The approach of symmetrically encrypting the message once and then encrypting the key multiple times for multiple readers is technically feasible but totally impractical for use as a Golden Key.
1. Why would you assume that you only need to include one Golden Key? If my email went from the US to the UK, wouldn't the GCHQ demand their own ability to read my mail? If I sent a message from the US to my US-citizen friend who happened to be on vacation in Japan, isn't Japan going to want a key? If the email was between two US citizens, maybe DHS and the FBI would someday need to read it, but who's going to stop the NSA from illegally reading my communication? They should have their own key, and my email system shouldn't apply it unless I'm sending the message to an international destination. How's it going to know that? Under current law, the IRS asserts that it doesn't even need a warrant to read emails stored for more than 18 months on an online server; do they get a key so that they can unlock the database of stored, encrypted emails once they're the right age? Where does it stop?
2. Assume there's a single key that can decrypt every email message originating in the US. Every country and bad-ass gang of evil-doers is going to be trying like hell to guess or steal the US public-private key pair. The private key simply won't be private for long. (see point #6, below)
3. Email is useful as an example, but the Government will want to access all communications, because it can't tell whether there's something nefarious happening until it reads the data. (Of course, the NSA just assumes that ALL encrypted messages are of interest.) So, every encrypted communications path will need to provide dozens of golden keys; HTTPS links, VPN channels, financial data links, EVERYTHING.
4. So, now my email system needs to manage not only the public keys for my friends, but also an undefined number of Golden Keys from the various agencies and foreign governments that might potentially, some day have a legal right to read my mail. Ignoring the concern that I now need to extend my trust to many entities to protect their Golden Keys and their stored copies of my emails, who is going to verify that all of these Golden Keys I've received are actually owned by the agencies that are allowed to get copies of my mail? How hard will it be for a bad guy to issue his own key under the guise of a valid eavesdropper, or to hack a government web page and insert his own key instead of the government's key?
6. How frequently will the Golden Keys roll over to a new key? The NSA recommendation for communications security of most classified links is to change the key daily. These Golden Keys are protecting so much data, they should probably be protected at least as high as Top Secret. So, now you need to reissue the government's public key(s) every day. But it's not good practice to store encrypted data when the encryption key has been superceded, so the data storage facility is going to want to decrypt everything as soon as it's intercepted and then maybe bulk encrypt it for long term storage. But heck, ya' might as well scan the info for trigger phrases as long as it's just sitting there in readable form, right? Anyone out there who trusts every government agency, foreign and domestic, to always ignore that temptation?
7. Finally, why would any government invest in such a scheme when it would so easily be thwarted. While reducing the privacy of law-abiding citizens and increasing the risk of HUGE data breaches, this scheme doesn't offer any greater insight into the encrypted communications of people who choose not to use a product that sends a copy of the data to the Golden Key recepients.
These points were framed against the straw man approach of using multiple public keys to share a symmetric key among multiple authorized (or potentially maybe someday authorized) recipients, but all of these issues would remain detractors of any approach that allows third-party access to encrypted communications.
My cellphone invoice and usage records have much more information than necessary for the billing purposes. The plan offers unlimited voice, unlimited text messages, and a multi-gigabyte cap on the data usage.
In the data category, I can view the time and quantity on my bill for my usage. That seems useful, and I can manually compare that with application usage records on my phone to see which application is hogging the bandwidth. No problems here.
But for the voice and text categories, I can view the number for every call or message. I don't need this information, and frankly, I don't see why the wireless company needs it. Sure, capture the total talk time and the total number of messages, but I really don't care to ever see the connection information.
The wireless company may state that they need certain data to accurately model their rate structures, but I suspect they could just as effectively set their rates using random samples of anonymized data plus the larger sets of conglomerate data. Surely they'd save money in several places, especially when printing and mailing my monthly bill (yeah, I'm a dinosaur who wants a paper bill, but I still don't need to be silly wasteful about getting a huge pile of papers that just gets immediately fed to the shredder).
Further, the same logic applies to all the other data they seem to collect, such as which cell towers my phone pings and any other location data shared by my phone. It's not needed for billing me, and they could evaluate tower operations just fine without being able to trace every ping and call back to a specific phone. The irony is that if I ever wanted to view that data about my own devices, I'd probably need to submit more paperwork than they require from the cops.
Already, the popularity is increasing among email services that offer increased privacy. When will I be able to pay a few bucks more (because, of course!) so that my phone company won't regularly store any more data than what is truly needed for billing purposes?
