CITP Blog - Formerly Freedom to Tinker

Viacom, YouTube, and the Dangerous Assembly of Facts

– by

Comments

On July 2nd, Viacom’s lawsuit against Google’s YouTube unit saw a significant ruling, potentially troubling for user privacy. Viacom asked for, and judge Louis L. Stanton ordered Google to turn over, the logs of each viewing of all videos in the YouTube database, showing the username and IP address of the user who was viewing the video, a timestamp, and a code identifying the video. The judge found that Viacom “need[s] the data to compare the relative attractiveness of allegedly infringing videos with that of non-infringing videos.” The fraction of views that involve infringing video bears on Viacom’s claim that Google should have vicarious copyright liability–if the infringing videos appear to be an important draw for YouTube users, this implies a financial benefit to Google from the infringement, which would weigh in favor of a claim of vicarious liability.

As Doug Tygar has observed, the judge’s optimistic belief that disclosure of these logs won’t harm privacy seems to be based in part on the conflicting briefs of the parties. Viacom, desiring the logs, told the judge that “the login ID is an anonymous pseudonym that users create for themselves when they sign up with YouTube” which without more data “cannot identify specific individuals.” After quoting this claim and noting that Google did not refute it, the judge goes on to quote a Google employee’s blog post arguing that “in most cases, an IP address without additional information cannot” identify a particular user.

Each of these claims–first, that the login IDs of users are anonymous pseudonyms, and second, that IP addresses alone don’t suffice to identify individuals–is debatable. I haven’t reviewed the briefs that led Judge Stanton to believe each of the assertions. I suppose that his conclusions are reasonable in light of the material presented. It might be the case that the briefs should have led him to a different conclusion. Then again, as the blog post quoted above suggests, Google has at times found itself downplaying the privacy risks associated with certain data. A victory in this argument, causing the judge to take a more expansive view of the possible privacy harms, might have been a mixed blessing for Google in the longer run.

In any case, when he combined the two claims to compel the turnover of the logs, the judge made a significant mistake of his own. Agreeing for the sake of argument that login IDs alone don’t compromise privacy, and that IP addresses alone also don’t compromise privacy, it doesn’t follow that the two combined are equally innocuous. Earlier cases like the AOL debacle have shown us that information that may seem privacy-safe in isolation can be privacy-compromising when it is combined. The fact of combination–the fact that some viewing by a particular login ID happened at a certain IP address, and conversely that a viewing from a particular IP address occurred under the login of a particular user–is itself a potentially important further piece of information. If the judge thought about this fact–if he thought about the further privacy risk involved in the combination of IPs and login IDs–I couldn’t find any evidence of such consideration in his ruling.

Google wants to be permitted to modify the data to reduce the privacy risk before handing it over to Viacom, but it’s not yet clear what agreement if any the parties will reach that would do more to protect privacy that Judge Stanton’s ruling requires. It’s also not yet apparent exactly how the judge’s protective order will be constructed. But if the logs are turned over unaltered, as they may yet be, the result could be significant risk: YouTube’s users would then face extreme privacy harm in the event that the data were to leak from Viacom’s possession.

[As always, this post is the opinion of the author (David Robinson) only.]

Comments

32 responses to “Viacom, YouTube, and the Dangerous Assembly of Facts”

  1. anon

    There is a lot of political speech on YouTube.

    Judge Stanton’s order to copy Google’s 12 TB of viewer data runs roughshod over people’s right to view that political speech anonymously. Judge Stanton erred by failing to even consider the First Amendment rights of YouTube viewers to view political speech anonymously.

    For instance, I’ll give just one example of political speech on YouTube. This will be an issue familiar to Freedom-to-Tinker readers: The video concerns the 18,000 votes that were mysteriously lost in the Sarasota, Florida election of Novemeber 2006. The video suggests that the integrity of that election is doubtful.

    FL-13 HEARINGS: Evidence / “Who Had Warehouse Access?”

    The government has no right to know who’s watching that political video. The government has no right to order Google to turn over viewership data on that video.

    Yet Judge Stanton didn’t even consider the issue.

    Reply
  2. Jeremy Zweig

    To be clear, Viacom is not looking to identify any particular end-user, let alone discover what he may be watching. The logs will be subject to an extraordinarily high security and confidentiality threshhold, and the raw data won’t be accessible to Viacom.

