Feedback from Urs Gasser at Berkman

Here's some feedback on Rubinstein and Daemen's new Metasystem Privacy paper posted by Urs Gasser on his Law and Information blog.  Urs is an expert in cyber law associated with the Berkman Center at Harvard Law School.

Microsoft released a white paper entitled “The Identity Metasystem: Towards a Privacy-Compliant Solution to the Challenges of Digital Identity.” The excellent paper, authored by Microsoft’s Internet Policy Council Ira Rubinstein and Tom Daemen, senior attorney with Microsoft, and posted on Kim Cameron’s blog, is a must-read for everyone interested in user-centric ID management systems. (Disclosure: As you can take from the acknowledgments, I have commented on a draft version of the paper, based on my earlier observations on “Identity 2.0”-like initiatives.)

Among my main concerns – check here for other problem areas – has been Microsoft’s claim that the i-card model is “by design” in compliance with the unambiguous and informed consent requirement as set forth, for instance, by EU data protection law. I’ve argued that the “hardwired”-argument (obviously a variation on the theme “regulation by code”) might be sound if one focuses on a particular relationship between one user and one identify provider and/or one relying party – as the white paper does. However, at the aggregated level, the i-card model’s complexity – i.e. the network of informational relationships between one user and multiple ID providers and relying parties – increases dramatically. If we were serious about the informed consent requirement, so my argument goes, one would wish that the user could anticipate not only the consequences of consent vis-à-vis one ID provider, but would understand he interplay among all the components of the ID-system. Even in less complex informational environments, experience has shown that the making available of various privacy policies can’t be the answer to this problem – as the white paper seems to acknowledge.

In this regard, I particularly sympathize with the white paper’s footnote 23. It might indeed be a starting point for an answer to what we might call the “transparency challenge” to create “a system enabling web sites to represent privacy policies in a simple, iconic fashion analogous to food labels. This would allow consumers to see at a glance how a site’s practices compared to those of other Web sites using a small number of universally accepted visual icons that were both secure against spoofing and verified by a trusted third party.” (p. 19, FN 23.) Such a system could become particularly effective if the icons – machine-readable analogous to creative commons labels – would be integrated in search results and monitored by “Neighborhood campaigns” similar, for instance, to Stopbadware.com.

Although Microsoft’s paper leaves some important issues unadressed, it seems plain to me that it takes the discussion on identity and privacy protections as code and policy an important step further – in a sensible and practical manner.

I agree with Urs when he talks about where we can go with visual icons representing the practices and policies of sites and identity providers.  Let's do it.

Just to be clear, I see Information Card technology as providing a platform for people to control their digital identity.  As a platform, it leaves people the freedom to put things of their choice onto that platform.

Let's make an analogy with some other technology – say plasma screens.  The technologists can produce a screen with fantastic resolution, but people can still use it to view blurry, distorted signals if they want to.  But once people see the crsytal clarity of high definition, they move away from the inferior uses.  Even so, there still might be artifacts that are important historically that they want to watch in spite of their resolution.

In the same way, people can use the Information Card technology to host identity providers with different characteristics.  It's a platform.  And my belief is that a high fidelity and transparent identity platform will lead to uses that respect our rights.  If this requires help from legislators and the policy community, that's just part of the process.  In other words, I don't think CardSpace is the magic bullet that solves all privacy problems.  But it is an important step forward to have a platform finally allowing them to be solved.

Once you let one party send information to another party, there is no way to prevent it – technically – from sending a correlating identifier.  As a morbid example, terrorists have been known to communicate by depositing and withdrawing money from bank accounts.  The changes in the account are linked to a codebook.  So any given information field can be used to communicate unrelated information.  

What you can do is prevent the platform itself from creating correlation handles or doing things without a user's knowledge.  You can use policy, legal frameworks and market forces so providers and consumers of identity are transparent about what they are doing. You can create technology that can help discover and prove breaches of transparency.  You can facilitate holding third parties to their promises.  And you can put in place social and legal protections of technology users, along the lines of the privacy-embedded laws of identity.

