I've been writing a lot lately for h+ magazine.

My latest story is about the Moon and the hydrogen that NASA found there.

...the building blocks of water, hydrogen and oxygen, are already everywhere -- all over the Moon. We know that water is created naturally from meteors striking the surface and flash-heating the regolith, which causes iron oxide to be gradually reduced by the hydrogen implanted by the solar wind. The hydrogen in the regolith reacts with the oxygen in the iron oxide to create water. This water, generated on or deposited onto the Moon, is either lost to space or migrates to higher latitudes. The southern polar region, with its permanently shadowed craters, is thought to retain water and other volatiles more efficiently than any other region. We also know that water is deposited into the poles directly via cometary tails that periodically envelope the entire Moon.

Does that mean we can just use the water that's already there? Well, most experts agree there are two main sides to that issue. "Water is water. If you can find it naturally, that's better than having to resort to a chemical combination of hydrogen and oxygen, which requires energy to activate the process," explains Donald Sadoway, a Professor of Materials Chemistry at MIT who has developed a "molten oxide electrolysis" technique for extracting oxygen out of Moon regolith. "However, if the water is to be potable, then purity is an issue. So in any given situation, you need to assess whether it is more costly to purify existing water or to synthesize water from hydrogen and oxygen."

(Above: NASA LCross photo by Northrop Grumman)

To get to the bottom of things, NASA is dropping a completely empty upper stage of the Centaur rocket smack into one of these southern polar craters. Contrary to some inaccurate reports in the popular media, there will be no explosives or military weapons involved. The upper stage is from the LCROSS and LRO's launch back in June, which was retained for this experiment.

"It weighs roughly 2,200 kilograms, and will be moving at about 2.5 kilometers per second (5,600 miles per hour)," explains Day. "It will be coming in very steep, at about 80 degrees, and will make a large enough impact to loft approximately 200 metric tons of material about 10 kilometers into the lunar sky, where it will remain long enough for the LRO and ground-based assets to obtain their data."

NASA is making sure that it comes in at a sharp enough angle this time to cause a recognizable plume or other reaction from the surface. The angle wasn't steep enough when they crashed the Lunar Prospector into the crater in 1999, with no discernable results.

Here's
an interview that was published last month in OpenP2P.com with Brewster Khale.

"Universal Access To All Human Knowledge" is a motto of Raj Reddy from Carnegie Mellon. I found that if you really actually come to understand that statement, then that statement is possible; technologically possible to take, say, all published materials -- all books, music, video, software, web sites -- that it's actually possible to have universal access to all of that. Some for a fee, and some for free. I found that was a life-changing event for me. That is just an inspiring goal. It's the dream of the Greeks, which they embodied, with the Egyptians, in the Library of Alexandria. The idea of having all knowledge accessible.

But, of course, in the Library of Alexandria's case, you had to actually go to Alexandria. They didn't have the Internet. Well, fortunately, we not only have the storage technology to be able to store all of these materials cost-effectively, but we can make it universally available. So that's been just a fabulous goal that causes me to spring out of bed in the morning.

And it also -- when other people sort of catch on to this idea that we could actually do this -- that it helps straighten the path. You know, life, there're lots of paths that sort of wander around. But I find that having a goal that's that far out, but also doable, it helps me keep my direction, keep our organization's direction. And I'm finding that a lot of other people like that direction, as well.

Here is the full text of the interview in case the link goes bad:

http://www.openp2p.com/pub/a/p2p/2004/01/22/kahle.html

Brewster Kahle on the Internet Archive and People's Technology
by Lisa Rein
01/22/2004

Brewster Kahle is the founder and digital librarian for the Internet Archive (IA). He is also on the board of the Electronic Frontier Foundation.

The IA started out as just that -- a non-profit organization dedicated to taking snap shots of the entire Web every six months, in order to create a searchable archive.

One of the main goals of the Internet Archive is to provide "Universal Access to All Human Knowledge." It sounds like a lofty task, but Brewster is firmly committed to it, and truly believes that it is achievable. Anyone in his presence for five minutes or more is likely to feel the same way, because his enthusiasm is quite contagious.

Brewster started the IA in 1996 with his own money, which he earned from the sale of two separate Internet search programs: WAIS, which was bought by AOL, and Alexa Internet, which was bought by Amazon. He has been spending his own money to keep the institution going for the last six years. Recently, in the summer of 2003, he was fortunate enough to receive some grants and corporate sponsorship.

Newer IA projects include creating an open source movie archive, creating a rooftop-based WiFi network across San Francisco, creating an archive of the 2004 presidential candidates (offering every candidate unlimited storage and bandwidth to serve up video), and creating a non-profit documentary archive.
Let's Start with the Internet Archive

Lisa Rein: What's the story behind the birth of the Internet Archive? How did it start?

Brewster Kahle: The Internet Archive started in 1996, when the Internet had reached critical mass. By 1996, there was enough material on the Internet to show that this thing was the cornerstone for how people are going to be publishing. It is the people's library. People were using the Internet in a major way towards making things available, as well as for finding answers to things. And, of course, the Internet is quite fleeting. The average life of a web page is about 100 days. So if you want to have culture you can count on, you need to be able to refer to things. And if things change out from underneath you all the time, then you're in trouble. So what traditionally has happened is that there are libraries, and libraries collect up out-of-print materials and try to preserve and make open access to materials that aren't necessarily commercially viable at the moment. The Internet Archive is just a library. It just happens to be a library that mostly is composed of bits.

