1 00:00:08,530 --> 00:00:09,699 Introducer: 2 00:00:09,699 --> 00:00:16,250 Anyway, I believe I've killed enough time so, ladies and gentlemen, a person who 3 00:00:16,250 --> 00:00:22,169 in this crowd needs absolutely no introduction, Cory Doctorow! 4 00:00:22,169 --> 00:00:24,660 [Audience applauds] 5 00:00:24,660 --> 00:00:25,910 Doctorow: 6 00:00:25,910 --> 00:00:29,640 Thank you. 7 00:00:29,640 --> 00:00:36,640 So, when I speak in places where the first language of the nation is not English, 8 00:00:37,640 --> 00:00:44,268 there is a disclaimer and an apology, because I'm one of nature's fast talkers. When I was 9 00:00:44,268 --> 00:00:49,679 at the United Nations at the World Intellectual Property Organization, I was known as the 10 00:00:49,679 --> 00:00:55,550 "scourge" of the simultaneous translation corps; I would stand up and speak, and turn 11 00:00:55,549 --> 00:00:59,678 around, and there would be window after window of translator, and every one of them would 12 00:00:59,679 --> 00:01:06,519 be doing this [Doctorow facepalms]. [Audience laughs] So in advance, I give you permission 13 00:01:06,519 --> 00:01:11,349 when I start talking quickly to do this [Doctorow makes SOS motion] and I will slow down. 14 00:01:11,349 --> 00:01:17,059 So, tonight's talk -- wah, wah, waaah [Doctorow makes 'fail horn' sound, apparently 15 00:01:17,060 --> 00:01:22,060 in response to audience making SOS motion; audience laughs]] -- tonight's talk is not 16 00:01:22,060 --> 00:01:28,600 a copyright talk. I do copyright talks all the time; questions about culture and creativity 17 00:01:28,599 --> 00:01:33,908 are interesting enough, but to be honest, I'm quite sick of them. If you want to hear 18 00:01:33,909 --> 00:01:39,210 freelancer writers like me bang on about what's happening to the way we earn our living, by 19 00:01:39,209 --> 00:01:45,019 all means, go and find one of the many talks I've done on this subject on YouTube. But, 20 00:01:45,019 --> 00:01:49,989 tonight, I want to talk about something more important -- I want talk to talk about general 21 00:01:49,989 --> 00:01:52,688 purpose computers. 22 00:01:52,688 --> 00:01:57,688 Because general purpose computers are, in fact, astounding -- so astounding that our 23 00:01:57,688 --> 00:02:03,188 society is still struggling to come to grips with them: to figure out what they're for, 24 00:02:03,188 --> 00:02:09,728 to figure out how to accommodate them, and how to cope with them. Which, unfortunately, 25 00:02:09,729 --> 00:02:12,319 brings me back to copyright. 26 00:02:12,318 --> 00:02:17,799 Because the general shape of the copyright wars and the lessons they can teach 27 00:02:17,800 --> 00:02:23,310 us about the upcoming fights over the destiny of the general purpose computer are important. 28 00:02:23,310 --> 00:02:30,310 In the beginning, we had packaged software, and the attendant industry, and we had sneakernet. 29 00:02:31,689 --> 00:02:38,099 So, we had floppy disks in ziplock bags, or in cardboard boxes, hung on pegs in shops, 30 00:02:38,099 --> 00:02:43,780 and sold like candy bars and magazines. And they were eminently susceptible to duplication, 31 00:02:43,780 --> 00:02:49,500 and so they were duplicated quickly, and widely, and this was to the great chagrin of people 32 00:02:49,500 --> 00:02:51,680 who made and sold software. 33 00:02:51,680 --> 00:02:58,680 Enter DRM 0.96. They started to introduce physical defects to the disks or 34 00:02:59,430 --> 00:03:05,770 started to insist on other physical indicia which the software could check for -- dongles, 35 00:03:05,770 --> 00:03:10,659 hidden sectors, challenge/response protocols that required that you had physical possession 36 00:03:10,659 --> 00:03:17,329 of large, unwieldy manuals that were difficult to copy, and of course these failed, for two 37 00:03:17,330 --> 00:03:23,090 reasons. First, they were commercially unpopular, of course, because they reduced the usefulness 38 00:03:23,090 --> 00:03:27,599 of the software to the legitimate purchasers, while leaving the people who took the software 39 00:03:27,599 --> 00:03:32,789 without paying for it untouched. The legitimate purchasers resented the non-functionality 40 00:03:32,789 --> 00:03:38,239 of their backups, they hated the loss of scarce ports to the authentication dongles, and they 41 00:03:38,240 --> 00:03:43,620 resented the inconvenience of having to transport large manuals when they wanted to run their 42 00:03:43,620 --> 00:03:49,259 software. And second, these didn't stop pirates, who found it trivial to patch the software 43 00:03:49,259 --> 00:03:55,079 and bypass authentication. Typically, the way that happened is some expert who had possession 44 00:03:55,080 --> 00:04:00,680 of technology and expertise of equivalent sophistication to the software vendor itself, 45 00:04:00,680 --> 00:04:05,819 would reverse engineer the software and release cracked versions that quickly became widely 46 00:04:05,819 --> 00:04:11,629 circulated. While this kind of expertise and technology sounded highly specialized, it 47 00:04:11,629 --> 00:04:16,750 really wasn't; figuring out what recalcitrant programs were doing, and routing around the 48 00:04:16,750 --> 00:04:22,639 defects in shitty floppy disk media were both core skills for computer programmers, and 49 00:04:22,639 --> 00:04:27,300 were even more so in the era of fragile floppy disks and the rough-and-ready early days of 50 00:04:27,300 --> 00:04:33,660 software development. Anti-copying strategies only became more fraught as networks spread; 51 00:04:33,660 --> 00:04:38,840 once we had BBSes, online services, USENET newsgroups, and mailing lists, the expertise 52 00:04:38,839 --> 00:04:43,239 of people who figured out how to defeat these authentication systems could be packaged up 