Re: Agent-mediated access, kidcode critiques, and community standards

On Thu, 22 Jun 1995 bede@scotty.mitre.org wrote:

>    Why can't these cards be useful without ID and crypto-keys?  Do you have 
>    to show someone your drivers' license to purchase gum at a 7-11?  
>    Cigarettes, maybe, but gum, no.  Why should this be different for 
>    "infotainment"?
> 
> You're thinking about "digital cash".  I'm thinking about something
> more like a credit card, where your identity or some relevant aspect
> of it is an integral part of the transaction.  With KidCode, the
> notion of the identity (or at least the age) of the information
> consumer comes into play, and this would be part of an ID.  Recently,
> there was a media flap about buying liquor over the net:  it turns out
> to be easy to do without an ID.  KidCode deals with that sort of
> issue.  So we're really talking about buying things like cigarettes
> and liquor, not gum.

You miss my point: the kid would be buying gum, not cigarettes.  I guess 
you could send your kid to school with an ID if you wanted him or her to 
get 'dirty' pictures and the like, but otherwise, there's such a thing as 
a reasonable default.  Also, access could be controlled on the basis of 
individual, traditionally password-protected accounts just as easily as 
(in fact, more easily than) some sort of ID cards.

Similarly, at a video store, you may have to show someone some ID when 
you get your membership, but from then on identification is based on an 
in-house scheme (similar to passwording, although in this case it IS a 
card) and you can pay with plain money, which you can also use to make 
perfectly anonymous gum-buying transactions.

I'm not particularly fond of the idea of having ID on the same card as my 
money.  (I'm not too hot on most modern proposals for ID cards at all.)  
Sometimes I think there are a lot of people out there who would brand a 
Social Security number on everyone's forehead if they thought they could 
get away with it, and people like those are the kind who propose ID being 
so much more accessible than there is any reasonable need for.

> A lot (almost all?) of the sexy imagery online is in violation of
> copyright.  As a publisher, in most circumstances this is OK as long
> as I'm not losing significant revenue from it.  The material that's on
> the net seems to fall in this category for now, since there don't seem
> to be any online publishers competing against them.  But I have a hunch
> that if (for example) Playboy started publishing a by-subscription-only
> Internet photo magazine, this situation could change dramatically.

A lot of the stuff out there is free of corporate copyright.  Sure, people 
won't be scanning pages out of Playboy so much anymore, but there's a lot of 
(perhaps lower quality) stuff out there that will continue to be made 
available for free by individuals and small operations.

> Maybe you're right, but all I'm thinking of is an indicator that
> would come back from the server as part of its response to my GET.
> Something on the order of "Content-Rating: WXY", where "WXY" is an
> encoding of some sort we don't specify.  The rating would reflect the
> server's assessment of the document's rating, using whatever
> information is known about community standards where the client
> resides.  Within the U.S., we have some standard references like the
> MPAA ratings which I suppose could be used as defaults, absent other
> information.  Clearly, the client code would need to understand "WXY",
> and this raises the issue of what to do with unintelligible or garbled
> ratings indicators.

The server is simply the wrong place to put such a thing.  It puts way 
too much responsibility and computational burden on the servers.  It'll 
inhibit people from running servers, especially in countries like the US 
where the political and legal waters are getting rough.

The worst part is each server will be responsible for knowing the 
standards of every community in the world.  This is clearly unfair and 
impossible, given that the communities often don't seem to have much of a 
grasp on these things themselves.

> Not everything needs to be rated, and I think the only time you'd
> want to supply a rating is if it indicates the need for a restriction
> on the audience.

The authors of pages and those who run servers might not have the 
expertise to make such a determination, especially given how mores vary 
across the world.

> Unless you're playing a prank, there's no sound business reason I can

There are many pranksters on the Internet.

> think of to lie about the rating, particularly if you "upgrade".  I
> can't see any way to mechanically prevent publishers with "dirty" data
> from skirting the rules by elminiating or "upgrading" their ratings,
> but it's hard to see how substituting Betty Page for Thomas the Tank
> Engine buys me anything in the long term as a publisher other than
> undesirable notoriety.

Many people's only desire is for 'undesirable' notoriety.

> Aside from that, if I'm publishing dirty pictures, I make more if I
> advertise them as being dirtier than they really are (e.g., "XXX"
> rated movies).

Or, if you're publishing 'semi-dirty' stuff, you'll try for the risque 
end of an R (or the moral equivalent), and, if you're rating your own 
content, will probably tend to be a bit forgiving of yourself.

>    That depends.  It probably wouldn't be a good idea for elementary schools to 
>    allow unrated material to be viewed from their machines.
> 
> This is where restricting access to prescribed servers would be
> useful.  In an elementary school context, this type of restriction
> makes perfect sense, since you'd want to scout sites in advance
> yourself anyway.  Unguided "surfing" for elementary school kids
> doesn't serve any didactic purpose I can think of.  I can't see a

What about research for papers?  This would apply to a high school, at 
least, and that's still mostly minors.  Besides, sites are not homogenous 
(see below).

> compelling reason to rate everything, in any case, since it seems to
> add overhead when much simpler access restriction mechanisms appear
> to be available.

Different people will disagree on what needs to be rated, and why.  
That's the reason behind the SOAP scheme.

>    Rating by server simply isn't granular enough.
> 
> Maybe so, but it's a great first-order approximation of what to expect.
> Dirty bookstores and Barnes & Noble undoubtedly have some inventory
> overlap, but I know which one to keep my kid out of just by looking at
> the sign on the outside.  You get a much higher probability (but still
> less than 1.0) of age-appropriateness in contents with rated sites.


A server is more like a mall than a bookstore.  The server admin usually 
rents out space, and individuals manage their own space.  Yes, there 
might be restrictions on what would be allowed to be done in that space, 
but most people and organizations running servers can't afford to police 
such restrictions very well.  Even flagrant violations could go unnoticed 
for Quite Some Time.  Besides, how does rating servers work out if (as 
one hopes) public Web publishing sites become able to qualify for Common 
Carrier status?  Not very well at all.

--
James "oh no, a bare ankle" Deikun

Received on Friday, 23 June 1995 18:02:52 UTC