LR: How did you get the funding for it?

BK: The funding for the Internet Archive came originally from the success of selling a couple of Internet companies on the path towards building a library. So the original funding was from me, based on selling one company, WAIS, Inc. which was the first Internet publishing system, to America Online. And then Alexa Internet, which was a company short for "the Library of Alexandria," to try to catalog the Web. So all of these were trying to build towards the library, and these companies were sold to successful companies and so that gave me enough money to kick start the Internet Archive. At this point, it's funded by private foundations, government grants, and in-kind donations from corporations.

LR: So AOL bought WAIS and who bought Alexa?

BK: Amazon bought Alexa.

LR: What are some of the grants? Didn't you get some good grants lately, during the past year?

BK: Oh yes, we've been very fortunate in this phase of the Internet Archive's life. The Sloan Foundation gave us a significant grant towards helping get the materials up and able to be used by researchers all over the world, and the Hewlett Foundation also gave us a sizable grant to bring more digital materials from a lot of non-profit institutions to give them permanent access.

For instance, a lot of organizations create documentaries that maybe are shown once or twice, but they're not permanently available. But their general approach was to have things to be available. So by having a library be able to digitize and host these materials, we hope to bring a lot of non-profit materials up and out onto the Internet so they can be leveraged and used by people all over the world.

Brewster Kahle speaking at the O'Reilly 2003 Emerging Technology Conference in Santa Clara, CA

LR: How many people work here at the Internet Archive right now?

BK: There are 12 people full-time here at the Internet Archive -- probably 20 if you count, all told. There are a lot of people that come through. We've got a programmer from Norway and a programmer from Iceland here now. We had a programmer from Japan that sort of came through and helped intern and shared the technology that they know and also what we know.

LR: What would you tell somebody that was interested in participating somehow? You're always looking for people to work on projects, right?

BK: We're always looking for help. People are helping in many, many different ways. By curating collections. By keeping good web sites. By making sure that web sites can be archived -- is how thousands of people are helping. But people are also helping curate some of the collections that are here. We have volunteers that are helping with, oh, things like SFLan and some of the technical work that we do. But also, we are growing slowly and we are hiring a few more people -- mostly very technical.

LR: Talk about SFLan a bit.

BK: SFLan is a wireless project that is based around San Francisco. The idea is to experiment using the wireless network to do a rooftop network, to use to use commodity wireless 802.11 WiFi stuff to hop from roof to roof to roof to provide an alternative to DSL and cable for the last mile.

If we can make that both be open and have distributed ownership, then people would own the roadways and they would basically control their network, which is what the Internet really is.

LR: What do you mean by "the last mile," exactly?

BK: Trying to get the last piece from getting from a central location where there might be a fiber that comes to a city, and try to get that distributed so that people in their homes can not only get materials at video speeds, 3-5 megabits per second -- DVD-like speeds -- but also act as servers to make things available to others over the Internet at high speeds.

These are some of the things that are very difficult to do, if not impossible, with the current commercial DSL and cable providers. And we're looking to see how we can not only establish that baseline of video-ready Internet and make it so people can serve video over the Internet, but then, every year, make it better by a factor of two. So the technology follows Moore's Law just like the computer guys do, as opposed to how the telecoms tend to work, which is "here's the same thing, and you'll buy the same thing, and maybe we'll raise the price slightly ..."

LR: And keep paying more for it.

BK: Right.

LR: So you're looking for people with rooftops?

BK: We're looking for people with rooftops. And especially people that can buy a node. A node costs $1,000, and that's a little Linux box with a directional antenna.

LR: Is that a node right there?

BK: This is a node right here (gestures). So this is an SFLan box. This is a directional antenna that points upstream back to a node that's closer to the Net. This is an omni antenna. So anyone who can see this can be on the Internet for free.

And this is a Linux machine that's got a CompactFlash card as its hard drive, and two radios. And you get a wire that comes down into your house, which is the way that power is brought up to this machine. And also, you get bandwidth within your house or office.

There are about 23 of these around San Francisco on rooftops now, and we're actively deploying new software. Cliff Cox up in Oregon is doing a lot of the software development and also hardware development. He's actually the guy that sells these things for $1,000. So Internet Archive's participation is to help fund the project to get it kick-started, and to try to get some active roofs up and running.

LR: How does the Internet Archive decide about implementing new technologies? What's your philosophy about implementing new technologies?

BK: The Internet Archive is extremely pragmatic about new technologies. What we tend to do is look at the least costly, both in the short term and long term. So we are frugal to the core.

We run currently about 700 computers. They're all running Linux. We don't have any dedicated routers. We just use Linux machines. We use the same Linux machine over and over and over and over and over again. Jim Gray's model -- he calls it the "brick model." So we just use Linux machines stacked up, and even though they might be storage machines, or CPU machines, or running as a router, or running as a load balancer, or a database machine -- they're all just the same machine. What we've found is that it allows us to only have one or maybe just two systems administrators being able to scale to many hundreds and, we hope, a few thousand, machines, by having such a simple underlying hardware architecture.

