Blog Post 13-Encryption is Important to Everyone

Encryption is an extremely important issue to me, and I honestly think that it should be an important issue to everyone. If somebody looks at the recent battle between the FBI and Apple and says that “it doesn’t matter to me,” they don’t understand how important encryption is in their daily lives. Imagine a world internet traffic was completely unencrypted. It would essentially be impossible to perform any sort of business on the Internet that required security. Digital financial transactions would essentially become unfeasible, as anybody who was listening in would have the private information of both parties. Business transactions would become impossible as well, as anybody listening in could obtain company secrets. Even visiting simple websites would become troubling, as without Authentication/Digital Signatures we would have no idea if the website we are visiting is a spoof. The internet would become useless without the security protocols behind it that many don’t even realize exist.

So anybody whose says encryption isn’t important to them either doesn’t understand it or has absolutely no interaction with the digital world on a daily basis. I tend to believe that the former is true. Those that say “they have nothing to hide” really mean that they have nothing to hide from the government. While I would argue that this probably isn’t true, my main point is that the government is not the only entity you are hiding information from. Even the perfect, upstanding citizen with nothing to hide from the government wouldn’t want their information in the hands of criminals. Encryption keeps our information from the government (sometimes) and criminals. There is no one or the other.

I would have to admit that while I am very much pro encryption, I probably have not let my stance affect my political, financial, and social actions as much as it should. Before this battle between the FBI and Apple, I did not even realize that encryption was a hot topic. I just assumed everyone understood it’s essential for most people’s daily lives. This was probably a little naive of me, as government agencies are going to have a problem with there being any information out there that they don’t have access to. Now that I am starting to realize the issue, I think I will have my beliefs affect my actions more.

Politically I think this is very hard to do. It is really hard to get any information on candidates concrete stances on encryption in the upcoming election. Almost every candidate has either not touched the issue, or has gone back and forth on it. Simply this is not an issue that is important to the average American voter, so it make sense that candidates would not spend that much time on it. It’s tough to figure out what a given candidate will do once they are in office. It is much easier to change financial and social actions. Financially you can stop supporting companies that give in to the government demands for backdoors. Although I don’t purchase Apple products on a regular basis, I will certainly support them less if they give into the FBI (or more if they don’t). Socially, the best thing I think to do when this argument is brought up is to make sure that all parties are informed. Make sure they actually know what encryption is, how it is essential to everyday life, and how they really do have things to hide.

 

Blog Post 12-DRMs and the DMCA

The Digital Millennium Copyright Act is clearly against circumvention and reverse engineering. Section 1201 of the act, the “anti-circumvention” provision, bans the “production of dissemination of technology, devices, or services intended to circumvent measures (DRMs) that control access to copyrighted works.” It also bans “the act of circumventing an access control (DRM).” Basically, it’s illegal to make tools that remove DRMs (digital rights management schemes) or to use these tools. This ranges from ripping a CD to a digital file, removing the DRM from iTunes songs, or creating “black box” mobile devices to work with any carrier. So it’s not only technically illegal to rip a CD, it’s could be considered illegal for somebody else to then listen to the audio file. The DMCA puts heavy restrictions on circumvention, reverse engineering, and users of circumvented/reversed engineering products.

The question then becomes, is it really ethical for companies to use DRM schemes? In essence it seems like you do not actually own the products that use DRMs. Do you really own a phone if you can only use it with one carrier? John Deere has essentially shown this is what the companies think as well. According to comments submitted to the US Copyright Office farmers don’t actually own John Deere tractors, they simply receive “an implied license for the life of the vehicle to operate the vehicle.” GM has made similar arguments, saying owners of automobiles do not own the software behind it and can thus not remove DRMs. This seems to be setting very dangerous precedents, destroying the idea of actually owning something. When buying a tractor or car, the dealer is not going to tell you that you’re paying thousands of dollars to simply license the vehicle. This line of thinking can be abused so that you never actually own anything that has software running behind it, and surprising types of products have software running behind them today.

Back to the original question, whether or not companies are acting ethically by using DRMs. I would say, like many of the topics we have covered, it depends how the DRM is being used. If the only purpose of the DRM is to prevent the illegal distribution of copyrighted materials, I am completely fine with it. It is clear that this was the original intent of DRMs in theory, but not how they are actually used in practice. The issue is how vague and inconsistent the language and interpretations of the DMCA is. The original intent of the law was not to completely deny ownership to users, but that is essentially how the law is used today. So I would say, in theory, companies could act ethically using DRMs. In practice, they almost never are.

Now to the other side of the question, whether or not users are acting ethically by building DRM removal tools or using these tools. Again I think it depends on the builders or user’s intentions. If they are simply trying to better a product they already own (i.e. unlocking their phone, fixing bugs, etc.) then they are completely acting ethically. However, if they are doing this to illegally distribute copyrighted software, I cannot say they are acting ethically. I do not buy the argument that this is ethical because copyright owners are wealthy, or because “everybody is doing it.” I think it is unethical no matter what. However, simply fixing a product you own is certainly ethical.