53 00:04:43,240 --> 00:04:49,639 in software as little crack files, or, as the network capacity increased, the cracked 54 00:04:49,639 --> 00:04:53,419 disk images or executables themselves could be spread on their own. 55 00:04:53,420 --> 00:05:00,420 Which gave us DRM 1.0. By 1996, it became clear to everyone in the halls of 56 00:05:00,480 --> 00:05:06,129 power that there was something important about to happen. We were about to have an information 57 00:05:06,129 --> 00:05:13,069 economy, whatever the hell that was. They assumed it meant an economy where we bought 58 00:05:13,069 --> 00:05:19,959 and sold information. Now, information technology makes things efficient, so imagine the markets 59 00:05:19,959 --> 00:05:25,149 that an information economy would have. You could buy a book for a day, you could sell 60 00:05:25,149 --> 00:05:29,739 the right to watch the movie for one Euro, and then you could rent out the pause button 61 00:05:29,740 --> 00:05:35,210 at one penny per second. You could sell movies for one price in one country, and another 62 00:05:35,209 --> 00:05:41,229 price in another, and so on, and so on; the fantasies of those days were a little like 63 00:05:41,230 --> 00:05:46,879 a boring science fiction adaptation of the Old Testament book of Numbers, a kind of tedious 64 00:05:46,879 --> 00:05:52,079 enumeration of every permutation of things people do with information and the ways we 65 00:05:52,079 --> 00:05:54,019 could charge them for it. 66 00:05:54,019 --> 00:05:58,870 But none of this would be possible unless we could control how people use their 67 00:05:58,870 --> 00:06:04,418 computers and the files we transfer to them. After all, it was well and good to talk about 68 00:06:04,418 --> 00:06:10,089 selling someone the 24 hour right to a video, or the right to move music onto an iPod, but 69 00:06:10,089 --> 00:06:15,219 not the right to move music from the iPod onto another device, but how the Hell could 70 00:06:15,220 --> 00:06:19,850 you do that once you'd given them the file? In order to do that, to make this work, you 71 00:06:19,850 --> 00:06:24,340 needed to figure out how to stop computers from running certain programs and inspecting 72 00:06:24,339 --> 00:06:29,668 certain files and processes. For example, you could encrypt the file, and then require 73 00:06:29,668 --> 00:06:34,000 the user to run a program that only unlocked the file under certain circumstances. 74 00:06:34,000 --> 00:06:40,990 But as they say on the Internet, "now you have two problems". You also, now, 75 00:06:40,990 --> 00:06:45,050 have to stop the user from saving the file while it's in the clear, and you have to stop 76 00:06:45,050 --> 00:06:49,639 the user from figuring out where the unlocking program stores its keys, because if the user 77 00:06:49,639 --> 00:06:53,819 finds the keys, she'll just decrypt the file and throw away that stupid player app. 78 00:06:53,819 --> 00:06:58,370 And now you have three problems [audience laughs], because now you have to 79 00:06:58,370 --> 00:07:02,019 stop the users who figure out how to render the file in the clear from sharing it with 80 00:07:02,019 --> 00:07:07,060 other users, and now you've got four! problems, because now you have to stop the users who 81 00:07:07,060 --> 00:07:11,709 figure out how to extract secrets from unlocking programs from telling other users how to do 82 00:07:11,709 --> 00:07:16,829 it too, and now you've got five! problems, because now you have to stop users who figure 83 00:07:16,829 --> 00:07:20,680 out how to extract secrets from unlocking programs from telling other users what the 84 00:07:20,680 --> 00:07:22,069 secrets were! 85 00:07:22,069 --> 00:07:28,909 That's a lot of problems. But by 1996, we had a solution. We had the WIPO Copyright 86 00:07:28,910 --> 00:07:32,990 Treaty, passed by the United Nations World Intellectual Property Organization, which 87 00:07:32,990 --> 00:07:37,930 created laws that made it illegal to extract secrets from unlocking programs, and it created 88 00:07:37,930 --> 00:07:42,250 laws that made it illegal to extract media cleartexts from the unlocking programs while 89 00:07:42,250 --> 00:07:46,579 they were running, and it created laws that made it illegal to tell people how to extract 90 00:07:46,579 --> 00:07:51,719 secrets from unlocking programs, and created laws that made it illegal to host copyrighted 91 00:07:51,720 --> 00:07:58,120 works and secrets and all with a handy streamlined process that let you remove stuff from the 92 00:07:58,120 --> 00:08:02,728 internet without having to screw around with lawyers, and judges, and all that crap. And 93 00:08:02,728 --> 00:08:09,728 with that, illegal copying ended forever [audience laughs very hard, applauds], the information 94 00:08:18,709 --> 00:08:23,489 economy blossomed into a beautiful flower that brought prosperity to the whole wide 95 00:08:23,490 --> 00:08:29,629 world; as they say on the aircraft carriers, "Mission Accomplished". [audience laughs] 96 00:08:29,629 --> 00:08:34,490 Well, of course that's not how the story ends because pretty much anyone who 97 00:08:34,490 --> 00:08:39,629 understood computers and networks understood that while these laws would create more problems 98 00:08:39,629 --> 00:08:44,179 than they could possibly solve; after all, these were laws that made it illegal to look 99 00:08:44,179 --> 00:08:49,149 inside your computer when it was running certain programs, they made it illegal to tell people 100 00:08:49,149 --> 00:08:53,549 what you found when you looked inside your computer, they made it easy to censor material 101 00:08:53,549 --> 00:08:57,769 on the internet without having to prove that anything wrong had happened; in short, they 102 00:08:57,769 --> 00:09:04,419 made unrealistic demands on reality and reality did not oblige them. After all, copying only 103 00:09:04,419 --> 00:09:09,049 got easier following the passage of these laws -- copying will only ever get easier! 