Because we operate on these machines stacked up, we tend to do everything based on clusters. Because our amounts of data are fairly large. We have, oh, several hundred terabytes at this point -- three, four hundred terabytes of materials, and it's growing a lot. So it's difficult to process these if you have to go through just one machine, and a lot of proprietary software is licensed to just be on one machine, or it costs per each.

Open source has the ability that you can go and run it on as many machines as you want. Because we run things and we do data processing and conversions on ten machines or a hundred machines at once, we find that open source is often the most pragmatic, least costly way to roll. We also find that it's easiest for other people to copy our model if we use open source software, so we tend towards using open source software, because we'd like anything that we develop to be actively used by others readily and easily.

LR: How much do you test before going live with new services and things? Do you do a lot of testing?

BK: Do we do a lot of testing? I'd say we do a lot of progressive rollouts. We do testing in-house, but you can only go so far, and then you bring on some number of your users and bring things out. I'd say we're less testing-oriented. We're less service-quality oriented than a lot of places, because we're researching. We're trying to push the edge. So we try to make sure our data is safe, but if there happens to be a hiccup, we are very public about that, and we're looking for help from others to help us resolve these and find them. So I'd say we're not like a commercial company doing lots of in-house testing and rounds and rounds of beta testing, because we only have 12 people to run all of this.

LR: Can you remember a specific situation where the technology could have gone one way or the other, and you decided on a certain way over another way, and why? When there's a fork in the road, what process do you go through to decide which way to go?

BK: Boy, when there're different choices of which way to go, you find that one of the lead motivators in terms of how we decide which way to go is which way people believe it should go. People are always open to testing and pushing back and saying, "Why do you think that's true?" Especially if we've tried going down that road before.

Let's take RAID -- Redundant Arrays of Independent Disks. The idea is to run, say, four disks or eight disks as a cluster of disks so that if one fails, it has the information on the other ones, so that it doesn't fail, so you can replace the disk and be able to keep going. Every few years we think that this is the right thing to do, and every few years, we find, unfortunately, that it is the wrong thing to do.

But it doesn't seem to keep us from trying again. Every so often we think, "Okay, they must have fixed the bugs," and that the software must be more reliable, or the controllers must be more reliable, and we'll go and put some number of machines into this new structure and then watch them for six months to a year to sort of see, "Does it work better or worse than what we were using before?" With RAID, we've found with two major tests of RAID that it's been a loser.

LR: Why? What goes wrong?

BK: We're not exactly sure, but it looks like the RAID controllers are just not debugged very well. The software isn't debugged. The hardware isn't debugged. There are failure modes that fall outside of there. "Oh," (supposedly) "if one disk just goes completely corrupt, then you can replace it and everything's fine." Well, we've found out in the latest Linux release that if two disks just hiccup slightly, then it gives it up for lost and it says, "You lose all your data," and so we've had to spend months then going back and decrypting all of the Linux RAID controller file system to be able to recover all of the data that you can actually recover. So I think it's just bad implementations based on not being able to get the reliability up, based on not having enough test cases.

We go along with Hillis' Law. Danny Hillis was one of the great computer designers of all time, and his approach was to have large numbers of commodity components; that basically, price follows volume. So if things are made in more volume, the price is lower. You can say, "Duh. Obviously." But it's amazing that most people don't follow this. Particularly that the price goes down when there's more of it made. You want to use things that cost less, because you might get more gigabytes per hard drive if you're using commodity components, as opposed to specialty components.

But another corollary of this is that "reliability follows volume." That things that are made in large volume have to be more reliable, at least in the long haul, otherwise the company that's making them would go out of business because they'd have too many failures. Another way of saying that is that Toyotas are more reliable than Ferraris. Even though a Toyota might cost one-tenth as much as a Ferrari, they are probably on the road more often. The coupling of this is that if you want a reliable system, and you want one that doesn't cost that much, go for high volume, if you want it available, reliable, etc. And so we find that technologies that are commodity and made in high volumes work better.

Tomas Krag
Wireless Networks as a Low-Cost, Decentralized Alternative for the Developing World

Informal and wire.less.dk are working to promote the use of wireless technologies (mainly 802.11) in the developing world. We are planning a Wireless Roadshow to teach local technology NGOs how wireless technologies can be used to bring Internet and intranet connectivity to those parts of the world not included in the plans of the commercial telecommunications companies.

O'Reilly Emerging Technology Conference
February 9-12, 2004
San Diego, CA

LR: When you say "commodity," you mean "off the shelf," or COTS products, right?

BK: Yes.

LR: Let's talk a little bit about your philosophy now. Could you discuss what you mean when you talk about "Universal Access To All Human Knowledge?"

BK: "Universal Access To All Human Knowledge" is a motto of Raj Reddy from Carnegie Mellon. I found that if you really actually come to understand that statement, then that statement is possible; technologically possible to take, say, all published materials -- all books, music, video, software, web sites -- that it's actually possible to have universal access to all of that. Some for a fee, and some for free. I found that was a life-changing event for me. That is just an inspiring goal. It's the dream of the Greeks, which they embodied, with the Egyptians, in the Library of Alexandria. The idea of having all knowledge accessible.

