Joi Ito's Web

Joi Ito's conversation with the living web.

First spotted on David Farber's IP List

Microsoft's Internet Explorer has a vulerability in it's implementation of SSL. It allows anyone with a valid CA-signed certificate to generate a fake certificate for any domain. This is because MS IE does not check the "Basic Constraints" which should tell whether a CA has authority to verify another domain.

This is a significant vulnerability which would allow a "man-in-the-middle" attack without any dialog boxes. This means that someone could think they are accessing their bank or online shop securely and directly, but in fact be accessing through a hostile site. The hostile site could watch the transaction or modify the transaction without the user knowing it.

Aparently MS is downplaying it. The link below is a detailed report of the bug on BugTraq.

SecurityFocus HOME Mailing List: BugTraq - Internet Explorer SSL Vulnerability 08/05/02

I know blogging about blogs is getting a bit old, but Frank Boosman sent me a this piece by Ray Ozzie on blogs which I find quite good. It is short and interesting, focusing on the architecture of blogs vs. old fashioned database oriented conferencing systems and groupware.
Architecture Matters: The Rebirth of Public Discussion

Another article about the war on copyright offenders in the US. Found on David Farber's IP list. It really does show how much money really matters I guess.

The question for me is, where will all of the artists go. Will young people continue to want to become motion picture directors or musicians when it becomes more and more obvious that it is a very regulated business controlled by lawyers, the FBI and politicians? Their recent actions show that they are not protecting "artists" but the ability for large corporations to "monetize" artists.

Is the finally a chance for the rest of the world to leap frog the US while they are bogged down in a chaotic mess of copyright garbage? Will the US use it's global influence to prevent the rest of the world from creating an alternative universe of more advanced copyright thinking?

Hollywood's Private War For Social Control
Richard Forno
10 August 2002
Article #2002-10
(c) 2002 Richard Forno. Permission granted to reproduce/republish in entirety with appropriate credit.
Reader Feedback

A July 25 letter sent to Attorney General  John Ashcroft by 19 American legislators asked him to devote more Justice Department resources in the fight against peer-to-peer networks and users swapping digital media without permission.

Forget the fact that the FBI is neck-deep in an internal crisis of confidence and competence, having a hard time recruiting and keeping qualified agents, and shifting from a diverse federal law enforcement entity to one in-line with the emerging threats to American society from terrorism.

No, it seems that one of the highest priorities for the Justice Department - behind that simple task of securing America's Homeland - should be copyright least in the eyes of the Recording Industry Association of America.  Of course, this is made all the easier when "peer-to-peer" - a valuable technological architecture - is interpreted and subsequently marketed by the RIAA as synonymous with "pirating" and evil economic - potentially terrorist - activities against the $40 billion entertainment industry. And, of course, Congress, mental wizards they are, will believe whatever they're asked to believe, provided the campaign contributions are the right type and amount.

We have the "War on Drugs" and the "War on AIDS" and the "War on Terror" -- does this mean we'll see the "War on File Sharing" as the next great American undertaking with the same effect as these other "Wars" over the years?

When news of this bipartisan letter broke on Friday, RIAA CEO Hilary Rosen, was, as always, quick to praise its contents, saying that mass copying off the Internet is illegal and deserves to be a high priority for the Department of Justice.  One wonders if she wears special shoes to be able to jump so quickly to applaud anything that might in some - any - way lead to profit assurance for her constituent record companies.

It was only last month that Rosen was quick to applaud the controversial P2P-hack bill introduced by one of their owned Congressman, Rep. Howard Berman (D-CA).  Among other things, the proposed bill (Register article here) would create loopholes for cyber-criminals to potentially escape from and also turn any authorized copyright holder into a potentially legal hacker. While Rosen was more than happy to quickly jump in and praise the proposal, Berman's bill was so controversial that even Rosen's evil counterpart, Jack Valenti of the Motion Picture Association, took pause when the bill was introduced, noting that there are aspects of the bill we believe need changing as it moves through the legislative process   -- implying that the powers proposed in the Berman Bill - legalizing electronic attacks and providing attacker immunity for liability in copyright enforcement activities -- were intended to be only for the large entertainment empires, not for any copyright holder no matter how small.

Both the RIAA and MPAA act like drug addicts.....desperately begging and trying to get something - anything - to help their body's craving for their addictive substances, but it's the RIAA that takes first prize in the desperate-moves category.  Declining sales of albums - and their profits - have been equated to Napster, peer-to-peer file sharing, Webcasting, MP3 file formats, and the fact all PCs now come with a CD burner as standard issue.....anything but the fact that studios have produced less and less quality music that folks want to buy, or that studios are more than happy to negotiate ludicrous contracts with artists that only deliver mediocre album sales (*cough* Mariah Carey) or one-hit wonders. They've happily saturated the pop market with teen bands that look, dance, and sound so alike it's impossible to tell them apart. They also forget that CD prices have gone up steadily over the past decade - and that when the economy takes a downturn, paying $20 for a song or two is not worth it to most people. Further, their efforts so far in providing music over the Internet - to 'compensate' for the loss of Napster - makes current Afghanistan politics look like a utopian form of government.

