March 2, 2017

#90 Matt Lieber Goes to Dinner

by Reply All

Background show artwork for Reply All

This week, one man has been warning the world about an impending disaster for years, but no one will listen. Also, Alex makes a dumb decision.



Further Reading


W3C's proposed standard 
W3C Director, Tim Berners-Lee, posts "On EME in HTML5"
Mozilla's blog post "DRM and the Challenge of Serving Users"
Cory Doctorow's post "The World Wide Web Consortium at a Crossroads: Arms-Dealers or Standards-Setters?"


 

Transcript

ALEX GOLDMAN: From Gimlet, this is Reply All. I’m Alex Goldman.

PJ VOGT: And I’m PJ Vogt.

ALEX: This week, Phia Bennin, Reply All producer, she’s in the studio with us. Hi, Phia.

PHIA BENNIN: Hi.

ALEX: And, um.

PJ: What’ve you got for us?

ALEX: Yeah, lay it on us.

PHIA: So, I don't know if you guys remember this, but last spring our boss, Matt Lieber, went to a dinner and sat next to this guy who told him that … this thing was about to happen that was gonna change civilization as we know it. Do you remember that?

ALEX: I don't remember that. Um--

PJ: Matt Lieber goes to a lot of dinners and has like--

PHIA: (laughs)

PJ: He'll be, like, he’ll jus- you'll be like, "What are you up to Matt?” and he'll be like, “I was at this dinner and I talked to a - a very--a very unique man from a very far away place--”

PHIA: Mhm.

PJ: “---and he told me a very troubling thing." Like, the details change, but like--

PHIA: Right.

PJ: --the man goes to, like, dinners with thought leaders.

PHIA: He goes to dinners with Chicken Little every night.

PJ: Yeah.

PHIA: Just like, “The sky is falling!”

PJ: (laughing)

PHIA: So, I called up this guy that Matt was sitting next to at that dinner. His name is Cory Doctorow.

ALEX: I know him.

PJ: We know this guy.

ALL: Yeah.

PHIA: Um--

PJ: He’s a … (sighs) he’s a weird combination of things. Like, he writes novels--

PHIA: Mhm.

PJ: He writes--he does--

PHIA: Science fiction novels.

PJ: Science fiction novels, like, he does Boing Boing so he has a lot of internet journalism stuff.

PHIA: Basically, like, if - if the internet were a bar, Cory would be like a regular at the internet.

PJ: Yeah, he’d be like a person everyone knew and kind of admired.

PHIA: Right, right. Um, and, like, the problem for him right now is that he’s like the guy at the bar who keeps going up to people and trying to talk to them, and th- they’re like avoiding him.   

PJ: Because…

PHIA: Because…

ALEX: He’s drunk?

PHIA AND PJ: (laugh)

PHIA: Um, because he keeps trying to tell people about this thing, like, the thing he told Matt Lieber about, but it’s just like--people keep finding it, like, so complicated and technical.

CORY DOCTOROW: It’s one of those things that is, um, amazingly important and also protected by this shie- shield of boringness that--

PHIA: (laughs)

CORY: : --keeps it from … from being, you know, understood and- and acted on and is- is that k- is in that category of, like, fantastically dangerous things because it’s super urgent and really hard to get your head around.

PHIA: But--I’ve been talking to Cory for almost a year now about this just, like, trying to understand it, asking a bunch of internet experts about it, and now I’m gonna try ‘n’, take like, everything I’ve learned and compress it and probably simplify it a little bit but explain it to you, um, and I’m going to try and do it in like 10 minutes.  

PJ: OK.

ALEX: OK.

PHIA: So … Cory is, like, locked in this battle that, I mean, really is literally just about how we watch video on the internet. And, he says that the stakes for this like could not be higher. Like, if the bad guys win, it could have catastrophic consequences for the internet.

PJ: Who are the bad guys?

PHIA: So, the thing is that the bad guys for Cory, they’re actually like really good guys. All they’re trying to do is like make sure the internet can run, like, as smoothly as possible for like everyone in the world.

 

PJ: Uh huh.

 

Phia: They’re this group called the W3C. It stands for the World Wide Web Consortium.

 

[pause]

 

PHIA: I’d never heard of it either.