But, of course, in the Library of Alexandria's case, you had to actually go to Alexandria. They didn't have the Internet. Well, fortunately, we not only have the storage technology to be able to store all of these materials cost-effectively, but we can make it universally available. So that's been just a fabulous goal that causes me to spring out of bed in the morning.

And it also -- when other people sort of catch on to this idea that we could actually do this -- that it helps straighten the path. You know, life, there're lots of paths that sort of wander around. But I find that having a goal that's that far out, but also doable, it helps me keep my direction, keep our organization's direction. And I'm finding that a lot of other people like that direction, as well.

LR: Do you have an overall philosophy about technology and the direction in which you'd like to see it go?

BK: I don't really have a philosophy about technology. I have a philosophy of what future I want to live in, which is probably more of a social and cultural issue than it really is a technological issue. And socially and culturally, what I want to grow up in -- and have my kids grow up in -- is a wonderful flowering of all sorts of really wild ideas coming from all sorts of people doing diverse and interesting things.

What I'd really like to see is a world where there's no limitations on getting your creative ideas out there. That people have a platform to find their natural audience. Whether their natural audience is one person, themselves, or a hundred people, or a thousand people. Try to make it so the technologies that we develop, and the institutions we develop, make it so that people have an opportunity to flower. To live a satisfying life by providing things to others that they appreciate.

And I think our technologies right now are well-suited to doing this in the information domain. In the information domain, we can go and offer people an ability to publish without the traditional restrictions that came before, and to help, with these search engine technologies, to help them find their natural audiences. And so people out there aren't surrounded by stuff they don't want. That they find that the music recordings they want and the video recordings they want, even though they're made a half a continent away, and there are only a hundred other people that also really like that genre.

LR: What kind of projects are you working on with the Library of Congress?

BK: We've been working with the Library of Congress over the last three or four years to help archive web sites. They've got a mission to record the cultural heritage of the United States -- actually also, Thomas Jefferson gave them, more broadly, "the world." And now that publishing is moving, or a large section of publishing, is moving on to the Internet, we've been working with them as a technology partner. They do the curation, and we do some special crawls.

Our first project with them was the election in the year 2000. The presidential election. And they selected a set of web sites, and we crawled them every day to try to get a historical record, and then the Internet Archive made them available to the world to see and use, to see if it was useful to people.

The Library of Congress is trying to move into the digital realm, and they just got a hundred million dollars from Congress to help do digital preservation, and we hope to be participants as that unfolds. We'll see. But the Library of Congress has got a lot of money -- a 450-to-500-million-dollars-a-year budget. We hope that a growing percentage of that goes towards digital materials, whether working with us or others, than currently, which is I think probably less than one percent.

LR: Earlier you said that one way that people could help was to make their web sites "more archivable," basically. What does that really mean? How would you make your web site easily archivable?

BK: Boy. By being straightforward. I think by keeping things fairly simple. If web sites have sort of straightforward links, then that makes things a lot easier.

LR: What do you mean "straightforward?"

BK: Straightforward URLs. JavaScript that's fairly clear-cut or reused from other places. What we have been really stumped on is sites that need a lot of JavaScript or a lot of programs that are needed to even render the site at all.

Probably one way of finding out is going to archive.org and seeing, "Did we get it right?" the last time. We're continuously updating our tools and trying to make things better. But for instance, we've been having trouble with .swf files, Shockwave and Flash files, from Macromedia. If those files have links to other pages inside of them, we're just not able to find those links, so we can't follow them. We also have trouble rewriting those .swf files so that they point to the Archive's version of the links and not the live Web's. So we're having trouble with certain complicated web sites. What we'd like to see is more straightforward use of pointers, because the hyperlink is one of the great ideas of the Internet.

Lisa Rein is a co-founder of Creative Commons, a video blogger at On Lisa Rein's Radar, and a singer-songwriter-musican at lisarein.com.

	Interview with LimeWire COO Greg Bildson By Lisa Rein for OpenP2P.com

Lisa Rein: So, you guys paid Brianna's RIAA fine?

Greg Bildson: Yes, we cut the check to her mother to reimburse her. We felt that suing a 12-year old in the Bronx wasn't the answer.

LR: Tell me more about P2P United.

GB: P2P United is basically trying to make sure that Congress doesn't do anything stupid, which they're apt to do in the technology world. We're trying to make sure to protect our rights to innovate and write software, and to address all of the bad mouthing the RIAA is constantly doing to P2P.

P2P was proven to be legal in that California decision. If there's anything we can do with respect to the overreach of the DMCA and invasion of privacy and, basically, due process -- we feel that there should be due process, and there should be an actual lawsuit before they are able to get information about users.

Congress is writing bills targeting P2P, and the RIAA is talking about pornography and homeland security and identity theft and all of these things that are really minor concerns, with regard to P2P. For the most part, Congress is either overreacting or doing the bidding of the RIAA.
O'Reilly Emerging Technology Conference.