104 00:09:09,049 --> 00:09:14,328 Here, 2011, this is as hard as copying will get! Your grandchildren will turn to you around 105 00:09:14,328 --> 00:09:18,419 the Christmas table and say "Tell me again, Grandpa, tell me again, Grandma, about when 106 00:09:18,419 --> 00:09:23,549 it was hard to copy things in 2011, when you couldn't get a drive the size of your fingernail 107 00:09:23,549 --> 00:09:27,859 that could hold every song ever recorded, every movie ever made, every word ever spoken, 108 00:09:27,860 --> 00:09:31,919 every picture ever taken, everything, and transfer it in such a short period of time 109 00:09:31,919 --> 00:09:36,299 you didn't even notice it was doing it, tell us again when it was so stupidly hard to copy 110 00:09:36,299 --> 00:09:43,299 things back in 2011". And so, reality asserted itself, and everyone had a good laugh over 111 00:09:43,490 --> 00:09:47,970 how funny our misconceptions were when we entered the 21st century, and then a lasting 112 00:09:47,970 --> 00:09:52,759 peace was reached with freedom and prosperity for all. [audience chuckles] 113 00:09:52,759 --> 00:09:57,949 Well, not really. Because, like the nursery rhyme lady who swallows a spider 114 00:09:57,948 --> 00:10:02,328 to catch a fly, and has to swallow a bird to catch the spider, and a cat to catch the 115 00:10:02,328 --> 00:10:08,849 bird, and so on, so must a regulation that has broad general appeal but is disastrous 116 00:10:08,850 --> 00:10:13,928 in its implementation beget a new regulation aimed at shoring up the failure of the old 117 00:10:13,928 --> 00:10:18,110 one. Now, it's tempting to stop the story here and conclude that the problem is that 118 00:10:18,110 --> 00:10:23,470 lawmakers are either clueless or evil, or possibly evilly clueless, and just leave it 119 00:10:23,470 --> 00:10:28,730 there, which is not a very satisfying place to go, because it's fundamentally a council 120 00:10:28,730 --> 00:10:33,350 of despair; it suggests that our problems cannot be solved for so long as stupidity 121 00:10:33,350 --> 00:10:38,659 and evilness are present in the halls of power, which is to say they will never be solved. 122 00:10:38,659 --> 00:10:41,100 But I have another theory about what's happened. 123 00:10:41,100 --> 00:10:46,220 It's not that regulators don't understand information technology, because it should 124 00:10:46,220 --> 00:10:52,819 be possible to be a non-expert and still make a good law! M.P.s and Congressmen and so on 125 00:10:52,818 --> 00:10:58,128 are elected to represent districts and people, not disciplines and issues. We don't have 126 00:10:58,129 --> 00:11:02,490 a Member of Parliament for biochemistry, and we don't have a Senator from the great state 127 00:11:02,490 --> 00:11:09,240 of urban planning, and we don't have an M.E.P. from child welfare. (But perhaps we should.) 128 00:11:09,240 --> 00:11:14,610 And yet those people who are experts in policy and politics, not technical disciplines, nevertheless, 129 00:11:14,610 --> 00:11:20,028 often do manage to pass good rules that make sense, and that's because government relies 130 00:11:20,028 --> 00:11:24,850 on heuristics -- rules of thumbs about how to balance expert input from different sides 131 00:11:24,850 --> 00:11:25,790 of an issue. 132 00:11:25,789 --> 00:11:30,269 But information technology confounds these heuristics -- it kicks the crap out 133 00:11:30,269 --> 00:11:36,169 of them -- in one important way, and this is it. One important test of whether or not 134 00:11:36,169 --> 00:11:40,539 a regulation is fit for a purpose is first, of course, whether it will work, but second 135 00:11:40,539 --> 00:11:45,248 of all, whether or not in the course of doing its work, it will have lots of effects on 136 00:11:45,249 --> 00:11:51,619 everything else. If I wanted Congress to write, or Parliament to write, or the E.U. to regulate 137 00:11:51,619 --> 00:11:56,769 a wheel, it's unlikely I'd succeed. If I turned up and said "well, everyone knows that wheels 138 00:11:56,769 --> 00:12:01,980 are good and right, but have you noticed that every single bank robber has four wheels on 139 00:12:01,980 --> 00:12:06,449 his car when he drives away from the bank robbery? Can't we do something about this?", 140 00:12:06,448 --> 00:12:11,188 the answer would of course be "no". Because we don't know how to make a wheel that is 141 00:12:11,188 --> 00:12:16,799 still generally useful for legitimate wheel applications but useless to bad guys. And 142 00:12:16,799 --> 00:12:20,958 we can all see that the general benefits of wheels are so profound that we'd be foolish 143 00:12:20,958 --> 00:12:26,469 to risk them in a foolish errand to stop bank robberies by changing wheels. Even if there 144 00:12:26,470 --> 00:12:31,050 were an /epidemic/ of bank robberies, even if society were on the verge of collapse thanks 145 00:12:31,049 --> 00:12:34,998 to bank robberies, no-one would think that wheels were the right place to start solving 146 00:12:34,999 --> 00:12:36,149 our problems. 