PJ: OK. Yeah. No. Yeah. Not at all.

PHIA: And like they’re whole job is that they’re trying to create like one language for the internet so that like my computer can talk to your computer.

PJ: Uh huh.

PHIA: I talked to one member, his name’s Adrian Bateman, and he told me like how they spend their time.

ADRIAN BATEMAN: We- we agree on, like, “Is it called picture or is it called image?” uhm, you know, i- in the HTML language, whi- which is the language of webpages, um, we actually use, um, IMG as a- an abbreviation for image.

PHIA: So part of what the WC3 does is you guys are like the Webster's Dictionary saying like, “We spell color with a ‘u’ or without a ‘u,’” and then--

ADRIAN BATEMAN: Right.

PHIA: --you're also doing, like the, “This is sentence structure, this is grammar, this is like--here's how we define the building blocks and here's what they are?”

ADRIAN BATEMAN: Yes.

PHIA: So that’s an example of the kind of thing that the 400-some members of the W3C are working on and arguing about. I talked to another guy, his name is also Adrian, he’s Adrian Roselli. And he said a lot of those debates happen on conference calls.

PHIA: Are the calls fun, like, the whole thing--

ADRIAN ROSELLI: No.

PHIA: No?

ADRIAN ROSELLI: We--somebody keeps minutes, we have an agenda, we run through everything, we table stuff, we- we missed the ball on other things, and put them off to the next meeting.

ADRIAN ROSELLI: Some calls are great, and some calls, it's just a slog, it’s just … I don't want to be here. I’ve- I--I could be driving a- a screwdriver into my knee, but instead I'm on this call.

PHIA: Wow, that sounds like you should hang up, if it feels like that. That sounds--

ADRIAN ROSELLI: Yup.

PHIA: --really bad.

PHIA: So… ok. Now I want to tell you about this one little fix that the W3C is considering that Cory thinks could actually be like the end of everything.

So, you know how ... like, in the past, when you've wanted to watch a video on--line, if you wanted to watch a movie on Netflix, sometimes it would be like, grey screen, “You need to update your Silverlight.”

PJ: Yes! This is the bane of my existence.

PHIA: Yes!

PJ: It's not actually Netflix, it's Amazon. Amazon is constantly like, "Microsoft Silverlight needs to update.”

PHIA: Mhm.

PJ: Which is crazy because I don't know what it does--

PHIA: (laughs)

PJ: --I assume it's like an annoying privacy, like, a thing for them, not for me.

PHIA: Mhm.

PJ: And it is constant.

PHIA: Yes.

PJ: Like constant. Can I tell you that, like, multiple times--not only in my life, but this year--I've bought a movie or a television show online--

PHIA: Mhm.

PJ: --run into something like a Silverlight update and then pirated it. Because I felt like I don't want to go through whatever crap you want to put on my computer, I don't want.

PHIA: Uh-huh.

PJ: I'm happy to have paid for it--

PHIA: Yeah.

PJ: --but, like, I'm not gonna--I don't want your weird invasive ... crap. Which is reasonable and normal.

PHIA: (laughs) Which, I mean the funny thing about Silverlight is it's a way for you to watch videos online but the actual intention is to, like, wrap up the movies in a way where, like, they are protected and secure and people can’t steal them. It’s this thing called DRM.

ALEX: I know DRM. It stand for “digital rights management,” and it’s like a thing that basically since the beginning of the internet companies have been doing to try to keep people from copying stuff.

PHIA: Mhmm.

ALEX: So a lot of DVDs will only allow you to make one or two copies of it before it stops letting you make more copies. Um… there are certain CDs that they make it hard for you to actually pull music off of.

PHIA: Right, so, like, the whole purpose of it is just to, like, stop you from pirating stuff.

PJ: Which is not working.

PHIA: Certainly isn’t really working for you.

So the W3C is like, you’re sick of updating Silverlight, you’re sick of updating Flash? We’ve great news. We have this new DRM, and we’re going to put it directly into your browser. You’re never going to have to worry about updating Flash again.

But here’s the catch. And it’s kind of a big catch. Which is, it’s going to be everywhere. It’s going to be in every phone, in every computer. And if you imagine your computer kinda like your house, it’s like, every house is going to have the same kinda lock on the front door. And they’re saying it’s going to be the best lock--it’s going to be like, super secure, have all the deadbolts you want, like, the perfect lock. Which if they’re right, is like--fantastic.

