Tuesday, December 29, 2015

Backward laws around technology ownership make self-driving cars more dangerous

Canadian born science fiction author Cory Doctorow writes many excellent articles which try to wake people up to the real technology debates we should be having, recently discussing self-driving cars.  He makes the appropriate link to what I call "dishonest relationship misinformation" (DRM), which some incorrectly call Digital Rights Management due to a confusion on how technology works (they believe it is the interests of copyright holders being protected, when it is the rights of technology owners being revoked).

I always like to extend the discussion beyond questions about whether owners should be treated as threats to asking why we can't move away from these unethical questions to making the obvious ethical choice.  We never need to treat owners in an unethical (even if temporarily legally protected) way if we clarified who owns what.

If a vehicle is owned by a taxi company or municipal transportation authority, it is obvious that its passengers should not be legally allowed to modify the vehicles software.  There is no moral issue here, and the passengers know they are passengers whether there is a human or computer driver.  If they don't trust the organization providing the transportation, they can change transportation methods and/or lobby government to provide adequate regulation of these industries. Governments can properly regulate these industries to ensure passenger and public safety, just as they always had in other transportation industries such as airlines that have had driving assist for a very long time. These devices can also be more easily secured from unauthorized remote control given there is no reason to try to hide unauthorized software from the devices owner. The law can provide owners incentives to secure this technology, rather than backward laws making it illegal for owners to secure their own technology.  Ownership is clear, security is clear, regulations are clear, and the passenger can clearly understand their relationship with the mode of transportation they have chosen.

If a car is sold to an individual, and yet a third party (whether government or the manufacturer) wants to retain control, then we get into the very dangerous territory that Cory is discussing.  Terrorists breaking into the security of (by law required to be insecure) vehicles and using those remotely controlled vehicles as part of an attack is an obvious scenario for self-driving vehicles.  While we won't be counting the costs in lives lost, this does not mean we should ignore other technology.   The devices we use to communicate must also be treated with respect, even when they are multi-purpose and can be used for banking transactions as well as watch movies.  The same clear ownership options exist with communications as well as transportation technology.

What the entertainment industry has been duped into asking for, the legal protection of device manufacturers retaining control over devices sold to individuals, has established costs to society that go well beyond the theoretical (and unproven, un-demonstrated) benefits that copyright holders believe it has.

I consider the moral question to be simple:  We must modernize laws to make it clearly illegal for someone other than the owner of a device to be in control of that device.

Whenever someone asks for something different you should be asking about the morality of that individual or industry given they had a moral choice to make, and yet decided to be promoting the immoral option.  There are reasons why the entertainment industry was lobbying against anti-malware lawsThose industries want to run software in a way that is undetected by the owner of the device in order to verify that their content is not being "stolen".  But, this is precisely what malware does when it it steals passwords.  There is no moral difference between the entertainment industry malware from that written by credit card thieves.

I discussed these pro-infringement organizations in my submission to the parliamentary committee studying Bill C-11

Only once we modernize the law to properly handle basic technology ownership can we rationally approach dilemmas such as the Trolley Problem.

Saturday, December 12, 2015

Trans-Pacific Partnership would lock Canada into Harper's mistakes

The following is the text of a letter sent to our Prime Minister, my local MP, and a few key ministers.

The Right Honourable Justin P. J. Trudeau, Prime Minister of Canada

Copies to:

David McGuinty, M.P., Ottawa South (my riding)

The Honourable Chrystia Freeland, Minister of International Trade (asking for feedback on TPP)

The Honourable Navdeep Singh Bains,  Minister of Innovation, Science and Economic Development (Non-owner locks on digital technology has great impact on this portfolio. Industry Minister listed as responsible for Copyright Act currently tainted with problematic policy)

The Honourable Kirsty Duncan,  Minister of Science (Support for problematic policy largely comes from science fiction belief of how technology works.  Policy needs scientific evidence based review)

Prime Minister Trudeau,

We met at your constituency office in July 2010, and you tweeted my summary of the meeting to your followers: https://twitter.com/JustinTrudeau/status/19273983682

We discussed the then Harper Government copyright bill, with my emphasis being on the technological measures aspect of the Bill.   While I believe Harper made some serious mistakes in that part of the bill, I am writing you today to alert you to the fact that section article 18.68 of the Trans-Pacific Partnership would lock Canada into Harper's mistake.

