WEBVTT

00:00:08.530 --> 00:00:09.699
Introducer:

NOTE Paragraph

00:00:09.699 --> 00:00:16.250
Anyway, I believe I've killed enough time so, ladies and gentlemen, a person who

NOTE Paragraph

00:00:16.250 --> 00:00:22.169
in this crowd needs absolutely no introduction, Cory Doctorow!

NOTE Paragraph

00:00:22.169 --> 00:00:24.660
[Audience applauds]

NOTE Paragraph

00:00:24.660 --> 00:00:25.910
Doctorow:

NOTE Paragraph

00:00:25.910 --> 00:00:29.640
Thank you.

NOTE Paragraph

00:00:29.640 --> 00:00:36.640
So, when I speak in places where the first language of the nation is not English,

NOTE Paragraph

00:00:37.640 --> 00:00:44.268
there is a disclaimer and an apology, because I'm one of nature's fast talkers. When I was

NOTE Paragraph

00:00:44.268 --> 00:00:49.679
at the United Nations at the World Intellectual Property Organization, I was known as the

NOTE Paragraph

00:00:49.679 --> 00:00:55.550
"scourge" of the simultaneous translation corps; I would stand up and speak, and turn

NOTE Paragraph

00:00:55.549 --> 00:00:59.678
around, and there would be window after window of translator, and every one of them would

00:00:59.679 --> 00:01:06.519
be doing this [Doctorow facepalms]. [Audience laughs] So in advance, I give you permission

00:01:06.519 --> 00:01:11.349
when I start talking quickly to do this [Doctorow makes SOS motion] and I will slow down.

00:01:11.349 --> 00:01:17.059
So, tonight's talk -- wah, wah, waaah [Doctorow makes 'fail horn' sound, apparently

00:01:17.060 --> 00:01:22.060
in response to audience making SOS motion; audience laughs]] -- tonight's talk is not

00:01:22.060 --> 00:01:28.600
a copyright talk. I do copyright talks all the time; questions about culture and creativity

00:01:28.599 --> 00:01:33.908
are interesting enough, but to be honest, I'm quite sick of them. If you want to hear

00:01:33.909 --> 00:01:39.210
freelancer writers like me bang on about what's happening to the way we earn our living, by

00:01:39.209 --> 00:01:45.019
all means, go and find one of the many talks I've done on this subject on YouTube. But,

00:01:45.019 --> 00:01:49.989
tonight, I want to talk about something more important -- I want talk to talk about general

00:01:49.989 --> 00:01:52.688
purpose computers.

00:01:52.688 --> 00:01:57.688
Because general purpose computers are, in fact, astounding -- so astounding that our

00:01:57.688 --> 00:02:03.188
society is still struggling to come to grips with them: to figure out what they're for,

00:02:03.188 --> 00:02:09.728
to figure out how to accommodate them, and how to cope with them. Which, unfortunately,

00:02:09.729 --> 00:02:12.319
brings me back to copyright.

00:02:12.318 --> 00:02:17.799
Because the general shape of the copyright wars and the lessons they can teach

00:02:17.800 --> 00:02:23.310
us about the upcoming fights over the destiny of the general purpose computer are important.

00:02:23.310 --> 00:02:30.310
In the beginning, we had packaged software, and the attendant industry, and we had sneakernet.

00:02:31.689 --> 00:02:38.099
So, we had floppy disks in ziplock bags, or in cardboard boxes, hung on pegs in shops,

00:02:38.099 --> 00:02:43.780
and sold like candy bars and magazines. And they were eminently susceptible to duplication,

00:02:43.780 --> 00:02:49.500
and so they were duplicated quickly, and widely, and this was to the great chagrin of people

00:02:49.500 --> 00:02:51.680
who made and sold software.

00:02:51.680 --> 00:02:58.680
Enter DRM 0.96. They started to introduce physical defects to the disks or

00:02:59.430 --> 00:03:05.770
started to insist on other physical indicia which the software could check for -- dongles,

00:03:05.770 --> 00:03:10.659
hidden sectors, challenge/response protocols that required that you had physical possession

00:03:10.659 --> 00:03:17.329
of large, unwieldy manuals that were difficult to copy, and of course these failed, for two

00:03:17.330 --> 00:03:23.090
reasons. First, they were commercially unpopular, of course, because they reduced the usefulness

00:03:23.090 --> 00:03:27.599
of the software to the legitimate purchasers, while leaving the people who took the software

00:03:27.599 --> 00:03:32.789
without paying for it untouched. The legitimate purchasers resented the non-functionality

00:03:32.789 --> 00:03:38.239
of their backups, they hated the loss of scarce ports to the authentication dongles, and they

00:03:38.240 --> 00:03:43.620
resented the inconvenience of having to transport large manuals when they wanted to run their

00:03:43.620 --> 00:03:49.259
software. And second, these didn't stop pirates, who found it trivial to patch the software

00:03:49.259 --> 00:03:55.079
and bypass authentication. Typically, the way that happened is some expert who had possession

00:03:55.080 --> 00:04:00.680
of technology and expertise of equivalent sophistication to the software vendor itself,

00:04:00.680 --> 00:04:05.819
would reverse engineer the software and release cracked versions that quickly became widely

00:04:05.819 --> 00:04:11.629
circulated. While this kind of expertise and technology sounded highly specialized, it

00:04:11.629 --> 00:04:16.750
really wasn't; figuring out what recalcitrant programs were doing, and routing around the

00:04:16.750 --> 00:04:22.639
defects in shitty floppy disk media were both core skills for computer programmers, and

00:04:22.639 --> 00:04:27.300
were even more so in the era of fragile floppy disks and the rough-and-ready early days of

00:04:27.300 --> 00:04:33.660
software development. Anti-copying strategies only became more fraught as networks spread;

00:04:33.660 --> 00:04:38.840
once we had BBSes, online services, USENET newsgroups, and mailing lists, the expertise

00:04:38.839 --> 00:04:43.239
of people who figured out how to defeat these authentication systems could be packaged up

00:04:43.240 --> 00:04:49.639
in software as little crack files, or, as the network capacity increased, the cracked

00:04:49.639 --> 00:04:53.419
disk images or executables themselves could be spread on their own.

