Skip to Navigation
University of Pittsburgh
Print This Page Print this pages

April 5, 2012

Best protection for digital assets? Economic, expert says

David H. Holtzman

David H. Holtzman

In the digital world, privacy and piracy may seem to be disparate topics, but a noted technologist and author argues that the two have much in common.

“There are a lot of similarities,” said Sara Fine Institute lecturer David H. Holtzman in his March 29 lecture here, “Stealing Digital Assets — Privacy and Piracy.”

Holtzman, a 30-year veteran of the information technology industry, earned his bachelor’s degree in philosophy at Pitt.

He is credited with designing the dotcom industry’s shared registry system and was instrumental in establishing the Internet Corp. for Assigned Names and Numbers, which oversees the Internet domain name system.

The author of “Privacy Lost and Surviving Identity Theft,” he currently is working on a book about reputational influence on social media.

Digital objects — be they movies, music or personal information — have value, and the fact that they are in digital form makes them vulnerable to misuse or theft.

Misuse — through pirating or identity theft, for example — can cause harm. What’s more, said Holtzman, neither privacy nor copyrighted material is protected adequately by the legal system, adding: “I don’t think either one is protectable for long.”

In the case of privacy, violations are related to personally identifiable information, which can range from a person’s name, address and phone number to the titles of the books he or she bought online or last night’s conversation with a friend.

Piracy, on the other hand, refers to the unauthorized use of someone else’s copyrighted material.

“Both deal with the concept of unsanctioned use of digital information — and the digital is the key part,” Holtzman said.

So, what is a digital asset? It could be a Microsoft Word file, an mp3 sound file, an mp4 movie or digitized personal information. “Basically, at some level it’s reducible to digital information and infinitely replicatable,” he said.

Copyrights, trademarks and patents protect intellectual property, but digital works are very hard to protect because they’re too easy to copy and distribute. “Piracy is almost impossible to catch, impossible to enforce,” Holtzman said, citing peer-to-peer sharing such as BitTorrent and Napster. “It’s also less clear what’s being protected: Is it the representation of the thing or is it the actual binary stream?” he asked, predicting increasing numbers of court cases on such issues.

As for privacy: There’s no way to protect it at all, he said.

The best protection for digital assets, argued Holtzman, who is a Pitt Legacy Laureate and member of the School of Information Sciences board of visitors, is economic — not regulatory, technical or legal.

Holtzman said the easiest way to stop privacy violations is to acknowledge that privacy is gone and to demand payment for valuable personal information. “I genuinely believe that’s the only solution,” he said. And, positing that people will pay what they think is fair for movies, music and the like, he said: “The best way to stop piracy is to make sure the price is right.”

*

Technical safeguards such as digital rights management (DRM) systems that, for instance, prevent unauthorized duplication of DVDs, can be bypassed easily, he said.

While some say that DRMs protect intellectual property, opponents argue that the systems are easily circumvented and tend to penalize legitimate users.

“It’s more costly to build an encryption system than it is to break one,” Holtzman said. “All encryption systems have an Achilles’ heel. If you find the master key, you can decrypt anything.”

Legal solutions also are inadequate, he argued. Civil remedies for privacy violations vary from state to state. Federal law such as the Health Insurance Portability and Accountability Act (HIPAA) “as a practical matter is almost useless” because patients often must waive their rights to HIPAA protection, he noted.

“The only real protection is contractual, which comes from privacy policies published by the companies,” Holtzman said. In addition to typically being impossible to read, the companies reserve multiple rights for themselves, such as the right to change the policy at any time by posting it on its web site. “Like you’re supposed to go look at everybody’s web site for whoever you deal with, on a daily basis, to see if they changed the privacy policy,” he said. “So, effectively there’s no protection.”

Holtzman said there’s also a lengthy time lag between technology development and the pertinent legislation and legal interpretation.

While product development cycles for new technology may take a year, it can take the legislature five years or more to catch up and 20 years for judicial interpretations to be handed down.

