David A. Wheeler's Blog
Wed, 29 Oct 2008
It’s election season in the United States, a fact that’s rather
hard to miss in Northern Virginia (where I live).
Popular Science is running a letter by Daniel Engber (of Slate Magazine)
in which he offers the US Presidential nominees advice on using
the full potential of the Internet upon their election into office.
This letter is being discussed in Slashdot.
Terry Sweeney believes that issues related to the
Internet Won’t Matter
in this election, and unfortunately, I think he’s right.
But still, we can hope, can’t we?
In any case, election season is a good excuse to think of helpful things
that the U.S. government could do
relating to the Internet and related IT technology.
Engber’s letter certainly got me thinking that direction.
I think it’s useful to try to think of such things, because by examining
and discussing them, some of them might come to pass.
So in that spirit, here’s my candidate list:
- Make spam illegal. Make sending unsolicited bulk email (spam) illegal, and in particular, require that people OPT-IN to receive messages sent in bulk. The current ‘opt-out’ system in the U.S. is silly, and always was. As essentially all information about spam notes, “Never Reply To Spam”. “Don’t [reply] to the spam message or [try] to send email to an email address given in the body of the spam and asking to be removed from the mailing list… spammers are much too sophisticated now for replies to affect them at all. And the From: addresses in spam messages are usually faked anyway.” Responding “just identifies you as a real person who read their message”. Europeans have the more sensible opt-in system. Laws do make a differenace; far more spam is U.S. than European in origin, due to the U.S.’s lax laws. It’s not that spam hard to define; if more than 1000 people (say) receive it, and they didn’t sign up for it (e.g., by signing up for a mailing list), it’s spam. A law will not solve everything, but it would help; technical measures can only go so far, and need laws to help make them work. The U.S. currently protects fax machines from spam, and that has worked! The current CAN-SPAM law legalizes spam - and thus is a sick joke. It’s time to make it illegal, to protect all of our inboxes.
- Require public access (free via web) to federally-funded research. Put all federally-funded unclassified research papers on the web, with no fees or sign-ins, so that a Google search can find it. NIH is already doing this; see the NIH public access policy. NIH isn’t perfect; their “12 month” period is silly (the web publication should occur immediately). Still, it’s an improvement, and it’s absurd that this is limited to NIH; federally-funded research should be published government-wide, no matter what arm it came from. Why should the public pay for research, then pay again to read it? Just imagine how much faster research could go if anyone could quickly click and review the latest research. Just imagine how much better the public could be informed if they could easily read U.S. research on a topic… instead of only having the flim-flam artists. I think I could make a good case that in academic research, the word “published” is increasingly meaning “accessible via Google”; anything Google can’t find doesn’t exist to many people. It’s shameful how certain publishers effectively steal U.S. research for private gain through monopolistic publishing contracts - they do not pay for the research, and typically they don’t even pay the researchers or reviewers! If you want exclusive rights to publish research, then you should pay all the costs of performing the research. I can see a case where the publisher footed 50% of the research bill (not just the paper-writing costs) and got a one-year publication delay, but the “owning” of research papers is indefensible. If you accept government money - and the government is of the people, by the people, and for the people - then the people should be receiving the research results. Let’s get rid of the unnecessary intermediaries and “poll taxes” on U.S. funded research.
- Federally-developed unclassified software: Open source software by default. By default, if the government funds unclassified software development (e.g., via research), that software should be released as open source software (under some common license). That way, anyone can use it, modify, and redistribute it (in modified or unmodified form). Again, why should the public pay for software, then pay again to use it? Currently, if researcher B wants to continue work of researcher A, both of which were paid via government funds, researcher B typically has to re-implement what researcher A did - and that can stop the research before it begins. This even applies to the government itself; often the government pays for re-development of the same software, because there’s no public information on software the government has already paid to develop. If the funds are mixed, try to break it down into pieces; if that won’t work, release the mixed-funding software after some fixed time (the U.S. DoD has a 5-year clock, starting at contract signing, for when the DoD could release some mixed-funding software as open source). If you are starting a proprietary software company, and want exclusive rights to developed software, then go to the bank or a venture capitalist (VC). The government is not a VC, so don’t expect it to be one. Exceptions will be needed… but they should be exceptions, not the rule.