    We’re currently working with Google to deliver the information that we need to prove our copyright infringement case, and are trying to do that without even receiving IP addresses or actual usernames. Hopefully we’ll hash that out shortly.

    We’ve got a pdf with more information here: http://www.viacom.com/news/News_Docs/ViacomQAOnPrivacy.pdf

    -Jeremy
    Viacom

    Reply
  3. Shad Price

    While I can appreciate your position on this Mr. Zweig, I still have to ask. How does what you say help to protect my privacy? The problem is not identifying individual users so much as the simple fact that you guys will have all of that user data in your possession.

    After you guys are done analyzing it what will happen with the data? Will you give it back? Will you destroy the data in a way that it cannot be recovered? Are there measures in place in case the data is somehow compromised?

    There are just too many “What ifs” about this situation. Frankly, I have my doubts that Viacom can be trusted with this information. From my experience, large companies like Viacom and Google could care less about the individuals that get caught up in these heavyweight legal fights. The bottom line is that Viacom will not have to answer at all to any wrongdoing that may occur with our private information.

    Reply
  4. dr2chase

    If Google didn’t refute the claim (that the userid is an anonymous identifier), then THEY screwed up and failed to protect my privacy. I recall, from years and years ago, that the huge damage award in Pennzoil v. Texaco was caused by just such a legally undisputed assertion — Pennzoil named a huge damage figure, and Texaco’s lawyers did not dispute it, and instead merely argued that Texaco had done no wrong. Once the judger determined that wrong had occurred, he used the only number he had been provided — Pennzoil’s.

    Reply
  5. GregJ

    Well, a name isn’t sufficient to unambiguously identify an individual, because there could be dozens of Fred Smiths running around. An address also isn’t adequate for identification, because several people may live at one address. So, obviously it would be safe to conclude that nobody can be identified with certainty just from a list of names and addresses, right?

    Reply
  6. Jeremy Zweig

    Shad – I think we’ll be able to successfully figure out a way to transfer this information without usernames or IP addresses. Both sides are working towards that end.

    And to be clear, there are severe penalities for disclosing (accidentally or intentionally) information that is protected under the Court’s confidentiality order. Even data that might generally be shared by Google with marketing partners could not even be *viewed* by Viacom without our attorneys being potentially subject to a contempt charge.

    -Jeremy
    Viacom
    Vice President, Viacom Media and Editorial

    Reply
  7. racergreg

    Jeremy –

    Thank you for posting here and giving us the chance to respond.

    You say “…Viacom is not looking to identify any particular end-user, let alone discover what he may be watching.”

    Perhaps that is true, or perhaps you believe it to be true. Perhaps not. It comes down to trust…I may be persuaded to trust *you* but I would never trust the behemoth that is Viacom. The temptation will be too great for some in your organization to want to have a look around that data. The aggressive litigation strategies of the MPAA/RIAA (of which this is most decidedly a part) have shown the world your company’s true stripes.

    If you are indeed just trying to determine the frequency and/or percentage of views of videos you believe to be infringing, you are asking for the wrong data anyway. The report you really want is a summary of views by video:
    – Video A: 47 views
    – Video B: 23,145 views
    etc. Individual log entries of each view, and by whom, are certainly not needed.

    As an aside, I would be interested to hear your views on why the DMCA safe harbor provisions do not apply in this case. Please spare us the sob story of plummeting revenues and starving artists; I would like your reasoned opinion on why an established law, which Google has clearly followed, does not govern here. Please note that scale does not matter – the law puts the onus on Viacom to submit takedown notices, not on Google to police its site.

    Reply
  8. Jeremy Zweig

    racergreg –

    First of all, let me apologize for unintentionally hijacking this comment thread. I saw the initial post in a Google alert (naturally 🙂 ) and wanted to try and add some clarity about an issue that is clearly generating some misinformation and concern.

    And, again, I can confirm for you that Viacom simply won’t have access to the raw data that Google is providing, even though it won’t contain any personal information. The arrangement set up by the Court system may be a little more structured and secure than people recognize.

