W3C home > Mailing lists > Public > public-webpayments@w3.org > August 2011

Re: PaySwarm and illegal sales? With ODRL? Compared to CCN

From: Steven Rowat <steven_rowat@sunshine.net>
Date: Mon, 22 Aug 2011 12:56:22 -0700
Message-ID: <4E52B466.1060305@sunshine.net>
To: public-webpayments@w3.org
On 8/20/11 9:02 PM, Manu Sporny wrote:
> Requiring a secure database where works are registered sounds like a
> centralized solution, or at least a solution that requires some sort
> of centralized control.

Yes; and perhaps that will be necessary in the long term.

However, your architecture of PaySwarm Authorities, in which there are 
competing authorities that the user chooses among, much like, say, a 
"Certified Organic" label from different certifying organizations, 
might work well, possibly better. To maintain the analogy: there's 
also a U.S. Federal single "organic" definition, but that lends itself 
to pressure and interference from large corporations, so sometimes the 
smaller more independent "Certified Organic" labels indicate superior 

>It would effectively be a ruling that if you
> want to distribute content on the Web, you have to pre-register it at
> a central authority.

No, I believe your "distribute" is too broad: even if there is a 
central registration database, one will only need to do this if they 
want the kind of control -- for financial or copyright reasons -- that 
this automatic checking can give. People who don't want to use it can 
continue as they are today. It would be an opt-in system, with the 
owners/creators being the people who register their own works. At this 
point I also see no problem with allowing pseudonyms, so 
whistleblowers and political activists can still use it, as well as 
people who just wish to be anonymous relative to their published 
works; much like book publishers do successfully now, and have for 
centuries, with authors who wish to remain pseudonymous.

>That seems to be a very risky proposition when
> we're talking about things like net neutrality and ensuring a level
> playing field.

Somewhat risky; but I think the benefits will be huge in allowing the 
decentralization of the control of information. Individuals working 
outside the system bureaucracies will be able to earn from their work 
and reach their audiences globally. I think it will change the 
information-flow landscape radically and largely for the better.

I agree there's a danger which should not be underestimated in having 
a central database, if that was attempted. But the world is carrying 
this danger with IP addresses right now, is it not? I own (or at 
least, yearly rent) a static IP address and my name is on it. That 
fact is being used and checked from a central place and is spread out 
throughout the Net in mirror IP servers. There is danger in this, but 
so far it's working. The architecture of a central digital works 
database is not identical to this, perhaps, but I think it's similar 
enough that we can project that we can handle it, as a world project. 
And it would really be a world project. In fact, it's probably a 
project for the United Nations.  :-) .

>Are you suggesting that we create a centralized
> registry of intellectual works?

I'm not sure, but I still think this needs to be seriously considered 
at this point, although who 'we' will be is certainly moot. If only 
one centralized database is maintained I don't envision it being a 
commercial enterprise, that's certain. Perhaps W3C; but unlikely that 
they would actually run it. Perhaps in theory the United Nations would 
be most appropriate, although again unlikely. It might have to be a 
freshly developed body for this one purpose, which uses the W3C as 
well as international law in developing its protocol, and then submits 
that protocol to some established international standards body in 
order to freeze the standard before implementation.

> However, I have never seen any material that asserts that [CCN] is a
> solution to piracy. Are you saying that one of CCNs end-goals is the
> reduction of pirated content on the Web?

It was clear to me that one of CCN's end-goals was improved *security* 
on the web, via the registering of every packet. In fact, what I took 
from the videos about CCN and the articles I read about it, was that 
security was the first and most important of the three main things CCN 
would address -- the other two being: scalability; and complexity of 
interoperability. I do not think it is a big jump from there to saying 
pirated content would be reduced.

>> http://lists.w3.org/Archives/Public/www-tag/2009Sep/0055.html
> It was a very good list of use cases back in 2009, and it continues to
> be a very good list of use cases today. Would you mind it if we merged
> your use cases into the PaySwarm use cases document:
> http://payswarm.com/specs/payswarm-use-cases
>... [snip]... I'm fairly
> certain that PaySwarm could support all of those use cases as long as
> there was some extension work done on how the PaySwarm Authorities
> handle certain business rules in the licenses associated with content
> that is sold.