147 00:12:36,149 --> 00:12:42,470 But. If I were to show up in that same body to say that I had absolute proof 148 00:12:42,470 --> 00:12:48,300 that hands-free phones were making cars dangerous, and I said, "I would like you to pass a law 149 00:12:48,299 --> 00:12:52,618 that says it's illegal to put a hands-free phone in a car", the regulator might say "Yeah, 150 00:12:52,619 --> 00:12:56,499 I'd take your point, we'd do that". And we might disagree about whether or not this is 151 00:12:56,499 --> 00:13:00,808 a good idea, or whether or not my evidence made sense, but very few of us would say "well, 152 00:13:00,808 --> 00:13:06,519 once you take the hands-free phones out of the car, they stop being cars". We understand 153 00:13:06,519 --> 00:13:12,100 that we can keep cars cars even if we remove features from them. Cars are special purpose, 154 00:13:12,100 --> 00:13:16,860 at least in comparison to wheels, and all that the addition of a hands-free phone does 155 00:13:16,860 --> 00:13:22,829 is add one more feature to an already-specialized technology. In fact, there's that heuristic 156 00:13:22,828 --> 00:13:27,479 that we can apply here -- special-purpose technologies are complex. And you can remove 157 00:13:27,480 --> 00:13:32,569 features from them without doing fundamental disfiguring violence to their underlying utility. 158 00:13:32,568 --> 00:13:38,308 This rule of thumb serves regulators well, by and large, but it is rendered null 159 00:13:38,308 --> 00:13:42,868 and void by the general-purpose computer and the general-purpose network -- the PC and 160 00:13:42,869 --> 00:13:48,230 the Internet. Because if you think of computer software as a feature, that is a computer 161 00:13:48,230 --> 00:13:52,649 with spreadsheets running on it has a spreadsheet feature, and one that's running World of Warcraft 162 00:13:52,649 --> 00:13:57,899 has an MMORPG feature, then this heuristic leads you to think that you could reasonably 163 00:13:57,899 --> 00:14:02,318 say, "make me a computer that doesn't run spreadsheets", and that it would be no more 164 00:14:02,318 --> 00:14:07,028 of an attack on computing than "make me a car without a hands-free phone" is an attack 165 00:14:07,028 --> 00:14:12,610 on cars. And if you think of protocols and sites as features of the network, then saying 166 00:14:12,610 --> 00:14:18,938 "fix the Internet so that it doesn't run BitTorrent", or "fix the Internet so that thepiratebay.org 167 00:14:18,938 --> 00:14:23,708 no longer resolves", then it sounds a lot like "change the sound of busy signals", or 168 00:14:23,708 --> 00:14:28,438 "take that pizzeria on the corner off the phone network", and not like an attack on 169 00:14:28,438 --> 00:14:30,899 the fundamental principles of internetworking. 170 00:14:30,899 --> 00:14:36,419 Not realizing that this rule of thumb that works for cars and for houses and 171 00:14:36,419 --> 00:14:41,188 for every other substantial area of technological regulation fails for the Internet does not 172 00:14:41,188 --> 00:14:45,058 make you evil and it does not make you an ignoramus. It just makes you part of that 173 00:14:45,058 --> 00:14:50,678 vast majority of the world for whom ideas like "Turing complete" and "end-to-end" are 174 00:14:50,678 --> 00:14:56,838 meaningless. So, our regulators go off, and they blithely pass these laws, and they become 175 00:14:56,839 --> 00:15:01,439 part of the reality of our technological world. There are suddenly numbers that we aren't 176 00:15:01,438 --> 00:15:06,289 allowed to write down on the Internet, programs we're not allowed to publish, and all it takes 177 00:15:06,289 --> 00:15:11,488 to make legitimate material disappear from the Internet is to say "that? That infringes 178 00:15:11,489 --> 00:15:15,809 copyright.". It fails to attain the actual goal of the regulation; it doesn't stop people 179 00:15:15,808 --> 00:15:21,118 from violating copyright, but it bears a kind of superficial resemblance to copyright enforcement 180 00:15:21,119 --> 00:15:26,959 -- it satisfies the security syllogism: "something must be done, I am doing something, something 181 00:15:26,958 --> 00:15:32,789 has been done." And thus any failures that arise can be blamed on the idea that the regulation 182 00:15:32,789 --> 00:15:37,858 doesn't go far enough, rather than the idea that it was flawed from the outset. 183 00:15:37,859 --> 00:15:42,399 This kind of superficial resemblance and underlying divergence happens in other 184 00:15:42,399 --> 00:15:46,999 engineering contexts. I've a friend who was once a senior executive at a big consumer 185 00:15:46,999 --> 00:15:50,928 packaged goods company who told me about what happened when the marketing department told 186 00:15:50,928 --> 00:15:55,198 the engineers that they'd thought up a great idea for detergent: from now on, they were 187 00:15:55,198 --> 00:16:00,058 going to make detergent that made your clothes newer every time you washed them! Well after 188 00:16:00,058 --> 00:16:04,868 the engineers had tried unsuccessfully to convey the concept of "entropy" to the marketing 189 00:16:04,869 --> 00:16:10,100 department [audience laughs], they arrived at another solution -- "solution" -- they'd 190 00:16:10,100 --> 00:16:15,959 develop a detergent that used enzymes that attacked loose fiber ends, the kind that you 191 00:16:15,958 --> 00:16:20,258 get with broken fibers that make your clothes look old. So every time you washed your clothes 192 00:16:20,259 --> 00:16:25,100 in the detergent, they would look newer. But that was because the detergent was literally 193 00:16:25,100 --> 00:16:31,100 digesting your clothes! Using it would literally cause your clothes to dissolve in the washing 194 00:16:31,100 --> 00:16:36,949 machine! This was the opposite of making clothes newer; instead, you were artificially aging 195 00:16:36,948 --> 00:16:42,828 your clothes every time you washed them, and as the user, the more you deployed the "solution", 196 00:16:42,828 --> 00:16:47,488 the more drastic your measures had to be to keep your clothes up to date -- you actually 197 00:16:47,489 --> 00:16:50,720 had to go buy new clothes because the old ones fell apart. 