    As far as the DMCA goes, I think there may be a misinterpretation about what types of services the safe harbor covers. The law is written to provide safe harbor for companies that serve as the backbone of the internet – linking, caching, storage and routing. It definitely doesn’t cover companies that differentiate on the basis of what content they offer to users. In fact, even if companies that offer these “backbone” services become aware of infringement or profit from it, they are liable for the infringement.

    Again – I don’t mean to take over this thread, and I appreciate the opportunity to clear up a few points about the recent discovery order.
    If you have further questions about the case, I’m happy to answer emails at jeremy.zweig(at)viacom.com

    Reply
  9. Tel

    I think I’ll start a religion where all the devotees change their name to “Kim Smith”, they will all strive to have babies in the Spring, and name their children after themselves. They will firmly believe in the supernatural proposition that once a critical mass of Kim Smith has been achieved the world will become paradise.

    That’ll foobar the Googles and Viacoms of this world.

    Reply
  10. Miral

    IP address leads to ISP. IP address + timestamp + cooperation of ISP = the human behind the computer. It’s that simple. There’s no way this kind of information should be disclosed to ANYONE, for any reason whatsoever.

    And I agree with what racergreg said — if you want to know whether Google/YouTube is benefiting from certain content then the right question is the amount of views (preferably complete views, not just partial views, since some people click on random videos) for each individual video. Which users are watching which videos is completely irrelevant to that question — but would be supremely useful if you have a hidden agenda.

    Reply
  11. Sam Tresler

    Hi, point of clarification. An infringement case, if I understand correctly, would need to be based upon Google /profiting/ from the views. In order o prove this, Viacom doesn’t need to prove that the videos were viewed, but that the videos enticed new users to the site. Thus the data is wanted to prove that a user visited Youtube specifically for the purpose of viewing copyrighted material, which isn’t something the number of views could tell you.

    Second point. My username is samtresler. A cookie for the first person that guesses my real name. I realize most people use handles. This exception disproves any idea that /all/ people use handles.

    Third point. While anonymizing and leaving it solely in the courts posession, I am opposed to this whole methodology because it sets precedence, which is the real danger here. So, this time the court forces the data to be anonymized, the next judge, acting on precedence of ordering the turnover of logs neglects to. And we slip one more inch down this slippery slope.

    Might I suggest the court could have appointed independent experts to take a list of questions to the datacenter, where they could work with Google technicians and answer those questions with specific database queries developed for the purpose. The data would be at least as trustworthy as any random 12TB of logfiles (I could falsify with a decent sed script,) and no need for the logs to /go/ anywhere.

    Reply
  12. Godfrey Boullion

    This is excellent news. Once the data leaks, we’ll able to identify all the people who watch jihadi snuff porn. And then we can hunt them down and kill them.

    Reply
  13. paul

    Someone correct me if I’m wrong, but as I understand the RIAA version of the reasoning, at least. causing a an unauthorized copy of material to be made and shipped across a wire, and then causing another copy to be made (buffering) on a computer prior to displaying/performing/whatever is wilful infringement. (That’s ostensibly why the snoops who provide information for RIAA lawsuits don’t just download all the stuff that’s supposedly being made available to them.)

    So this collection of handles, IP addresses and clips viewed would pretty much be the best basis for arbitrarily suing the crap out of anyone in the country you could ask for.

    Reply
  14. anon

    … I am opposed to this whole methodology because it sets precedence, which is the real danger here. So, this time the court forces the data to be anonymized, the next judge, acting on precedence of ordering the turnover of logs neglects to….

    Sam,

    Despite Mr. Zweig’s recent representations on behalf of one of the several plaintiffs regarding the scope of discovery currently sought, the court in fact compelled “production of all data from the Logging database concerning each time a YouTube video has been viewed on the YouTube website or through embedding on a third-party website” The court ordered this production based on plaintiffs’ joint motion:

    Plaintiffs seek all data from the Logging database concerning each time a YouTube video has been viewed on the YouTube website or through embedding on a third-party website. Pls.’ Mot. 19.

    (p.12 in order granting motion to compel.)