- Increase funding on computer security. Some is done now, of course, but it pales compared to the problem. I guess this could be construed as being self-serving; after all, I try to improve computer security as a living. But the reason I do it is because I believe in it. There are many tools that enhance our muscles (cars, jackhammers, etc.), but essentially only one tool that enhances our mind: Computers. Which is one reason why computers are everywhere. Yet their very ubiquity is a problem, because they were generally not designed to be secure against determined attackers. I believe governments should not try to do all things; there are a lot of things government just isn’t good at. But defense is an area that is hard to do on an individual or business-by-business basis, yet we need it collectively - and it’s those kinds of problems that governments can help with.
- Increase formal methods research. The world is globalizing, and we increasingly depend on software. Testing is not a good way to make (or verify) high quality software; you can’t even fully test the trivial program “add 3 64-bit numbers” in less time than the age of the universe. In the long run, if we want really high levels of quality for software, we need better approaches, and there’s one obvious one: Formal methods. Formal methods apply mathematical approaches to software development. There are a lot of reasons people don’t use them today in typical software development projects, though. We need research to help turn those reasons into the past tense for most projects.
- Drop the DMCA’s anti-circumvention measures. The anti-circumvention stuff is just nonsense; they don’t fight piracy, but they do try to inhibit legal activities - and thus encourage lawlessness. XKCD’s “Steal this comic” shows the nonsense that Digital Restrictions Management (DRM) schemes bring, ones that the DMCA is absurdly trying to prop up. As far as I can tell, people are still making music and movies, even though the DRM schemes (and the anti-circumvention measures that prop them up) are a failure. Anti-circumvention measures make obviously lawful uses illegal (e.g., viewing DVDs on a Linux machine or putting your DVDs on your hard drive) - encouraging everyone to break the law.
- Drop software patents. Software patents have been a massive unjustified government intervention in the market. There is still no evidence that they are an improvement, and a lot of evidence that they are causing serious market failures. Save massive amounts of government money by getting rid of the whole useless bureaucracy.
- Fix copyright laws so that they make sense to normal people. I believe that the current copyright laws were written under the assumption that only large publishers, with reams of lawyers, needed to understand them. Now 9-year-olds need to understand them… except that they’re completely nonsensical. “Normal” people expect that short extractions aren’t copyright infringements, yet current U.S. law and court cases endorse such nonsensical interpretations (e.g., Bridgeport Music Inc. v. Dimension Films, 410 F.3d 792 (6th Cir. 2005) seems to say that even 3 notes can be an infringment). Strictly speaking, many Youtube videos break the law, even when a normal person would expect that the use would be okay. The term lengths of copyright far exceed the minimum necessary to obtain such works (which should be the criteria), and “fair use” needs to be clearer and more expansive. The penalties are also absurd; I disapprove of illegal copying, but the current penalties ($750 for a $1 song??) are so disproportionate that they probably violate the U.S. Constitution’s 8th amendment (“Excessive bail shall not be required, nor excessive fines imposed, nor cruel and unusual punishments inflicted.”). I believe that copyright law is in principle a good idea, but it sure isn’t working in practice like it’s supposed to. See Tales from the Public Domain: Bound by Law for an interesting perspective on this. For a specific example, I think that anything not marked by its author as copyrighted should be in the public domain; currently every jot and tiddle on the Internet is “copyrighted” by someone, making it nigh-impossible to keep track of all the claims over rights. It used to be that way - there’s no reason it couldn’t be again. A much shorter copyright term would be helpful, too - something within people’s lifetimes. In the past, publishers got disproportionate control over the process of modifying the copyright laws. We need to fix these laws so that they balance the needs of creators, publishers/distributors, and recipients. They need to be very simple, clear, and fair, because with the Internet, 9-year-olds can and do become publishers.
So, there’s my Christmas list.
Some of them don’t even cost money; they simply remove bad laws, and
actually save money.
This is my personal list, not influenced by my employer, my pets,
and so on.
Perhaps this list (and others like it) will start the ball rolling.
path: /security | Current Weblog | permanent link to this entry