For instance, it’s still illegal to open someone else’s postal mail, but not illegal to open another person’s email. Landline phones are protected from wiretapping, but it’s legal to tap a cell phone in most places.

“Obviously because technology moves a great deal quicker than that, functionally there’s no such thing as legal protections for privacy,” he said.

The value of digital assets

The Internet is big, said Holtzman, noting it represented 4.7 percent of the U.S. economy last year, mostly through direct or indirect ad revenue.

Piracy is nothing compared to personally identifiable information (PII), Holtzman said. “This is the real business on the Internet.”

Legitimate companies pay $10 for a cell phone number, $17.50 for an unlisted number, 50 cents for an address and 25 cents for a listed phone number, Holtzman said.

“Lots of people sell PII,” he said, noting that Walgreens and CVS have been sued for selling customers’ prescription histories to pharmaceutical companies. Many states sell driver’s license information; dating sites sell details such as relationship status; the mobile communications system OnStar sells GPS information, and phone companies sell what users type into their smartphone browsers.

“If you use Gmail, they look at the content of your email,” he said. The company then uses the information to try to match ads to the email content.

“Most of the Internet is built on the idea that PII is free,” Holtzman said. “Google is one of the largest companies in the world and their whole business model comes from selling ads … based upon your free personal information. So, if someone actually did create good privacy law, it would cause enormous havoc with the United States’ economy.”

The cost of piracy

The movie industry claims to have lost $58 billion to piracy, which Holtzman believes is an inflated figure.

Supporters of the recently defeated federal bills, the House’s Stop Online Piracy Act (SOPA) and Senate’s Protect Intellectual Property Act (PIPA) in part sought to prevent search engines from linking to sites that foster piracy and force Internet service providers to block users from connecting to such sites.

The Internet industry’s actions — which included the shutdown of Wikipedia for a day — defeated SOPA and PIPA, which, if passed, almost certainly would have broken the Internet, Holtzman said.

Why pirate?

Why do people steal digital materials? Mostly, people pirate because they just don’t want to pay. Others may be collectors, may want to be the first to see a movie or may want to copy materials to sell, Holtzman said.

Research has found that people tend to download things that they wouldn’t pay money for, Holtzman said.

“A fairness principle is in operation. … If they like a movie, they’re a lot likelier to buy it. If they don’t like it and just want to kill an hour, they download it.”

New pricing models

Rather than setting a price, Holtzman suggested that companies negotiate with the consumer. “When the price seems right, people don’t steal.”

New models such as bartering, variable pricing and “pay what’s fair” are emerging, he said.

Among the principles of Freakonomics is that artists could make more money by increasing their reputation than by selling their work. “By giving things away, everybody thinks you’re famous and then you can make your money doing something else,” Holtzman elaborated.

“Lady Gaga makes far more on her concert tour selling merchandise than she ever did selling albums,” he said.

Pay-what-you-will models are another option, he noted, citing comedian Louis C.K.’s success and author J.K. Rowling’s plan to sell her books online using this principle.

Disintermediation — cutting out the middleman — is a change. Such vertical integration works for the artist by boosting the artist’s share of the revenue.

“The people who are complaining, and people who are supporting things like SOPA and PIPA, tend to be the distributors, the middlemen,” he said. “The people who are going to get screwed are distributors and the marketing companies.”

That’s why publishers and movie studios lobby for laws like SOPA, he said. “But, you know what, you don’t see too many slide rule manufacturers walking around anymore.”

Selling PII

“I contend we ought to be able to sell our own PII,” Holtzman said, citing for example the case of Pamela Anderson and Tommy Lee’s honeymoon sex tape. When the video surfaced on the Internet, given that their privacy already had been violated, the couple sued for the revenue instead, he said.

“All digital objects have some value — there’s no reason why you can’t sell your information,” he said.

—Kimberly K. Barlow


Leave a Reply