    The “all data” which the plaintiffs, Country Music Television, Inc., Paramount Pictures Corporation, Viacom International, Inc., Black Entertainment Television, LLC, and Comedy Partners requested in their joint motion includes:

    the unique “login ID” of the user who watched it, the time when the user started to watch the video, the internet protocol address other devices connected to the internet use to identify the user’s computer (“IP address”), and the identifier for the video. Do Sept. 12, 2007 Dep. 154:8-21 (Kohlmann Decl. Ex.
    B); Do Decl. ¶ 16.

    (p.11 in order granting motion to compel.)

    As far a precedent goes, the United States District Court for the Southern District of New York, did not —as you phrased it— force “force[] the data to be anonymized”.

    Instead, the court, found “no authority barring [defendants] from disclosing such information in civil discovery proceedings” (p.13 in order granting motion to compel).

    Google raised the constitutional arguments. But Judge Stanton dismissed the First Amendment in footnote 5.

    Judge Stanton’s contempt for the Constitution is evident.

    Reply
  15. John Millington

    What’s the difference between Google having information that potentially violates privacy, versus Google _and_ Viacom both having information that potentially violates privacy?

    If there’s a problem with Viacom gaining this info, then didn’t we _already_ have a problem with Google? And it’s not like Google is gratuitously and recklessly throwing the info around — they’re complying with a court order.

    Reply
  16. Hello

    I feel this video is appropriate to this discussion 🙂

    Reply
  17. Love those Telcos

    I find it far more troublesome that most Internet users need services like Google’s YouTube to post movies and other work in the first place. Something is seriously wrong with this kind of Internet. These people should be able to host their own files on their own computers via their own Internet connection for which they pay for. That was the original idea of the World Wide Web – free exchange of information from everywhere to everywhere in all directions. Now we have replaced AOL for an Internet à la Google, Comcast et al…

    And I fully concur with John Millington.

    Reply
  18. cm

    GregJ: The point is not court-proof identification of individuals, but routine judgement based on deemed-sufficient approximate or partial information, regardless of whether that information has any merit or not. Usually it is a matter of “procedure” that the cogs in the respective machine have to follow slavishly at the penalty of being disciplined.

    Consider what is happening at airports and ports of entry. If you have a name that spells or sounds approximately Arabic, or like some name on one of the black lists, travel on certain passports, etc. you will get some attention devoted to yourself. In most cases that will mean one more minute of scrutiny, but it could mean more.

    Insurers, employers, etc. would probably love to forgo business with, or extend inferior terms to, everybody fitting the name “GregJ”. Hey, they do that today with people that have certain “funny names”.

    Reply
  19. anon

    What’s the difference between Google having information that potentially violates privacy, versus Google _and_ Viacom both having information that potentially violates privacy?

    John,

    In the week since Judge Stanton’s order became news, users have posted videos on YouTube which “Pillory Viacom”. It’s been noted that Google “isn’t in a rush to shut down any of these anti-Viacom sentiments”.

    In the present circumstances, I tend to doubt that Viacom will retaliate against anyone posting those videos—or anyone watching them. Further, all those viewers and watchers in the past week must be charged with knowledge that their IP addresses and usernames will be released. They posted and viewed those videos able to make their own estimates regarding the chances of retaliation.

    I don’t know whether any video critical of Viacom —or critical of any of the other plaintiffs— was posted before news of Judge Stanton’s order became public. I don’t know whether prior to this past week anyone viewed political speech that the plaintiffs might wish to chill.

    And the court doesn’t know whether speech critical of Viacom or the other plaintiffs had been previously posted on YouTube.

    Your contention that Google’s compliance with a court order somehow lessens the harm does not bear strict scrutiny.

    Judge Stanton’s order is unreasonable: Google raised the argument that the court lacks the constitutional authority to compel production of the YouTube viewership data. Judge Stanton’s opinion neither addresses nor resolves the court’s authority to compel. Judge Stanton did not consider whether his court posessed the necessary authority under the constitution: Judge Stanton did not reason: The opinion and order is manifestly unreasonable.

    It’s neither fitting nor proper to sweep the Constitution aside in an irrelevant footnote.