That's why I see the contributions of legal and policy experts as being just as fundamental as the contribution of technologists in solving identity problems.  In in the long term, the social issues may well be more important than the technical ones.  But the success of the technology is what will make it possible for people to understand and discuss those issues.

I advise following some of the thoughtful links to which Urs refers.

 

Second Law of Identity

Here is the Second Law of Identity as expressed by Anne Cavoukian, Privacy Commissioner of Ontario. The “technology” law is on the left; the “privacy-embedded” form is on the right:

MINIMAL DISCLOSURE FOR A CONSTRAINED USE

The identity metasystem must disclose the least identifying information possible, as this is the most stable, long-term solution. 

MINIMAL DISCLOSURE FOR LIMITED USE:
DATA MINIMIZATION

The identity metasystem must disclose the least identifying information possible, as this is the most stable long-term solution. It is also the most privacy protective solution.     

The concept of placing limitations on the collection, use and disclosure of personal information is at the heart of privacy protection. To achieve these objectives, one must first specify the purpose of the collection and then limit one's use of the information to that purpose,avoiding disclosure for secondary uses. The concept of data minimization bears directly on these issues, namely, minimizing the collection of personal information in the first instance, thus avoiding the possibility of subsequent misuse through unauthorized secondary uses.

 

Dr. Cavoukian's restatement of the First Law is here.  I can't overstate the importance of her collaboration with the identity community.  Nothing is more important to getting identity right than getting privacy right.  And there's no better way to get privacy right than by working side by side with those who, like Dr. Cavourkian, have been studing, writing about and protecting privacy for many years.

Download the Privacy-Embedded laws as a brochure or a whitepaper.

Privacy characteristics of the Identity Metasystem

Microsoft has just completed a whitepaper that looks systematically at how the proposal for an Identity Metasystem advances privacy.  

The document offers a useful general overview of how the Metasystem is intended to work – in a form I think will be accessible to those concentrating on policy.  It also contains an instructive analysis of how the Metasystem embodies the principles articulated in the European Uniion data protection directives. 

I will run some exerpts that I think will be of general interest.  But I suspect all those interested in policy and identity technology will want to download the document, so I've added it to the roster of Identityblog white papers. 

  1. Privacy & MetasystemIntroduction
  2. Existing ID Card Schemes
  3. Anonymity, Privacy, and Security
  4. The Identity Metasystem
  5. The Seven Laws of Identity
  6. Roles
  7. Microsoft’s InformationCard Technology: Windows CardSpace
  8. Scenario One: Basic Protocol Flow
  9. Scenario Two: Protocol Flow with Relying Party STS
  10. User Experience
  11. Creating an Information Card
  12. Logging In with an Information Card
  13. Submitting an Information Card
  14. Example of InformationCard Interaction
  15. Privacy Benefits of Windows CardSpace and the Information Card Model
  16. Protection of Users Against Identity Attacks
  17. Information Card Technology and EU Data Privacy
  18. Overview of EU Data Privacy Law
  19. Data Controllers and Their Legal Obligations
  20. EU Data Privacy Laws and Information Cards
  21. Legitimate Processing
  22. Proportionate Processing
  23. Security
  24. Limits on Secondary Use
  25. Conclusion
  26. Acknowledgments 

From the Executive Summary:

Just as individual identity is fundamental to our face-to-face interactions, digital identity is fundamental to our interactions in the online world. Unfortunately, many of the challenges associated with the Internet stem from the lack of widely deployed, easily understood, and secure identity solutions. This should come as no surprise. After all, the Internet was designed for sharing information, not for securely identifying users and protecting personal data. However, the rapid proliferation of online theft and deception and the widespread misuse of personal information are threatening to erode public trust in the Internet and thus limit its growth and potential.      

Microsoft believes that no single identity management system will emerge and that efforts should instead be directed toward developing an overarching framework that connects different identity systems and sets out standards and protocols for ensuring the privacy and security of online interactions. Microsoft calls this concept the Identity Metasystem. The Identity Metasystem is not a specific product or solution, but rather an interoperable architecture that allows Internet users to use context-specific identities in their various online interactions.