I think we agree; names are not sufficient to indicate a match. Use Soundex, and you'll get too many false positives and piss off the proletariat (the current approach, I believe). My point was that any decent designer of the database would have used a unique identifier, such as the passport or student visa ID. You simply have to have one to travel across the US border. Why are we all going to the trouble and expense of getting passports (with RFIDs, no less), if the system is just going to ignore them in favor of whatever some airline call center operator typed on a flight ticket?
This story doesn't meet the smell test. I find it impossible to believe that the DHS terrorist tracking system isn't using a passport ID or a student visa ID as a key field. Just cannot believe it.
Name misspellings are all too common, even within the english heritage. Barbara or Barbra? Jamie or Jaime? McDonald or MacDonald?
No, this wasn't a typographical error; any halfway decent system would have caught the error by cross-referencing the travel documentation with the DOS database, triggering an alert to double-check the entries just moments after the typo was made. This kind of error only comes from a truly broken system. Or, we're being fed yet another fabricated excuse by an agency that's well known for covering up its mistakes.
Imagine the ugly offspring when you combine this ruling with the recent Texas ruling that the state can request a search warrant after the search is over.
No longer any need to write the secret legal interpretations ahead of time. Keep everything quiet and then only write retroactively effective policies to paper over those situations where the public discovers something fishy. And then keep the details secret, just because you can! Bwaa ha ha ha haaaaah! [/cue maniacal laugh track]
Perhaps an interesting parallel. In the run-up to the Whitey Bulger trial, he wanted to use as a defense that the FBI authorized him to commit murder. The judge responded that it didn't matter whether they did so or not, because it would not have been legal for them to make such a commitment. Therefor, regardless of what he may have been promised by the FBI, he can be prosecuted for the murders.
Would be nice to see Microsoft, Google, Facebook and the telcos finding themselves similarly under the gun in the future. Even though congress passed a law stating that the corporations have immunity (and retroactively, at that!), it would be far from the first time that a law has been overturned when it was found to be unconstitutional.
I carry my blackberry in my front pocket with the keyboard locked, and I still manage to butt dial 911 nearly every month. The phone allows making an "Emergency Call" even when it's supposed to be "locked", a feature that cannot be disabled. Doesn't require pushing any of the keyboard buttons, just the big roller ball. I'm sure it's supposed to be a "feature," but it's sure embarrassing when a very loud voice comes from my pocket asking me the nature of my emergency. Happened three times in one hour, once. I've since learned of a second way to lock the phone, but it gets disabled after receiving a call, so I still make an occassional accidental call to 911 when I forget to re-engage the lockout.
"Your Honor, I would never intentionally infringe upon copyright. I read a news story about warning messages that the studios were posting. I wanted to download one and read it, but I just kept getting these other movies. I watched the whole show, but never saw the warning messages. How could I know what was in the file until after I downloaded it and watched it? I'll never figure out why the studios tried to hide their important message by giving it the same filename as popular movies. Don't they want people to be able to find their message? Of course, I deleted those popular movie files after meticulously confirming that the content I was looking for wasn't part of the files. I guess I'll just have to keep trying."
According to the source article, "Visitors to those sites now are greeted with a banner educating them about how willful copyright infringement is a federal crime, ICE stated."
Awfully nice of ICE to attempt to educate us about Copyright Infringement. Too bad that copyright law has nothing to do with the majority of the sites they shuttered. Selling counterfit merchandise is a Trademark violation. You'd think ICE would be smart enough to recognize that.
Except, repeated demonstrations to the contrary have shown us otherwise.
As noted in several comments, something just doesn't add up in this story. Sure, the library could digitize and then exclusively offer or sell those digitizations. But it just doesn't seem like there's any law, in France or elsewhere, that would prevent any other entity from digitizing another copy of the book(s) or other form of media and then offering that version to the public for free or for sale.
Sounds like the BnF wants to be a bookstore, not a library.
Beyonce could engender huge amounts of popularity if she worked with the Marine Corps Band to release the song into the public domain. The goodwill would probably even spill over to President Obama. Thousands of little league games, high school basketball games, and other venues could use the track to kick off events.
It's not as if she'd ever try to sell this track; might as well make it available in exchange for a long-lasting boost to her name recognition. Might even start a trend.
We see it happen a couple times a week, and we cheer and rejoice. Some person or organization gets a threat from some self-important jerk, and instead of backing down and removing the published content, our hero posts the threat so that we can all see what's happening.