00:04:53.420 --> 00:05:00.420
Which gave us DRM 1.0. By 1996, it became clear to everyone in the halls of

00:05:00.480 --> 00:05:06.129
power that there was something important about to happen. We were about to have an information

00:05:06.129 --> 00:05:13.069
economy, whatever the hell that was. They assumed it meant an economy where we bought

00:05:13.069 --> 00:05:19.959
and sold information. Now, information technology makes things efficient, so imagine the markets

00:05:19.959 --> 00:05:25.149
that an information economy would have. You could buy a book for a day, you could sell

00:05:25.149 --> 00:05:29.739
the right to watch the movie for one Euro, and then you could rent out the pause button

00:05:29.740 --> 00:05:35.210
at one penny per second. You could sell movies for one price in one country, and another

00:05:35.209 --> 00:05:41.229
price in another, and so on, and so on; the fantasies of those days were a little like

00:05:41.230 --> 00:05:46.879
a boring science fiction adaptation of the Old Testament book of Numbers, a kind of tedious

00:05:46.879 --> 00:05:52.079
enumeration of every permutation of things people do with information and the ways we

00:05:52.079 --> 00:05:54.019
could charge them for it.

00:05:54.019 --> 00:05:58.870
But none of this would be possible unless we could control how people use their

00:05:58.870 --> 00:06:04.418
computers and the files we transfer to them. After all, it was well and good to talk about

00:06:04.418 --> 00:06:10.089
selling someone the 24 hour right to a video, or the right to move music onto an iPod, but

00:06:10.089 --> 00:06:15.219
not the right to move music from the iPod onto another device, but how the Hell could

00:06:15.220 --> 00:06:19.850
you do that once you'd given them the file? In order to do that, to make this work, you

00:06:19.850 --> 00:06:24.340
needed to figure out how to stop computers from running certain programs and inspecting

00:06:24.339 --> 00:06:29.668
certain files and processes. For example, you could encrypt the file, and then require

00:06:29.668 --> 00:06:34.000
the user to run a program that only unlocked the file under certain circumstances.

00:06:34.000 --> 00:06:40.990
But as they say on the Internet, "now you have two problems". You also, now,

00:06:40.990 --> 00:06:45.050
have to stop the user from saving the file while it's in the clear, and you have to stop

00:06:45.050 --> 00:06:49.639
the user from figuring out where the unlocking program stores its keys, because if the user

00:06:49.639 --> 00:06:53.819
finds the keys, she'll just decrypt the file and throw away that stupid player app.

00:06:53.819 --> 00:06:58.370
And now you have three problems [audience laughs], because now you have to

00:06:58.370 --> 00:07:02.019
stop the users who figure out how to render the file in the clear from sharing it with

00:07:02.019 --> 00:07:07.060
other users, and now you've got four! problems, because now you have to stop the users who

00:07:07.060 --> 00:07:11.709
figure out how to extract secrets from unlocking programs from telling other users how to do

00:07:11.709 --> 00:07:16.829
it too, and now you've got five! problems, because now you have to stop users who figure

00:07:16.829 --> 00:07:20.680
out how to extract secrets from unlocking programs from telling other users what the

00:07:20.680 --> 00:07:22.069
secrets were!

00:07:22.069 --> 00:07:28.909
That's a lot of problems. But by 1996, we had a solution. We had the WIPO Copyright

00:07:28.910 --> 00:07:32.990
Treaty, passed by the United Nations World Intellectual Property Organization, which

00:07:32.990 --> 00:07:37.930
created laws that made it illegal to extract secrets from unlocking programs, and it created

00:07:37.930 --> 00:07:42.250
laws that made it illegal to extract media cleartexts from the unlocking programs while

00:07:42.250 --> 00:07:46.579
they were running, and it created laws that made it illegal to tell people how to extract

00:07:46.579 --> 00:07:51.719
secrets from unlocking programs, and created laws that made it illegal to host copyrighted

00:07:51.720 --> 00:07:58.120
works and secrets and all with a handy streamlined process that let you remove stuff from the

00:07:58.120 --> 00:08:02.728
internet without having to screw around with lawyers, and judges, and all that crap. And

00:08:02.728 --> 00:08:09.728
with that, illegal copying ended forever [audience laughs very hard, applauds], the information

00:08:18.709 --> 00:08:23.489
economy blossomed into a beautiful flower that brought prosperity to the whole wide

00:08:23.490 --> 00:08:29.629
world; as they say on the aircraft carriers, "Mission Accomplished". [audience laughs]

00:08:29.629 --> 00:08:34.490
Well, of course that's not how the story ends because pretty much anyone who

00:08:34.490 --> 00:08:39.629
understood computers and networks understood that while these laws would create more problems

00:08:39.629 --> 00:08:44.179
than they could possibly solve; after all, these were laws that made it illegal to look

00:08:44.179 --> 00:08:49.149
inside your computer when it was running certain programs, they made it illegal to tell people

00:08:49.149 --> 00:08:53.549
what you found when you looked inside your computer, they made it easy to censor material

00:08:53.549 --> 00:08:57.769
on the internet without having to prove that anything wrong had happened; in short, they

00:08:57.769 --> 00:09:04.419
made unrealistic demands on reality and reality did not oblige them. After all, copying only

00:09:04.419 --> 00:09:09.049
got easier following the passage of these laws -- copying will only ever get easier!