This is very promising, and I have no problem with you providing 
PaySwarm code solutions for the use-cases and incorporating that in 
the PaySwarm document, with attribution of the original link. However, 
before you have worked out code examples for them I'd prefer if you 
merely linked to them, or quoted them in the standard text manner, 
rather than merging them into the document.

> Do you have a link that talks to the CCN packet security? How is it
> different than PKI? That is, why are CCN packets more secure than
> something that has end-to-end encryption, like HTTPS or TLS or a
> receiver-encrypted message using PKI?

I'm out of my league here. I believe these questions need to be 
answered but I am not the person to attempt them. I believe we need 
somebody from inside the CCN or NDN (named data networking, which is 
another name the concept is going by now: see 
http://www.named-data.net/) effort at this point, to carry on this 
conversation with someone like yourself who understands (as I do not) 
the joint intricacies of the signing of the packets and the transfer 
of the packets.

However, in attempting to understand the problem a bit more I have 
just gone and listened to the new (to me) 2010 video in which Van 
Jacobson explains the rationale for CCN/NDN at a very high level 
(largely without pesky details; giving the basic theory of why it 
needs to exist, and explaining with metaphors to physical 
distribution. The question period at the end does get into some 
interesting use-case details, however). This explanation has matured 
since 2009 and I recommend it. At 21 minutes Van gives a brief 
synopsis of why security is important. At the end of that he says that 
security is the most important difference between the current system 
and the CCN/NDN being developed.

Therefore, I believe you need to know these things about CCN before 
knowing whether it is superior in some way to what you can manage with 
PaySwarm on top of current TCP/IP.

Here's the 2010 "The Good, Bad and Ugly of Digital Distribution" video 
in case you wish to see it:

The version at PARC irritatingly does not honor my need to use the 
time slider to skip around in the video, so I've found another version 
that does:

>CCN is great, but...[snip]... the chances of it happening in the next
> 2-4 years are slim, I'm afraid.

This is wise to predict, but really all one can say is...perhaps. 
Three days ago it looked like a permanent stalemate in Libya.... to 
some. Maybe to all. Today the rebels are in the center of Tripoli and 
three of Gaddafi's sons have been captured.

> I don't think any combination of any technology will be able to
> prevent piracy because people are very good at lying. ..[snip]...
> Or, to put it another way - if someone wants to rip a movie, The
> Pirate Bay is a much better alternative to PaySwarm. As a viewer - you
> don't have to pay a dime.

You don't have to, but you might want to. There's a very good analogy 
made in the 2010 CCN video linked above, in which VJ talks about going 
into a store to buy a specific Samsung 49-inch TV. He makes a very 
good case for the fact that the naming of the content itself -- like 
the naming of the package containing the actual Samsung 49-inch TV -- 
is necessary for a distribution system to work effectively. I'll go 
further and relate it to your statement about lying: yes, in fact, all 
of us learn to lie (as a tool for survival) around the age of 5 or so 
(give or take a few years) -- but then we learn when it is and isn't 
appropriate to use it, and a lot of that decision is internally 
mediated by our educated conscience. I think this relates to the 
present situation as follows: when the 'digital work' is unsecured and 
unsigned, and all we have is a copy made by unknown persons, who might 
be lying about what they made it for and whether they're 'ripping us 
off' (industry middlemen, whatever: faceless, nameless), then Pirate 
Bay is an equally good alternative. But, in contrast, if that 'digital 
work' was trusted just as well as the 49-inch Samsung is as having 
come direct from the factory without anybody else tampering with it 
(i.e, direct from the person who made it, guaranteed by them), then I 
think the majority of people would be happy to engage directly with 
the creator by paying for the work; that buying it would become a far 
more attractive option than it is at present. There would still be 
piracy but I think it would be greatly reduced.

I don't know if PaySwarm can provide this sort of assurance without 
the architecture changes that CCN/NDN will allow.

If, on the other hand, PaySwarm can do this on top of existing TCP/IP, 
then it should.  :-) .

Received on Monday, 22 August 2011 19:56:56 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:07:19 UTC