On the day when a politician refuses to accept a bribe or bow to a threat and instead publicizes the attempt, that's the day when I'll be happy about supporting a politician. Until then, politicians will remain in my estimation somewhere below the morality and trustworthiness of the proverbial used car salesman.
whabap01, you're missing a very big point. The guy who decides to feed his family instead of purchasing a song was never going to purchase the song, anyway. There's no lost revenue, because there is no possibility of revenue in the first place. Any money spent by the artist or his agency in trying to chase down such persons is a total waste, because even when they're found, you're still not going to be able to get a penny from them. Not even the lawyer fees.
Now, I'm not at all trying to say that illegal downloads are acceptable. Just that I really can't bring myself to care if the type of person you're describing chooses to build a music collection for free, whether he does it by downloading, borrowing his friend's CDs, or visiting his local library. The RIAA should likewise not care, because there wasn't and is not now any income available from this source, even if tracked down and hauled off to court. But the artist should rejoice, because this freeloading lowlife might play the songs to broaden the cultural horizons of some better-off friends, and they, in turn might actually cough up some hard-earned cash to buy a song or a concert ticket. A good fan is a valuable resource for creating more fans, and any artist who wants to alienate his fans by hassling them for listening to his music, regardless of how it was acquired, is just a fool.
It's what you do with it that can be declared legal or infringing.
If the Guild wants to sue Google for "copying", they haven't a leg to stand on. They need to show that the actions Google is taking with the copied data constitutes infringement, and indexing/searching prettly clearly is not infringement.
Web pages are copyrighted, and yet it's completely legal for Google and many other search engines, as well as various other applications, to scan those pages and make use of the data in certain ways. A copyright is a copyright, and books are not (should not be...?) treated any differently than other forms of textual representation.
The critical piece of logic here is that Fair Use depends on what you do with the information you've copied from someone else's work. Scanning and indexing copyrighted text (e.g., web pages) has clear precedent for being declared Fair Use. I think we can all agree that Google would violate copyright law if it made large sections of scanned text available or put it up for sale. But it should be completely legal for Google (or anyone...) to reap advertising revenue while you use its search machine or to earn commissions for referring customers to purchase the books through any site selling them, even including sites selling items related to the books (e.g., audio books, movies, posters, dolls, lunchboxes, etc.).
Go for it, Google, and be damn sure to take this all the way through the courts to get the obvious decision declared.
I have to agree that Baen's site is really good. You can see the books coming up for release in the coming months, and they have a nice "free library" of older books available in multiple digital formats. If you like their mainstream sci-fi and fantasy novels and series, then it's a great place to keep in touch with what's coming out soon.
But, having said all of that, I can only imagine that relatively few, die-hard fans of the genres actually visit the site. I wish the publishers would find more ways to connect directly to their reader/customers. Back in the days when my wall decorations were mostly posters, I would gladly have hung cover art from my favorite books along with the movie and rock star posters. But, no, these guys don't even make decent images available for download so that I could print my own, much less buy one from them for a few bucks. Very sad.
Books, like music and movies, are often sold based on recommendations from friends. It's amazing to me that even the big ones don't generate the same kinds of marketing materials.
All of this hullaballoo just lines the silk pockets of the corporate lawyers (on both sides of the battles) and strokes the egos of short-sighted, control-freak executives.
If I was a stockholder in a media company or if I was one of the artists allegedly being represented by these fools, I'd be suing them out of their oak-paneled offices for their criminally poor performance. What kind of idiot, seeing demand for something their company putatively sells, tries their hardest to prevent any free publicity while at the same time refusing to offer the product in its desired form or even at all? Whatever happened to "the customer is always right?"
I'm new to this game, so thought I'd hop on over to ASCAP's site to see what they have to say for themselves. On 15 March, ASCAP President and CEO testified before the US Senate to gripe about the horrors that would occur if we should allow Russia to become part of the World Trade Organization. The press release reads:
"Williamsí testimony served to highlight the challenges American songwriters, composers and publishers face in securing fair compensation from the public performances of their music in Russia and urged the U.S. Government to address these challenges as they consider Russiaís entry to the World Trade Organization. Williams pointed out that American music creators are grossly underpaid for the public performances of their works in Russia.
American music creators depend on the efficiencies of performing rights organizations (PROs), like ASCAP and its reciprocal relationships with a network of foreign societies around the world, to license their public performance rights and collect and distribute royalties. Williams pointed out that RAO, ASCAPís Russian counterpart, is handicapped in its efforts to collect on behalf of American music creators through an ineffective legal system and threats to its authority to collect royalties for music used in films and shown in Russian theaters."