00:09:09.049 --> 00:09:14.328
Here, 2011, this is as hard as copying will get! Your grandchildren will turn to you around

00:09:14.328 --> 00:09:18.419
the Christmas table and say "Tell me again, Grandpa, tell me again, Grandma, about when

00:09:18.419 --> 00:09:23.549
it was hard to copy things in 2011, when you couldn't get a drive the size of your fingernail

00:09:23.549 --> 00:09:27.859
that could hold every song ever recorded, every movie ever made, every word ever spoken,

00:09:27.860 --> 00:09:31.919
every picture ever taken, everything, and transfer it in such a short period of time

00:09:31.919 --> 00:09:36.299
you didn't even notice it was doing it, tell us again when it was so stupidly hard to copy

00:09:36.299 --> 00:09:43.299
things back in 2011". And so, reality asserted itself, and everyone had a good laugh over

00:09:43.490 --> 00:09:47.970
how funny our misconceptions were when we entered the 21st century, and then a lasting

00:09:47.970 --> 00:09:52.759
peace was reached with freedom and prosperity for all. [audience chuckles]

00:09:52.759 --> 00:09:57.949
Well, not really. Because, like the nursery rhyme lady who swallows a spider

00:09:57.948 --> 00:10:02.328
to catch a fly, and has to swallow a bird to catch the spider, and a cat to catch the

00:10:02.328 --> 00:10:08.849
bird, and so on, so must a regulation that has broad general appeal but is disastrous

00:10:08.850 --> 00:10:13.928
in its implementation beget a new regulation aimed at shoring up the failure of the old

00:10:13.928 --> 00:10:18.110
one. Now, it's tempting to stop the story here and conclude that the problem is that

00:10:18.110 --> 00:10:23.470
lawmakers are either clueless or evil, or possibly evilly clueless, and just leave it

00:10:23.470 --> 00:10:28.730
there, which is not a very satisfying place to go, because it's fundamentally a council

00:10:28.730 --> 00:10:33.350
of despair; it suggests that our problems cannot be solved for so long as stupidity

00:10:33.350 --> 00:10:38.659
and evilness are present in the halls of power, which is to say they will never be solved.

00:10:38.659 --> 00:10:41.100
But I have another theory about what's happened.

00:10:41.100 --> 00:10:46.220
It's not that regulators don't understand information technology, because it should

00:10:46.220 --> 00:10:52.819
be possible to be a non-expert and still make a good law! M.P.s and Congressmen and so on

00:10:52.818 --> 00:10:58.128
are elected to represent districts and people, not disciplines and issues. We don't have

00:10:58.129 --> 00:11:02.490
a Member of Parliament for biochemistry, and we don't have a Senator from the great state

00:11:02.490 --> 00:11:09.240
of urban planning, and we don't have an M.E.P. from child welfare. (But perhaps we should.)

00:11:09.240 --> 00:11:14.610
And yet those people who are experts in policy and politics, not technical disciplines, nevertheless,

00:11:14.610 --> 00:11:20.028
often do manage to pass good rules that make sense, and that's because government relies

00:11:20.028 --> 00:11:24.850
on heuristics -- rules of thumbs about how to balance expert input from different sides

00:11:24.850 --> 00:11:25.790
of an issue.

00:11:25.789 --> 00:11:30.269
But information technology confounds these heuristics -- it kicks the crap out

00:11:30.269 --> 00:11:36.169
of them -- in one important way, and this is it. One important test of whether or not

00:11:36.169 --> 00:11:40.539
a regulation is fit for a purpose is first, of course, whether it will work, but second

00:11:40.539 --> 00:11:45.248
of all, whether or not in the course of doing its work, it will have lots of effects on

00:11:45.249 --> 00:11:51.619
everything else. If I wanted Congress to write, or Parliament to write, or the E.U. to regulate

00:11:51.619 --> 00:11:56.769
a wheel, it's unlikely I'd succeed. If I turned up and said "well, everyone knows that wheels

00:11:56.769 --> 00:12:01.980
are good and right, but have you noticed that every single bank robber has four wheels on

00:12:01.980 --> 00:12:06.449
his car when he drives away from the bank robbery? Can't we do something about this?",

00:12:06.448 --> 00:12:11.188
the answer would of course be "no". Because we don't know how to make a wheel that is

00:12:11.188 --> 00:12:16.799
still generally useful for legitimate wheel applications but useless to bad guys. And

00:12:16.799 --> 00:12:20.958
we can all see that the general benefits of wheels are so profound that we'd be foolish

00:12:20.958 --> 00:12:26.469
to risk them in a foolish errand to stop bank robberies by changing wheels. Even if there

00:12:26.470 --> 00:12:31.050
were an /epidemic/ of bank robberies, even if society were on the verge of collapse thanks

00:12:31.049 --> 00:12:34.998
to bank robberies, no-one would think that wheels were the right place to start solving

00:12:34.999 --> 00:12:36.149
our problems.