But Cory says, if they’re wrong--we’re not going to know that they’re wrong. Because outside security experts like, they can’t look at this thing. It’s like the big plan to protect this lock is just like: don’t look at the lock! Don’t break the lock try to break the lock.

PJ: (laughing)

PHIA: And s9--

PJ: Like you’re just not allowed to?

PHIA: Well, basically. Because there’s this copyright law that actually says, like, security researchers are not allowed to get anywhere near locks like this one.

PJ: Oh. That does feel as bad as he thinks it is, honestly.

Yeah, and Cory says this is a real law, and it’s been enforced before.

CORY: So, uh, there was this was programmer named Dmitry Sklyarov who worked for a company called Elcomsoft, he was Russian.

PHIA: OK.

CORY: And he came to America to give a p- a presentation at a tech conference about Adobe's ebook reader. And Adobe had made this ebook reader that promised that you wouldn't be able to copy the text.

And Dmitry found that it was made very, very badly. And so he did what security researchers always do when they find a bug in software that is allegedly secure, which is that they disclose it.

PHIA: He went on a stage at this conference and he told people, like, “Here's this flaw.” And … the FBI arrested him.

PJ: What?!

PHIA: Yeah.

ALEX: Th- the FBI arrested him for copyright infringement?

PHIA: Yeah, basically, and he ended up going to jail.

ALEX: That’s--

PHIA: And--

ALEX: --so ridiculous.

PHIA: He struck a deal with the feds and went back to Russia. Um--

PJ: “What are you in for?”

PHIA: (laughs)

PJ: “A paper I presented at a college, uh, symposium.”

PHIA: Yeah.

PJ: “What about you?”

PHIA: And Cory said he was actually at Dmitry’s release party.

PHIA: What was he like?

CORY: He was, um, he was a - a - a quiet Russian guy. He was a nerd. He was a programmer like all the programmers I knew. He didn’t--h- he wasn’t Neo. Uh, he was just this guy who (laughing) had been to jail in America, and wanted to get the hell out and go back to Russia.

So, Cory’s like what if they decide to do the same thing now with this encrypted video player thing. Like, what if they decide to try and arrest anyone who is pointing out a problem with it? He told me like in one of our many conversations that we had over the last year that security people are really freaked out about this.

CORY: There are lots of people around the world who discover bugs and sell them to governments, right? They weaponize them and they sell them to governments instead of reporting them to the, um--to the, uh, company or pu- publishing them to the public.

So if it’s a really bad defect, you know, you might be able to seize control of the whole computer or maybe you can just take over the browser, in which case you can do things like log credit card numbers and turn on the camera maybe, depending on how the browser and the camera are interacting with each other. If the browser has location access, you can get that, if the----uh, you can get passwords--you can do all kinds of things.

ALEX: N- is there any reason to fight for this? ‘Cause what you’re describing is like a portal that everyone’s going to be attacking--

PHIA: Mhm.

ALEX: --that, uh, no one is allowed to look at, and I can’t understand why this is better than the current system.

PHIA: Yeah, right. And, you know, it’s not the sort of thing that the W3C would normally support. Like, this is the first time they are recommending a standard, like, new internet code that nobody would be allowed to look at.

PJ: Huh.

PHIA: But Cory has a theory about why the W3C is considering this, and it has to do with some new members that joined in the last few years--members like Netflix and YouTube and Viacom.

CORY: Giant media companies, who forever have not liked the- the wide openness of the web and have been calling--since the web’s inception--for, um- uh, controls on how the web works to make their business models more viable, see an opportunity. and etc

PHIA: Which is to say an opportunity to add DRM to things. Like, remember, DRM is that little piece of encryption that stops users from messing with or pirating things?

CORY: So, Netflix shows up at the W3C and says, “We would really like DRM in browsers,” and then strongly implies that in the absence of DRM in browsers there will be no Netflix in browsers. And Netflix is a thing that, um, a lot of people are convinced they need in order to have a viable product. We just- we have to play ball with Netflix.