    In 1886, in case that once upon time was a landmark, Boyd v United States, Mr. Justice Bradley wrote a passage that has been quoted from time to time. The Boyd‘s constitutional holding has been washed away and forgotten over the decades, but Mr. Justice Bradley’s remarks should be remembered:

    … Though the proceeding in question is divested of many of the aggravating incidents of actual search and seizure, yet, as before said, it contains their substance and essence, and effects their substantial purpose. It may be that it is the obnoxious thing in its mildest and least repulsive form; but illegitimate and unconstitutional practices get their first footing in that way, namely, by silent approaches and slight deviations from legal modes of procedure. This can only be obviated by adhering to the rule that constitutional provisions for the security of person and property should be liberally construed. A close and literal construction deprives them of half their efficacy, and leads to gradual depreciation of the right, as if it consisted more in sound than in substance. It is the duty of courts to be watchful for the constitutional rights of the citizen, and against any stealthy encroachments thereon. Their motto should be obsta principiis.

    “… illegitimate and unconstitutional practices get their first footing in that way, namely, by silent approaches and slight deviations from legal modes of procedure.”

    Reply
  20. Nick Smith

    I agree with what racergreg said — if you want to know whether Google/YouTube is benefiting from certain content then the right question is the amount of views (preferably complete views, not just partial views, since some people click on random videos) for each individual video. Which users are watching which videos is completely irrelevant to that question — but would be supremely useful if you have a hidden agenda.

    Reply
  21. racergreg

    John Millington does make a good point about Google having this information. If Google had not kept all of these logs, they would not be there waiting to be scooped up by a (flawed) subpoena.

    Hopefully this episode will help to convince “do-no-evil” Google to stop keeping such logs for more than a few days.

    Reply
  22. Phil

    John Millington (and others):

    There’s a very real problem with Google and Viacom both having copies of a set of sensitive data. That problem is that every additional copy of a piece of sensitive data is yet another independent opportunity for that data to be lost, stolen, leaked, shared, sold, published, or otherwise acted on in a way that violates privacy. More copies simply means more exposure, and it doesn’t really matter who holds the copies — accidents and mistakes happen, as people in information security know all too well.

    You bring up the point, perhaps accidentally, that the root cause of the threat may be the fact that Google’s logs exist in the first place. I personally believe this is true. But this doesn’t mean that duplicating the logs is benign. It results in a demonstrable increased risk to the users involved.

    Reply
  23. anon2

    So anon refutes Mr Zweig’s statement (which would have therefore been a lie, if intentionally wrong), and Mr Zweig does not respond? That is interesting.

    Reply
  24. anon

    So anon refutes Mr Zweig’s statement…

    Perhaps Mr. Zweig is too busy responding to Ontario’s Information and Privacy Commissioner, Ann Cavoukian, who yesterday publicly annouced that she had sent a letter to Google urging them to appeal Judge Stanton’s ruling. In her letter Commissioner Cavoukian wrote:

    I appreciate that you have offered a compromise to Viacom, in an effort to minimize the amount of personal information that will be disclosed under the order. However, as you know, discrete pieces of information such as a last name or date of birth used in a login ID may serve to identify an individual. Further, “anonymous” viewing habits may nonetheless yield clues about a user’s identity. Simply stripping certain data fields from a database may not be sufficient to safeguard the privacy of individuals.

    In any event, I myself am not sure that I “refuted” Mr Zweig’s statement. The position of Viacom and the other plaintiffs may have changed since Judge Stanton’s order issued. The plaintiffs may be telling all of us —to use the famous words of Ron Zeigler: “This is the operative statement. The others are inoperative.”

    If that is indeed the case, one might hope that plaintiffs would take their new, changed position to Judge Stanton and tell the court: “This is the operative statement. The others are inoperative.”

    But that might be wishing for the moon.

    In any event, the news of Commissioner Cavoukian’s letter gives me an opportunity to clarify my immediately previous post. Commissioner Cavoukian urges Google to appeal on the grounds of the VPPA. I didn’t mean to suggest that it would anything less than prudent for a court to intentionally decline to reach a constitutional issue by deciding a matter on narrower, statutory grounds. Indeed, authorities have repeatedly suggested that courts should avoid constitutional issues whenever its proper to do so. But attempting to duck a constitutional issue does not mean that a court should disingenuously evade legitmate arguments on constitutional limits of the federal authority by pretending —in a footnote!— that its finding that a statute is inapplicable to a private party implies that the Constitution is inapplicable to a United States court.