This paper describes the Identity Metasystem and shows how it can meaningfully advance Internet user privacy. In particular, it will show how Microsoft’s contribution to the engineering of the Identity Metasystem—the Information Card technology—promotes privacy in three primary ways:

  • First, it helps users stay safe and in control of their online identity interactions by allowing them to select among a portfolio of digital identities and use them at Internet services of their choice. These digital identities may range from those containing no or very little personal information (perhaps nothing more than proof of an attribute such as age or gender) to those with highly sensitive personal information needed for interacting with financial, health institutions, or obtaining government benefits. The key point is that a web site or service only receives the information it needs rather than all of the personal information an individual possesses.
  • Second, it helps empower users to make informed and reasonable decisions about disclosing their identity information by enabling the use of a consistent, comprehensive, and easily understood user interface. Moreover, this technology implements a number of advanced security features that help safeguard users against identity theft by reliably authenticating sites to users and users to sites.
  • Third, and more generally, Information Card technology is hardwired to comply with data privacy laws and conforms to key requirements in the European Union’s privacy regime, including legitimate and proportionate processing, security, and restraints on secondary use.

In short, this new framework and new technology offer a cutting-edge solution to the digital identity debacle that is stifling the growth of online services and systems.

I want to congratulate Ira Rubinstein, Internet Policy Counsel for Microsoft, and Tom Daemen, a senior attorney in his group, for writing this analysis.  Other contributors include our Chief Privacy Stragegist, Peter Cullen, and Caspar Bowden, Chief Security and Privacy Officer for Europe.  Not to mention the inimitable Mike Jones, well known for his contribution to Identity Metasystem thinking.

Although the document uses the Cardspace implementation in illustrating its points, it's my hope that everyone working on the Identity Metasystem across the industry benefits from this work, since the notions apply to all of us.

First Law of Identity

Here is the First Law of Identity as expressed by Anne Cavoukian, Privacy Commissioner of Ontario. The “technology” law is on the left; the “privacy-embedded” form is on the right:

USER CONTROL
AND CONSENT  Technical identity systems must only reveal information identifying a user with the user's consent.
PERSONAL CONTROL
AND CONSENT   

Technical identity systems must only reveal information identifying a user with the user's consent. Personal control is fundamental to privacy, as is freedom of choice. Consent is pivotal to both.>Consent must be invoked in the collection, use and disclosure of one's personal information. Consent must be informed and uncoerced, and may be revoked at a later date.   

    

 I'll be publishing Dr. Cavoukian's version of all the laws over the next little while.  Readers new to this discussion might want to take a look at the Laws of Identity, a technology paper which I think rings increasingly true and provides context about the intersection between identity and virtual reality.  Amongst other things, it posits a model in which the user is an active and central participant. 

In the brochure published by the commissioner, my original statement of each law appears on the left page, while the “privacy embedded” version appears on the right.  It is kind of Talmudic (or should I say McLuhanesque?), and demonstrates the intersection of the purely technical with a policy-oriented view.  I'm very excited by this work, which clearly takes the Laws of Identity forward.

The full title of the brochure is, “7 Laws of Identity – The Case for Privacy-Embedded Laws of Identity in the DIgital Age” (the illustration above is taken from that publication). 

The Privacy Commissioner's Whitepaper is an equally important document that drills into the notion of an Identity Metasystem and is intended to bring about collaboration between the privacy community and identity technologists as we build it.  

The paper version of the brochure is really a beautiful production.  It can be ordered by calling 1-416-326-3333 / 1-800-387-0073 or by writing to publicat@ipc.on.ca. Beyond that, here is the press statement issued to announce Anne's work, along with the powerpoint of her presentation to the IAPP.

What a powerhouse she is.  She is the thing history is made of.

A Merit Badge That Can't Be Duplicated

From the Los Angeles Times

Boy Scouts can earn badges for woodcarving, raising rabbits and firing shotguns.

But in the Los Angeles area, Scouts will now be able to earn their stripes by proselytizing about the evils of copyright piracy.

