Sunday, November 28, 2010

My proposal for Copyright Reform.

One thing that has bothered me, more and more over the years, is the current situation with Copyrights (and the trend behind the changes over the past 40 years or so). As such, I have been thinking a lot about the changes I would recommend. I have my desired position on it, as well as some fallback positions that I could ultimately compromise for.

Here are the fundamentals of what I think Copyright should be:

a single term of 28 years, unable to be extended for any purpose.
only able to held by actual human beings (not business entities).
must be available to the public-at-large for purchase for at least 180 consecutive days during each 2 year period.
non-transferable.

The single term of 28 years promises to build up our culture by releasing more and more of our works (ours, as in the people of our nation) back into the public domain for the benefit of our entire society. This was a concept that was considered vital at one time, but now has been pretty much destroyed in favor of having some continue to rake in the bucks from old ideas. On that point, it will also increase innovation by decreasing the amount of time each person has exclusive control over their ideas, as well as increasing the pool of content that could inspire the next innovations.

The purpose of Copyright is to give individuals a reasonable amount of time for exclusive control of their own ideas. As such, it is not about giving businesses the same control. Every copyright will be owned by individuals and only those actual human beings will be able to control the use of it during their exclusive period.

My idea of dealing with copyright trolls is the basis behind the requirement that the copyrighted idea be made available for purchase by the public-at-large for a consecutive 180 day period within each 2 year period. This would prevent the stockpiling of copyrights for the sole purpose of suing infringers. The knowledge that they must market this product for 6 months out of every 2 year window would require that their business model consist of more than just filing litigation. As well, big business would no longer be able to bury copyrighted works indefinitely while suing those (sometimes the original creator of the works) who try to bring it out to the people. Anyone who does not meet these requirements risks losing their copyright, if found to be non-compliant.

The non-transferable clause is to prevent the hording of copyrights by entities who never create anything. Since this whole concept was to make sure the original artist got exclusive control and was able to use this to earn an income and buy things like food, we cannot allow this to be transferred to others. Control stays with the originator until they either die, or the 28 year term expires (whichever comes first).

If these are not to be met, and the current concept of ever-increasing Copyright terms is preferred, then they must not be treated as criminal activity going forward. The only thing worse than the current trend of increasing term lengths is the trend of expanding the criminal charges for it. If you want to treat it as criminal activity, then you simply must have a reasonable term limit that sees that material enter the public domain within a few decades. If you are willing to make it a civil matter, as it used to be and patent infringement currently is, then you can keep the terms at hundreds of years.

Thursday, July 15, 2010

Privacy.

Some people believe, and don't mind sharing the view, that "Privacy is dead." I suspect that some of the proponents of that perspective do not fully understand just what privacy is. It does not mean that nobody shares any of their personal information. It means that each individual gets to choose how and when that personal information is shared.

Privacy is not helped when the government is not willing to do much to protect it. There are entire industries built on the storing and selling of information about every individual in the United States. This is not information that you may have explicitly made the choice to share, but they are able to sell that data because it falls under the realm of "public information." We should not worry too much that this information could easily lead to the stealing of your identity if it were to fall into the wrong hands.

The other problem is the creation of websites where you are expected to share personal information in order to be part of a community. Those who keep their information locked down are seen as standoffish in this new community, much like someone at a party who just doesn't open up or talk about anything. You are expected to share things like the area you live in, where you like to vacation, marital status, information about any children you may have, where you work, and more. Each piece of information, analyzed by itself, seems innocuous and unimportant. The concept that many do not consider is the kind of profile that could be built based on all of this information as a whole. It just might be enough information to con account details out of your bank. It might be enough to get medical information from a hospital or doctor's office. Maybe these "bad guys" would be able to sign up for credit cards, bank loans, mortgages, etc, using this profile information gleaned from a few Internet-accessible sites.

At the end of the day, people need to take the willful dissemination of this private information much more seriously than it seems they do today. More care should be given to the complete picture of what this information means, rather than the minimal significance that each individual piece might represent. As well, our government should do more to protect our information by putting tighter controls around the storing, processing, and sharing of this information. When an entity fails to properly handle this information, there should be transparent procedures and penalties that must be complied with. No longer should companies be able to make up the rules as they go along, nor should the legally proscribed standards strive to be weak in order to keep big business happy. The standards should be considered high-end and businesses will either comply or be forced out of the game.

Saturday, July 3, 2010

Welcome to the blog.

This will be a place for my thoughts regarding the security world. From commentary about the events of the day, higher policy issues, and training/education, I plan to gather it all here. This way it will be a personal record and archive that I can use for personal development, with the potential that it may help others along the way as well.

After acquiring the CISSP certification, I have heard many in the infosec community express negative views of it. The one thing I would like to express is that I find value in it because I got the experience and absorbed the knowledge in order to obtain it. While it is not overly technical, I learned about some higher level items, that were outside of my previous experience, that I feel gives me some insight about other parts of the business enterprise. For me, being able to see things from a higher level is a very positive experience and thus of great benefit personally. I don't think it makes me a genius or an expert at anything, but I value it because of the work I put in to get it. I am wary of those who label themselves as geniuses and experts anyway, so I am unlikely to ever feel I meet that criteria (nor would I desire to). If I ever think I have nothing left to learn, it is time for me to have a brain scan.

Now on to bigger and better things. This blog will motivate me to stay informed, express my views, improve on my writing skills, improve on my presentation skills, and otherwise stay more actively involved with the security world.