I recently finished the free online Stanford cryptography course offered through Coursera and taught by Dan Boneh. It’s a challenging class, with at least four hours of lectures a week, and it actually took me two attempts to get all the way through it. I’m really glad I did though: cryptography is a tremendously empowering subject, and learning the theoretical foundation can be not just educational but inspirational. In one early lecture, Boneh lays out a basic tenet that really spoke to me:
There’s a very central theorem in crypto, and it really is quite a surprising fact, that says that any computation you’d like to do, any function F you’d like to compute, that you can compute with a trusted authority, you can also do without a trusted authority. …
Instead, what the parties are gonna do, is they’re gonna talk to one another using some protocol, such that at the end of the protocol all of the sudden the value of the function becomes known to everybody.
Boneh is talking, in this example, about elections and private auctions, but the broader message is striking. Any function that’s possible with an authority is possible without one. Any group can devise a method for communicating internally and producing results without a requirement to put trust in a party on the outside.
This central theorem gave me new perspective on the connection between anarchy and cypherpunks. I knew that the government classified crypto technology as a munition during the “crypto wars” of the ’80s and ’90s, but I’d always assumed that the government feared its use to assist in acts of violence. I realize now how much more subversive it can be.
I had looked in the wrong place of Weber’s model of governmental authority as a monopoly on the legitimate use of physical force; while the government could claim to be concerned about crypto’s use in creating violence, it may have really been worried about its undermining the government’s monopoly on legitimacy. Any function that’s possible with an authority is possible without one.
The rest of the class was interesting as well, and the math involved feels clever but simple, complex but not complicated. I recommend it to anybody who’s given some thought to cryptography but wants to know more.
Of course, for some purposes a full class on cryptography is total overkill. It’s useful to gain a more complete understanding of the theoretical background, but for most it suffices simply to be literate. For everybody, but especially for people in high-risk situations — people who face threats from sophisticated, even state-level attackers — it’s important to know how to use the sophisticated tools that are available.
That, so far as I understand it, is the genesis of #CryptoParty. It’s a set of global get-togethers where more experienced users can teach beginners how to use the commonly available tools that tap into the incredibly powerful technology of cryptography. I hope that a beginner walks away from a #CryptoParty with an understanding of not just PGP, OTR, and the like, but with an idea of why threat models are important, what attack vectors she ought to consider, and — most importantly — a network of people and resources she can contact for even more knowledge.
As far as I know, #CryptoParty is still less than 48 hours old, but it’s popping up with events all over the world. I’m planning to get together the SF chapter, if you can help with that, please drop me a line!
I’ve submitted two proposals for panels at next year’s South by Southwest festival in Austin. I really hope one of them gets picked. The PanelPicker is currently open for voting (I’d appreciate your votes!) and then I’ll know later this year if I’m in.
Ebooks: A Coming War for the Soul of the Library will be with my friends Audrey Evans and Nancy Sims (@CopyrightLibn) and cover the issues libraries face as publishers push for an ebook licensing model to replace the current 108 and first sale regime. I made a video to explain the panel:
The second panel proposal is called Drones Gone Wild, and will be with my colleague Trevor, as well as Ryan Calo and Nabiha Syed, who’s currently a First Amendment Fellow for the New York Times and who has been instrumental in the EFF/MuckRock drone request campaign. (Trevor and I previously spoke together about drones at HOPE and we co-operate @drones.) We’ll be talking about the rise of domestic drones and the privacy problems they introduce.
It inspired me to look up Clipper Card’s policy. As I suspected, it doesn’t report any similar numbers, but it says in its FAQ that:
personal information will not be disclosed to third parties, except as required by law, ordered by a court of competent jurisdiction, or where the express written consent of the Clipper cardholder has been obtained.
In the full privacy policy, Clipper notes that it retains personally identifiable information for up to seven years. It also doesn’t include ride patterns as personally identifiable.
Even though there’s no obvious policy, MTA info has been publicly used in police proceedings. In 2008 it made the front page of the New York Times when MetroCard data got a suspect off of murder charges. An MTA employee in the article is quoted as saying that there would be a three-month wait time to retrieve the evidence, because “We’re very busy. We’ve got all these requests.”