Granted, organized piracy (as opposed to individual copying and/or sharing) has caused Hollywood some economic damage, but I don't see Hilary, Jack, Lars, or studio executives standing on lines outside soup kitchens. And the fact that someone copies or uses a CD under federal fair-use laws doesn't present a significant economic impact to the entertainment industry, either. If anything, casual and legal sharing of music helps broaden an artist's publicity and generate "buzz" -  much how Microsoft software became so dominant in the marketplace -- not through quality, but because everyone was using it and it became the de facto standard, such that it is.

Rosen says that piracy "ultimately hurts consumers by undermining the creators' incentive to bring new works to the market.   In her eyes - and in the eyes of her purchased lawmakers - the only 'creators' that should be allowed to easily bring new works to market are those under contract to RIAA's member companies. To RIAA, you're either part of their cartel or you don't matter.

Thus, we see proposals like Berman's bill, and the RIAA suggesting that all blank compact disks (and possibly hard drives) be taxed to compensate for piracy losses, even if such media are used for the backup of software and user data, not entertainment content. Most sinister is the recent proposal by Senator Fritz "Hollywood" Hollings that would mandate copyright enforcement 'features' be part of any device that can store electronic data, from computers and DVD players to microwaves, garage door openers, and rectal thermometers. The Hollings proposal would essentially force the interests of the $40 billion entertainment industry on the $500 billion-plus technology and hardware industries in a variety of industrial sectors. Talk about the mouse trying to own the elephant herd.

As users and customers (note I did not say "consumers" - "customers" implies a mutually-beneficial two-way relationship), we have every right to bemoan the obvious profiteering actions of these entertainment cartels to squeeze every last dime from our wallets. Sure, we will pay for quality music that's affordable, but we want a happy medium where we have the flexibility to use the entertainment content legally purchased and/or obtained in a manner consistent with the law and our expectations. Yet the entertainment cartels are only too happy to lobby for laws and technological controls that presume every customer a potential criminal until it can be proven with certainty.  That's to be expected from Industrial Age business leaders - known otherwise as "The Greed Generation."

However, that's not the problem with the whole copyright enforcement debate. Sure, profits are involved, but there's much more at-stake than what's being discussed in Congress or the online communities.

Freedom of choice in how one is able to bring his content to market means a greater chance of it reaching an audience. Up until Napster, the entertainment industry alone decided what artist gets supported, promoted, and published, and in what quantities. The Information Age threatens to reverse this centralized control mechanism and profit stream, enabling anyone to publish and promote their content around the world, cutting the middleman - RIAA and major studios - out of the financial equation and management process. Nobody in an established role likes to lose control, be voted out of office, or see their authority and influence erode....yet this is exactly what the Information Age is doing to the centralized entertainment industry. This helps explain some of the goofy proposals mentioned earlier -- like a Vegas gambler, the RIAA (and MPAA by extension) is hedging its bets, trying to not only maintain control of the content and media industry, but if it can't, get as much as it can through other methods, laws, and charges.

If you control the means to disseminate content, you can subsequently control the public. If you can't afford - or are not willing - to play by the 'established' means of control, you are typically left to fend for yourself in local venues and audiences.

Thanks to the Information Age, this is not the case anymore. This harsh reality terrifies the entertainment industry that will stop at nothing - no matter how ill-conceived - to keep its reign despite a failing business model and changing economic and customer environment. The copyright debate isn't only about profit, it's also about who controls information, and ultimately, people and society.

Further Reading:

Book: Digital Copyright: Protecting Intellectual Property on the Internet (Jessica Litman)

Copyright, Security, and the Hollywood Hacking Bill


Bill Thompson on why Europe has to take back the web from US hegemony. A bit emotional but very interesting position. Something I feel some empathy for.

From The Register
First sighted on David Farber's List

Damn the Constitution: Europe must take back the Web
By Bill Thompson
Posted: 09/08/2002 at 14:01 GMT

Guest Opinion I've had enough of US hegemony. It's time for change -and a closed European network.

Today's Internet is a poor respecter of national boundaries, as many repressive governments have found to their cost. Unfortunately this freedom has been so extensively abused by the United States and its politicians, lawyers and programmers that it has become a serious threat to the continued survival of the network as a global communications medium. If the price of being online is to swallow US values, then many may think twice about using the Net at all, and if the only game online follows US rules, then many may decide not to play.

We have already seen US law, in the form of Digital Millennium Copyright Act, used to persuade hosts in other countries to pull material or limit its availability. US-promoted 'anti-censor' software is routinely provided to enable citizens of other countries to break local laws; and US companies like Yahoo! disregard the judgements of foreign courts at will.

