Month: July 2006

(via Freedom to Tinker)
The Wall Street Journal online provides some excellent details on how music services for students funded by colleges are failing. More importantly, there’s a lot of information on why these services are failing with the college crowd.

As a student at Cornell University, Angelo Petrigh had access to free online music via a legal music-downloading service his school provided. Yet the 21-year-old still turned to illegal file-sharing programs.

The reason: While Cornell’s online music program, through Napster, gave him and other students free, legal downloads, the email introducing the service explained that students could keep their songs only until they graduated. “After I read that, I decided I didn’t want to even try it,” says Mr. Petrigh, who will be a senior in the fall at the Ithaca, N.Y., school

I doubt most techies are surprised by this insite. We want movable bits. Free downloads to the hard drive are nice, but if we can’t move those bits to our portable MP3 players, burn them onto CDs to listen to in the car, or move them onto other computers we use, then we’re not so interested in those particular bits. Instead, we’ll find other places to get the bits in a format that lets us do what we want.

To stop students from pirating music, more than 120 colleges and universities have tried providing free or subsidized access to the legal subscription services over campus networks in the past few years. About 7% of all four-year schools and 31% of private research universities provided one of the legal downloading services, according to a 2005 survey of 500 schools by the Campus Computing Project, a nonprofit that studies how colleges use information technology

. . .

Purdue University officials say that lower-than-expected demand among its students stems in part from all the frustrating restrictions that accompany legal downloading. Students at the West Lafayette, Ind., school can play songs free on their laptops but have to pay to burn songs onto CDs or load them onto a digital music device.

There’s also the problem of compatibility: The services won’t run on Apple Computer Inc. computers, which are owned by 19% of college students, according to a 2006 survey of 1,200 students by the research group Student Monitor. In addition, the files won’t play on Apple iPods, which are owned by 42% of college students, according to the survey.

Hmmmmmm. Non-portable bits, disregard for 1/5 of the student body, and extra charges to get the format students want? Well color me surprised! I can barely fathom why the services aren’t doing well.

There is also little consensus among administrators about how successful the services have been in eliminating piracy. Although some say complaints from the recording industry have dropped sharply, no one can tell if that’s because fewer students are engaging in illegal file-sharing or if the industry simply doesn’t want to go after schools that are spending money to combat the problem. “The RIAA’s push to buy into these services strikes me as protection money. Buy in and we’ll protect you from our lawsuits,” says Kenneth C. Green, the Campus Computing Project’s director.

I buy this thought. I think most of the recording industry’s attacks on its own customers has been nothing more than a strong-arm tactic to get people to buy protection from the recording industry. Seems the mob might get a bit upset at the recording industry moving into their turf.

Here’s the kicker. What are students using for their music if not the freely available services? Oddly enough, it’s not the illegal services – Itunes seems to be the big daddy service, just like everywhere else. Imagine that – people will pay, if you make an effort not to screw them for staying legal.

Some schools that don’t offer free downloads dismiss the subscription services as too costly for the results they achieve, especially because so many students now buy music from Apple’s iTunes Music Store. “We were not in a position to offer an alternative to iTunes,” says Lev Gonick, the chief information officer at Case Western Reserve University in Cleveland. “The alternatives looked like they had more sizzle than steak.”

More sizzle than steak. I like that comment. And it seems about right.

[tags]MP3, Music downloads, Recording Industry[/tags]

(via Schneier’s security blog)

In an effort to fool more people, phishers have taken to using man-in-the-middle attacks.  In the past, if you thought a site was a scam or an email was a phishing attempt, you could enter bogus login information, see a success message, and know that the setup was a fake.  Now Washington Post has an article about phishers putting up a fake site and passing login credentials on to the real host site (in this case a bank, but also sometimes ebay, paypal, Amazon, and more) and using the response to determine what you see in response.  So if you enter bogus information, you will get a “Bad login” response from the fake host.  If you enter real information, you’ll end up forwarded to the real login success screen on the real host and the phisher will have a confirmed account.

The site asks for your user name and password, as well as the token-generated key. If you visit the site and enter bogus information to test whether the site is legit — a tactic used by some security-savvy people — you might be fooled. That’s because this site acts as the “man in the middle” — it submits data provided by the user to the actual Citibusiness login site. If that data generates an error, so does the phishing site, thus making it look more real.

