Re: PaySwarm and illegal sales? With ODRL? Compared to CCN from Manu Sporny on 2011-08-21 (public-webpayments@w3.org from August 2011)

From: Manu Sporny <msporny@digitalbazaar.com>
Date: Sun, 21 Aug 2011 00:02:18 -0400
To: public-webpayments@w3.org
Message-ID: <4E50834A.6020108@digitalbazaar.com>
On 08/19/2011 06:44 PM, Steven Rowat wrote:
> OK, now I (Steven Rowat) am adding fresh content to this.
> First, to answer Manu's question about how ODRL could help with
> preventing fraudulent sales: I don't know if it could. Perhaps those
> actively involved in ODRL could answer here on this list. My guess, if
> it could, would be that it would require a secure database where works
> are registered and also the places they are allowed to be sold are
> registered; and ODRL would access that.

Requiring a secure database where works are registered sounds like a 
centralized solution, or at least a solution that requires some sort of 
centralized control. It would effectively be a ruling that if you want 
to distribute content on the Web, you have to pre-register it at a 
central authority. That seems to be a very risky proposition when we're 
talking about things like net neutrality and ensuring a level playing 
field. Are you suggesting that we create a centralized registry of 
intellectual works?

> However as Manu indicates with
> his hash suggestion, it will be difficult to prevent people from selling
> similar works (marginally changed copies). Perhaps impossible. And in
> fact that's one conclusion the people working on CCN (content centered
> networking) have come to; which, among other major advantages, is why
> they are working on it.

I've also been following CCN for a few years and just went back to look 
at the state of the art before responding to this e-mail. I agree that 
it is a technology that is desperately needed in order to ensure that 
we're using our network infrastructure efficiently. I do think that 
something like it will surface at some point and that any Web Payments 
initiative should take this future prospect into account.

However, I have never seen any material that asserts that it is a 
solution to piracy. Are you saying that one of CCNs end-goals is the 
reduction of pirated content on the Web?

> I spent several weeks on this issue in 2009 and
> summarized the issues in a document which I submitted to the TAG of the
> W3c, that gives 10 use-cases of independent creators and how their
> copyright and digital sale of their work was being impacted by HTML5. I
> concluded that CCN was necessary, and included a brief summary of how it
> operates. Here's that document:
>
> http://lists.w3.org/Archives/Public/www-tag/2009Sep/0055.html

It was a very good list of use cases back in 2009, and it continues to 
be a very good list of use cases today. Would you mind it if we merged 
your use cases into the PaySwarm use cases document:

http://payswarm.com/specs/payswarm-use-cases

> Having gone back and read that document again, I see no reason why
> PaySwarm will improve more than marginally on what HTML4 and 5 have not
> yet been able to do, which is provide a secure, scalable, and
> transparent mechanism for individuals (without deep pockets) to engage
> in commerce in their own digital works.

HTML4 and HTML5 are merely markup languages, they're not protocols like 
TCP/IP or HTTP or CCN. I think that is an important distinction to make. 
After looking through your use cases above, I'm fairly certain that 
PaySwarm could support all of those use cases as long as there was some 
extension work done on how the PaySwarm Authorities handle certain 
business rules in the licenses associated with content that is sold. 
That is, PaySwarm currently takes into account:

   * Security - content may be encrypted if required by the content
                creator, machine-readable digital contracts are used to
                specify exactly what is being bought and sold, digital
                signatures are used throughout to assert which
                parties took part in an exchange.
   * Scalable - PaySwarm is built on the Web's architecture, it
                is distributed, it's very REST-y and is therefore
                at least as scalable as the Web is today. There is a
                mode to PaySwarm that is almost purely P2P-based that
                takes many concepts from CCN and applies them to the
                network architecture.
   * Transparency - The original author does not have to be the
                distributor for the content in the Web-based PaySwarm
                architecture, nor in the P2P-based PaySwarm architecture.
                It's not as great as CCN claims to be, but we are not
                going to be able to achieve CCN without some major
                support at core routers on the Internet. PaySwarm is
                something that may provide the financial incentive for
                ISPs to move further toward CCN.

> In CCN the packet is secure (like a letter, with an address and a
> cancelled stamp) rather than the points of origin and arrival now used
> in TCP/IP (like an old analog telephone call from switch to switch).

Do you have a link that talks to the CCN packet security? How is it 
different than PKI? That is, why are CCN packets more secure than 
something that has end-to-end encryption, like HTTPS or TLS or a 
receiver-encrypted message using PKI? If you are saying that there is a 
digital signature on the content stream, PaySwarm achieves that via 
digital signatures on assets. The PaySwarm P2P stuff achieves that by 
digitally signing chunks of content.

> If this is indeed coming, then perhaps PaySwarm can still work within it
> -- but not likely in the way that it is being developed at the moment.
> So perhaps if a huge amount of work is done on PaySwarm in the next year
> or two, ignoring the coming of CCN, then all that work will be for nothing.

I don't think we want to ignore the desire to move toward CCN at all. 
That would be pretty foolish of us. I think we should truly understand 
what problems CCN can solve and which ones it cannot solve vis-à-vis the 
Web Payments initiative, while simultaneously understanding the timeline 
over which it might occur. For example - CCN is great, but none of the 
browser manufacturers are talking about implementing it with any amount 
of certainty at this moment.

I can check with the Mozilla, Apple and WebKit teams next week, but I 
can imagine that they're not seriously considering CCN presently and 
without their support, it's not going to happen. That's not to say it 
won't eventually happen, but the chances of it happening in the next 2-4 
years are slim, I'm afraid. Again, that doesn't mean that we should 
spend some time understanding how PaySwarm will work once CCN is 
deployed on a large scale.

> Or, perhaps I'm quite wrong and some combination of something like
> PaySwarm and something like ODRL, working together, can do the job. If
> so this list seems like the place for that discussion. Anybody?

I don't think any combination of any technology will be able to prevent 
piracy because people are very good at lying. Our societies tend to 
value freedom (the right to sell what you want, when you want, to whom 
you want) over intellectual property (the right to have exclusive 
ownership over what you create). That is, the second item is rarely 
placed as more important than the first item.

Or, to put it another way - if someone wants to rip a movie, The Pirate 
Bay is a much better alternative to PaySwarm. As a viewer - you don't 
have to pay a dime.

-- manu

-- 
Manu Sporny (skype: msporny, twitter: manusporny)
Founder/CEO - Digital Bazaar, Inc.
blog: Uber Comparison of RDFa, Microformats and Microdata
http://manu.sporny.org/2011/uber-comparison-rdfa-md-uf/
Received on Sunday, 21 August 2011 04:02:59 UTC