198 00:16:50,720 --> 00:16:55,129 So today we have marketing departments who say things like "we don't need computers, 199 00:16:55,129 --> 00:17:00,539 we need... appliances. Make me a computer that doesn't run every program, just a program 200 00:17:00,539 --> 00:17:05,920 that does this specialized task, like streaming audio, or routing packets, or playing Xbox 201 00:17:05,920 --> 00:17:10,429 games, and make sure it doesn't run programs that I haven't authorized that might undermine 202 00:17:10,429 --> 00:17:16,019 our profits". And on the surface, this seems like a reasonable idea -- just a program that 203 00:17:16,019 --> 00:17:22,679 does one specialized task -- after all, we can put an electric motor in a blender, and 204 00:17:22,679 --> 00:17:27,059 we can install a motor in a dishwasher, and we don't worry if it's still possible to run 205 00:17:27,058 --> 00:17:33,490 a dishwashing program in a blender. But that's not what we do when we turn a computer into 206 00:17:33,490 --> 00:17:38,380 an appliance. We're not making a computer that runs only the "appliance" app; we're 207 00:17:38,380 --> 00:17:43,870 making a computer that can run every program, but which uses some combination of rootkits, 208 00:17:43,869 --> 00:17:48,408 spyware, and code-signing to prevent the user from knowing which processes are running, 209 00:17:48,409 --> 00:17:53,049 from installing her own software, and from terminating processes that she doesn't want. 210 00:17:53,048 --> 00:17:58,869 In other words, an appliance is not a stripped-down computer -- it is a fully functional computer 211 00:17:58,869 --> 00:18:02,298 with spyware on it out of the box. 212 00:18:02,298 --> 00:18:08,750 [audience applauds loudly] Thanks. 213 00:18:08,750 --> 00:18:14,190 Because we don't know how to build the general purpose computer that is capable 214 00:18:14,190 --> 00:18:18,538 of running any program we can compile except for some program that we don't like, or that 215 00:18:18,538 --> 00:18:23,548 we prohibit by law, or that loses us money. The closest approximation that we have to 216 00:18:23,548 --> 00:18:29,220 this is a computer with spyware -- a computer on which remote parties set policies without 217 00:18:29,220 --> 00:18:34,220 the computer user's knowledge, over the objection of the computer's owner. And so it is that 218 00:18:34,220 --> 00:18:37,450 digital rights management always converges on malware. 219 00:18:37,450 --> 00:18:41,200 There was, of course, this famous incident, a kind of gift to people who have 220 00:18:41,200 --> 00:18:47,130 this hypothesis, in which Sony loaded covert rootkit installers on 6 million audio CDs, 221 00:18:47,130 --> 00:18:52,399 which secretly executed programs that watched for attempts to read the sound files on CDs, 222 00:18:52,398 --> 00:18:56,268 and terminated them, and which also hid the rootkit's existence by causing the kernel 223 00:18:56,269 --> 00:19:00,819 to lie about which processes were running, and which files were present on the drive. 224 00:19:00,819 --> 00:19:05,960 But it's not the only example; just recently, Nintendo shipped the 3DS, which opportunistically 225 00:19:05,960 --> 00:19:10,130 updates its firmware, and does an integrity check to make sure that you haven't altered 226 00:19:10,130 --> 00:19:15,299 the old firmware in any way, and if it detects signs of tampering, it bricks itself. 227 00:19:15,298 --> 00:19:20,388 Human rights activists have raised alarms over U-EFI, the new PC bootloader, 228 00:19:20,388 --> 00:19:25,178 which restricts your computer so it runs signed operating systems, noting that repressive 229 00:19:25,179 --> 00:19:30,278 governments will likely withhold signatures from OSes unless they have covert surveillance 230 00:19:30,278 --> 00:19:30,849 operations. 231 00:19:30,849 --> 00:19:35,178 And on the network side, attempts to make a network that can't be used for copyright 232 00:19:35,179 --> 00:19:40,710 infringement always converges with the surveillance measures that we know from repressive governments. 233 00:19:40,710 --> 00:19:47,700 So, SOPA, the U.S. Stop Online Piracy Act, bans tools like DNSSec because they can be 234 00:19:47,700 --> 00:19:52,519 used to defeat DNS blocking measures. And it blocks tools like Tor, because they can 235 00:19:52,519 --> 00:19:57,759 be used to circumvent IP blocking measures. In fact, the proponents of SOPA, the Motion 236 00:19:57,759 --> 00:20:03,119 Picture Association of America, circulated a memo, citing research that SOPA would probably 237 00:20:03,119 --> 00:20:08,599 work, because it uses the same measures as are used in Syria, China, and Uzbekistan, 238 00:20:08,599 --> 00:20:12,388 and they argued that these measures are effective in those countries, and so they would work 239 00:20:12,388 --> 00:20:13,879 in America, too! 240 00:20:13,880 --> 00:20:20,278 [audience laughs and applauds] Don't applaud me, applaud the MPAA! 241 00:20:20,278 --> 00:20:26,038 Now, it may seem like SOPA is the end game in a long fight over copyright, and 242 00:20:26,038 --> 00:20:30,638 the internet, and it may seem like if we defeat SOPA, we'll be well on our way to securing 243 00:20:30,638 --> 00:20:36,319 the freedom of PCs and networks. But as I said at the beginning of this talk, this isn't 244 00:20:36,319 --> 00:20:42,648 about copyright, because the copyright wars are just the 0.9 beta version of the long 245 00:20:42,648 --> 00:20:47,489 coming war on computation. The entertainment industry were just the first belligerents 246 00:20:47,490 --> 00:20:52,339 in this coming century-long conflict. We tend to think of them as particularly successful 247 00:20:52,339 --> 00:20:58,609 -- after all, here is SOPA, trembling on the verge of passage, and breaking the internet 248 00:20:58,609 --> 00:21:04,519 on this fundamental level in the name of preserving Top 40 music, reality TV shows, and Ashton 249 00:21:04,519 --> 00:21:06,929 Kutcher movies! [laughs, scattered applause] 250 