00:12:36.149 --> 00:12:42.470
But. If I were to show up in that same body to say that I had absolute proof

00:12:42.470 --> 00:12:48.300
that hands-free phones were making cars dangerous, and I said, "I would like you to pass a law

00:12:48.299 --> 00:12:52.618
that says it's illegal to put a hands-free phone in a car", the regulator might say "Yeah,

00:12:52.619 --> 00:12:56.499
I'd take your point, we'd do that". And we might disagree about whether or not this is

00:12:56.499 --> 00:13:00.808
a good idea, or whether or not my evidence made sense, but very few of us would say "well,

00:13:00.808 --> 00:13:06.519
once you take the hands-free phones out of the car, they stop being cars". We understand

00:13:06.519 --> 00:13:12.100
that we can keep cars cars even if we remove features from them. Cars are special purpose,

00:13:12.100 --> 00:13:16.860
at least in comparison to wheels, and all that the addition of a hands-free phone does

00:13:16.860 --> 00:13:22.829
is add one more feature to an already-specialized technology. In fact, there's that heuristic

00:13:22.828 --> 00:13:27.479
that we can apply here -- special-purpose technologies are complex. And you can remove

00:13:27.480 --> 00:13:32.569
features from them without doing fundamental disfiguring violence to their underlying utility.

00:13:32.568 --> 00:13:38.308
This rule of thumb serves regulators well, by and large, but it is rendered null

00:13:38.308 --> 00:13:42.868
and void by the general-purpose computer and the general-purpose network -- the PC and

00:13:42.869 --> 00:13:48.230
the Internet. Because if you think of computer software as a feature, that is a computer

00:13:48.230 --> 00:13:52.649
with spreadsheets running on it has a spreadsheet feature, and one that's running World of Warcraft

00:13:52.649 --> 00:13:57.899
has an MMORPG feature, then this heuristic leads you to think that you could reasonably

00:13:57.899 --> 00:14:02.318
say, "make me a computer that doesn't run spreadsheets", and that it would be no more

00:14:02.318 --> 00:14:07.028
of an attack on computing than "make me a car without a hands-free phone" is an attack

00:14:07.028 --> 00:14:12.610
on cars. And if you think of protocols and sites as features of the network, then saying

00:14:12.610 --> 00:14:18.938
"fix the Internet so that it doesn't run BitTorrent", or "fix the Internet so that thepiratebay.org

00:14:18.938 --> 00:14:23.708
no longer resolves", then it sounds a lot like "change the sound of busy signals", or

00:14:23.708 --> 00:14:28.438
"take that pizzeria on the corner off the phone network", and not like an attack on

00:14:28.438 --> 00:14:30.899
the fundamental principles of internetworking.

00:14:30.899 --> 00:14:36.419
Not realizing that this rule of thumb that works for cars and for houses and

00:14:36.419 --> 00:14:41.188
for every other substantial area of technological regulation fails for the Internet does not

00:14:41.188 --> 00:14:45.058
make you evil and it does not make you an ignoramus. It just makes you part of that

00:14:45.058 --> 00:14:50.678
vast majority of the world for whom ideas like "Turing complete" and "end-to-end" are

00:14:50.678 --> 00:14:56.838
meaningless. So, our regulators go off, and they blithely pass these laws, and they become

00:14:56.839 --> 00:15:01.439
part of the reality of our technological world. There are suddenly numbers that we aren't

00:15:01.438 --> 00:15:06.289
allowed to write down on the Internet, programs we're not allowed to publish, and all it takes

00:15:06.289 --> 00:15:11.488
to make legitimate material disappear from the Internet is to say "that? That infringes

00:15:11.489 --> 00:15:15.809
copyright.". It fails to attain the actual goal of the regulation; it doesn't stop people

00:15:15.808 --> 00:15:21.118
from violating copyright, but it bears a kind of superficial resemblance to copyright enforcement

00:15:21.119 --> 00:15:26.959
-- it satisfies the security syllogism: "something must be done, I am doing something, something

00:15:26.958 --> 00:15:32.789
has been done." And thus any failures that arise can be blamed on the idea that the regulation

00:15:32.789 --> 00:15:37.858
doesn't go far enough, rather than the idea that it was flawed from the outset.

00:15:37.859 --> 00:15:42.399
This kind of superficial resemblance and underlying divergence happens in other

00:15:42.399 --> 00:15:46.999
engineering contexts. I've a friend who was once a senior executive at a big consumer

00:15:46.999 --> 00:15:50.928
packaged goods company who told me about what happened when the marketing department told

00:15:50.928 --> 00:15:55.198
the engineers that they'd thought up a great idea for detergent: from now on, they were

00:15:55.198 --> 00:16:00.058
going to make detergent that made your clothes newer every time you washed them! Well after

00:16:00.058 --> 00:16:04.868
the engineers had tried unsuccessfully to convey the concept of "entropy" to the marketing

00:16:04.869 --> 00:16:10.100
department [audience laughs], they arrived at another solution -- "solution" -- they'd

00:16:10.100 --> 00:16:15.959
develop a detergent that used enzymes that attacked loose fiber ends, the kind that you

00:16:15.958 --> 00:16:20.258
get with broken fibers that make your clothes look old. So every time you washed your clothes

00:16:20.259 --> 00:16:25.100
in the detergent, they would look newer. But that was because the detergent was literally

00:16:25.100 --> 00:16:31.100
digesting your clothes! Using it would literally cause your clothes to dissolve in the washing

00:16:31.100 --> 00:16:36.949
machine! This was the opposite of making clothes newer; instead, you were artificially aging

00:16:36.948 --> 00:16:42.828
your clothes every time you washed them, and as the user, the more you deployed the "solution",

00:16:42.828 --> 00:16:47.488
the more drastic your measures had to be to keep your clothes up to date -- you actually

00:16:47.489 --> 00:16:50.720
had to go buy new clothes because the old ones fell apart.