    As the most prudent course, it might have been best for the court to decline to construe the statute: Instead, the court could have simply exercised its legitimate discretion. But that course of legitimate discretion would demand a severe narrowing of the records to be searched and seized.

    The news of Commissioner Cavoukian’s letter also gives me opportunity to point out some of the heritage we share with our Canadian neighbors. We share with Canada the proud heritage of the great English cases of Wilkes v Wood (1763) and Entick v Carrington (1765). Those cases, of course, were concerned with unreasonable searches for the authors and publishers of libel and sedition. And those cases condemned those unconstitutionally broad, general searches before our split with England and Canada.

    Reply
  25. Spudz

    The viewership data that Zweig explicitly claims to need is right there on the YouTube Web site anyway — every video has “viewed xxx times” on its page somewhere. No court order necessary. Of course, which videos are infringing is another issue. Something tells me that Zweig or his puppeteers would dearly love to count everything with the slightest snippet of Viacom-sponsored content in it as infringing, and to hell with fair use.

    But all of this is beside the point. The elephant in the living room here, as evidenced by this, and the telecom immunity BS, and a whole lot of other things, is that the USA has jumped the shark.

    “…let Facts be submitted to a candid world.

    * He has refused his Assent to Laws, the most wholesome and necessary for the public good.
    * He has forbidden his Governors to pass Laws of immediate and pressing importance, unless suspended in their operation till his Assent should be obtained; and when so suspended, he has utterly neglected to attend to them.
    * He has endeavoured to prevent the population of these States; for that purpose obstructing the Laws for Naturalization of Foreigners; refusing to pass others to encourage their migrations hither, and raising the conditions of new Appropriations of Lands.
    * He has obstructed the Administration of Justice, by refusing his Assent to Laws for establishing Judiciary powers.
    * He has erected a multitude of New Offices, and sent hither swarms of Officers to harrass our people, and eat out their substance.
    * He has affected to render the Military independent of and superior to the Civil power.
    * He has combined with others to subject us to a jurisdiction foreign to our constitution, and unacknowledged by our laws; giving his Assent to their Acts of pretended Legislation:
    o For depriving us in many cases, of the benefits of Trial by Jury
    o For transporting us beyond Seas to be tried for pretended offences
    o For abolishing the free System of English Laws in a neighbouring Province, establishing therein an Arbitrary government, and enlarging its Boundaries so as to render it at once an example and fit instrument for introducing the same absolute rule into these Colonies
    o For taking away our Charters, abolishing our most valuable Laws, and altering fundamentally the Forms of our Governments”

    – Excerpt charges against King George from the Declaration of Independence

    Reply
  26. anon

    News Update

    According to a post (14 Jul 2008) on the YouTube blog, Google has now reached an agreement with Viacom regarding the viewer history data to be produced from the YouTube logging database. The parties have stipulated that:

    WHEREAS, the parties seek to address Defendants’ production obligations with respect to Section 4 of the Court’s Opinion and Order dated July 1, 2008 (“Order”) in light of certain user privacy concerns which have been raised;

    IT IS HEREBY STIPULATED AND AGREED, by and between the undersigned counsel of record:

    1. Substituted Values: When producing data from the Logging Database pursuant to the Order, Defendants shall substitute values while preserving uniqueness for entries in the following fields: User ID, IP Address and Visitor ID. The parties shall agree as promptly as feasible on a specific protocol to govern this substitution whereby each unique value contained in these fields shall be assigned a correlative unique substituted value, and preexisting interdependencies shall be retained in the version of the data produced. […]

    This is being reported as an agreement to “anonymize” the viewer histories.

    Reply
  27. Spudz

    Ludicrous. Nevermind the user ID/IP address combinations (“preexisting interdependencies shall be retained in the version of the data produced”).

    What of “The parties shall agree … on a … protocol … whereby each unique value contained in these fields shall be assigned a correlative unique substituted value”? That seems to mean Viacom will possess a) a copy of the data and b) an algorithm whereby the original User IDs, IP Addresses, and Visitor IDs can be reconstructed from the data.