For instance, there was a hearing regarding P2P and porn a few weeks ago. There are already laws that exist to punish people for being pedophiles; P2P's got nothing to do with it. In these cases, the content itself is illegal. P2P is not the concern when it comes to child endangerment, but they are constantly targeting P2P. They should go look at AOL and Yahoo chat rooms rather than P2P networks. Orin Hatch's presentation of child pornography began with a movie sponsored by the RIAA. The record industry is probably the last group of people to be protecting children, when their lyrics and videos are so explicit.

So the RIAA is basically using the high $150,000 per infringement to extort a settlement out of people who wouldn't even consider fighting it. People view this more like a speeding ticket instead of something where one act of infringement can cost you $150,000. We're in favor of people being able to protect their copyrights, but in a way that is fair. If the government is going to regulate, they need to know what they're doing. They shouldn't be getting their information only from the RIAA.

LR: So are you trying to educate Congress?

GB: Yes. P2P United is trying to educate Congress. However, their staffers need to be willing to be educated. So far, they've been willfully blind or ignorant.

Here is the full text of the article in case the link goes bad:

http://www.openp2p.com/pub/a/p2p/2003/11/14/limewire.html

Interview with LimeWire COO Greg Bildson
by Lisa Rein
11/14/2003

Greg Bildson is the COO of LimeWire and president of P2P United, a consortium of P2P software companies created to help educate Congress and the public about peer-to-peer software, technology, and culture. P2P United is the organization that paid 12-year-old Brianna LaHara's $2,000 RIAA settlement after the RIAA served her with a Digital Millennium Copyright Act subpoena.

Advertisement
P2P United is also trying to educate the RIAA about the many ways in which P2P technologies could be beneficial to its member companies. LimeWire's MagnetMix web site provides one example of the numerous ways that traditional web-based programming can be combined with P2P technologies to provide new kinds of experiences for music lovers.

In this interview, Lisa Rein catches up with Greg Bildson to hear his views on the state of P2P, the RIAA, and the challenge of educating lawmakers.
Yes, We Cut the Check

Lisa Rein: So, you guys paid Brianna's RIAA fine?

Greg Bildson: Yes, we cut the check to her mother to reimburse her. We felt that suing a 12-year old in the Bronx wasn't the answer.

LR: Tell me more about P2P United.

GB: P2P United is basically trying to make sure that Congress doesn't do anything stupid, which they're apt to do in the technology world. We're trying to make sure to protect our rights to innovate and write software, and to address all of the bad mouthing the RIAA is constantly doing to P2P.

P2P was proven to be legal in that California decision. If there's anything we can do with respect to the overreach of the DMCA and invasion of privacy and, basically, due process -- we feel that there should be due process, and there should be an actual lawsuit before they are able to get information about users.

Congress is writing bills targeting P2P, and the RIAA is talking about pornography and homeland security and identity theft and all of these things that are really minor concerns, with regard to P2P. For the most part, Congress is either overreacting or doing the bidding of the RIAA.
O'Reilly Emerging Technology Conference.

For instance, there was a hearing regarding P2P and porn a few weeks ago. There are already laws that exist to punish people for being pedophiles; P2P's got nothing to do with it. In these cases, the content itself is illegal. P2P is not the concern when it comes to child endangerment, but they are constantly targeting P2P. They should go look at AOL and Yahoo chat rooms rather than P2P networks. Orin Hatch's presentation of child pornography began with a movie sponsored by the RIAA. The record industry is probably the last group of people to be protecting children, when their lyrics and videos are so explicit.

So the RIAA is basically using the high $150,000 per infringement to extort a settlement out of people who wouldn't even consider fighting it. People view this more like a speeding ticket instead of something where one act of infringement can cost you $150,000. We're in favor of people being able to protect their copyrights, but in a way that is fair. If the government is going to regulate, they need to know what they're doing. They shouldn't be getting their information only from the RIAA.

LR: So are you trying to educate Congress?

GB: Yes. P2P United is trying to educate Congress. However, their staffers need to be willing to be educated. So far, they've been willfully blind or ignorant.

LR: Do you think that the RIAA might eventually see the various ways that P2P could be beneficial to their business model?

GB: We hope so. We're seen as a threat to the record industry, but there's definitely potential for a win-win solution. The discussion needs to move beyond sound bites for soccer moms. Congress is making sound bites rather than thinking seriously about technology or innovation.

LR: What do you think of compulsories for file sharing?

GB: The big media companies -- the "Big 5" -- have had a lock on both distribution and licensing in the past. If the RIAA had let people license their music in the 90s, they wouldn't have the piracy problem they have today. There was a natural demand. There's a benefit to the current world of having music currently available.

LR: What about iTunes and Buymusic.com? What do you think of them?

GB: They're steps in the right direction, but they're still radically overpriced. In the digital age, there's no reason for a song to cost 99 cents; it should be five cents. Another issue is that the Microsoft DRM looks to be too restrictive. Judging by the trend of recent PC pay-per-download sites that all use Microsoft DRM, handing another monopoly to Microsoft doesn't seem like a smart move.

ETech 2004 Conference

Session by Robert Kay
Building Next Generation File Sharing With Social Software

This talk will present social network models, detection avoidance strategies, attack strategies and a real world safety evaluation of such systems.