Officials with the local Boy Scouts and the Motion Picture Assn. of America on Friday unveiled the Respect Copyrights Activity Patch — emblazoned with a large circle “C” copyright sign along with a film reel and musical notes.

The 52,000 Scouts who are eligible may earn the patch by participating in a curriculum produced by the MPAA. To earn the badge, Scouts must participate in several activities including creating a video public-service announcement and visiting a video-sharing website to identify which materials are copyrighted. They may also watch a movie and discuss how people behind the scenes would be harmed if the film were pirated.

But will the patch be a badge of honor or a scarlet letter of uncoolness?

Richie Farbman, 13, is raring to go, eager to warn others about the dangers of illegal downloading while adding to his more than 20 activity badges.

“I think it's really good to get the message out that it's bad,” said the Redondo Beach Scout. “You can see your friends doing it and tell them why it's bad. I think if you're a role model, you can stop people.”

But Richie said he knew his perspective wasn't shared by many of his classmates. “A lot of people don't think they're going to get in trouble,” he said, “so they do it anyway.”

Other teenagers say Richie and his Scouting buddies face an uphill battle. “Everyone knows it's illegal already, but they do it anyway,” said Kevin Tran, a senior at Taft High School in Woodland Hills. “They can't afford to buy CDs and DVDs, and they see it [on the Internet] for free, so why not do it?”

Officials at the Scouts’ Los Angeles Area Council said they approached the MPAA with the idea nine months ago, emphasizing that the entertainment industry lobbying group did not make financial donations to secure the badge program.

The inspiration for the new badge came from Hong Kong, where the local Boy Scouts organization had its members pledge not to use or buy pirated materials. In addition, the Scouts agreed to search Internet file-sharing sites and turn in sites and users they see violating the law. The campaign was launched at a stadium before a slew of pop stars where the so-called “youth ambassadors” pledged to stem the rise piracy.

The move raised concerns from civil libertarians, who feared the group was creating thousands of young spies to snitch on copyright abusers.

Victor Zuniga, a spokesman for the Scouts’ Los Angeles Area Council, said his group decided on a less aggressive approach: The Scouts won't be asked to police the Internet for pirates.

“Our program is educational,” Zuniga said, adding that the badge probably would be offered elsewhere if was successful here.

Stephanie Scott, a mother of two Boy Scouts, said the anti-piracy badge has something other Scouting activities lack. “This one is tailor-made for the city boy in L.A.,” she said. “Scouts may just as soon go for this one rather than Wilderness Survival.”

MPAA Chairman Dan Glickman said partnering with the Boy Scouts made sense because so much of the pirating was being done by teenagers. “The truth is: So many kids today are savvy with computers and Internet technology and can download anything,” he said.

Although teenagers might roll their eyes at the new badge, some technology-industry analysts said it was a good idea.

“It's actually an incredibly savvy recognition that all the legal and legislative protection, all the technological intervention is clearly not enough to shut dA fown the Internet,” said Eric Garland, an analyst with BigChampagne, which tracks file-sharing networks. “You have to go after the will of the people. Make it an ethical issue.”

But to many teens, it's not so much about ethics as it is money. “Sure [Scouts] should learn downloading is illegal. But if you can't afford to buy it, then they're going to do it anyway,” said Kevin Nguyen, 16, Chatsworth High. “There's no way to control it.”

To quote Slate:

A mom's take: “This one is tailor-made for the city boy in L.A.” As long as the L.A. city boy is an aspiring studio hack.

A friend tells me various youth organizations are working on “Downsizing” and “Outsourcing” badges as well.  The boys have to convince a company of their choosing to adopt a program resulting in a pre-negotiated reduction in salaries and benefits.  There has been talk of offering a supplementary badge for eliminating women staffers.

 

Could the world be upside down?

In my last post I shared Jon Udell's conversation about “translucent databases” as a way to protect us from identity catastrophies.  He mentions a lender (e.g. Prosper) who needs information from a credit bureau (e.g. Equifax) about a borrower's reputation.