00:21:06,929 --> 00:21:13,100 But the reality is, copyright legislation gets as far as it does precisely because it's 251 00:21:13,099 --> 00:21:18,980 not taken seriously, which is why on one hand, Canada has had Parliament after Parliament 252 00:21:18,980 --> 00:21:23,940 introduce one stupid copyright bill after another, but on the other hand, Parliament 253 00:21:23,940 --> 00:21:29,639 after Parliament has failed to actually vote on the bill. It's why we got SOPA, a bill 254 00:21:29,638 --> 00:21:36,638 composed of pure stupid, pieced together molecule-by-molecule, into a kind of "Stupidite 250", which is normally 255 00:21:37,509 --> 00:21:44,110 only found in the heart of newborn star, and it's why these rushed-through SOPA hearings 256 00:21:44,109 --> 00:21:48,678 had to be adjourned midway through the Christmas break, so that lawmakers could get into a 257 00:21:48,679 --> 00:21:55,028 real vicious nationally-infamous debate over an important issue, unemployment insurance. 258 00:21:55,028 --> 00:22:01,839 It's why the World Intellectual Property Organization is gulled time and again into enacting crazed, 259 00:22:01,839 --> 00:22:07,089 pig-ignorant copyright proposals because when the nations of the world send their U.N. missions 260 00:22:07,089 --> 00:22:13,069 to Geneva, they send water experts, not copyright experts; they send health experts, not copyright 261 00:22:13,069 --> 00:22:17,730 experts; they send agriculture experts, not copyright experts, because copyright is just 262 00:22:17,730 --> 00:22:24,730 not important to pretty much everyone! [applause] 263 00:22:27,179 --> 00:22:34,179 Canada's Parliament didn't vote on its copyright bills because, of all the 264 00:22:34,490 --> 00:22:40,169 things that Canada needs to do, fixing copyright ranks well below health emergencies on first 265 00:22:40,169 --> 00:22:45,440 nations reservations, exploiting the oil patch in Alberta, interceding in sectarian resentments 266 00:22:45,440 --> 00:22:49,798 among French- and English-speakers, solving resources crises in the nation's fisheries, 267 00:22:49,798 --> 00:22:54,929 and thousand other issues! The triviality of copyright tells you that when other sectors 268 00:22:54,929 --> 00:23:00,559 of the economy start to evince concerns about the internet and the PC, that copyright will 269 00:23:00,558 --> 00:23:06,629 be revealed for a minor skirmish, and not a war. Why would other sectors nurse grudges 270 00:23:06,630 --> 00:23:11,659 against computers? Well, because the world we live in today is /made/ of computers. We 271 00:23:11,659 --> 00:23:15,899 don't have cars anymore, we have computers we ride in; we don't have airplanes anymore, 272 00:23:15,898 --> 00:23:22,898 we have flying Solaris boxes with a big bucketful of SCADA controllers [laughter]; a 3D printer 273 00:23:24,409 --> 00:23:30,380 is not a device, it's a peripheral, and it only works connected to a computer; a radio 274 00:23:30,380 --> 00:23:36,200 is no longer a crystal, it's a general-purpose computer with a fast ADC and a fast DAC and 275 00:23:36,200 --> 00:23:37,269 some software. 276 00:23:37,269 --> 00:23:43,200 The grievances that arose from unauthorized copying are trivial, when compared 277 00:23:43,200 --> 00:23:49,269 to the calls for action that our new computer-embroidered reality will create. Think of radio for a 278 00:23:49,269 --> 00:23:54,149 minute. The entire basis for radio regulation up until today was based on the idea that 279 00:23:54,148 --> 00:23:59,178 the properties of a radio are fixed at the time of manufacture, and can't be easily altered. 280 00:23:59,179 --> 00:24:03,389 You can't just flip a switch on your baby monitor, and turn it into something that interferes 281 00:24:03,388 --> 00:24:08,609 with air traffic control signals. But powerful software-defined radios can change from baby 282 00:24:08,609 --> 00:24:13,719 monitor to emergency services dispatcher to air traffic controller just by loading and 283 00:24:13,720 --> 00:24:18,589 executing different software, which is why the first time the American telecoms regulator 284 00:24:18,589 --> 00:24:23,878 (the FCC) considered what would happen when we put SDRs in the field, they asked for comment 285 00:24:23,878 --> 00:24:29,199 on whether it should mandate that all software-defined radios should be embedded in trusted computing 286 00:24:29,200 --> 00:24:34,778 machines. Ultimately, whether every PC should be locked, so that the programs they run are 287 00:24:34,778 --> 00:24:37,329 strictly regulated by central authorities. 288 00:24:37,329 --> 00:24:42,259 And even this is a shadow of what is to come. After all, this was the year in 289 00:24:42,259 --> 00:24:48,370 which we saw the debut of open sourced shape files for converting AR-15s to full automatic. 290 00:24:48,369 --> 00:24:53,628 This was the year of crowd-funded open-sourced hardware for gene sequencing. And while 3D 291 00:24:53,628 --> 00:24:57,750 printing will give rise to plenty of trivial complaints, there will be judges in the American 292 00:24:57,750 --> 00:25:02,730 South and Mullahs in Iran who will lose their minds over people in their jurisdiction printing 293 00:25:02,730 --> 00:25:09,509 out sex toys. [guffaw from audience] The trajectory of 3D printing will most certainly raise real 294 00:25:09,509 --> 00:25:13,409 grievances, from solid state meth labs, to ceramic knives. 295 00:25:13,409 --> 00:25:17,950 And it doesn't take a science fiction writer to understand why regulators might 296 00:25:17,950 --> 00:25:23,889 be nervous about the user-modifiable firmware on self-driving cars, or limiting interoperability 297 00:25:23,888 --> 00:25:28,788 for aviation controllers, or the kind of thing you could do with bio-scale assemblers and 298 00:25:28,788 --> 00:25:34,240 sequencers. Imagine what will happen the day that Monsanto determines that it's really... 