Friday, November 7, 2008

Secret Decoder Ring: Internet Speakeasy

What

Prohibition encouraged speakeasies, where people who violated a meaningless, frivolous law together enjoyed a semi-public semi-privacy. Internet users harrassed by inappropriate laws will either change those laws, if they can, or retreat to virtual speakeasies, if they cannot.

Why

Certain types of people would say building a virtual speakeasy verges on conspiracy to commit various kinds of crimes - after all, why would honest people need shelter against surveillance? But you only have to look at either the Nixon or Bush administrations to see evidence of the Republican party illegally spying on its political opponents. Unless we can assume that this never happens, despite factual evidence that it does happen, or that the Republican party is somehow entitled to extralegal powers over its competitors in the political space, the right to privacy remains a crucial part of the First Amendment's protections of political speech and the right to free assembly. Likewise, when the government classifies strong cryptography as a munition, that's correct, but that's why Americans have the right to strong cryptography - our right to strong cryptography is protected as a subset of our Second Amendment right to keep and bear arms.

How

The DMCA requires that copyright holders identify copyrighted works for takedown. One way to comply with the letter but not the spirit of this law would be to make copyrighted materials easy to find but difficult to identify. You could build an application which hid copyrighted works in plain sight. Consider a URL composed of 5 distinct SHA1 hashes:

http://web.app/c44a5329739c1900ea3ff3463d0374cfbd57ee4e/6fec6b97cb7c2ef349072737
a738a82aa8de47ae/c86cc635470b4e84ca81768526910a07ff5332ab/32417fe3bba32e685f17ea
0cf0477e637c0d6a10/8227ecfd3e678a5507ba5a95999e865c65e8376e.mp3


This URL would be difficult to guess. A Web spider which found it through a brute force search would be time-consuming to build, expensive to run, and trivial to block.

It's possible to make longer URLs composed of larger numbers of unique hashes, especially if you take the time to build your own simple client app. Next, you map the hashes as keys in a hash. If you have an up-to-date secret decoder ring which identifies what these hashes represent - letters of the alphabet, for example - you can use it to locate files easily. If you don't, you can never find them, so you can never order their takedown.

Distributing the secret decoder ring becomes the challenge. A company could conduct background checks, and then distribute and update the secret decoder ring to individuals who pass the background checks, for a fee. The same technology could be used to create thousands of secret decoder ring web sites - a given individual might fail the background check for one speakeasy while passing it with flying colors for another speakeasy.

On the other hand, it might be better to build a Web 2.0 social networking application - leverage both the multiplicity and singularity of identity online. Instead of background checks, you would have private networks, and you could recommend your friends to your private network. If enough people recommend somebody to a private network, that person is granted access for the given time period, and they get the current secret decoder rings. This is almost simple enough to operate as a Facebook app.

Disclaimer

If you're an RIAA lawyer, calm down, it's just provoactive writing - I don't actually have time to build this.