Security quotes of the week [LWN.net]

And per-system-call permissions are very dubious. What system calls don't you want to succeed? That ioctl? You just made it impossible to do a modern graphical application. Yet the kind of thing where we would _want_ to help users is in making it easier to sandbox something like the adobe flash player. But without accelerated direct rendering, that's not going to fly, is it?

So I'm sorry for throwing cold water on you guys, but the whole "let's come up with a new security gadget" thing just makes me go "oh no, not again".

-- Linus Torvalds

I may be one of very few people in this room who actually makes his living personally by creating what these gentlemen are pleased to call "intellectual property." I don't regard my expression as a form of property. Property is something that can be taken from me. If I don't have it, somebody else does.

Expression is not like that. The notion that expression is like that is entirely a consequence of taking a system of expression and transporting it around, which was necessary before there was the Internet, which has the capacity to do this infinitely at almost no cost.

-- John Perry Barlow speaking at the e-G8 conference

Suppose that an attacker knows some of your past purchases on a site: for example, past item reviews, social networking profiles, or real-world interactions are a rich source of information. New purchases will affect the perceived similarity between the new items and your past purchases, possibility causing visible changes to the recommendations provided for your previously purchased items. We demonstrate that an attacker can leverage these observable changes to infer your purchases. Among other things, these attacks are complicated by the fact that multiple users simultaneously interact with a system and updates are not immediate following a transaction.

-- Joe Calandrino in the Freedom to Tinker blog

(Log in to post comments)

Security quotes of the week

Posted May 31, 2011 4:02 UTC (Tue) by ThinkRob (subscriber, #64513) [Link]

The power to stop someone from making a copy of code is property. Once that person makes a copy, you don't have that power anymore, just like if he picked your pocket.

So you effectively empty your pockets as soon as you ship a single copy of your code?

Or perhaps there's not a one-to-one relationship between physical goods and copyright...

intellectual property as actual property

Posted May 31, 2011 6:35 UTC (Tue) by giraffedata (subscriber, #1954) [Link]

The power to stop someone from making a copy of code is property. Once that person makes a copy, you don't have that power anymore, just like if he picked your pocket.
So you effectively empty your pockets as soon as you ship a single copy of your code?

Maintaining the metaphor, you do empty your pockets, but you have lots more in your safe at home. You're still poorer nonetheless, and if people pick your pocket every time you leave the house, they can even empty your safe.

The power to stop each copy from being made is a separate asset or piece of property. The monetary value of that property is what you could get the person to pay you for permission to make the copy.

intellectual property as actual property

Posted May 31, 2011 7:30 UTC (Tue) by jezuch (subscriber, #52988) [Link]

> Maintaining the metaphor, you do empty your pockets, but you have lots more in your safe at home. You're still poorer nonetheless, and if people pick your pocket every time you leave the house, they can even empty your safe.

If I had an infinite supply of X, for free or marginally cheap, I would not worry that much about someone "stealing" X from me... Slightly annoyed, maybe, for I would have to go to the safe. But maintaining the metaphor, I would have the safe with me at all times, and it would automatically replace the "stolen" X with a fresh replacement, so I would not even notice it was gone.

Nope. I don't buy it ;)

intellectual property as actual property

Posted May 31, 2011 7:50 UTC (Tue) by giraffedata (subscriber, #1954) [Link]

You're missing something pretty basic from the start of this discussion. The ability to make a copy, which is in fact infinite, is not the property. The power to stop someone from making a copy is the property. That's only meaningful insofar as someone actually wants to make a copy, so it is quite finite. If I write a program, there are a finite number of copies that anyone would want to make and the law creates intellectual property by saying I have the power to stop each of those copies from being made. If you make a copy (whether illicitly or because I gave you permission), that's one less copy I have the power to stop. I've lost something and you've gained something, just like with tangible property.

Maybe what makes people uncomfortable about the concept of intellectual property is the artificiality of it all. A physical object is something one can naturally possess, and we instinctively believe that there's also a moral right to continue possessing something, whereas intellectual property is entirely invented by Man to serve a practical purpose.

intellectual property as actual property

Posted Jun 2, 2011 9:36 UTC (Thu) by yeti-dn (guest, #46560) [Link]

Ability is a property? Are you still speaking English? Can I sell (i.e. transfer to) you my ability to climb trees? I would expect think kind of language distortion from corporate lawyers but not here on lwn.net.

The thing you can sell and buy is a kind of state-issued permit or entitlement for certain activities (it can be either explicitly issued or implied), not any ability. And, unfortunately, some of these legally tradeable items are difficult if not impossible to separate from the actual non-transferable abilities and/or the person of the creator/performer/... Pretending that they are separable and tradeable then, of course, leads to all kinds of absurdities. Part of the disregard for the `intellectual property' laws stems exactly from this.

So, please, do not say that ability is a property and, even better, do not use the term `intellectual property' at all.

intellectual property as actual property

Posted Jun 2, 2011 15:41 UTC (Thu) by giraffedata (subscriber, #1954) [Link]

Ability is a property?

No, I didn't say that. For the third time: the thing people who believe in intellectual property mean by "intellectual property" is (in one representative instance) the power to stop someone from making a copy.

And I do mean legal power. I have to, because intellectual property is entirely created by law.

The thing you can sell and buy is a kind of state-issued permit or entitlement for certain activities

The state does not issue a permit to do anything wrt copyrights, patents, and trademarks. It uses its police power to stop people from doing things.

And, unfortunately, some of these legally tradeable items are difficult if not impossible to separate from the actual non-transferable abilities and/or the person of the creator/performer/...

Here, you'll have to be more specific. I don't have any trouble separating a copyright from any non-transferable ability, so I don't have any problem seeing a copyright as the same kind of thing as a wallet, so I can accept the concept of it being property and treated much the same as a wallet.

intellectual property as actual property

Posted Jun 3, 2011 0:33 UTC (Fri) by Zizzle (guest, #67739) [Link]

> The power to stop someone from making a copy is the property.

i.e. Artificial scarcity to prop up property based business models.

intellectual property as actual property

Posted Jun 3, 2011 1:36 UTC (Fri) by giraffedata (subscriber, #1954) [Link]

i.e. Artificial scarcity to prop up property based business models.

Well said.

Security quotes of the week

Posted Jun 4, 2011 13:34 UTC (Sat) by allan (guest, #75435) [Link]

> The power to stop someone from making a copy of code is property.

No, it's copy-right. Copyright is not property (it is limited in time for example).

Security quotes of the week

Posted Jun 4, 2011 16:16 UTC (Sat) by anselm (subscriber, #2796) [Link]

(it is limited in time for example)

Unless you're Walt Disney.

intellectual property as actual property

Posted Jun 4, 2011 18:40 UTC (Sat) by giraffedata (subscriber, #1954) [Link]

The power to stop someone from making a copy of code is property.
No, it's copy-right. Copyright is not property

I don't know what point you're making with the "copy-right" spelling, but copyright is the power to stop someone from making a copy (IOW the right to control copying), and I have argued that copyright can be considered property in the same way a wallet is. And you haven't counter-argued.

(it is limited in time for example).

I've never heard of property having to be indefinite. A 30 year leasehold on a piece of land is normally considered property just like a wallet, for example.

Of course, people use the word "property" a lot of other ways, e.g. to mean "land," as in "get off my property." Some of those ways don't cover copyright.