299 00:25:34,240 --> 00:25:39,000 really... important to make sure that computers can't execute programs that cause specialized 300 00:25:39,000 --> 00:25:44,940 peripherals to output organisms that eat their lunch... literally. Regardless of whether 301 00:25:44,940 --> 00:25:50,070 you think these are real problems or merely hysterical fears, they are nevertheless the 302 00:25:50,069 --> 00:25:54,439 province of lobbies and interest groups that are far more influential than Hollywood and 303 00:25:54,440 --> 00:25:59,600 big content are on their best days, and every one of them will arrive at the same place 304 00:25:59,599 --> 00:26:04,928 -- "can't you just make us a general purpose computer that runs all the programs, except 305 00:26:04,929 --> 00:26:10,019 the ones that scare and anger us? Can't you just make us an Internet that transmits any 306 00:26:10,019 --> 00:26:14,929 message over any protocol between any two points, unless it upsets us?" 307 00:26:14,929 --> 00:26:18,879 And personally, I can see that there will be programs that run on general 308 00:26:18,878 --> 00:26:24,099 purpose computers and peripherals that will even freak me out. So I can believe that people 309 00:26:24,099 --> 00:26:28,369 who advocate for limiting general purpose computers will find receptive audience for 310 00:26:28,369 --> 00:26:33,739 their positions. But just as we saw with the copyright wars, banning certain instructions, 311 00:26:33,740 --> 00:26:39,470 or protocols, or messages, will be wholly ineffective as a means of prevention and remedy; 312 00:26:39,470 --> 00:26:45,589 and as we saw in the copyright wars, all attempts at controlling PCs will converge on rootkits; 313 00:26:45,589 --> 00:26:51,480 all attempts at controlling the Internet will converge on surveillance and censorship, which 314 00:26:51,480 --> 00:26:57,179 is why all this stuff matters. Because we've spent the last 10+ years as a body sending 315 00:26:57,179 --> 00:27:01,639 our best players out to fight what we thought was the final boss at the end of the game, 316 00:27:01,638 --> 00:27:06,099 but it turns out it's just been the mini-boss at the end of the level, and the stakes are 317 00:27:06,099 --> 00:27:07,339 only going to get higher. 318 00:27:07,339 --> 00:27:11,509 As a member of the Walkman generation, I have made peace with the fact that I will 319 00:27:11,509 --> 00:27:17,089 require a hearing aid long before I die, and of course, it won't be a hearing aid, it will 320 00:27:17,089 --> 00:27:22,480 be a computer I put in my body. So when I get into a car -- a computer I put my body 321 00:27:22,480 --> 00:27:27,579 into -- with my hearing aid -- a computer I put inside my body -- I want to know that 322 00:27:27,579 --> 00:27:32,398 these technologies are not designed to keep secrets from me, and to prevent me from terminating 323 00:27:32,398 --> 00:27:39,398 processes on them that work against my interests. [vigorous applause from audience] Thank you 324 00:27:39,584 --> 00:27:47,846 [applause continues] 325 00:27:47,846 --> 00:27:51,973 Thank you. So, last year, the Lower Merion School District, 326 00:27:51,973 --> 00:27:55,079 in a middle-class, affluent suburb of Philadelphia, 327 00:27:55,079 --> 00:27:57,092 found itself in a great deal of trouble, 328 00:27:57,092 --> 00:28:01,184 because it was caught distributing PCs to its students, equipped with rootkits 329 00:28:01,184 --> 00:28:05,858 that allowed for remote covert surveillance through the computer's camera and network connection. 330 00:28:05,858 --> 00:28:09,803 It transpired that they had been photographing students thousands of times, 331 00:28:09,803 --> 00:28:14,348 at home and at school, awake and asleep, dressed and naked. 332 00:28:14,394 --> 00:28:18,021 Meanwhile, the latest generation of lawful intercept technology 333 00:28:18,021 --> 00:28:23,990 can covertly operate cameras, mics, and GPSes on PCs, tablets, and mobile devices. 334 00:28:23,990 --> 00:28:29,930 Freedom in the future will require us to have the capacity to monitor our devices 335 00:28:29,930 --> 00:28:36,419 and set meaningful policy on them, to examine and terminate the processes that run on them, 336 00:28:36,419 --> 00:28:39,635 to maintain them as honest servants to our will, 337 00:28:39,635 --> 00:28:44,548 and not as traitors and spies working for criminals, thugs, and control freaks. 338 00:28:44,548 --> 00:28:48,623 And we haven't lost yet, but we have to win the copyright wars 339 00:28:48,623 --> 00:28:51,469 to keep the Internet and the PC free and open. 340 00:28:51,469 --> 00:28:58,021 Because these are themateriel in the wars that are to come, we won't be able to fight on without them. 341 00:28:58,021 --> 00:29:03,729 And I know this sounds like a counsel of despair, but as I said, these are early days. 342 00:29:03,821 --> 00:29:08,264 We have been fighting the mini-boss, and that means that great challenges are yet to come, 343 00:29:08,264 --> 00:29:14,348 but like all good level designers, fate has sent us a soft target to train ourselves on. 344 00:29:15,179 --> 00:29:20,386 We have a chance, a real chance, and if we support open and free systems, 345 00:29:20,432 --> 00:29:28,590 and the organizations that fight for them -- EFF, Bits of Freedom , EDRI, ORG, CC, Netzpolitik, 346 00:29:28,740 --> 00:29:33,450 La Quadrature du Net, and all the others, who are thankfully, too numerous to name here 347 00:29:33,450 --> 00:29:38,440 -- we may yet win the battle, and secure the ammunition we'll need for the war. 348 00:29:38,440 --> 00:29:39,499 Thank you. 349 00:29:39,499 --> 00:30:11,518 [Sustained applause] 350 00:30:11,518 --> 00:30:16,480 [Doctorow] So, either questions or long, rambling statements followed by "What do you think of that?" 351 00:30:16,526 --> 00:30:19,157 [laughter] 352 00:30:19,157 --> 00:30:20,472 [Doctorw] Yes. Any questions? 