(Interestingly, it didn’t make the front page when the charge was actually dropped, but the same reporter covered it for the New York section of the paper and the City Room blog. The two articles were released on the evening of New Year’s Eve 2008, and are nearly identical. One of the only differences is a sentence omitted from the blog post version, saying “The transit agency says it receives periodic requests to trace information.”)
This information seems to be a nice target for public records requests. Let me know if you’re interested in initiating some of those.
The idea behind copyright is simple — it is supposed to be a balance in the service of the public interest. There’s a trade-off: for accepting a restriction on certain speech, the public benefits from the production of more new creative works each year. That delicate equation is complicated by many factors, and the right policy should find the balance of copyright scope and duration, limitations and exceptions like fair use, and the appropriate remedies in case of infringement.
But in fact, copyright policies almost universally lack the serious cost-benefit analysis that must precede any evidence-based proposal. And indeed, while the unintended costs are clear to anybody who has observed abuse of, say, the DMCA takedown system, the evidence that these policies create incentives — or even prevent harm — is less forthcoming.
Last week Julian Sanchez of the Cato Institute posted a thought-provoking piece that questions the similar calculation at the core of national security rhetoric. In the area of security, he asks, are we actually getting a “trade-off” for all the costs we incur to the country’s budget and our personal liberty? Sanchez convincingly argues that we haven’t been working towards a balance between those two ideas at all. Liberty is consistently discarded in the name of “security,” and the resulting policies don’t actually make us safer. A dialogue that focuses only on striking a balance between these two ideas fails to address more fundamental questions about our policy.
So, too, with copyright. The right copyright policy should serve the constitutional purpose of promoting “the progress of science and the useful arts” while respecting the ideals of the First Amendment. The need for such a balance is well recognized from all corners of the copyright discussion. In a post about the misguided Supreme Court opinion in Golan v. Holder this January, for example, EFF referred to the “traditional copyright balance between public and private interests“; and while EFF doesn’t always see eye-to-eye on copyright issues with content lobby groups like the Recording Industry Association of America (RIAA), its chief executive Cary Sherman has also described “the careful balance struck within” copyright law.
It makes sense, then, that one typical response to bad copyright policy developments — and there are many — is to say that those developments skew this balance the wrong way, favoring the incentives and rewards for rightsholders more than is necessary to maximize creative production. But that approach overlooks the fact that many of the worst copyright proposals, like those that come out of content lobbying groups like the RIAA and the Motion Picture Association of America (MPAA) do worse than a skewed balance. Rather, they fail to strike any kind of balance at all, curtailing speech and fundamental online rights without a corresponding increase in the incentive to create new works.
If it were simply a matter of striking the wrong balance, SOPA’s cost in terms of threatening human rights, curtailing freedom of speech, and damaging the economy would have to be offset by gains to the content lobby backing the bill. It wouldn’t be the right trade-off, but it would make sense in the context of a balance. In reality, though, the benefits for the content lobby simply weren’t there. In January, Sanchez himself calculated that the size of the foreign “pirate” movie market targeted at Americans — the kind of activity SOPA was written to address — was orders of magnitude below the MPAA claims. And for their part, the RIAA recently revealed in a leaked report from April that despite its public rhetoric, it felt SOPA was “not likely to have been [an] effective tool for music” even if it had passed.
Similarly, when the 1998 Copyright Term Extension Act — sometimes called the “Mickey Mouse Protection Act” because it kept the world’s most famous rodent out of the public domain — was challenged in the Supreme Court, some of the world’s leading economists lined up in a brief [pdf] to question the premise that the public benefited from retroactive term extension at all. Once again, the costs to the public are clear: we all suffer from a poorer public domain with no clear gains in return. Worse, these examples are the rule and not the exception. Many elements of policy today — from DMCA’s problematic section 1201 to the unconstitutional ICE seizures of websites — and dozens more failed proposals — like the “Hollywood Hacking bill” or the broadcast flag — fit this pattern.
Compared to the trade-off of security and liberty, the question at the heart of copyright policy is an easy one: How do we optimize the incentive to create new works while minimizing the cost to our freedom of speech and ability to innovate? Unfortunately, sane policy developments that work toward this end are all too rare.
