Archive of UserLand's first discussion group, started October 5, 1998.

Re: CallTheShots.com

Author:Paul Snively
Posted:11/18/1999; 10:41:07 AM
Topic:CallTheShots.com
Msg #:13193 (In response to 13188)
Prev/Next:13192 / 13194

Mark Kennedy wrote:

If a web site has a copyright notice on every page that states that the rights to the material on the site are reserved, why is it that another company can come and take whatever they want whenever they want without permission? Just because they can?

First of all, assuming that this is in reference to CallTheShots.com, I'm guessing (without taking a good hard look at their "technology," such as it is) that they're working around copyright issues the same way, e.g. Third Voice does: they're linking to the original site rather than copying the content to their own site.

You can make the argument (which I think is a valid one, contrary to the impression that people may have gotten from my participation in the Third Voice debate) that this is adhering to the letter of copyright law but not the spirit. That's all well and good, but in order to address the issue in a successful way we have to recognize some fundamental limitations in the realm of Web technology as it's popularly used and find ways to remedy those limitations.

The most obvious limitation of the way the Web currently works--and, thankfully, the one that's probably easiest to address--is that Web servers typically deliver content to all comers. In order to effect meaningful protection, what you want your server to deliver instead is a capability to view content. Some ramifications of this are that you probably want to deliver the capability to view all of the content, i.e. posted material plus ads plus... and that "capability to view" means "view only," i.e. not edit, not save to local disk, etc. A simple solution to this problem is to instead of serving HTML, serve up an HTML-viewing-only applet, perhaps even HotJava itself, assuming that HotJava prevents saving, editing, etc. Apart from some additional initialization time, the user experience of someone pointing their Java-aware browser at your site should/could be exactly the same, but "aggregators" like CallTheShots.com would get nothing but an APPLET tag to include in their frame.

The orthogonal, but also interesting, issue of delivering content "to all comers" gets us into the province of Virtual Private Networks, authentication, and the like, which I'm happy to talk to interested parties about, but which isn't directly related to the issue at hand.

Finally, a word about "just because they can." Briefly, real-world experience shows that human ethics are far from absolute: pragmatism dictates that, if value is attached to an object, that object had better be hard to copy. My favorite e-xample of this principle to date is the Staples coupon fiasco: Staples e-mailed a five-digit number to some set of known recipients. Upon entering that number on Staples website, the user would receive a $20 discount on their purchase. Staples thought this was OK to do because they were only sending this "coupon" to known, valued Staples customers.

The result--predictably for students of real-world human behavior--was that the number got posted on websites, newsgroups, etc. and Staples had to withdraw the offer.

This could have been avoided simply by making something closer to a real digital coupon, i.e. something hard to forge and, ideally, since the recipients were known, something with accountability built-in. For example, given a promotion ID, a recipient e-mail address, a Staples public key, and a Staples private key, append the e-mail address to the promotion ID, encrypt with public key, and send to recipient. When code is entered at website, decrypt with private key, and look up e-mail address and promotion ID in database. If "coupon" has not already been redeemed, deduct discount from purchase price, otherwise inform police that e-mail address is defrauding the company.

In other words, it's time to pay more attention to infrastructure, because there are ways we can prevent gross legal and ethical violations. Let's save the laws for what we can't address technologically (for a good example of where there isn't a technological solution and therefore legal enforcement is necessary, see Bruce Schneier's recent writing about the DVD crack).

The more general issues revolving around only delivering capabilities to do specific, limited things are fascinating; a group developing a capability-secure language based on Java is at <http://www.erights.org>. Highly recommended viewing.

There are responses to this message:

This page was archived on 6/13/2001; 4:53:34 PM.

© Copyright 1998-2001 UserLand Software, Inc.