
OFFSystem - DyslexicAtheist
https://en.wikipedia.org/wiki/OFFSystem
======
xg15
I'll agree that copyright has gone haywire as much as the next guy, but this
seems to be the exact kind of defense strategy that will archieve nothing but
annoy the judge.

The project seems to be based on the assumption that copyright really protects
particular sequences of bytes - and that therefore, if you can sufficiently
change the representation of a protected work, you're off the hook.

IANAL, but that seems far from the intentions of copyright.

The 4'33 case [0] comes to mind, where a work of nothing but silence was
protected. From what I understood, in that case, the actual _contents_ of the
work didn't matter a lot (it was all just silence after all) - but what _did_
matter was whether or not someone was consciously using this piece as a base
for their own work.

My understanding is that copyright bans the _act_ of using a protected work in
an unauthorized manner. By that logic, it doesn't matter how an illegal copy
is represented if the data is used with the intention of sharing an illegal
copy.

[0]
[http://news.bbc.co.uk/2/hi/entertainment/2276621.stm](http://news.bbc.co.uk/2/hi/entertainment/2276621.stm)

~~~
shawnz
A classic analogy for explaining the difference:
[https://ansuz.sooke.bc.ca/entry/23](https://ansuz.sooke.bc.ca/entry/23)

~~~
chias
Came here to post that link.

In a nutshell, we programmers tend to like to think that we can use technical
means to show that copyright is fundamentally nonsensical / inconsistent /
imperfect, as though copyright were a mathematical proof and providing a
counter-example would somehow make it go away. This is fundamentally missing
the point.

~~~
chias
Poignant excerpt:

I think Colour is what the designers of Monolith are trying to challenge,
although I'm afraid I think their understanding of the issues is superficial
on both the legal and computer-science sides. The idea of Monolith is that it
will mathematically combine two files with the exclusive-or operation. You
take a file to which someone claims copyright, mix it up with a public file,
and then the result, which is mixed-up garbage supposedly containing no
information, is supposedly free of copyright claims even though someone else
can later undo the mixing operation and produce a copy of the copyright-
encumbered file you started with. Oh, happy day! The lawyers will just have to
all go away now, because we've demonstrated the absurdity of intellectual
property!

The fallacy of Monolith is that it's playing fast and loose with Colour,
attempting to use legal rules one moment and math rules another moment as
convenient. When you have a copyrighted file at the start, that file clearly
has the "covered by copyright" Colour, and you're not cleared for it, Citizen.
When it's scrambled by Monolith, the claim is that the resulting file has no
Colour - how could it have the copyright Colour? It's just random bits! Then
when it's descrambled, it still can't have the copyright Colour because it
came from public inputs. The problem is that there are two conflicting sets of
rules there. Under the lawyer's rules, Colour is not a mathematical function
of the bits that you can determine by examining the bits. It matters where the
bits came from. The scrambled file still has the copyright Colour because it
came from the copyrighted input file. It doesn't matter that it looks like, or
maybe even is bit-for-bit identical with, some other file that you could get
from a random number generator. It happens that you didn't get it from a
random number generator. You got it from copyrighted material; it is
copyrighted. The randomly-generated file, even if bit-for-bit identical, would
have a different Colour. The Colour inherits through all scrambling and
descrambling operations and you're distributing a copyrighted work, you Commie
Mutant Traitor.

~~~
monkpit
If all that mattered were the bits, then wouldn’t it be sufficient to just re-
encode a video? All the bits are different now...

It seems to me that changing the bits only helps to avoid detection. Not to
avoid the legal issues.

~~~
chias
It wouldn't be just an equality check on the bits anyway, rather some kind of
theoretical function over the bits. For example, is this JPG image a
copyrighted image? Perhaps my function would be:

    
    
        - take the source image, reduce it to a 10px by 10px grid
        - take the image in question, reduce it to a 10px by 10px grid
        - for each pixel, calculate the deviation between the source pixel and the candidate pixel
        - if the sum of the squares of the deviation is smaller than some threshold, output true.
    

The point is that no matter how clever a function you make, it cannot capture
the notion of where the bits _came from_ and can only capture information
about what the bits _are_. Computers care about the latter. All these clever
schemes care about the latter. Copyright law cares about the former.

From a copyright law perspective, the notion that you might have two files on
your computer whose bits are completely identical in every way, but only one
of which you are legally permitted to copy, is perfectly reasonable.

------
mdszy
If you really think the copyright laywers who get paid tons of money to
professionally bust stupid schemes like this wouldn't instantly tear it to
shreds then oh boy do I have a bridge to sell you.

This stuff honestly reminds me of "soverign citizens"

"I'm doing something illegal but AH HA if I make use of this _weird
technicality_ or _magical legal incantation_ it's not actually illegal!
Haha!!"