When talking about technological measures, what people often call "digital locks", it is important to understand that there are two locks and not one.

A lock on copyrighted works, nearly always in the form of "encrypted media", cannot do much on its own. Contrary to the common science fiction belief, copyrighted works can not "come alive" and decide to do things (to be copied or not, to self destruct after rental period, etc).  What encrypted media can do is try to tie the decryption and use of the media to devices that are "authorized" by the copyright holder.  Rather than this being a copyright issue, this is a competition law issue (section 77 tied selling) which has all the economic and other harm that requires competition law.

The more critical issue is that, while there are legitimate business arrangements available, the only devices that ever get "authorized" are locked in a way that treats owners as an intruder.  In no other aspect of our lives do we allow third parties to lock owners out of their property, and this should be explicitly prohibited with digital technology.  Discussing copyright in this context is a distraction as the relevant issues include property rights, software transparency and software accountability.  When discussing this policy I would often mention privacy and other human rights infringing telecommunications equipment, medical devices, online banking and retail, and technology used for voting.  More recent issues to add to the list are driverless vehicles, drones, and the Volkswagen emissions scandal. There have been demonstrations of intruders remotely disabling a Jeep while it was on a highway.

Non-owner locks on devices also disallow owners installing software that would extend the useful life of hardware, allowing hardware vendors to force premature hardware upgrades, which has a great impact on the environment.

As more and more aspects of our lives, including basic issues such as transportation, communications, privacy and public safety, are intermediated by computers we must enact legislation that protects software transparency and accountability.  Technologies such as encrypted media abused to tie the ability to access creative works to non-owner locked devices must be legally prohibited, not legally protected as under Harper's bill C-11.  Non-owner locks on devices must be legally prohibited, as owners and others can't have unjustifiable barriers to doing independent software audits.

There is a shorter-term fix to Harper's mistake:  The WIPO treaties never required Canada to enact legislation against "access control" technological measures, but instead required "use control" where the prohibition against circumvention had a direct tie to copyright infringing activities.  This is as it was written in the Liberal Bill C-60, and must be the direction Canada moves.  Unfortunately the TPP calls for "access control" technological measures, which must be rejected.  Canada needs to be actively working with our trade partners to move away from any support for "access control" technological measures, aggressively rejecting claims from extremists who are opposed to (or deliberately oblivious to) technology ownership, software transparency and software accountability.

The technological measures section of the TPP is in addition to article 14.17 which opposes basic software transparency and accountability, and which Stewart Baker (first Assistant Secretary for Policy at the USA's Department of Homeland Security) also suggests is "a bad topic for a trade deal" https://www.washingtonpost.com/news/volokh-conspiracy/wp/2015/11/06/cybersecurity-and-the-tpp/

The Harper government's promotion of the TPP was simplistic: Free trade is good, this is free trade, so therefore it is good.   The policies I oppose will reduce competition, increase barriers to trade, and reduce accountability for government procurement -- all policies which have no business being included in something alleging to be a "free trade" agreement.

I live in Ottawa South, and work on Wellington Street close to your parliamentary offices.  I can be made available to any minister, member of your caucus, or their staff, to discuss this issue further.

Russell McOrmond
[address removed]

Please share with your colleagues as this policy also has serious implications for other portfolios including Public Safety and Emergency Preparedness, Public Services and Procurement, Health, Transport, and National Defence.

Note: I quote Stewart Baker in the introduction page for the Petition to protect Information Technology property rights