I'll start by saying that I see the credit bureau as an identity provider that issues claims about a subject's financial reputation.  The lender is a relying party that depends on these claims.

The paradigm currently used is one where the borrower reveals his SSN (and other identifying information) to the lender, who then sends it on to the credit bureau, where it is used as a key to obtain further reputation and personal information.  In other words, the subject deals with the lender, and the lender deals with the credit bureau, which returns information about the subject.

There are big potential problems with this approach.  The lender initially knows nothing about the subject, so it is quite possible for the borrower to pose as someone else.  Further, the borrower releases someone's SSN to the lender – as each of us has given ours away in thousands of similar contexts – so if the SSN might once have been considered secret, it becomes progressively better known with every passing day.

What's next?  The lender uses this non-secret to obtain further private information from the identity provider – and since the user is not involved, there is no way he or she can verify that the lender has any legitimate reason to ask for that information.  Thus a financial institution can ask for credit information prior to spamming me with a credit card I have not applied for and do not want.  Worse still, as happened in the case of Choicepoint, an important opportunity to determine that criminals are phishing for information is lost when the subject is not involved.

Jon proposed ways of changing the paradigm a bit.  He would obfuscate the SSN such that a service operated by the user could later fill it in on its way from the lender to the credit bureau.  But he actually ends up with a more complex message flow.  To me it looks like the proposal has a lot of moving parts, and makes us wonder how the service operating on behalf of the user would know which lenders were authorized.  Finally, it doesn't answer Prosper's claim that it needs the SSN anyway to submit tax information.

Another simpler paradigm

 I hate to be a single trick pony, but “click, clack, neigh, neigh”.  What if we tried a user-centrilc model?  Here's a starting point for discussion:

The borrower asks the lender for a loan, and the lender tells him which credit bureaus it will accept a reputation from. 

The borrower then authenitcates to one of those credit bureaus.  Since the bureaus know a lot more about him than the lender does, they do a much better job of identifying and authenticating him than the lender can.  In fact, this is one reason why the lender is interested in the credit bureau in the first place.

The credit bureau could even facilitate future interactions by giving the subject an InfoCard usable for subsequent credit checks and so on.  (Judging by the email I constantly get from Equifax, it looks like they really want to be in the business of having a relationship with me, so I don't think this is too far-fetched as a starting point).

After charging the borrower a fee, the credit bureau would give out a reputation coupon encrypted to the lender's key.

The coupon would include the borrower's SSN encrypted for the Tax Department (but not visible to the lender).  The coupon might or might not be accompanied by a token visible to the borrower;  the borrower could be charged extra to see this information (let's give the credit bureaus some incentive for changing their paradigm!)

When the lender gets the coupon, it decrypts it and gains access to the borrower's reputation.  It stores the encrypted version of the borrower's SSN in its database (thus Jon's goal of translucency is achieved).  At the end of the year it sends this encrypted SSN to the tax department, which decrypts it and uses it as before.  The lender never needs to see it.

All of this can be done very simply with Information Card technology.  The borrower's experience would be that Prosper's web site would ask for an Equifax infocard.  If he didn't have one, he could get one from Equifax or choose to use the oldworld, privacy-unfriendly mechanisms of today.

Once he had an InfoCard, he would use it to authenticate to Equifax and obtain the token encrypted for Prosper.  One of the claims generated when using the Equifax card would be the SSN encrypted for the Tax Department. 

When you use an Information Card, the identity selector contacts the identity provider to ask for the token.  This is how the credit brueau can return the up-to-date status of the borrower.  This is also how it knows how to charge the borrower, and possibly, the lender.

InfoCard protocol flow

In my view, the problem Jon has raised for discussion is one of a great many that have surfaced because institutions “elided” users from business interactions.  One of the main reasons for this is that institutions had computers long before it could be assumed that individuals did. 

It will take a while for our society to rebalance – and even invert some paradigms – given the fact that we as individuals are now computerized too.

What you have versus what you are

 Ralf Bendrath sees biometrics as being about “what you have” (had?) rather than “what you are”.