    Even if they agree on a one-way hash function, Viacom can brute-force it and the IP space is small enough to do it in reasonable time with Viacom’s computing hardware. The requirement of output uniqueness suggests a symmetric cipher instead, with Viacom knowing the algorithm and maybe the key, and probably being able to brute-force the key anyway with a data set that large. If enough Viacom employees have visited YouTube recently, as seems likely, they’ll also have a known-plaintext attack on a big enough subset of the data to be worrying.

    The substitution should be with completely random symbols, using a hardware RNG, for each IP address, with only Google doing it (and a judge perhaps supervising to make sure that Google behaves).

    No, scratch that, the substitution shouldn’t be done at all; Google should withhold any data from Viacom pending the outcome of an appeal of the original ruling on the grounds that it orders them to violate the VPPA.

    Reply
  28. supercat

    //The substitution should be with completely random symbols, using a hardware RNG, for each IP address, with only Google doing it (and a judge perhaps supervising to make sure that Google behaves).//

    Don’t use random symbols. Just use sequential index numbers, sorted by some unscrambled fields.

    Reply
  29. anon

    Even if they agree on a one-way hash function, Viacom can brute-force it and the IP space is small enough to do it in reasonable time with Viacom’s computing hardware.

    Spudz,

    Would you please read the entire stipulation. Just reading particular portions of interest, that I’ve highlighted by blockquoting, doesn’t necessarily give you enough information to comment intelligently.

    You should notice:

    2. Non-Circumvention: The parties agree that they shall not engage in any efforts to circumvent the encryption utilized pursuant to Paragraph 1 this Stipulation. […]

    Now, you’re correct that Viacom undoubtedly possess the technical resources for a dictionary attack on an unsalted hash of a 32-bit space. Especially given the ready availability of all these “over-the-shelf” 4TB drives that Judge Stanton remarked on. Further, you may wish to argue that the non-circumvention agreement in the stipulation is toothless and practically unenforcable. Nor does it address concerns about data loss to third-parties. But, you do need to make the argument, or your comment will be summarily dismissed as uninformed.

    Justia has been updating their copy of the docket. Unfortunately, it does appear that a number of important documents have been sealed.

    Reply
  30. thomas

    i wonder if it’s a coincidence that it seems the google cache more often than before is unavailable. at least i’ve noticed that quite often google cache gives nothing.

    Reply
  31. Spudz

    supercat: Are you attacking me? You’d better not be.

    Sequential might result in some kind of correlations persisting.

    anon: Your viciously rude post really ought to be deleted for defaming my character, and I hope that Ed does indeed delete it. I am not stupid and you are lying when you make nasty insinuations to suggest otherwise.

    If you do anything of the sort again, I will have you tracked down and I will cause something nasty to happen to you, such as loss of your internet connection. Do I make myself clear?

    Now apologize, publicly, and retract your nasty comments expressing your low opinion of my intelligence.

    I commented on the contents of your post as written. It is extremely nasty and wrong of you to berate me for not taking account of information that you did not include in that post. Especially when that information is also completely irrelevant.

    Non-Circumvention: The parties agree that they shall not engage in any efforts to circumvent the encryption utilized pursuant to Paragraph 1 this Stipulation

    So what? Viacom agrees not to undo the anonymization, yet is left with the capability to do so. And we are just supposed to trust them? This does not change anything that I said — I said that the agreement will result in Viacom having the data and the capability to deanonymize it, and nothing you have said suggests otherwise. That they might get a slap on the wrist from some lawyer if they do so does not change things one whit. And that agreement certainly isn’t binding on any third party to whom the information might leak through Viacom (where by “the information” is meant both the “anonymized” data and the information needed to de-anonymize it, both of which will be in Viacom’s possession).

    Now I’d like to see your public, malicious attack on my character and intelligence gone, or else your apology and retraction of that attack, in the space below by Friday.

    If it is not, then there will be consequences.

    Reply
  32. Ed Felten

    Calm down, folks. I only remove comments when they are clearly off-topic or highly offensive. Insults won’t get your posts removed — but they won’t convince anybody that you are right, either.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

About

The CITP Blog is hosted by Princeton University’s Center for Information Technology Policy, a research center that studies digital technologies in public life. Here you’ll find comment and analysis from the digital frontier, written by the Center’s faculty, students, and friends.

Categories