesome
 b. ask friends in private to help
 c. ask for help in public at meetings and on mailing lists and
web sites of individuals and tribes of the Free Software Nation
 d. buy a solution already developed
 e. pay for development of a solution

The design incompetence of 1 could be corrected by Microsoft, but
has not been for years.  But no vendor of a source secret OS can
offer the home user full use of the powers enumerated in 2. 
These freely exercisable powers, of course, are just the
beginning of the benefits that a larger and more free market in
OSes provides.  We know the productive power of free software: we
have more than one OS stack, and we are steadily improving what
we have produced over the past twenty years, and we are now
starting to build completely new systems, which will offer yet
further increments of ease and power and delight.

The root cause of the plagues of parasites suffered by millions
of home users today is that most buyers of home computers do not
know that they have a choice of operating systems.  The
distinction between "P2P" and "server client" is evanescent and
unclear (what level of transport of data and meta-data are we
talking about, on what time scale), while the distinction between
an OS stack which is transparent to many thousands of eyes, and
an OS stack which is legally a black box, is the relevant
distinction here.  If the OS is transparent, as the GNU/Linux,
and the FreeBSD, NetBSD, and OpenBSD systems are, then there is
some hope of effective remedies using regulatory, statute, and
common law, and a more free market, and tribal cooperation.  If
the OS is source secret, it is, by design, not transparent, and
there is no affordable legal means of forcing the vendor to give
practical powers of control to the home user, and certainly,
there can be no legal market in repaired, or improved, versions
of the OS, nor can voluntary non-profit associations openly
cooperate to improve the position of the home user.

The grave danger of an attempt at special regulation of "P2P
networks" is that such regulation result in a system of
government management of every part of the net, from the lowest
level protocols to the highest levels of user-machine
interfaces.  Because of the lack of a stable principled
distinction between "P2P" and the Net itself, it is likely, if
"P2P regulations be" imposed, that the threat of litigation
and/or police intrusion would attend the publication of even the
smallest shell script that calls any net service, such as http
transport, ftp, rsync, ssh, net sockets, etc..  If I get on a
panel at the FTC's December 2004 meeting on P2P. I will argue
against any regulation targeted at P2P, but I will argue for
enforcement of the ordinary rules about fraud, conversion of
resources, wiretapping without warrant.  I will further argue
that the FTC should take action to cause Microsoft and hardware
vendors to honor the Refund Clause of the Microsoft EULA.  Bill
Gates and I agree that such action would quickly result in many
people running more competent free OSes.  Such action toward
enforcement of the EULA lies squarely within the ambit of the
FTC, and would not infringe in any way on my freedom to publish
shell scripts, cooperate in improving free OSes, etc..

In short, if I am empanelled, I will make my arguments mainly
from the "Owners and Makers" position.  I will seek to show that
minimally burdensome enforcement of common rules of contract,
consumer protection, and anti-trust, will accomplish much to
reduce all the risks asked about in the FTC's call for response. 
I will also argue that any direct regulation of P2P as such would
establish a principle fatal to our present freedom of the net.  I
will even argue against any regulations arrived at by agreement
between lobbying groups for "P2P" and the government, on the
further particular ground that such regulation would erect
barriers to entry into the field of Internet Applications to the
unfair benefit of present companies, and the detriment of nascent
for profit and non-profit systems which make use of the net.

The FTC can do some things to help most home users understand
that they can gain legal and practical control over the computers
in their houses.  But the FTC in its actions must strike at the
right level, else the remedy will be worse than the disease.

There is an ogg file, and a transcript, of my testimony before
the most recent Library of Congress's Committee on Exemptions to
the Anti-Circumvention Clause of the DMCA at

http://www.nyfairuse.org/audio/cro.dmca/track4.ogg
http://www.nyfairuse.org/cro.dmca

Many of my positions may be triangulated from

http://www.panix.com/~jays/what.is.drm.3
http://www.panix.com/~jays/tunney.letter.revised.0

I am a working member of New Yorkers for Fair Use:

http://www.nyfairuse.org

I work as an independent statistical consultant, most recently
for the City of New York Human Resources Administration.  There
is a picture of me, now a few years old, getting an award from
the hand of Linus Torvalds at

http://crackmonkey.org/travel.html

My telephone numbers are

< SNIP Contact Information >

For other panel members I suggest

Steve Bellovin, security expert and early author of Usenet
software
Bram Cohen, head of the BitTorrent project
Brett Wynkoop, friend, email expert, master Unix sysadmin
Seth Johnson, friend, philosopher of information freedom and
political organizer
Michael Smith, friend, head of LXNY, New York's Free Software
Organization. [Disclosure: I am the Corresponding Secretary of
LXNY.]


Thank you for reading this!

I remain, as ever, your obedient servant, viewer with alarm, and
citizen of the United States of America,

Jay Sulzberger.