Kim Cameron at Identityblog picked up on Jerry Fishenden's post on the problems of biometrics (by the way: Jerry will speak at our privacy workshop in Athens, see below). He again brings up the story from Malaysia, where some brutal car thieves cut off the index finger of a Mercedes owner in order to circumvent the biometric engine lock. First of all, the thieves could have had it much easier, also without having to carry around a rotting finger. With a bit more high-tech, in the future they could maybe just read the fingerprint out of the car owner's passport.

But more important, this case shows the problems with identity and how hard it is to proof to a machine who you are. It is often based on the classic trinity of authentication, which either can be done by something you have (a key, a USB dongle, a chipcard), something you know (a password, a PIN, your mother's maiden name), or something you are (your fingerprint, your retina). There are of course other possible authentication factors, but these are the most common.

This story makes clear that “what you have” is much clearer than “what you are”. I would prefer saying “I have ten fingers” instead of “I am ten fingers”. “What I am” relates more directly to my personality / identity than “what I have” or “what I know”. It is a story, a flowing amorphous thing, changing from context to context and over time. Of course, you can break it down to some extent to single pieces of data (address, date of birth, employer, email, favourite mp3s, …) – but this is all not good for authentication purposes, as most of it is not really secret. “What I know” can be secret, and as Jerry Fishenden points out in his post, could be linked to “what I have” in order to have multi-factor authentication. But it again is not the same as “what I am”.

Biometrics therefore is more about what I have than what I am. The only difference is that it can't be stolen as easily as a car key or a passport. Fingers can be cut off, but faces? Ok, Hollywood was always ahead of us.

Last open question: Can “what you have” also be said about the way you walk? Probably not. But is that really what you are?

Giving identity thieves the finger

Jerry Fishenden has been posting about biometrics recently, and I'll comment on the issues over the next little while. But before we get there, just to put everything in perspective, here's a piece from the BBC, quoted by Jerry, that I missed when it first came out.

Police in Malaysia are hunting for members of a violent gang who chopped off a car owner's finger to get round the vehicle's hi-tech security system.

The car, a Mercedes S-class, was protected by a fingerprint recognition system.

Accountant K Kumaran's ordeal began when he was run down by four men in a small car as he was about to get into his Mercedes in a Kuala Lumpur suburb.

The gang, armed with long machetes, demanded the keys to his car. It is worth around $75,000 second-hand on the local market, where prices are high because of import duties.

Stripped naked

The attackers forced Mr Kumaran to put his finger on the security panel to start the vehicle, bundled him into the back seat and drove off.

But having stripped the car, the thieves became frustrated when they wanted to restart it. They found they again could not bypass the immobiliser, which needs the owner's fingerprint to disarm it.

They stripped Mr Kumaran naked and left him by the side of the road – but not before cutting off the end of his index finger with a machete.

Police believe the gang is responsible for a series of thefts in the area.

Note to self:  don't purchase technology based on retinal scans.

Future discussion:  not only “things you are” but “things you know” can ultimately expose you to harm.

P.S.  Who would ever buy an S-Class?

 

More on iTunes and Modern Times

Cory Doctorow wrote to say: 

Kim, it appears that the four tracks you couldn't burn were video- files that probably couldn't be burned to a redbook CD, though the UI is still inexcusably confusing.

But there's still something rotten in Denmark.

If you go to buy the plastic CD at Amazon, here is the track list you see.  Check it out.  There are two disks – an Audio CD (Disc 1) and a DVD (Disc 2):

Track Listings

Disc: 1

  1. Thunder On The Mountain  
  2. Spirit On The Water  
  3. Rollin’ and Tumblin’  
  4. When The Deal Goes Down  
  5. Someday Baby  
  6. Workingman's Blues #2  
  7. Beyond The Horizon  
  8. Nettie Moore  
  9. The Levee's Gonna Break  
  10. Ain't Talkin’  
  11. Blood In My Eyes 
  12. Love Sick  
  13. Things Have Changed  
  14. Cold Irons Bound 

Dsc: 2 

  1. Cold Irons Bound (Unreleased live version from Masked & Anonymous) 
  2. Blood In My Eyes 
  3. Things Have Changed 
  4. Love Sick (From The Grammy Awards) 

In other words, Amazon says the audio CD includes the audio tracks corresponding to the videos you get on the second disk.  Isn't that what you would expect?