O'Reilly Emerging Technologies Conference
February 9-12, 2004
San Diego, CA

LR: So what's Magnetmix?

GB: We've been putting the technology in place for this for a while. It's an example of integrating P2P networks and the Web. We think that's what the future is going to be. The Web can present things nicer and give you nice images, while the existing P2P networks just act as sort of a raw Google search. "Magnet links" can work into P2P networks for a richer experience by packaging the content into a single download. We think that it's going to appeal to content creators in the future. The portals will highlight high-quality, legitimate content for high-quality independent artists of all kinds.

So rather than running their own web servers, artists will create their content and then bundle it into a package media file that's just a .zip file with an index.html file inside to launch from. This file is placed on a P2P network. The entire experience is serialized, if you will, in these packages.

LR: So a user would see the web page, and then click on the link to get the music via a P2P network, rather than eating up bandwidth.

GB: Right, with videos and pictures and things.

LR: ...that would be expensive to serve on the web?

GB: Right. It's expensive to serve, but it's easy to use P2P to share. We think there are going to be a lot of creative independents in the future. And you can build the advertising vehicles right into the packages, if you want.

LR: So how can artists implement this technology now?

GB: Anybody can put magnet links up. We're also accepting submissions and hosting content ourselves. It doesn't cost anything, and we don't see money being involved in the future.

LR: How would this work, actually?

GB: Right now people don't know what magnet links are, but in the near future, people will be using the LimeWire "Library." The LimeWire Library is a type of file browser. Within the Library tab of the LimeWire application, you will be able to view and create magnet links to files that you share, and be able to email links to these files. There will be options to view the magnet link or email the magnet link to others, so that they can click a link in their email to launch the magnet link "packages." The links will launch their LimeWire P2P client right from their email client.

LR: Is LimeWire cross-platform?

GB: Yes. It's cross-platform. It's in Java.

LR How many LimeWire users are there?

GB: We lost ability to track our users a while ago. But we've had at least 300,000 users a day for a while. We're pretty close to 50/50 on the Mac and PC platforms.

Lisa Rein is a co-founder of Creative Commons, a video blogger at On Lisa Rein's Radar, and a singer-songwriter-musican at lisarein.com.

I've written my first article in almost two years! I've got the bug again and there will be plenty more where that came from, promise. This ones about -- you guessed it, the RIAA's latest bait and switch mechanism for fighting file sharing. Hope you like it.

Commentary: What's Real and Make-Believe with the RIAA Subpoenas?
By Lisa Rein for OpenP2P.com.

A key issue remains that the RIAA does not even have the right to grant full amnesty in the first place. The songwriters and music publishers that aren't represented by the RIAA (such as Metallica) could opt to sue infringers on their own. "The RIAA doesn't have the right to give full amnesty for file sharing. True, they represent 90% of all sound recording copyright owners. But there are still 10 percent out there who could sue you even if you take amnesty program," said Jason Schultz, a staff attorney at the Electronic Frontier Foundation. "It's still unclear if amnesty saves you from being sued by the songwriters/music publishers."

Clean Slate's Privacy Policy raises other questions. It states that "information provided on the Clean Slate Program Affidavit will be used solely in connection with conducting and enforcing the Clean Slate Program" and not used for "marketing, promotional, or public relations purposes" and will "not be made public or given to third parties, including individual copyright owners," but then there's a big exception: "except if necessary to enforce a participant's violation of the pledges set forth in the Affidavit or otherwise required by law." This language, translated, means that the affidavit records would in fact be made available to other infringement lawsuits.

"We're calling it a 'Shamnesty.' It's more like a Trojan Horse than a 'clean slate.' It fools you into thinking you're safe, when the reality is that, if anything, you're more at risk for participating," explains Jason Schultz, Staff Attorney for the EFF. "It's not 'Full Amnesty' at all. The agreement doesn't give file sharers any real peace of mind, because it only covers being sued by the RIAA itself -- not any of its member companies. This means that, under the Clean Slate agreement, recording companies, copyright owners, and music publishers can all still sue you. It only means that the RIAA won't 'assist' them in the lawsuit. They are basically getting you to admit to the conduct so your own statement can be used against you later."

Here is the full text of the article in case the link goes bad:

http://www.openp2p.com/pub/a/p2p/2003/09/11/riaa_supoenas.html

Commentary: What's Real and Make-Believe with the RIAA Subpoenas?
by Lisa Rein
09/11/2003

What's real and what's make-believe about the RIAA's recent subpoena campaign and it's newly announced "Amnesty" program?

A recent decision by the 9th Circuit Court of Appeals finds that a party using "patently unlawful" subpoenas to obtain access to another party's stored electronic communications could be liable for violations of electronic privacy and computer fraud statutes. This could have serious implications for the RIAA's mass subpoena campaign in that, if such subpoenas were also determined to be "patently unlawful," for whatever reason, the organization could be held liable under electronic privacy and computer fraud statutes for accessing user data under false pretenses. (Read a summary of the decision.)

Does this mean, if the RIAA's subpoenas are determined "invalid," that they are illegally snooping? It's extremely possible. However, the DMCA subpoena law is new and there aren't many decisions on it, so the RIAA could try to hide behind the "newness" of the law to avoid liability for misusing it.