~~~
greenshackle2
> No block can be copyrighted without logical contradictions, because blocks
> used for re-assembling a source file block are re-used for re-assembly of
> other source file blocks. It is undecidable who would have copyright on a
> block, which has several meanings. Everyone would have copyright on
> everything.

That's a hopelessly naive, almost sovcit-level take on law. The lawyers and
judges will not give an iota of a fuck for this argument. The facts are,
someone uploaded a copyrighted work to the system. Someone else downloaded it
out of the system.

The classic "What Colour are your bits" is relevant here:

[https://ansuz.sooke.bc.ca/entry/23](https://ansuz.sooke.bc.ca/entry/23)

~~~
pdonis
_> The classic "What Colour are your bits" is relevant here:_

I agree this article is relevant, but perhaps not in the way you meant.

To me, the point of the article is that you can't tell what Colour bits are by
looking at the bits. The OFFSystem can be viewed as a way of illustrating this
point (though that probably wasn't what its designers intended). But the law
wants to insist that you _can_ tell what Colour bits are by looking at the
bits--as the article says, that's basically what DRM and other such systems
try to do. But it can't be done.

To me, that means that the law needs to change--as it has changed in the past
when technology changes in a way that invalidates assumptions that the law
previously made. It looks to me like the main thing that is preventing the law
from simply changing in a common sense way to accommodate the technological
change of computers is that there are large corporations who make a lot of
money by owning copyrights. I personally don't have a lot of sympathy for
those corporations since their business model has nothing whatever to do with
compensating the actual creators of the works whose copyrights they own.

~~~
AgentME
>But the law wants to insist that you can tell what Colour bits are by looking
at the bits

What makes you say that? I would expect that the law (or the judge enforcing
it) cares more about the reasons people use the software and what they get out
of it in the end than about the specific bit strings. The OFFSystem is clearly
software for storing and retrieving files or media; it's built for that use
and everyone using it is using it for that. How it accomplishes that
internally isn't significant.

Do you think any cases would or should be overturned if it were revealed that,
unknown to anyone at the time, a popular torrent program actually worked like
OFFSystem, or hell, worked by magic without actually physically sending data
between users as long as someone was concurrently doing the seeding-the-file
ritual? -- I think this line of argument is strongly related to the argument
that it's still murder if instead of shooting someone, you intentionally kill
them by using a rube goldberg machine or by placing a land-mine that the
victim triggers or by using a magic gun that erases whoever you aim it at.
Intentions and results matter to the law. I think this makes technically-
minded people squeamish because intentions are a lot harder to prove and are
easier to mess up than questions of plainer physical facts, but to ignore them
is too gameable.

The OFFSystem only sounds interesting because it's transforming the data for
no other reason than to try to be a legal loophole, but strangely we'd never
even consider the idea that software that transforms data for a reason (like
zip archivers, https encryption, or re-encoding) would work as a similar legal
loophole. I think the concept of a data transformation for no other purpose
other than to try to be a legal loophole just manages to surprise people
enough to think that it might work.

~~~
pdonis
_> What makes you say that?_

The article says so, at least implicitly, in passages like this one:

    
    
        What we are doing with rights management information
        is simulating Colour in a computer-sciencey way. But
        lawyers will seize on the possibility of doing this
        kind of simulation and say, "See!  You admit it! You
        can recognize the Colour of bits after all!" and then
        conclude from there that all the other rules they want
        to make (such as "Red Troubleshooters may not walk
        down Orange hallways") are meaningful in the computer
        science realm.
    

My view of the typical legal attitude towards DRM schemes and the like is
similar.

 _> I would expect that the law (or the judge enforcing it) cares more about
the reasons people use the software and what they get out of it in the end
than about the specific bit strings._

The law is also supposed to care about the people who _created_ the bits in
the first place--after all, the purpose of copyright law is to encourage
_creation_ of works. But the law as it is actually practiced does not do this
at all; the parties it most consistently favors are, as I said, large
corporations whose business model does _not_ include fair compensation to the
original creators.

I agree that, viewed as an actual legal strategy within the context of our
current legal system, OFFSystem is daft. No court is going to agree with the
legal interpretation that the creators of OFFSystem claim to be using. But I
view that aspect as simply an illustration of the fact that you can't fight
legal mumbo jumbo with more legal mumbo jumbo. The proper response to
draconian legal doctrines with regard to DRM is to remind the legal system
what it is actually supposed to be doing, and to refuse to accept the
arguments that DRM proponents offer in the framework of copyright law, which
basically amount to saying that they have exactly the same rights as the
actual creators of the content, even though their business model treats those
creators as expendable cogs in a machine. That's what I mean when I say the
law needs to change: it needs to stop taking the claims made by large
corporations promoting DRM and the like as presumptively valid, simply because
they have maneuvered themselves into a position where they can show a piece of
paper saying they "own" the copyrighted content.

------
dooglius
This seems pretty easily defeatable: an adversary just needs to track the
timestamps of various blocks, and the last one that gets created is the "real"
one. The stuff about copyright seems pretty dumb, obviously the most recent
block is the interesting one, that you've just "encrypted" with the previous
blocks. Also, even without doing any tracking, you can narrow down the
uploader to a set of at most N people, where N is the number of blocks (which
presumably can't be too big for performance reasons).