PHIA: Netflix feels so strongly about this that they’re actually helping to make the lock that the W3C is suggesting that everybody use. Like, Netflix and Google and Microsoft, that’s who is writing it.

PJ: (laughs) Which is crazy, because their whole thing is like: we’re going to build this, it’s going to be perfect, it’s going to replace all the crap that exists right now. The crap is Silverlight. Microsoft made Silverlight.

PHIA: Right.

PJ: Like why would the perfect thing…? That’s crazy.

PHIA: Yeah, I know. And like, the whole time I’m trying to learn about this, I just really wanted to get the perspective of the media companies. And, you know, I reached out to like Netflix, and YouTube, and the Motion Picture Association, and nobody wanted to talk to me.

PJ: Huh.

PHIA: But one group that did get back to me was Mozilla, who makes Firefox, one of the browsers.

PJ: Yeah.

PHIA: So they’re particularly interesting to me because they’re like, in the middle of this fight. There’s like, on the one side there’s like the users, like us, who are just watching movies. Then on the other side there’s like, the media companies who are providing movies, and Mozilla they are just like a platform in the middle of it all.

ALEX: They gotta get along with everybody.

PHIA: Yeah, they’re trying to keep like everybody happy. And that’s kind of their role, but it’s put them in this very difficult position.

So, I talked to a woman, her name is Denelle Dixon. Her title at Mozilla is chief legal and business officer.

PJ: Uh-huh.

PHIA: And she told me that even though Mozilla, like, really does not like this lock thing, it makes a lot of sense to her why companies like Netflix would.

DENELLE DIXON: The content owners--the ones that produce this content that is--it’s their content. It’s copyrighted content. It’s content that they’ve spent creative energy putting together. And they should be able to monetize this content and to protect that content from being--in their mind--being distributed in ways that they don’t authorize. Um. We actually--as Mozilla--think that that’s true. Like, they’re content owners and they should be able to protect it. But there are other ways to go about to protecting the content.

PHIA: Mozilla would like any other option besides this one--because on top of everything else what their company stands for is openness and transparency. For example, Firefox is- is like famously the open source browser.

ALEX: Right.

PHIA: But at some point they realized they can either go along with this or... die.

DENELLE: So it was a really tough decision and it was one we didn’t take lightly at all. We recognized that this it’s--this is hostile to users. The locking system is hostile to users, uh, from the standpoint of, you know, in our browser you put this closed source component in there that’s getting information and data about your devices, and we also are all about transparency. And so that was a problem for us.

PHIA: But after a lot of debate they decided, ok, we’ll put it in.

PHIA: Does that mean there’s code in Firefox that Mozilla can’t look at? Like that--that you can’t look at?

DENELLE: Right. So this is--yeah, so we can’t get into the black box of the DRM, of the-- of the locking system either.

PHIA: Does that feel kind of weird?

DENELLE: (laughs) Yeah, I mean this part of the challenge that we had. It’s that- here’s the--I’m gonna give you the really simple perspective on this: if we didn’t--if we chose not to--put this locking system, black box or not, into our code, uh, then we obviously, our users would go to other browsers because … they need to be able to--they want to be able to watch this content.

PHIA: Meaning if you want to watch Stranger Things and you can’t watch it on Firefox, you are going to somewhere else. And so now, ’cause they agreed to this, Firefox has this little piece of code inside of it that is encrypted.

ALEX: That must (laughing) drive them nuts! That’s all they care about.

PHIA: Yeah, I mean she said it felt really bad. She said, like, a lot - like, it was sad. It made her sad.

ALEX: It’s--that is, like, the thing that, to me, helps me understand the bigness of this.

PHIA: Mhm.

ALEX: Because the internet as it’s always existed has always been this thing that, like, the architecture, you can al- you could always see the beams that held it up.

PHIA: Hm.

ALEX: And if it seemed like there was any one that was weak in any- any particular way, um, other people would- would point out that weakness and help fix it, weld it back together. And now it feels like, um, video, which is now a huge part of the architecture of the internet--

PHIA: Mhm.

ALEX: --if it--if that is no longer visible it just seems like it’s like a fundamental shift to me.

PHIA: Yes, I- I think it’s a really big deal.

PJ: So what- what is going to happen… Like, what happens now?