00:16:50.720 --> 00:16:55.129
So today we have marketing departments who say things like "we don't need computers,

00:16:55.129 --> 00:17:00.539
we need... appliances. Make me a computer that doesn't run every program, just a program

00:17:00.539 --> 00:17:05.920
that does this specialized task, like streaming audio, or routing packets, or playing Xbox

00:17:05.920 --> 00:17:10.429
games, and make sure it doesn't run programs that I haven't authorized that might undermine

00:17:10.429 --> 00:17:16.019
our profits". And on the surface, this seems like a reasonable idea -- just a program that

00:17:16.019 --> 00:17:22.679
does one specialized task -- after all, we can put an electric motor in a blender, and

00:17:22.679 --> 00:17:27.059
we can install a motor in a dishwasher, and we don't worry if it's still possible to run

00:17:27.058 --> 00:17:33.490
a dishwashing program in a blender. But that's not what we do when we turn a computer into

00:17:33.490 --> 00:17:38.380
an appliance. We're not making a computer that runs only the "appliance" app; we're

00:17:38.380 --> 00:17:43.870
making a computer that can run every program, but which uses some combination of rootkits,

00:17:43.869 --> 00:17:48.408
spyware, and code-signing to prevent the user from knowing which processes are running,

00:17:48.409 --> 00:17:53.049
from installing her own software, and from terminating processes that she doesn't want.

00:17:53.048 --> 00:17:58.869
In other words, an appliance is not a stripped-down computer -- it is a fully functional computer

00:17:58.869 --> 00:18:02.298
with spyware on it out of the box.

00:18:02.298 --> 00:18:08.750
[audience applauds loudly] Thanks.

00:18:08.750 --> 00:18:14.190
Because we don't know how to build the general purpose computer that is capable

00:18:14.190 --> 00:18:18.538
of running any program we can compile except for some program that we don't like, or that

00:18:18.538 --> 00:18:23.548
we prohibit by law, or that loses us money. The closest approximation that we have to

00:18:23.548 --> 00:18:29.220
this is a computer with spyware -- a computer on which remote parties set policies without

00:18:29.220 --> 00:18:34.220
the computer user's knowledge, over the objection of the computer's owner. And so it is that

00:18:34.220 --> 00:18:37.450
digital rights management always converges on malware.

00:18:37.450 --> 00:18:41.200
There was, of course, this famous incident, a kind of gift to people who have

00:18:41.200 --> 00:18:47.130
this hypothesis, in which Sony loaded covert rootkit installers on 6 million audio CDs,

00:18:47.130 --> 00:18:52.399
which secretly executed programs that watched for attempts to read the sound files on CDs,

00:18:52.398 --> 00:18:56.268
and terminated them, and which also hid the rootkit's existence by causing the kernel

00:18:56.269 --> 00:19:00.819
to lie about which processes were running, and which files were present on the drive.

00:19:00.819 --> 00:19:05.960
But it's not the only example; just recently, Nintendo shipped the 3DS, which opportunistically

00:19:05.960 --> 00:19:10.130
updates its firmware, and does an integrity check to make sure that you haven't altered

00:19:10.130 --> 00:19:15.299
the old firmware in any way, and if it detects signs of tampering, it bricks itself.

00:19:15.298 --> 00:19:20.388
Human rights activists have raised alarms over U-EFI, the new PC bootloader,

00:19:20.388 --> 00:19:25.178
which restricts your computer so it runs signed operating systems, noting that repressive

00:19:25.179 --> 00:19:30.278
governments will likely withhold signatures from OSes unless they have covert surveillance

00:19:30.278 --> 00:19:30.849
operations.

00:19:30.849 --> 00:19:35.178
And on the network side, attempts to make a network that can't be used for copyright

00:19:35.179 --> 00:19:40.710
infringement always converges with the surveillance measures that we know from repressive governments.

00:19:40.710 --> 00:19:47.700
So, SOPA, the U.S. Stop Online Piracy Act, bans tools like DNSSec because they can be

00:19:47.700 --> 00:19:52.519
used to defeat DNS blocking measures. And it blocks tools like Tor, because they can

00:19:52.519 --> 00:19:57.759
be used to circumvent IP blocking measures. In fact, the proponents of SOPA, the Motion

00:19:57.759 --> 00:20:03.119
Picture Association of America, circulated a memo, citing research that SOPA would probably

00:20:03.119 --> 00:20:08.599
work, because it uses the same measures as are used in Syria, China, and Uzbekistan,

00:20:08.599 --> 00:20:12.388
and they argued that these measures are effective in those countries, and so they would work

00:20:12.388 --> 00:20:13.879
in America, too!

00:20:13.880 --> 00:20:20.278
[audience laughs and applauds] Don't applaud me, applaud the MPAA!

00:20:20.278 --> 00:20:26.038
Now, it may seem like SOPA is the end game in a long fight over copyright, and

00:20:26.038 --> 00:20:30.638
the internet, and it may seem like if we defeat SOPA, we'll be well on our way to securing

00:20:30.638 --> 00:20:36.319
the freedom of PCs and networks. But as I said at the beginning of this talk, this isn't

00:20:36.319 --> 00:20:42.648
about copyright, because the copyright wars are just the 0.9 beta version of the long

00:20:42.648 --> 00:20:47.489
coming war on computation. The entertainment industry were just the first belligerents

00:20:47.490 --> 00:20:52.339
in this coming century-long conflict. We tend to think of them as particularly successful

00:20:52.339 --> 00:20:58.609
-- after all, here is SOPA, trembling on the verge of passage, and breaking the internet

00:20:58.609 --> 00:21:04.519
on this fundamental level in the name of preserving Top 40 music, reality TV shows, and Ashton

00:21:04.519 --> 00:21:06.929
Kutcher movies! [laughs, scattered applause]

00:21:06.929 --> 00:21:13.100
But the reality is, copyright legislation gets as far as it does precisely because it's

00:21:13.099 --> 00:21:18.980
not taken seriously, which is why on one hand, Canada has had Parliament after Parliament

00:21:18.980 --> 00:21:23.940
introduce one stupid copyright bill after another, but on the other hand, Parliament

00:21:23.940 --> 00:21:29.639
after Parliament has failed to actually vote on the bill. It's why we got SOPA, a bill

00:21:29.638 --> 00:21:36.638
composed of pure stupid, pieced together molecule-by-molecule, into a kind of "Stupidite 250", which is normally

00:21:37.509 --> 00:21:44.110
only found in the heart of newborn star, and it's why these rushed-through SOPA hearings

00:21:44.109 --> 00:21:48.678
had to be adjourned midway through the Christmas break, so that lawmakers could get into a

00:21:48.679 --> 00:21:55.028
real vicious nationally-infamous debate over an important issue, unemployment insurance.