By the way – Mr. Schneier predicted this last year (and really, it was a pretty obvious next step for phishers to take – I predicted it, too, but I’m not smart enough for anyone to listen to me).

[tags]Phishing, Online security, Computer fraud[/tags]

Ed Felton is one of the good guys.  And he’s a bright cookie, too (perhaps I’m mixing metaphors).  So when he speaks about net neutrality, I read it with the expectation that what he says is better than what I would come up with on my own.  With that in mind, I looked at his latest net neutrality article and saw his the commentary by others on this topic.
First, Felton highlights the end paragraph from his net neutrality paper (the first link above).:

There is a good policy argument in favor of doing nothing and letting the situation develop further. The present situation, with the network neutrality issue on the table in Washington but no rules yet adopted, is in many ways ideal. ISPs, knowing that discriminating now would make regulation seem more necessary, are on their best behavior; and with no rules yet adopted we don’t have to face the difficult issues of line-drawing and enforcement. Enacting strong regulation now would risk side-effects, and passing toothless regulation now would remove the threat of regulation. If it is possible to maintain the threat of regulation while leaving the issue unresolved, time will teach us more about what regulation, if any, is needed.

With this starting basis, he then writes on a response by Bill Hermann, from the Public Knowledge blog.  Essentially, Hermann writes that Felton’s wait and see recommendation is not smart.  If we wait too long, he argues, the topic will no longer be highly visible, and getting policy-makers to see things our way will be harder and more likely to fail.  This sounds well-reasoned to me.  I can certainly see the point, and after reading Hermann’s article, I’m starting to think maybe he is thinking better about this than Felton.  Then, however, Felton puts up part of the rebuttal to this from Tim Lee over at The Technology Liberation Front.

Lee’s response is extremely well-written, I believe.  And after reading it, I start to feel swayed back to Felton’s way.  Of course, since I’m not as good about thinking these things through carefully, I find myself writing about others far more often than writing my own commentary.  Lee points out how many times laws and regulations have been put in place to stop big business from taking industries over only to have those laws bent, twisted, and modified over years and years.  In the end, these bastardized laws then become the things which support big business controlling what was once off-limits and erecting barriers to entry to stifle competition.

So let’s say Herman is right and the good guys have limited resources with which to wage this fight. What happens once network neutrality is the law of the land, Public Knowledge has moved onto its next legislative issue, and the only guys in the room at FCC hearings on network neutrality implementation are telco lawyers and lobbyists? The FCC will interpret the statute in a way that’s friendly to the telecom industry, for precisely the reasons Herman identifies. Over time, “network neutrality” will be redefined and reinterpreted to mean something the telcos can live with.

But it’s worse than that, because the telcos aren’t likely to stop at rendering the law toothless. They’re likely to continue lobbying for additional changes to the rules—by the FCC or Congress—that helps them exclude new competitors and cement their monopoly power? Don’t believe me? Look at the history of cable franchising. Look at the way the CAB helped cartelize the airline industry, and the ICC cartelized surface transportation. Look at FCC regulation of telephone service and the broadcast spectrum. All of those regulatory regimes were initially designed to control oligopolistic industries too, and each of them ended up becoming part of the problem.

. . .

Finally, it’s important to note that the iron triangle goes both ways: once you pass network neutrality regulations, repealing them will be very difficult. This follows from the same iron triangle analysis he used above—if the telcos figure out how to use the rules to their advantage, they’ll lobby just as hard against repealing them. (just look at the legal fight to liberalize cable franchises) Which means that no matter how competitive the broadband market gets (and there could easily be dozens of wireless broadband providers a decade from now) the regulations will likely stay on the books.

All in all, a very compelling argument for waiting to see what happens.  As noted above, if laws are pushed through to protect ‘net neutrality, we are probably just as likely to find ourselves wanting, but unable, to repeal or change them in the future as we are to be satisfied with them and be happy we have them.  So protect your ‘net rights – don’t do anything about them until you have to.

[tags]Net Neutrality, Internet regulation[/tags]