Congressman Howard Berman's ridiculous proposal to give copyright holders immunity from prosecution if they hack into P2P networks is the latest attempt by the US Congress to pass laws that will directly affect every Internet user, because no US court would allow prosecution of a company in another jurisdiction when immunity is granted by US law.

Unless we can take back the Net from the libertarians, constitutional lawyers and rapacious corporations currently recreating the worst excesses of US political and commercial culture online, we will end up with an Internet which serves the imperial ambitions of only one country instead of the legitimate aspirations of the whole world.

While this would greatly please the US, it would not be in the interests of the majority of Internet users, who want a network that allows them to express their own values, respects their own laws and supports their own cultures and interests.

US domination has been going on for so long that many see it as either inevitable or desirable. 'They may have their problems but at least they believe in democracy, free speech and the market economy', the argument goes. Yet today's United States is a country which respects freedom so much that if I, a European citizen, set foot there I can be interned without any notice or due process, tried by a military tribunal and executed in secret.

It has a government which respects free speech yet tries to persuade postal workers to spy on people as they delivered their mail. Its Chief Executive illegally sold shares when in possession of privileged information about an impending price crash. ICANN, the body it established to manage DNS, had to be ordered by a court to let one of its own directors examine the company accounts for fear he may discover something untoward. And elected representatives -like the aforementioned Howard Berman -are paid vast amounts by firms lobbying for laws which serve their corporate interests.

These are clearly not the people who should be setting the rules for the Net's evolution. Unfortunately today's Internet, with its permissive architecture and lack of effective boundaries or user authentication, makes it almost impossible to resist this technological imperialism.

Full Text Here

I just received mail from an old friend who has become active on the issue of North Korean refugees and I have attached the email from him. I think the Japanese have a much higher level of sensitivity with regards to North Korea since they have influenced the extreme left wing in Japan and have harbored terrorists who have highjacked Japanese planes, etc. Having said that, Japan has basically a no-immigration policy and therefore have not accepted refugees from anywhere as far as I know.

I don't think going around labeling countries as "evil" is really very smart, but addressing the North Korea issue is definitely something that should be high priority. I don't think Koreas really like or respect Japan very much and with Koizumi paying homage to war criminals, I think it will be difficult for us to get much clout on this issue. I think China and South Korea really have to work this out, but I'm definitely not on expert. In October, I will be in Beijing for the 30th anniversary of the opening of diplomatic contacts with Japan and will be in Kuala Lumpur at the WEF meeting where the Asia young leaders will be talking about Asian issues. I will try to raise the issue at both conferences and report back if I can find out anything or make any progress on this issue.

Date: Fri, 9 Aug 2002 10:50:01 -0800
Subject: IMPORTANT NK refugee issue..


If you have some time to read a bit about an important issue and maybe lend a hand, please take a look at a (still just a list of links) web page which I'm starting to build at about the terrible situation of the people of North Korea's human rights.. their insane government, and the plight of the thousands of terrified and starving people who are trying to defect to other countries via China (really, the only way out of the country..) China, in want of a better thing to do, is repatriating all of them which they can catch, to North Korea.. (Not all of them are summarily executed any more, just some.. but it is still very very scary what happens to them upon return.)

So, my request to you is that you please read some of the stories of the refugees to see what they are running from. read about the situation in China and the current political situation.. And then what you do is up to you..

Here is the URL of one escapee's story that is particularly chilling.. this is the one that shocked me into attempting in my little way to help..

(No, I am not affiliated with any of these groups that are actively helping them, Christians, or whatever..etc..) I just read the stories and then I had to do something..

So why am I writing YOU? Because you are a human being who can see what is happening and care, and because you are smart and influential..

(I hope you don't feel I am spamming you.. If so, I apologize profusely.)

Important*** If some of the other countries in the area (like Japan) ***would be willing to set up refugee camps*** where some of these fleeing people could stay *in safety*, it would be a VERY good thing.

South Korea (or perhaps the US---working on that..) are the obvious ultimate destinations.. but South Korea has been at times strangely indifferent to the refugees from the North.. (they have been supporting the status quo in fear that NK would suddenly implode.. which would be expensive for them, they feel.. yes, it would be, but it is also necessary..)

Plus, it would be a way for Japan to build goodwill in an area where they could really benefit from it. I know that they have (in the past) given NK lots of food.. but the reality is that the NK government siphons off the food and precious little of it reaches the people it is meant to reach.. (Giving food aid is good, but monitoring it's distribution should be a *required* precondition of this aid.)

North Korea's people are now the 11th in the world.. (in malnutrition status..) In other words, they are starving to death.. No other countries on Earth with 99% literacy are anywhere near them...

Anyway, I know you are busy.. but this issue is really important.. Perhaps you could say a word to anyone you know who is influential enough to have some input into the government's decision-making process..

Nobody should have to live through the hell these people are going through.. It is a humanitarian nightmare comparable to the worst aspects of Hitler's Germany, Stalin's Russia, Pol Pot's Cambodia and Mao's China.


Thanks in advance..