PHIA: So, Cory says he is going to keep fighting this. Like he is not stopping. He has collected a coalition of people who are all fighting with him, and like, at this point, they’ve been fighting this for three years now. They’re just doing everything they can to make it as difficult as possible for the W3C to make this, like, the law of the land, like a universal standard.

PJ: But what’s the like-- is there like a showdown point? You know what I mean?

PHIA: Yes, (laughs) so they’ve been like, gearing up for a vote, like, between W3C members. And they’ve been thinking that will probably happen, like, April 1st.

PJ: Uh-huh.

PHIA: And I thought that’s where things stood, like that’s what I was expecting to tell you today and then when I was like… when we were all preparing to come in and I was going to explain all this to you, actually right before I came in, this huge thing happened, which is that the director of the W3C posted a blog post saying like ... he has an opinion on this. He’s weighing in.

And, what he said was this thing that Cory hates, he said the W3C should go through with it.

PJ: Huh.

PHIA: So I emailed Cory and he was like, “I saw this and I immediately sent an email out to the head of the W3C saying, like, ‘Are we still gonna have a vote? We always have a vote.’”

PJ: (laughs)

PHIA: (laughs) And he hasn’t heard back.

PJ: Wow.

PHIA: So that’s where it stands right now.

[MUSIC]

ALEX: That’s... intense.

PHIA: So, of course, like, I’m gonna stay in touch with Cory, I’m gonna be watching what’s going on and I will tell you guys as soon as I know anything else.

PJ: Cool.

ALEX: Thank you.

PHIA: Yeah.

PJ: Thanks for explaining!

PHIA: You’re welcome.

PJ: Coming up after after the break, possibly the worst idea we’ve ever had.

[AD BREAK]

PJ: Welcome back to the show. Alright, Alex.

ALEX: Yes?

PJ: I’ve been thinking about something very … uh, I’ve been thinking about something lately!

ALEX: OK.

PJ: I’ve been thinking about Donald Trump's cellphone.

ALEX: What about it?

PJ: Basically since Donald Trump was elected president, I keep seeing these computer security experts online who I follow who are really upset … because this one very specific thing that Donald Trump is doing, which is that when he tweets he’ll often tweet from his phone, and his phone is just like a crappy old Samsung Galaxy, it’s not like a special secure president phone and they think he needs a special secure president phone.

ALEX: Right.

PJ: And this is not a thing that I found … like, of all the things in the world to worry about, I did not feel worried about this. But then, last week, I saw this piece by this VICE writer and he just wanted to find out, like, how easy is it to hack a phone like this and- and what can you do if you- if you do hack it?

ALEX: Mhm.

PJ:, So- so he bought this software off the internet, which allowed him to hack his own phone--which he said took like a minute--and then he gave one of his friends access to it. Like, basically he wanted to find out what could he learn by intentionally hacking himself.

ALEX: Oh!

PJ: And I thought that was a really interesting experiment, but I thought it’d be more interesting if I could find someone who would let me hack their phone.

ALEX: (cackling) Yes!

PJ: Can I really?

ALEX: Yeah--absolutely.  

PJ: I really thought you were gonna be resistant to this.

ALEX: I have nothing to hide from you.

PJ: That’s amazing. So this is OK, you will do this?

ALEX: Yeah, totally (laughs).

PJ: Do you have any … do--I’m curious, like … do you have any anxieties about it at all?

ALEX: (exhales) I mean, if I th- if I think about it for long enough, sure--

PJ: Don’t feel like you have to think about it at all.

ALEX: (laughs) Sure. But like, I really ... for better or worse, you know - you know a lot of - of - of the dark recesses of my soul.

PJ: Not only that, like, you’re somebody who … I’ll be like, “Hey, can I log into, like, wh- how do I get into such a--” y- you’ve given more your e-mail password--I don’t even remember it--but you’ve given it to me I think like six times. And I get the sense that’s just, like, your password for everything.

ALEX: (pauses, opens mouth to speak)

PJ: You don’t have to answer that question.

ALEX: There is a Google Doc that is accessible to every member of Reply All (laughing) that has my password for everything in it.

