One server, a thousand laws

One server, a thousand laws

navigational aids:

News ticker:

Giant space monster sprouts wings, fangs
Woman gives birth to MP3s
Yahoo! asked to explain alleged perjury
Giant space monster continues its approach
Yahoos in suits choose cash flow over human rights
Junior high textbook publishers act like junior high students
Giant space monster is watching us
Murdoch conspiracy uncovered
Web site induces massive loss in worker productivity
Porn averaged
Giant space monster threat continues

topics covered:

20 January 06.

I taped a Voice of America show earlier this week about Internet censorship by repressive governments. With four pundits and 22 minutes of air time, none of us got to say much. But I've cleaned up and linkified my notes on the things I would have said if I had twenty minutes to expound by myself; here they are.

First layer: the envelope.

This one is easy. If a user in China sends a request to Amnesty International's web site, the Chinese government will block it. There are only so many cables going in and out of China, and the government runs the routers attached to all of them.

The solution to this layer is via proxies. A proxy is a web middle-man: user sends request to proxy asking that it access amensty.org; proxy does the request and sends the result back to user. The Chinese government thus sees requests going to proxy.org, not amnesty.org, so it doesn't know to block them.

This works for about ten minutes, until the watchers work out to put proxy.org on the block list too. The guys at proxy.org then set up a new host at proxy2.com, which is open for a good while until it too gets blocked. Battle continues.

The latest advance here is Tor—The Onion Router. It is a network of encrypted proxies, so every time you connect to a proxy, you connect to a different one. Further, you go through several proxies before hitting your desired location, so the link between sender and receiver is still more difficult to detect. The requests go to places like harvard.edu, that would be difficult to block outright, and try their hardest to look like normal Web packets on port 80.

Policy implication: if you are in an uncensored country, have modest technical know-how and a reasonably reliable Net connection (the standard unlimited $40-a-month home DSL connection or better), set up a Tor server. If you are in a censored country, put a copy of Tor on your PC.

Second layer: the content.

This all started when the firing of the editor of the Beijing Daily was sacked for saying too many not-nice things about the Chinese government. 100 journalists walked out in solidarity, and one guy at the paper wrote about it on his blog on MSN spaces. Msn.com is registered to an address in Lake Stevens, Washington, just North of Seattle, meaning that the Chinese government doesn't have much jurisdiction over those hard drives. But they asked Microsoft to delete the blog, and Microsoft complied. And don't forget how Yahoo! helped the Chinese government put a citizen in jail.

To be binary about it, we're at a fork to two possible worlds. The first is one where a server needs to comply with the local laws at the source; the second is a world where every server has to comply with every law in every jurisdiction where its content can be viewed, which is all of them. Where are we along the scale? Where do we want to be?

The response from the U.S. government has consistently been toward the end of compliance with all local laws. The legally-oriented readers can weigh in on issues of interstate commerce, but internationally, the U.S. is very interested in censoring web sites that U.S. users can see. The first front for this is ethical, such as censoring child pornography. In terms of international relations, this is typically pretty easy because kiddie porn happens to be illegal in most of the rest of the world too. So the U.S. feds call up the Ukraine feds and they get together and shut down the illegal servers in Ukraine.

The second front is intellectual property, which is much more difficult because the USA has much more stringent copyright laws than most of the rest of the world. First, it is a felony to distribute—even to link to—the code needed to decrypt a movie DVD. This is only true in the U.S.A.; the rest of the world could care less. So when the MPAA, a private organization based in the U.S., pressured the Swedish government to prosecute the guy who first publicized the decryption code, they complied, but the judge threw out the case as entirely baseless under Swedish law.

In Russia, works copyrighted before 1972 are in the public domain, just as works in the U.S.A. from the turn of the century are in the public domain. That means that most of the Beatles' catalog is public domain there and locked down here. Apple Corps, the company that administers the rights (and isn't Michael Jackson a 50% owner?), refuses to put any of the Beatles' music in any non-physical formats, but download away from Russian sites. In fact, forget public domain, Allofmp3.ru has a fully-paid-up and legal radio broadcasting license from the Russian government, which Russian courts interpret to mean that it may distribute music via Internet. Again, they are 100% in compliance with local laws, but Mr. Jackson ain't getting his royalties when U.S. consumers get their music from Russian web sites.

The response, to this among other comparable issues, has been for the U.S. government to threaten to take away Russia's generalized system of preferences trade status. I.e., unless Russia changes its laws so Mr. Jackson gets his royalties, Russian goods will be taxed to the point of unsaleability in the U.S.A. This is all a threat that will not possibly come to pass, but it reveals the eagerness of the U.S.A. to meddle in the hard drives of foreign servers.

In many ways, the situation is very symmetric: country A's users see data from country B, and so the government of A threatens economic hardship on country B unless it compels its servers to comply with A's norms and customs. The asymmetry is that when A=China and B=U.S.A., the norms are basic issues of human rights, but when A and B are reversed, the norms are about royalty payments.

My pundit opinion: the U.S. government should be taking a firm stance that U.S. servers are beholden only to U.S. law. Microsoft would probably love this law. The guy in Seattle who had to sit there and censor a blog on behalf of the Chinese government did not want to do it, and I cite as evidence of this the fact that the cache was left up [If you're reading this more than a few days from now, that link won't work, but trust me...] A dumb little two-line U.S. law saying that U.S. corporations may not engage in censoring requests from a foreign government would buy MSFT's lawyers time, as they say `well, gee, China, we'd love to comply, but our hands our tied.'

However, I continue to opine, the government of the Bastion of Freedom will never pass such a law. First, there are less ethically-minded interests in the U.S.A.: all web pages in Tunisia are filtered thanks to software by Secure Computing of San Jose, CA. Second, by taking a strong stance that U.S. servers are beholden only to U.S. law and China had better butt out, it implicitly states that Russia's servers are beholden only to Russian law, and the U.S. had better butt out. I don't mean to imply that the U.S. government is incapable of hypocritical rulemaking, but it's still tougher than consistent laws, and to date the consistent route the U.S. government has taken is the one where royalties are likely to be paid and dissidents have no safe harbor. Recall my prior notes about how, as valid as we may feel U.S. copyright may be, protecting it in foreign lands is going to cost the U.S. consumer; it is also going to cost the Chinese, Tunisian, or Iranian dissident, who will see no support from the U.S.A.

[link] [No comments]
[Previous entry: "Fall of the house of Simpson"]
[Next entry: "Green versus greed"]