The dark side of digital

It doesn’t take a cyber-sociologist to notice that people interact differently over their computers than just about any other form of communication. Your online persona is completely of your own creation – age, gender, sexuality, race, body shape, political disposition, character – every aspect of your personhood is malleable and fluid in this “virtual reality.” A person who wouldn’t even consider taking a mint without asking might very well traffic in illegal music and movies without a second thought. People who would never speak to a person of different political ideology might spend hours following links explaining concepts completely new to them. By this point, the distinction between “real life” and “on-line” is a given to any person younger than 50. If it seems so natural to us that our behaviors should be different in these two realms, why do we expect the social regulation to stay the same?

At Portland State, our online social regulation takes the form of an “Acceptable Use Policy,” or AUP, ( which considers our computing resources to be a type of public property and outlines a minimal set of expectations to ensure the availability and utility of those resources for the entire community. If you have access to any Portland State computing resource, you have agreed to follow these standards. As a matter of fact, almost every service provider has an AUP, the company that connects you to the internet, the company that hosts your e-mail account, your blog, etc. Most of these policies are enforced loosely, generally only in case somebody complains. They are principally used to shield the service provider from legal action arising from the misuse of their systems.

In reality it is fairly difficult to apprehend a cyber-baddie. The way that information is exchanged is through a series of information requests issued by the user’s computer, routed through a series of intermediate devices and finally re-assembled at the server. The structure of the inter-network allows requests made by the same client to the same server to take different routes. Even the server’s record of the requesters isn’t reliable. It is possible to connect to a different computer and have it make the requests for you, invisibly to the rest of the network. This complexity is one of the reasons that most investigations of cyber-crimes take the form of reading the records each server keeps. The problem is that each web page can require a large number of requests to be sent, making these logs into vast collections of mostly banal information, consuming space and slowing information exchange without providing any additional functionality. It is for this reason that most service providers keep minimal records of the information requests.

The Office of Information Technology, the portion of the university responsible for network connectivity, currently doesn’t normally keep logs of the requests made from our computers. The ability exists, of course, but is usually only invoked to provide data for troubleshooting or as the result of a subpoena or request for information from a law enforcement agency. Portland State currently does not have a blanket policy for dealing with these requests, which are handled on a case-by-case basis by the office of the director of OIT, Mark Gregory. PSU also doesn’t offer data on the number or type of these requests, although it seems reasonable to assume that they are similar in nature and proportion to those made to other service providers and fall into two main categories: intellectual property disputes and cyber-crime investigations.

Intellectual property disputes are primarily accusations of copyright infringement and generally arise from the use of file-sharing services. The media has been so saturated with reports of the recording and movie industries destroying the lives of normal citizens that many otherwise reasonable people have a fear reaction to the term “MP3.” These industries pay lots of money to create this fear. In reality, the issues surrounding file sharing and fair use are very complex and not at all completely decided. The number of subpoenas issued is miniscule compared to the number of people sharing files, and the number of actual convictions is even smaller.

The laws that allow this harassment actually amount to the subsidization of moribund business models. The music and movie industries still don’t understand that the essential nature of data exchange has changed and that copy control simply is no longer realistic. Used to the absolute control of the means of production and distribution of content, they feel that they cannot allow any form of competition. What the news reports don’t tell you is that these draconian, anti-competitive laws aren’t having much of an effect. The amount of shared data continues to expand exponentially, despite their efforts to inculcate us with fear.

The effect of these frivolous laws is far more pernicious, however. The fact that it takes so much effort to find the specific data required for a subpoena without jeopardizing the privacy of the innocent means that the other type of request, for information about serious, crimes can be delayed or completely ignored. Investigation of server logs has proved to be essential in the discovery and prosecution of child sexual-abuse rings, terrorist cells and thieves of personal and financial information. Instead of providing a little more income to a few millionaires, these investigations have prevented murder, child rape and the theft of untold millions of dollars from people like you and me.

One of the major fields of current computer research aims to teach computers how to analyze and act upon their own logs. This task is more complicated than it may seem. First, you have to understand how humans are capable of extracting meaning from data and its structure. Teaching a computer to mimic this task amounts, in large part, to creating an artificial intelligence. Research in this field is progressing rapidly and has already provided technologies that make this “data mining” much easier and more efficient.

Until computers are smart enough to handle the bulk of the duties, however, the best policy for dealing with information requests is the one adopted by OIT: case-by-case evaluation. Eventually the unsuitability of “real world”-style regulation to online behavior will become apparent to the recording and movie industries, which will then either change their fundamental nature, pay our legislators to draft still more ineffective legislation or expire completely. However this mess is finally resolved, we can only hope that the people administering our computer inter-networks are allowed to ignore the grumbling of dying monopolies to prevent real suffering. Unfortunately, as long as the lawmakers are beholden to these industries’ powerful lobbies, that is unlikely to happen.