Overview Week 1 - January 17, 19 Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/ 1 Survey Please fill out course survey Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/ 2 Faculty and TA introductions QuickTime™ and a TIFF (Uncompressed) decompressor are needed to see this picture. QuickTime™ and a TIFF (Uncompressed) decompres are needed to see this picture Lorrie Cranor Rahul Tongia Dave Farber Serge Egelman Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/ 3 Syllabus http://cups.cs.cmu.edu/courses/compsoc-sp06/ Books Class schedule • • • • Subject to change - check web site for latest updates Topics Guest speakers Research and communication skills http://cups.cs.cmu.edu/courses/compsoc-sp06/skills.html Homework Quizzes Class Debates Project Course requirements and grading Class mailing list • http://cups.cs.cmu.edu/mailman/listinfo/compsoc Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/ 4 Cheating will not be tolerated You must do your own homework It is acceptable to discuss the reading assignments and general approaches to solving homework problems with your classmates It is not acceptable to discuss detailed homework answers or to copy homework answers from other students Hopefully you already knew this…. Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/ 5 Research and Communication Skills CMU Policy on Cheating and Plagiarism CMU Policy*: Plagiarism includes, but is not limited to, failure to indicate the source with quotation marks or footnotes where appropriate if any of the following are reproduced in the work submitted by a student: 1. 2. 3. 4. 5. A phrase, written or musical. A graphic element. A proof. Specific language. An idea derived from the work, published or unpublished, of another person. *http://www.cmu.edu/policies/documents/Cheating.html Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/ 6 Research and Communication Skills This is serious Consequences of plagiarism in this class range from zero credit for entire assignment to failing the course to recommendation of university disciplinary action Publishers and professional societies have plagiarism policies too The Internet makes it easy to plagiarize • Students are frequently cutting and pasting off the Internet without proper quotation and/or citations • Students are buying papers off the Internet The Internet also makes it easy to catch plagiarizing Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/ 7 Research and Communication Skills Avoiding plagiarism If you use someone’s specific words, put them in quotes and cite the source If you use someone’s ideas expressed in your own words, cite the source If you paraphrase, summarize in your own words, but still cite source • Don’t use same sentence structure with a few word substitutions • If you use some of the source’s words, put them in quotes When in doubt, put it in quotes and cite the source! Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/ 8 Research and Communication Skills Misuse of sources Quinn (Appendix A) distinguishes between deliberate and non-deliberate attempts “to conceal the source of the words or ideas” • Deliberate = plagiarism • Non-deliberate = misuse of sources If you are accused of plagiarism, it may be difficult to convince people that what you did wasn’t deliberate • In this class we are warning you about plagiarism and misuse of sources and will therefore assume that if we see something that looks like plagiarism, it is deliberate So… be careful not to misuse sources • It is not sufficient to simply cite a source when you copy material verbatim - you must put the words in quotes! Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/ 9 Research and Communication Skills Good resource on avoiding plagiarism http://www.wisc.edu/writing/Handbook/QPA _plagiarism.html Includes nice examples of good and bad paraphrasing Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/ 10 First homework assignment http://cups.cs.cmu.edu/courses/compsocsp06/hw1.html Due January 26 Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/ 11 Discussion of course surveys Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/ 12 Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/ 13 What is ICT? “Information and Communications Technology” • Largely a non-US term • IT and Telecom = US parlance Can be as broad or as narrow as one defines • What are the departments within SCS? How important is ICT? • GDP – non-trivial but modest share Measurements are difficult • Major component of economic growth (productivity) Measurements are even more difficult • Is information a source of competitive advantage? “Knowledge Economy” Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/ 14 Components of ICT: 4Cs Computers • All devices part of a computing system • More than PCs Connectivity • More than just the Internet Content • Inputs and/or outputs; • Software and embedded software (human) Capacity • Ability to use ICTs • Includes literacy, e-Literacy, etc. Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/ 15 Which is a Computer? Husqvarna Viking Sewing Machine Aprilaire Thermostat Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/ 16 What is a Computer? Many definitions… E.g., Any device that applies a set of rules to systematically and consistently perform calculations or operations (“algorithms”) on any chosen set of data or information to produce an output or lead to a defined state Many devices are computers, e.g., calculators, cell phones, etc. • Is a remote car opener a computer? Computers per se are not very intelligent Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/ 17 Computers are EVERYWHERE Don’t need to be digital… Don’t need external software… Can be part of a larger device that is ostensibly not about the computing • Cars – more value to the computing components than the steel Are humans computers? • We have aspects of computers in us Adding up number of students in this class Cellular automata and genetic material? Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/ 18 Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/ 19 Research and Communication Skills Selecting a research topic Brainstorm • • • • What are you interested in? What would you like to learn more about? What topics might be relevant to your thesis? What topics might be relevant to your future career? Select a small number of candidate topics Read • • • • • How much information seems to be available? Is this topic over done? What open questions or points of conflict are there? Do you still find this topic interesting? Do you have the skills necessary to pursue this topic? Feel free to discuss with professors or TA Focus • Select a topic • Define a focused research question Paper topic due March 2 Read some more • Conduct a “literature review” • Adjust your topic as needed Outline and bibliography due April 6 Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/ 20 Current Issue: Analysis of Security Vulnerabilities in the Movie Production and Distribution Process Lorrie Cranor Joint work with Simon Byers, Dave Korman, Patrick McDaniel, Eric Cronin Unauthorized copying of movies Estimated annual revenue losses due to unauthorized copying of movies QuickTime™ and a TIFF (Uncomp resse d) de com press or are nee ded to s ee this picture. • Via physical media: $3 billion (2003) • Via Internet: $4 billion (by 2005) Arguably, these estimates are high • Why? Even so, a lot of money at stake and problem is growing Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/ 22 Focus of MPAA’s public discussion Shutting down mass production and distribution of pirated movies QuickTime™ and a TIFF (Uncompressed) decompressor are needed to see this picture. • Relatively easy, non-controversial Schemes to prevent consumer copying • Broadcast flag • Digital rights management • Trusted computing Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/ 23 Concerns about DRM proposals May restrict reasonable uses, including uses falling under “fair use” May chill innovation Some industry proposals would restrict functionality of general purpose computers Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/ 24 Broadcast flag November 2003 FCC ruling would have made it illegal as of July 2005 to manufacture or sell devices that receive over-the-air digital TV broadcasts unless they contain certain copy protection technologies Many consumer and industry groups raised concerns Court of Appeals ruled that FCC did not have the right to regulate this Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/ 25 New security measures In spring and summer of 2003, movie industry began acknowledging publicly need for stronger security measures • Industry insiders publicly critical of security practices • Security measures at pre-release screenings Security guards with night vision goggles Metal detectors No cell phones • No pre-release screenings for some movies • Compressed release time frames for some movies Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/ 26 That didn’t prevent The Hulk from showing up on the Internet two weeks before its theater release date Quic kTime™ and a TIFF (Uncompress ed) dec ompres sor are needed to s ee this pic ture. Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/ 27 Maybe helped find source of leak Copy on Internet had obliterated water mark • Not clear whether this was actually used to find source of leak Arrest was made within 3 weeks of leak • Kerry Gonzalez pleaded guilty to a single count of felony copyright infringement • Fined $5K + $2K damages and 6 months house arrest • Obtained pre-release video tape of “work print” from friend, who got it from employee of print advertising firm Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/ 28 Where do copies come from? Press reported some anecdotes, but no publicly available data This data could be useful for improving security and for more informed policy debates Our research approach: • Understand movie production and distribution process Interviews with insiders and experts • Gather data about unauthorized copies of movies on the Internet Empirical study • Analyze security vulnerabilities in movie production and distribution process Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/ 29 Many opportunities for “leaks” Leak = first unauthorized copy or use Insider (thousands of potential attackers): • • • • • • Editing room Marketing Projectionist DVD factory Retail employee Oscar screeners Outsider (millions of potential attackers): • Camera in cinema • Consumer copying videos, DVDs, broadcast Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/ 30 Many opportunities for “leaks” Leak = first unauthorized copy Insider (thousands of potential attackers): • • • • • • Editing room Marketing Projectionist DVD factory Retail employee Oscar screeners Usually not good quality Usually not fresh Outsider (millions of potential attackers): • Camera in cinema • Consumer copying videos, DVDs, broadcast Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/ 31 Empirical study Identify every movie in box office top 50 from January 2002 to June 2003 Find fingerprints (checksums) and posting dates from Content Verification Site Download 5% of each movie clip Watch them, identify quality and source • TTA, VHS, DVD • Insider vs. outsider Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/ 32 Identify box office top 50 http://www.rottentomatoes.com/movies/box_office.php?rank_id=362 We used perl scripts to crawl Rottentomatoes and gather top 50 data for 18 month period 409 movies 312 first released in US Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/ 33 Find fingerprints and post dates We used perl scripts to search ShareReactor for films Some fine tuning was necessary to get data on the correct films Found 183/312 movies, some with multiple samples Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/ 34 Fetch small bit of each movie MLDonkey • Open source peer-to-peer client • Content divided into blocks, client downloads multiple blocks simultaneously from different sources, can stop and resume downloads Used perl script to download 8% of one file for each movie (some movies stored in multiple files) - usually resulted in a complete block from beginning and end of movie 285 viewable samples of 183 movies • 18 gigabytes of data • 200 MHz computer and cable modem • Took one week to download Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/ 35 Classification Insider if: • • • • Appeared prior to cinema release Editing room artifacts Industry related text or overt watermarks Good through-air video capture but apparently direct captured audio and appeared prior to DVD/VHS release date • DVD quality and appeared prior to DVD release date Otherwise outsider or unknown Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/ 36 Insider: editing room artifacts QuickTime™ and a TIFF (Uncompress ed) decompress or are needed to s ee this picture. QuickTime™ and a TIFF (Uncompressed) decompressor are needed to see this picture. Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/ 37 Insider: Watermarks/Text QuickTime™ and a TIFF (Uncompressed) decompressor are needed to see this picture. QuickTime™ and a TIFF (Uncompressed) decompressor are needed to see this picture. QuickTime™ and a TIFF (Uncompressed) decompressor are needed to see this picture. QuickTime™ and a TIFF (Uncompressed) decompressor are needed to see this picture. Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/ 38 Outsider Through the air video QuickTime™ and a TIFF (Uncompress ed) decompress or are needed to s ee this picture. Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/ 39 Findings 183 of 312 movies found on Internet (59%) 285 different rips 77% were insiders 78% DVD quality Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/ 40 When do movies appear online? 2.2% movies appear before theater 5% movies appear after DVD Theater release DVD release Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/ 41 Our paper Published in DRM03 workshop Presented at TPRC Covered in NYTimes, CNN, Wired, Hollywood Reporter, and elsewhere Quoted in Congressional and FCC hearings http://lorrie.cranor.org/pu bs/drm03.html Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/ 42 Implications High rate of insider leaks and timing suggests that consumer copying is a relatively minor problem (at time of study) Opponents of broadcast flag and other MPAA proposals have cited our study to argue that the movie industry should clean up its own act before imposing restrictions on consumers MPAA called our study “flawed” Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/ 43 But two weeks later QuickTime™ and a TIFF (Uncomp resse d) de com press or are nee ded to s ee this picture. Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/ 44 Coming back to p2p… Assuming the insider problem can be solved, unauthorized copying of consumer DVDs likely to increase Unauthorized copies of movies, music, software, etc. are continuing to propagate over p2p networks Anonymous p2p networks may make it very difficult to identify source What should be done? • Make p2p illegal • Make online anonymity illegal • Mandate DRM Computers and Society • Carnegie Mellon University • Spring 2006 • Cranor/Tongia/Farber • http://cups.cs.cmu.edu/courses/compsoc-sp06/ 45