If the RIAA's subpoenas were determined to be "patently unlawful," file sharers could potentially retaliate with lawsuits for alleged electronic privacy and computer fraud violations if the RIAA's counsel knowingly misuses the subpoena process in order to gain access to file sharers' private information.

Any lawyer has the authority as an Officer of the Court to serve anyone they wish with a subpoena, but such authority must not be abused. According to the decision, the subpoena was a clear violation of the Federal Rules. Although Kozinski implies that NetGate should have known that, he also says that even if they didn't, the lawyers who issued the subpoena should have and therefore knew or should have known they were deceiving NetGate:

"The subpoena power is a substantial delegation of authority to private parties, and those who invoke it have a grave responsibility to ensure it is not abused. Informing the person served of his right to object is a good start, see Fed.R.Civ.P. 45(a)(1)(D), but it is no substitute for the exercise of independent judgement about the subpoena's reasonableness."

Most larger ISPs have legal departments, but smaller ones often can't afford to hire a lawyer, especially for every subpoena they get. In the decision, Kozinski points out that recipients are often being cowed into compliance:

"Fighting a subpoena in court is not cheap, and many may be cowed into compliance with even over broad subpoenas, especially if they are not represented by counsel or have no personal stake."

Since June 2003, the RIAA's mass subpoena campaign has been serving ISPs in an attempt to find out the identities of file sharers. So far, 1300 subpoenas are in the EFF database system, and more are being added all the time. "ISPs" ranging from large-scale service providers (such as Comcast, SBC, Time Warner, Verizon, Earthlink, and America Online) to educational institutions (such as New York University, Boston College, MIT, and Columbia) have been served. (View the complete list as compiled by the EFF database.)
Difficult for ISPs, Especially Smaller Ones

The reactions from the ISPs have been varied, depending on the size and caliber of the institution. MIT and Boston College were able to have their subpoenas quashed after it was discovered that they had been incorrectly filed out of jurisdiction. (The RIAA was trying to cut costs by filing all of their subpoenas from a single court in Washington, D.C., when in fact such filings must be done within 100 miles of the offending party.) Some of the larger ISPs, such as Pac Bell and Verizon, have challenged the validity of the subpoenas in any court, asserting that they violate constitutional Due Process and various federal rules and statutes.

Theoretically, subpoenas are filed with discretion, often during "discovery" after a lawsuit has already been filed. However, the DMCA specifically departs from this common practice by allowing the RIAA to issue subpoenas before having to file even a single lawsuit; in fact, all that the RIAA needs to subpoena someone's personal data is a "good faith belief" that the person is infringing their copyrights, which, when it comes to file sharing, is pretty much every one of the 60 million users, in the eyes of the RIAA. This "pre-emptive" subpoena power is exactly what privacy advocates and defenders of Due Process feel is unconstitutional and inappropriate about the DMCA subpoena provision. This gives the RIAA the right to spy on 60 million Americans, even if it never ends up suing a single one of them.

Because subpoenas are ordinarily filed after a lawsuit has begun, valid subpoenas typically are limited to requesting information related to the subject matter of the lawsuit and the parties to the lawsuit. (This was part of the basis for Judge Brazil's finding in the Kozinski case -- that the subpoenas requested information beyond the scope of the lawsuit.) Parties to the lawsuit are also required to give copies of any subpoena they issue to the other parties. Because of the relevance limitation and the requirement to send copies to others, all affected parties in a litigation get notice if their information is being requested from a third party; this allows them to move to quash any subpoena that might invade their privacy. (As was the case in the Kozinski case.)

However, when it comes to the DMCA's pre-emptive subpoenas, there is no lawsuit; therefore, there are no opposing parties that the RIAA is required to send copies of the subpoena to. Thus, the users never find out that their information is being sought and never have a chance to oppose, unless the ISP voluntarily notifies them.

Under current law, it's up to the ISP to notify the customer if they want to. When an ISP is served with one of these RIAA subpoenas, the larger ISPs who have legal counsel, such as Verizon and Pac Bell, would know if the subpoena itself is lawful or not. However, for smaller, "mom and pop" types of ISPs, the subpoenas are often handled by administrative personnel. Often, such ISP won't even consult legal counsel, for doing so every time could result in large legal bills.

With the RIAA issuing DMCA subpoenas at it's current rapid rate (over 1500 in the last two months), and taking into account that such subpoenas require a response within seven days, even a well-staffed legal department could not adequately respond to such a barrage of subpoenas. This is another reason that many feel the RIAA should be forced to file lawsuits that would cost them several hundred dollars a person, rather than be allowed to send out mass subpoena mailings that only cost them less than $50 a piece.

How would a file sharer know that their privacy had been violated in this way? The first thing one would have to do is look up their user name or IP address using The EFF's Subpoena Database Query Tool to see if it shows up in the EFF's subpoena database. Even if it doesn't come up in the database, you could ask your ISP directly if they have been served and whether or not they have complied with it. You could ask them what information they've made available. The ISP is not under any obligation to tell the user if and what they did, but it's a good business practice to do so. It could depend on the ISP's user agreement as well.