PJ: Whereas,like, for me, I feel … it’s not like I’m like, “Oh, if someone were to get into my information they would find ‘blah,’” but I just have, like, a … I don’t know if it means that I’m, like, a more deceitful person than you--probably--but I just have, like, a basic medium anxiety. Like, if somebody just, like, grabs my computer, I have a heart attack. Because in my mind, I’m like, “That is my open brain,” and, like, “I don’t know what you're going to see and what type of context you’re gonna put it in.” You don’t-- do you have that?

ALEX: Uhhhh, generally no.

PJ: I feel like you just say everything.

ALEX: Yeah. That’s really what it is! Everything that I think just pours out of my mouth. Unfortunately. And that’s why I’m so annoying to you. (laughs)

PJ: Yeah it’s true.

[MUSIC]

PJ: OK, so. A thing that it did not seem like it would be particularly worth it to say to Alex in this moment was that his understanding of what he’s agreeing to and my understanding of what he’s agreeing to are super different. He’s OK with the idea that I might have the ability to, like, read his emails. But in the original piece about this by this VICE reporter Joseph Cox, when he talked about the experiment it sounded SO much worse than what Alex was actually imagining.

PJ: We were talking about--at the podcast where I work--we were talking about trying to do a version of the experiment you did, umm--

JOSEPH: Sure.

PJ: --the only difference being I talked to my co-host and convinced him to allow me to spy on him.

JOSEPH: Mhm.

PJ: And he--I- I’m not sure he completely understands the capabilities of the technology?

JOSEPH: (laughs) He doesn’t know what he got in for, yeah.

PJ: No, he’s- he was like, “Yeah, whatever, I don’t care if you read my email.”

JOSEPH: (laughing) I mean, are you really going to do it for 24 hours? 48 hours? ’Cause I-  I mean, I’m dedicated to my job, but I--honestly couldn’t do that.

PJ: One week. Seven days.

JOSEPH: (laughs)

PJ: (laughs)

JOSEPH: Oh my god … I--sorry, my mind has just has gone into genuine cyber security mode. Yeah, umm--he’s going to get a shock, definitely.

PJ: And once I’m in there, once I’ve hacked into them, what do I have access to?

JOSEPH: You have access to pretty much everything that this person would be using the device for. If they make a phone call, you will get an email with you they called, when and an audio clip of the phone call. If the GPS tracking is also enabled at the same time you can easily see where they were when they made that call.

PJ: And umm … god, that is so strange (laughing) sorry--

JOSEPH: It’s fucked up. It’s really fucked up.

PJ: (whispers) God.

PJ: Me and Joseph talked for 15 more minutes. You are not going to hear those 15 minutes, but in them he introduced me to a laundry list of things that a person with bad intentions could do to another person’s phone if they had access to it. I am excited to try all of those things in the next week of Alex Goldman’s life. The phone got here late day. We plan to start recording our experiment tomorrow, March 2nd, at 3 p.m.. I am very excited. We will have the results for you in an upcoming episode. Alex Goldman, you have been warned.

[CREDITS SONG PLAYS]

PJ: Reply All is hosted by me, PJ Vogt, and Alex Goldman. Our show is produced by Sruthi Pinnamaneni, Phia Bennin, Chloe Prasinos, and Damiano Marchetti. We’re edited by Tim Howard and Jorge Just. We were mixed by Rick Kwan. Our theme music is by the mysterious Breakmaster Cylinder. Our logo is by Matt Lubchansky. Fact-checking by Michelle Harris.

Special thanks this week to Motherboard. They are also doing an episode about spyware for their new podcast, Plus Plus Podcast. You can check that out.

And special thanks to Mike Masnick, Chris Adams, Mark Gilbert, and Posey Doctorow. Also, if you’re going to be at Texas for SXSW, me and Alex are going to be appearing at the Dropbox podcast studio on Sunday, March 12th.

And, if you’re looking for a job, Gimlet is hiring right now. We’re looking for great salespeople to help the sell the ads on our podcast. You can get more information on gimletmedia.com/careers.

Also, one final note on this episode: Mozilla, who appeared in the story you just heard, has advertised on our show in the past.

Matt Lieber is miraculous parking spot. You can visit our website at replyall.com/limo, and you can find more episodes of the show on iTunes or Spotify or wherever you personally decide you would like to listen to podcasts. Thanks for listening. We’ll see you in two weeks.

[AD BREAK]