~~~
ComputerGuru
The copyright stuff is bunk, but their defense isn’t (just) what you’ve said
but rather that a single block is used to decrypt multiple files so their
defense is that no one copyright owner owns the block in question. Which of
course is BS since any part of a component derived from illegally sourced
copyrighted materials renders the entire derived work in violation (eg a
mixtape with one improperly sourced song or twenty is just as “fair game” for
a lawsuit).

~~~
musingsole
As mentioned elsewhere, it is difficult to prove where any block in OFF was
derived. So while a block is used to rebuild a copyrighted work, the block
itself can't be subject to copyright, or more so, could have been generated by
a freely available work and so has no ties to the copyrighted work.

It seems like building a dictionary and then a system to rebuild books by
combining fragments (words) from the dictionary. The book can be copyrighted,
but the words couldn't be. Even if the word was coined in the book and
submitted to the dictionary.

------
ThePhysicist
I don't know, following that logic it would be impossible to claim copyright
over an encrypted file as it's basically also just a very large random number,
even if I can reassemble the original file if I have access to the
cryptographic key. I think you could probably share the encrypted file on the
web if you don't share the key, as no one can know what the file contains
(assuming the cryptographic method is secure). Together with the key this data
will become copyrightable though as there is an easy way for any user to re-
assemble it on his/her computer.

So I'd say downloading individual randomized blocks is probably not
problematic and akin to downloading an encrypted file without having access to
the key. Downloading the URL that points to the descriptor list might be
problematic though, as this will allow you to "decrypt" the other blocks.

~~~
exrook
I think the distinction this protocol makes is that by using XOR as the
"encryption" method, given any input block you can choose a "key" to decrypt
with to produce any other output block. A block in isolation provides zero
information to the downloader. I think it could be argued that it is the
knowledge of which blocks to combine is where the actual data is being stored,
and maybe that's where the copyright owners could stake a claim.

~~~
heavenlyblue
So does that mean if I store child porn on AWS I don’t technically own it
since it’s somewhere in the virtual cloud?

The only way I could access it is through that weird SSH key that doesn’t
contain any videos in it.

~~~
exrook
I don't think we are in any disagreement that whoever is uploading the data
"owns" the data. The interesting idea is that the entity storing the bytes has
0 information about the data they represent, in the information theoretic
sense, since they can decrypt the data to any value by choosing a sufficient
key. This is not true for most other encryption schemes where the encrypted
data has enough structure to it that theoretically it could be retrieved
without the key, although the whole point of the encryption is that this isn't
a practical undertaking.

------
ComputerGuru
It poses the following question as its defense: if a file is broken down into
blocks and a single block is used to recompose two or more different files but
is itself unique from any of the actual components of either of the two files,
then no one can claim copyright to it.

I don’t think that works the way they think it does, though. Just imagine
analog data instead of digital, and take two copyrighted works, break them
down into blocks, mix them together with some randomizers, and what do you
get? A work _derived_ from multiple copyrighted sources. No one needs to “own”
the entirety of the source, if any part of it is derived from copyrighted
materials in a way that isn’t exempted via eg fair use, then the entirety of
the resulting work is in violation and is fair game for lawsuits, etc.

Simply moving this to the digital domain from analog doesn’t change the logic,
does it?

~~~
tantalor
A simple example may be dubbing two songs on top of each other. Then you can
subtract one of the songs to recover the other. Obviously the double-song is a
derivative work of both.