00:21:55.028 --> 00:22:01.839
It's why the World Intellectual Property Organization is gulled time and again into enacting crazed,

00:22:01.839 --> 00:22:07.089
pig-ignorant copyright proposals because when the nations of the world send their U.N. missions

00:22:07.089 --> 00:22:13.069
to Geneva, they send water experts, not copyright experts; they send health experts, not copyright

00:22:13.069 --> 00:22:17.730
experts; they send agriculture experts, not copyright experts, because copyright is just

00:22:17.730 --> 00:22:24.730
not important to pretty much everyone! [applause]

00:22:27.179 --> 00:22:34.179
Canada's Parliament didn't vote on its copyright bills because, of all the

00:22:34.490 --> 00:22:40.169
things that Canada needs to do, fixing copyright ranks well below health emergencies on first

00:22:40.169 --> 00:22:45.440
nations reservations, exploiting the oil patch in Alberta, interceding in sectarian resentments

00:22:45.440 --> 00:22:49.798
among French- and English-speakers, solving resources crises in the nation's fisheries,

00:22:49.798 --> 00:22:54.929
and thousand other issues! The triviality of copyright tells you that when other sectors

00:22:54.929 --> 00:23:00.559
of the economy start to evince concerns about the internet and the PC, that copyright will

00:23:00.558 --> 00:23:06.629
be revealed for a minor skirmish, and not a war. Why would other sectors nurse grudges

00:23:06.630 --> 00:23:11.659
against computers? Well, because the world we live in today is /made/ of computers. We

00:23:11.659 --> 00:23:15.899
don't have cars anymore, we have computers we ride in; we don't have airplanes anymore,

00:23:15.898 --> 00:23:22.898
we have flying Solaris boxes with a big bucketful of SCADA controllers [laughter]; a 3D printer

00:23:24.409 --> 00:23:30.380
is not a device, it's a peripheral, and it only works connected to a computer; a radio

00:23:30.380 --> 00:23:36.200
is no longer a crystal, it's a general-purpose computer with a fast ADC and a fast DAC and

00:23:36.200 --> 00:23:37.269
some software.

00:23:37.269 --> 00:23:43.200
The grievances that arose from unauthorized copying are trivial, when compared

00:23:43.200 --> 00:23:49.269
to the calls for action that our new computer-embroidered reality will create. Think of radio for a

00:23:49.269 --> 00:23:54.149
minute. The entire basis for radio regulation up until today was based on the idea that

00:23:54.148 --> 00:23:59.178
the properties of a radio are fixed at the time of manufacture, and can't be easily altered.

00:23:59.179 --> 00:24:03.389
You can't just flip a switch on your baby monitor, and turn it into something that interferes

00:24:03.388 --> 00:24:08.609
with air traffic control signals. But powerful software-defined radios can change from baby

00:24:08.609 --> 00:24:13.719
monitor to emergency services dispatcher to air traffic controller just by loading and

00:24:13.720 --> 00:24:18.589
executing different software, which is why the first time the American telecoms regulator

00:24:18.589 --> 00:24:23.878
(the FCC) considered what would happen when we put SDRs in the field, they asked for comment

00:24:23.878 --> 00:24:29.199
on whether it should mandate that all software-defined radios should be embedded in trusted computing

00:24:29.200 --> 00:24:34.778
machines. Ultimately, whether every PC should be locked, so that the programs they run are

00:24:34.778 --> 00:24:37.329
strictly regulated by central authorities.

00:24:37.329 --> 00:24:42.259
And even this is a shadow of what is to come. After all, this was the year in

00:24:42.259 --> 00:24:48.370
which we saw the debut of open sourced shape files for converting AR-15s to full automatic.

00:24:48.369 --> 00:24:53.628
This was the year of crowd-funded open-sourced hardware for gene sequencing. And while 3D

00:24:53.628 --> 00:24:57.750
printing will give rise to plenty of trivial complaints, there will be judges in the American

00:24:57.750 --> 00:25:02.730
South and Mullahs in Iran who will lose their minds over people in their jurisdiction printing

00:25:02.730 --> 00:25:09.509
out sex toys. [guffaw from audience] The trajectory of 3D printing will most certainly raise real

00:25:09.509 --> 00:25:13.409
grievances, from solid state meth labs, to ceramic knives.

00:25:13.409 --> 00:25:17.950
And it doesn't take a science fiction writer to understand why regulators might

00:25:17.950 --> 00:25:23.889
be nervous about the user-modifiable firmware on self-driving cars, or limiting interoperability

00:25:23.888 --> 00:25:28.788
for aviation controllers, or the kind of thing you could do with bio-scale assemblers and

00:25:28.788 --> 00:25:34.240
sequencers. Imagine what will happen the day that Monsanto determines that it's really...