The virtual product doesn't let you do the same thing.  Who cares if it's not DRM on the audio – but instead, DRM on the video?  I'm unable to strip the audio off the video to burn it to a CD.

I think iTunes (or is it Sony?) should have structured their download the way they did with the molecular set – giving you all the audio tracks, and letting you copy them to a CD.

As Cory says, the iTunes user interface is – in this one case – incredibly confusing.  But in truth, even if iTunes fixed it, I wouldn't be happy with the Dylan album experience.  When I download an album I want the equivalent of the molecular product – with all of its 14 tracks, or whatever it's supposed to have.

Meanwhile, Alex J wrote to me from England.

Alex apparently doesn't think that videos have an audio track, or that I should expect to be able to put the soundtrack on an audio CD the way Sony did in the brick and mortar world (the miracles of modern science!).  He writes:

mmmm.. I don't see any DRM problems at all. I don't see any errors on the part of iTunes anywhere. I don't see …. well, shall I tell you what I DO see?

I see a loud mouthed idiot getting hysterical over the fact that he (she?) is trying to burn 4 bonus video – VIDEO – tracks to an audio CD and is being told by iTunes that it can't be done.

Funny that.

Now, stop frothing at the mouth, go and burn tracks 1 through 10 (ie. the audio tracks, you know, the music?), and r-e-l-a-x. Oh, and don't forget to put up a retraction of your silly rant :-)

I guess “frothing” is not inaccurate, though hauling out the word “bonus” to legitimize the iTunization of the last four songs is a bit much – as is the implication that they don't contain “music”. 

Getting down to brass tacks, the trouble is that Blood In My Eyes and Things Have Changed are pretty decent songs (you know, those audio things), and I don't want them caged up inside the proprietary iTunes environment.  

Modern Times: nutso DRM or bad iTunes UI?

I wanted to hear the new Bob Dylan album last night.  So I went to iTunes (first time there), bought the album, downloaded it.

And guess what?  I couldn't burn it to CD. 

I could only listen to it inside the iTunes application. 

Apple's nutson DRM

My reaction:  this must be really crazy DRM.  Nutso actually.  But then there was worse.

It turned out that Modern Times is a – you guessed it – Sony record. 

I could just see the same crew who concocted the stinky Sony rootkit selling “Son of Rootkit” to iTunes.

Here's what iTunes had promised me on their official site:

Burning playlists with purchased songs in iTunes 4.5 and later

If a playlist contains any songs purchased from the iTunes Music Store, iTunes software restricts the number of times the same playlist may be burned to seven.

My reaction: Seven?  Ha!  Zero! Sucker…

I wouldn't have objected to stupid zero-copy DRM if I'd known about it ahead of time – I would have just “stayed away”.  But telling me I have seven copies and then telling me that “buring is disabled”?   

Poor Dylan. Surely he can't be part of this – though he's the producer on this recording.  He said during his recent Rolling Stone interview:

We all like records that are played on record players, but let's face it, those days are gon-n-n-e.

Hey, not only are records gone – it seems CDs are gone too.  There will just be bits, zeros and ones, run from Sony's world wide underwater headquarters.  No wonder everyone has had their fill of these guys. 

But back to Bob:

You do the best you can, you fight that technology in all kinds of ways…  You listen to these modern records, they're atrocious, they have sound all over them. There's no definition of nothing, no vocal, no nothing, just like — static.

“No nothing” is right.  No CD, that's for sure.

Maybe it's all just a terrible mistake.  A programming error.  I hope so.  Otherwise, anyone for a class action suit?

UPDATE:  The “burning is disabled” message is what iTunes puts up when some of the files have video as well as audio content.  You can copy the first ten the tracks, but not the audio portions of the other four tracks – even though, according to Amazon, the plastic version of this includes one CD with all 14 songs and a DVD containing audio-video for 4 of the 14.