~~~
amelius
The point is that using their algorithm, you can't prove that a block of data
is derived from an existing work.

~~~
Jasper_
Doesn't matter. At the end of the day, you used a key with intent to decrypt
such data and extract the original work.

Courts don't operate on technicalities. The intent is pretty much all that
matters, as long as you prove that someone intended to pirate stuff, doesn't
matter what rube goldberg machine they use to actually pull it off.

Schemes like this have been tried since the 1800s, perhaps far longer, where
someone smugly announces "well technically I didn't defraud them, your honor"
and gets sent straight into prison.

~~~
egh5oon
> Courts don't operate on technicalities. The intent is pretty much all that
> matters, as long as you prove that someone intended to pirate stuff, doesn't
> matter what rube goldberg machine they use to actually pull it off.

You are absolutely right.

This is what enabled prosecuting the founders of the pirate bay, among other
things.

The fact that files are hosted elsewhere, mangled, encrypted, cut in pieces is
entirely irrelevant to the court.

Hoping that a technicality gets you off the hook is exercise in
shortsightedness.

~~~
amelius
The point is that courts can't prove anything based on the information they
get from the network.

This is in contrast to e.g. bittorrent where every seeder is in direct
violation and provably so.

~~~
Jasper_
The same thing that takes down bittorrent users will take down this too: the
network log of you typing "Pink Floyd" into OFFsystem's search bar.

This is technobabble theater by people who do not understand law nor courts.

------
amelius
Last project activity: 5 years ago ...

Sad, because it looked promising.

However, this part seems weak:

> If the OFF-internal search function is used, search terms are untraceable to
> its originator, because the search request is forwarded to the next node and
> its results back to that node instead of directly to the originator. It is
> thus not possible to decide whether a node is the originating node or a node
> doing a search request on behalf of another node.

Being an accomplice in a crime is also a crime.

~~~
rblatz
The whole thing is technically interesting but legally not at all impressive
or interesting. It’s almost like this was built by engineers that tried to
solve a legal problem based on a view of the law informed by prime time legal
television shows.

~~~
amelius
Except that they make it impossible to tell _who_ to sue. And that's the
clever part.

------
beagle3
This is interesting. I am not versed enough in law to opine on whether the
actual uploading/download itself would be considered legal or illegal - there
are many very strong opinions here on many aspects, and none with a legal
argument more convincing than "I believe if a judge looked at it they would
..."

However, I would describe it differently: This is a "denial of information"
(sort of a "denial of service") attack on the legal process. In order to
actually sue, you need to have to make a more-than-good faith effort to
discover _who it is that wronged you and needs to make you whole_ \- and,
unlike torrents or emule or whatever kids are using these days, OFFSystem
makes _that_ part hard to discover or prove beyond reasonable doubt -
especially if the descriptor block is transferred out of band.

This is somewhat similar to shell games played by many legal "villains" such
as patent trolls: You encapsulate company ownership through various
jurisdictions (e.g. company A in the UK is wholly owned by company B in NL,
which is owned by company C in the US, which is owned by company D in Russia,
etc.); it is incredibly cheap to set up (a few thousand US$), and incredibly
hard to unravel (tens to hundrends of thousands of US$). If you are trying to
target such a company - e.g., to countersue, you realize you have no idea who
to sue - you have an opaque company A, and not much to go on.

Courts e.g. in germany, have ruled that IP address is not a good enough
identifier to sue a person for copyright infringement unless you have other
supporting data. It's not directly comparable, but indicates that OFFSystem
might provide a defense, practically (can't figure out who to sue) and maybe
even legally (not sufficient proof), depending on jurisdiction.

It's the intent that matters in many cases, but burden of proof also matters.
I think it is philosophically a very interesting question and far from clear
cut.

------
orisho
This is nonsense IMHO. This is just an encoding scheme to encode data. Just
because blocks used by the encoding scheme are cached and reused for other
data does not mean that they're not used to represent this data. If the data
downloaded is copyrighted work, then copyright applies. Are copyright laws
specific as to the technical method in which reproducing copyrighted material
without authorization counts as a violation, or is the method irrelevant?

If the method is irrelevant, then yes, using this scheme to copy copyrighted
material is copyright infringement.

If it is relevant, then there's nothing special about this scheme at all
except that it is different than the specific methods outlined in the law.

------
aidenn0
This reminds be a bit of Dagster:
[https://core.ac.uk/display/22569796](https://core.ac.uk/display/22569796)

------
heavenlyblue
For multiple rounds of XOR for encryption and a reused one-time-pad it would
not be so hard to reproduce the files if needed.

------
pgt
Fix the brand then I'll consider using it.

------
brianhorakh
If this caught on, the mpaa and riaa lawyers are going to be out of jobs.