00:25:34.240 --> 00:25:39.000
really... important to make sure that computers can't execute programs that cause specialized

00:25:39.000 --> 00:25:44.940
peripherals to output organisms that eat their lunch... literally. Regardless of whether

00:25:44.940 --> 00:25:50.070
you think these are real problems or merely hysterical fears, they are nevertheless the

00:25:50.069 --> 00:25:54.439
province of lobbies and interest groups that are far more influential than Hollywood and

00:25:54.440 --> 00:25:59.600
big content are on their best days, and every one of them will arrive at the same place

00:25:59.599 --> 00:26:04.928
-- "can't you just make us a general purpose computer that runs all the programs, except

00:26:04.929 --> 00:26:10.019
the ones that scare and anger us? Can't you just make us an Internet that transmits any

00:26:10.019 --> 00:26:14.929
message over any protocol between any two points, unless it upsets us?"

00:26:14.929 --> 00:26:18.879
And personally, I can see that there will be programs that run on general

00:26:18.878 --> 00:26:24.099
purpose computers and peripherals that will even freak me out. So I can believe that people

00:26:24.099 --> 00:26:28.369
who advocate for limiting general purpose computers will find receptive audience for

00:26:28.369 --> 00:26:33.739
their positions. But just as we saw with the copyright wars, banning certain instructions,

00:26:33.740 --> 00:26:39.470
or protocols, or messages, will be wholly ineffective as a means of prevention and remedy;

00:26:39.470 --> 00:26:45.589
and as we saw in the copyright wars, all attempts at controlling PCs will converge on rootkits;

00:26:45.589 --> 00:26:51.480
all attempts at controlling the Internet will converge on surveillance and censorship, which

00:26:51.480 --> 00:26:57.179
is why all this stuff matters. Because we've spent the last 10+ years as a body sending

00:26:57.179 --> 00:27:01.639
our best players out to fight what we thought was the final boss at the end of the game,

00:27:01.638 --> 00:27:06.099
but it turns out it's just been the mini-boss at the end of the level, and the stakes are

00:27:06.099 --> 00:27:07.339
only going to get higher.

00:27:07.339 --> 00:27:11.509
As a member of the Walkman generation, I have made peace with the fact that I will

00:27:11.509 --> 00:27:17.089
require a hearing aid long before I die, and of course, it won't be a hearing aid, it will

00:27:17.089 --> 00:27:22.480
be a computer I put in my body. So when I get into a car -- a computer I put my body

00:27:22.480 --> 00:27:27.579
into -- with my hearing aid -- a computer I put inside my body -- I want to know that

00:27:27.579 --> 00:27:32.398
these technologies are not designed to keep secrets from me, and to prevent me from terminating

00:27:32.398 --> 00:27:39.398
processes on them that work against my interests. [vigorous applause from audience] Thank you

00:27:39.584 --> 00:27:47.846
[applause continues]

00:27:47.846 --> 00:27:51.973
Thank you. So, last year, the Lower Merion School District,

00:27:51.973 --> 00:27:55.079
in a middle-class, affluent suburb of Philadelphia,

00:27:55.079 --> 00:27:57.092
found itself in a great deal of trouble,

00:27:57.092 --> 00:28:01.184
because it was caught distributing PCs to its students, equipped with rootkits

00:28:01.184 --> 00:28:05.858
that allowed for remote covert surveillance through the computer's camera and network connection.

00:28:05.858 --> 00:28:09.803
It transpired that they had been photographing students thousands of times,

00:28:09.803 --> 00:28:14.348
at home and at school, awake and asleep, dressed and naked.

00:28:14.394 --> 00:28:18.021
Meanwhile, the latest generation of lawful intercept technology

00:28:18.021 --> 00:28:23.990
can covertly operate cameras, mics, and GPSes on PCs, tablets, and mobile devices.

00:28:23.990 --> 00:28:29.930
Freedom in the future will require us to have the capacity to monitor our devices

00:28:29.930 --> 00:28:36.419
and set meaningful policy on them, to examine and terminate the processes that run on them,

00:28:36.419 --> 00:28:39.635
to maintain them as honest servants to our will,

00:28:39.635 --> 00:28:44.548
and not as traitors and spies working for criminals, thugs, and control freaks.

00:28:44.548 --> 00:28:48.623
And we haven't lost yet, but we have to win the copyright wars

00:28:48.623 --> 00:28:51.469
to keep the Internet and the PC free and open.

00:28:51.469 --> 00:28:58.021
Because these are themateriel in the wars that are to come, we won't be able to fight on without them.

00:28:58.021 --> 00:29:03.729
And I know this sounds like a counsel of despair, but as I said, these are early days.

00:29:03.821 --> 00:29:08.264
We have been fighting the mini-boss, and that means that great challenges are yet to come,

00:29:08.264 --> 00:29:14.348
but like all good level designers, fate has sent us a soft target to train ourselves on.

00:29:15.179 --> 00:29:20.386
We have a chance, a real chance, and if we support open and free systems,

00:29:20.432 --> 00:29:28.590
and the organizations that fight for them -- EFF, Bits of Freedom , EDRI, ORG, CC, Netzpolitik,

00:29:28.740 --> 00:29:33.450
La Quadrature du Net, and all the others, who are thankfully, too numerous to name here

00:29:33.450 --> 00:29:38.440
-- we may yet win the battle, and secure the ammunition we'll need for the war.

00:29:38.440 --> 00:29:39.499
Thank you.

00:29:39.499 --> 00:30:11.518
[Sustained applause]

00:30:11.518 --> 00:30:16.480
[Doctorow] So, either questions or long, rambling statements followed by "What do you think of that?"

00:30:16.526 --> 00:30:19.157
[laughter]

00:30:19.157 --> 00:30:20.472
[Doctorw] Yes. Any questions?