353 00:30:21,068 --> 00:30:26,430 [Organizer (?)] If you have questions, can you go to the microphones that are in the aisles, here 354 00:30:26,549 --> 00:30:33,726 and just ask away. If you form a neat, orderly line, we'll go, you know, left-right left-right 355 00:30:37,738 --> 00:30:40,853 [Question] So if you game this out all the way to the end 356 00:30:41,711 --> 00:30:48,976 You end up with a situation where either the censorship people have to 357 00:30:48,976 --> 00:30:56,795 outlaw von Neumann and Herbert's architectures and replace them with something that's not a universal Turing machine, 358 00:30:58,734 --> 00:31:03,861 or they lose, full stop. I mean, and there is a big spectrum in between the two. 359 00:31:03,861 --> 00:31:06,834 don't let me distract from that. I mean, you know. 360 00:31:06,834 --> 00:31:10,949 I'm talking about the very last bastion line of freedom, there. 361 00:31:11,945 --> 00:31:16,257 Do you think a bunch of assholes that don't even understand how DNS works 362 00:31:16,307 --> 00:31:20,880 are going to be willing to shoot themselves in the - head that hard? 363 00:31:21,249 --> 00:31:27,312 [Doctorow] I guess my answer is that the fact that there's no 364 00:31:27,312 --> 00:31:30,851 such thing as witchcraft, didn't stop them from burning a lot of witches, right? So... 365 00:31:30,851 --> 00:31:32,820 [Laughter, applause] 366 00:31:32,820 --> 00:31:39,251 By the same token, I think the ineffectiveness of the remedy is actually even worse for us, right? 367 00:31:39,251 --> 00:31:43,875 Because this is like the five year plan that produces no wheat, 368 00:31:43,875 --> 00:31:50,248 that yields an even more drastic five year plan that also produces no corn, right? 369 00:31:50,248 --> 00:31:53,891 I mean, this will make them angrier, and cause them 370 00:31:53,891 --> 00:31:56,715 to expand the scope of the regulation, you know. 371 00:31:56,715 --> 00:32:00,340 "The beatings will continue until morale improves" as the T-shirt goes, right? 372 00:32:00,340 --> 00:32:03,002 That's actually my worry. 373 00:32:03,002 --> 00:32:07,942 I think that if they saw some success, they might actually back off. 374 00:32:08,371 --> 00:32:11,478 The fact that this will be a dismo failure over and over and over again, 375 00:32:11,478 --> 00:32:14,894 the fact that terrorist will continue to communicate terrorist messages 376 00:32:14,894 --> 00:32:18,180 and child pornographers will continue to communicate child pornographic messages 377 00:32:18,180 --> 00:32:21,757 and so on, will just make them try harder at ineffective remedies 378 00:32:21,757 --> 00:32:24,794 [interlocutor] yeah, i mean a specialized Touring machine on an Asic[?] 379 00:32:24,794 --> 00:32:27,603 is actually really,really hard, 'cause you have to make one 380 00:32:27,603 --> 00:32:30,237 for every application,and that sucks... 381 00:32:30,237 --> 00:32:33,876 [Doctorow] Yeah, so again, I don't think they are going to ban general purpose computers. 382 00:32:33,876 --> 00:32:35,997 I think what they're going to do 383 00:32:35,997 --> 00:32:38,766 is they're going to say "We want more spyware in computers", 384 00:32:38,766 --> 00:32:42,195 "we want more U-EFI",we want... and not just like U-EFI that 385 00:32:42,195 --> 00:32:44,923 helps you detect spyware,but U-EFI where the signings 386 00:32:44,923 --> 00:32:47,732 are controlled by third parties,you don't have an easy owner override 387 00:32:47,732 --> 00:32:49,078 and all the rest of it. 388 00:32:49,078 --> 00:32:51,974 I think that that's going to be the trajectory of this stuff. 389 00:32:51,974 --> 00:32:57,051 Not "gosh, you know, that stupid policy that we pursued 390 00:32:57,051 --> 00:32:59,969 at great expense for 10 years was a complete failure. 391 00:32:59,969 --> 00:33:02,961 We should admit it and move on". I think that the answer is going to be 392 00:33:02,961 --> 00:33:05,600 "Oh my God, you know, look at what idiots we look like... 393 00:33:05,600 --> 00:33:09,308 we can't possibly admit defeat." You know, see the war on drugs. 394 00:33:09,308 --> 00:33:15,701 [laughs and claps] 395 00:33:15,701 --> 00:33:18,991 I'll answer you in a second 'cause there's someone already ready for a question. 396 00:33:18,991 --> 00:33:27,168 [Conductor] We'll take… We actually got quite a bit of time. here. So, next question. 397 00:33:28,691 --> 00:33:38,440 [Question] Regarding the recent initiative by a big software company 398 00:33:38,440 --> 00:33:45,807 to promote secure boot on U-EFI, do you think that personal computers 399 00:33:45,807 --> 00:33:58,950 will arrive like the situation in the… like the Playstation platforms soon? 400 00:33:58,950 --> 00:34:08,809 And what do you think that we'll have some means to counterattack or to… 401 00:34:08,809 --> 00:34:11,806 [Doctorow] Yeah, so the question is really "Is U-EFI going to be a means 402 00:34:11,806 --> 00:34:14,522 of freezing out alternative operating systems 403 00:34:14,522 --> 00:34:21,801 on the desktop. And I kinda feel like, kind of technocratic, well educated, western, northern... 404 00:34:21,801 --> 00:34:26,591 middle class people are gonna be able to figure how to get around this stuff 405 00:34:26,748 --> 00:34:31,878 what i am more concerned about not least because I think organizations like the FTC 406 00:34:31,878 --> 00:34:35,478 will probably eject pretty strenuously unless there is 407 00:34:35,478 --> 00:34:38,578 you know you can take a lid off and press a little red button to reset 408 00:34:38,578 --> 00:34:40,836 which is what they are talking aboout now 409 00:34:40,851 --> 00:34:44,851