Ironically, the DMCA allows the RIAA to subpoena user info pre-suit, but if an ISP refused to tell a user whether or not it had given up their info to the RIAA, the user would have to sue his ISP in order to get that information via discovery.

Computer users are at a significant disadvantage under the DMCA subpoena provision process. If they don't know they've been served, and the ISP just hands over the info and doesn't tell the user, the user can't complain about the subpoena being invalid in time to stop the information transfer, and the damage has been done. And if the ISP doesn't even consult its attorney, it's not going to complain or challenge the validity of the subpoena.

Legislation has been proposed to require ISPs to notify their customers when a third party has subpoenaed their information. The legislation is mostly meant for state defamation suits where someone has anonymously posted something on a message board or in a chat room. Companies will often subpoena the hosting service to discover the identity of the person. The hosting service is not currently under any obligation to notify the person that their identity is being subpoenaed.

The new law proposed by the Electronic Frontier Foundation (with assistance from the Samuelson Clinic for Law, Technology, and Public Policy at Boalt Hall), would force ISPs to notify their customers and give 30 days to challenge the requests in court. However, such legislation would not have any affect on the DMCA subpoenas, which take place at the Federal level. However, if the law passes, many would like to see this same requirement in the DMCA subpoena provision. Arguably, something of this nature is constitutionally required on Due Process grounds.

Senator Norm Coleman (R-MN) is investigating the techniques and methods used to issue subpoenas and collect information from ISPs, noting that numerous clerks in the U.S. District Court in the District of Columbia have already had to be reassigned just to deal with the paperwork. He requested copies of all of the subpoenas filed by the RIAA and "a description of the methodology the RIAA is using to secure evidence of potentially illegal file sharing by computer users." According to an interview with Senator Coleman in Future Tense Now Magazine, Coleman's worried about the disproportionate penalties being proposed by the RIAA (at $100,000 per song) for the kinds of copyright infringement that file sharing sometimes involves. "My concern is to make sure that the penalty fits the crime," Coleman said, "And that in the end, we're not wiping out some families' savings because some kid downloaded, for his own use, some songs over the Internet."

The "Clean Slate" Amnesty Program

On Monday, September 8, 2003, the RIAA announced that it has filed lawsuits against 261 people. It also announced its "Clean Slate" Amnesty program on MusicUnited.org.

To participate, sharers would fill out the Clean Slate Affidavit stating that all infringing files have been deleted from their computer and all CDs burned from those files have been destroyed. In addition, confessors would pledge to never do it again with the understanding that the penalties would be even more severe if they were caught, because they could then be charged with "willful infringement."

The affidavits must be notarized, and there must be a separate affidavit for everyone in your household. Sharers under 18 must have the affidavit signed by their parent or guardian. Applicants are also expected to "not allow others to illegally download copyrighted sound recordings to your computer(s)." Only individuals are eligible for the Clean Slate program; businesses, groups, organizations or "entities," or individuals who traded for payment or commercial purposes may not participate.

In the program description, in exchange for filling out and sending in an affidavit, the RIAA will agree "not to support or assist in copyright infringement suits based on past conduct" for users who meet certain conditions. One of these conditions is the RIAA "has not begun to investigate you by requesting from an Internet Service Provider (ISP), by subpoena or otherwise, identifying information about you." If users whose information has already been subpoenaed are not eligible for amnesty, this presents a problem for any users wishing to receive amnesty. Under the DMCA, neither the RIAA or the ISP who has been subpoenaed is required to notify the user upon being served, they could unknowingly admit to conduct the RIAA might already be in the process of suing them for.

A key issue remains that the RIAA does not even have the right to grant full amnesty in the first place. The songwriters and music publishers that aren't represented by the RIAA (such as Metallica) could opt to sue infringers on their own. "The RIAA doesn't have the right to give full amnesty for file sharing. True, they represent 90% of all sound recording copyright owners. But there are still 10 percent out there who could sue you even if you take amnesty program," said Jason Schultz, a staff attorney at the Electronic Frontier Foundation. "It's still unclear if amnesty saves you from being sued by the songwriters/music publishers."

Clean Slate's Privacy Policy raises other questions. It states that "information provided on the Clean Slate Program Affidavit will be used solely in connection with conducting and enforcing the Clean Slate Program" and not used for "marketing, promotional, or public relations purposes" and will "not be made public or given to third parties, including individual copyright owners," but then there's a big exception: "except if necessary to enforce a participant's violation of the pledges set forth in the Affidavit or otherwise required by law." This language, translated, means that the affidavit records would in fact be made available to other infringement lawsuits.

"We're calling it a 'Shamnesty.' It's more like a Trojan Horse than a 'clean slate.' It fools you into thinking you're safe, when the reality is that, if anything, you're more at risk for participating," explains Jason Schultz, Staff Attorney for the EFF. "It's not 'Full Amnesty' at all. The agreement doesn't give file sharers any real peace of mind, because it only covers being sued by the RIAA itself -- not any of its member companies. This means that, under the Clean Slate agreement, recording companies, copyright owners, and music publishers can all still sue you. It only means that the RIAA won't 'assist' them in the lawsuit. They are basically getting you to admit to the conduct so your own statement can be used against you later."