00:30:21.068 --> 00:30:26.430
[Organizer (?)] If you have questions, can you go to the microphones that are in the aisles, here

00:30:26.549 --> 00:30:33.726
and just ask away. If you form a neat, orderly line, we'll go, you know, left-right left-right

00:30:37.738 --> 00:30:40.853
[Question] So if you game this out all the way to the end

00:30:41.711 --> 00:30:48.976
You end up with a situation where either the censorship people have to

00:30:48.976 --> 00:30:56.795
outlaw von Neumann and Herbert's architectures and replace them with something that's not a universal Turing machine,

00:30:58.734 --> 00:31:03.861
or they lose, full stop. I mean, and there is a big spectrum in between the two.

00:31:03.861 --> 00:31:06.834
don't let me distract from that. I mean, you know.

00:31:06.834 --> 00:31:10.949
I'm talking about the very last bastion line of freedom, there.

00:31:11.945 --> 00:31:16.257
Do you think a bunch of assholes that don't even understand how DNS works

00:31:16.307 --> 00:31:20.880
are going to be willing to shoot themselves in the - head that hard?

00:31:21.249 --> 00:31:27.312
[Doctorow] I guess my answer is that the fact that there's no

00:31:27.312 --> 00:31:30.851
such thing as witchcraft, didn't stop them from burning a lot of witches, right? So...

00:31:30.851 --> 00:31:32.820
[Laughter, applause]

00:31:32.820 --> 00:31:39.251
By the same token, I think the ineffectiveness of the remedy is actually even worse for us, right?

00:31:39.251 --> 00:31:43.875
Because this is like the five year plan that produces no wheat,

00:31:43.875 --> 00:31:50.248
that yields an even more drastic five year plan that also produces no corn, right?

00:31:50.248 --> 00:31:53.891
I mean, this will make them angrier, and cause them

00:31:53.891 --> 00:31:56.715
to expand the scope of the regulation, you know.

00:31:56.715 --> 00:32:00.340
"The beatings will continue until morale improves" as the T-shirt goes, right?

00:32:00.340 --> 00:32:03.002
That's actually my worry.

00:32:03.002 --> 00:32:07.942
I think that if they saw some success, they might actually back off.

00:32:08.371 --> 00:32:11.478
The fact that this will be a dismo failure over and over and over again,

00:32:11.478 --> 00:32:14.894
the fact that terrorist will continue to communicate terrorist messages

00:32:14.894 --> 00:32:18.180
and child pornographers will continue to communicate child pornographic messages

00:32:18.180 --> 00:32:21.757
and so on, will just make them try harder at ineffective remedies

00:32:21.757 --> 00:32:24.794
[interlocutor] yeah, i mean a specialized Touring machine on an Asic[?]

00:32:24.794 --> 00:32:27.603
is actually really,really hard, 'cause you have to make one

00:32:27.603 --> 00:32:30.237
for every application,and that sucks...

00:32:30.237 --> 00:32:33.876
[Doctorow] Yeah, so again, I don't think they are going to ban general purpose computers.

00:32:33.876 --> 00:32:35.997
I think what they're going to do

00:32:35.997 --> 00:32:38.766
is they're going to say "We want more spyware in computers",

00:32:38.766 --> 00:32:42.195
"we want more U-EFI",we want... and not just like U-EFI that

00:32:42.195 --> 00:32:44.923
helps you detect spyware,but U-EFI where the signings

00:32:44.923 --> 00:32:47.732
are controlled by third parties,you don't have an easy owner override

00:32:47.732 --> 00:32:49.078
and all the rest of it.

00:32:49.078 --> 00:32:51.974
I think that that's going to be the trajectory of this stuff.

00:32:51.974 --> 00:32:57.051
Not "gosh, you know, that stupid policy that we pursued

00:32:57.051 --> 00:32:59.969
at great expense for 10 years was a complete failure.

00:32:59.969 --> 00:33:02.961
We should admit it and move on". I think that the answer is going to be

00:33:02.961 --> 00:33:05.600
"Oh my God, you know, look at what idiots we look like...

00:33:05.600 --> 00:33:09.308
we can't possibly admit defeat." You know, see the war on drugs.

00:33:09.308 --> 00:33:15.701
[laughs and claps]

00:33:15.701 --> 00:33:18.991
I'll answer you in a second 'cause there's someone already ready for a question.

00:33:18.991 --> 00:33:27.168
[Conductor] We'll take… We actually got quite a bit of time. here. So, next question.

00:33:28.691 --> 00:33:38.440
[Question] Regarding the recent initiative by a big software company

00:33:38.440 --> 00:33:45.807
to promote secure boot on U-EFI, do you think that personal computers

00:33:45.807 --> 00:33:58.950
will arrive like the situation in the… like the Playstation platforms soon?

00:33:58.950 --> 00:34:08.809
And what do you think that we'll have some means to counterattack or to…

00:34:08.809 --> 00:34:11.806
[Doctorow] Yeah, so the question is really "Is U-EFI going to be a means

00:34:11.806 --> 00:34:14.522
of freezing out alternative operating systems

00:34:14.522 --> 00:34:21.801
on the desktop. And I kinda feel like, kind of technocratic, well educated, western, northern...

00:34:21.801 --> 00:34:26.591
middle class people are gonna be able to figure how to get around this stuff

00:34:26.748 --> 00:34:31.878
what i am more concerned about not least because I think organizations like the FTC

00:34:31.878 --> 00:34:35.478
will probably eject pretty strenuously unless there is

00:34:35.478 --> 00:34:38.578
you know you can take a lid off and press a little red button to reset

00:34:38.578 --> 00:34:40.836
which is what they are talking aboout now

00:34:40.851 --> 00:34:44.851