Blog Post 11-Copyright and Open Source Software

In Article 1, Section 8, Clause 8 of the United States Constitution, a copyright is defined as “the exclusive Right to their (Authors and Inventors) respective Writings and Discoveries…for limited Times.” In terms of copyright we are concerned with rights to authors for writings (while patents are rights to inventors for discoveries). The idea of copyright v.s. patent in terms of software is a little confusing, do we consider programmers “Authors” who make “Writings” or “Inventors” who make “Discoveries.” In fact, it is a little bit of both. U.S. Copyright law considers computer programs as “literary works” and thus can be granted copyrights. However, this provides limited protection. Copyright protects an expression of an idea, but not the idea itself. Essentially you would be preventing literal copying of source code, but not necessarily rewriting the code slightly differently to achieve the same end. If you want to actually protect the “idea” behind a program, so somebody couldn’t get away with just rewriting your code, a patent would be a better option. The line between these two is especially murky in software, and the law is being applied differently every day. Ethically copyrights are given to protect original, creative works from being copied and distributed, leaving the original author without just compensation. Economic reasons are making sure that these content creators receive the monetary compensation they deserve. In terms of society as a whole, copyrights make sure that content creators continue to create. There would be no reason to create original work if it could just be copied.

I wouldn’t call open source software “inherently better” than proprietary software. Open source works for some projects, while it doesn’t work for others. There are pros and cons to each. Some projects may lead to licensing issues if open source, you may have nobody on your team with open source experience, or you do not want to push software to undesired users. There are also positives for some projects, like less cost, more flexibility, and not getting locked into a single vendor. However, the main issue is the fact that anybody can look at and potentially change your source code. This can be a positive or negative. The positive is that you have more eyes on your source code, so there’s a much better chance of potential bugs being noticed and fixed. The other side of the coin is that these eyes might decide to exploit a bug instead of fix it. Many people claim that issues like HeartBleed and ShellShock could have been exploited by those who noticed them in the source code. Instead of fixing these issues, they were used for the user’s own end. Thus open source may not better. It essentially comes down to whether or not we trust our programming community. Do we trust them to fix or exploit bugs? I believe that, while there are these exceptions, the community as a whole will fix open source software rather than exploit it.

While the idea between open source and free software is very similar, the key difference is that free software puts more of an emphasis on always being able to modify and redistribute the code. A key idea of free software is maintaining copyleft, meaning that you only will distribute your software freely if anything derived by it can be distributed freely. This idea is not as important in open source. I would consider GPL more free then BSD, as it requires copyleft. I prefer GPL, as I think it is important to make sure that further works from your free software remain free. I also believe that governments and pubic organizations should pushed to adopt open source more than private companies. Since these projects are being funded by the community, there is a responsibility to leave the projects open to the community. In terms of using open source software, there is a responsibility you take on by using the software. The price of using the software is that you should attempt to fix it if you are able. Maybe this doesn’t mean spending your whole life devoted to the project, but if you notice a bug see if you can fix it or at least notify somebody who can.

 

Blog Post 10-Online Advertising and Big Data

The dreaded Terms and Conditions. We all know nobody reads them, even getting angry when they have to scroll to the bottom of the page to pretend they’ve read them. However many don’t realize that checking that “Agree” checkbox is signing away a valuable part of themselves, their information. Many of these Terms and Conditions give companies the right to do basically whatever they want with your information, whether utilized by themselves or sold to other companies. Suddenly similar products to what you just bought on Amazon show up in advertisements, or you’re getting emails from stores you just visited even though you never gave them any of your information. We live in a world where companies can know essentially everything about you, from your demographic to products you like to where you’ve been. Most don’t realize this occurs, or even if they do realize they have no problem with it. However, is this practice ethical?

The argument for this practice being ethical is fairly straightforward. The use of your data is an implied cost toward the service you are being provided. If companies couldn’t profit off your data, their services would be more expensive. In the case of “free” services, without profiting off user data these services would no longer be free. Most are ok with receiving personalized advertisements if it means Facebook remains free and Amazon continues to provide cheap shipping. I fall into this category. I find that if companies are using your data to “subsidize” costs to the user, and their practices fall in-line with their Terms and Conditions (and are legal), the company is acting ethically. While I am ok with the theory of online advertisement, we know that in practice companies do not always act this ethically. Often companies will act against their Terms and Conditions, thinking users will never find out. Maybe they’ll hide shady or outright illegal terms. Also, companies certainly have the right to not pass on savings to users, but it certainly seems they are acting less ethically.

I actually got a first-hand introduction to the methods used in data collection/analyzation in my data mining class. I was given user data, user demographics, and tried to come up with a model to predict something about the user given this data, whether or not the user utilizes a screen lock on their phone. Basically I wanted to figure out what type of people would forget to use screen locks (age, gender, etc.) so a company could know to send reminders to these types of people to use screen locks. This starts to fall into the uncanny valley of categorization mentioned in The Atlantic article; it would be a little unsettling to realize you’re the only person getting emails from company security because you’re the only person forgetting to use a screen lock. However, this information would certainly be beneficial to companies.

However, there is the dark side of data storage that Kate Kochetkova brings up in her article. We inherently trust every single company whose services we use to handle our data securely. Just by visiting a website we are “using their services” and often give them permission to store our data. There are probably a lot of company’s websites we visit that we wouldn’t necessarily trust to handle our data well. Legally, they may only be required to handle the data in according to their Terms and Conditions. Ethically, they are held to a higher standard. I believe a company should figure out what the companies they sell their data to actually do with the data. They shouldn’t blindly sell to any buyer. There is also an implicit responsibility to keep our data safe, however this is often a legal responsibility as well.

I do use an advertisement blocker, however now that I am thinking about it I am not sure if they are always ethical. Many companies are dependent on advertisements to survive, so it is not really ethical to use their services but deny them any “payment.” However, many of these blockers allow you to unblock advertisements for websites you believe deserve “payment.” I may start unblocking sites I use for free so they get they get the compensation they deserve.