> Suppose Alice publishes R1 and Bob publishes R2. R1 is Alice's message xor Alice's one time pad. R2 is Bob's message xor Bob's one time pad. The one time pads are "random". Then it's discovered that R1 xor R2 generates a third party copyrighted work.
It is common among computer people to think the law can be hacked like an algorithm. It does not work like that. If you xor two apparently random files and they surprisingly produce the full text of the Harry Potter series, you do not have plausible deniability if you start distributing it.
You're missing the attack in exactly the same way as the author does.
The same person doesn't distribute both of the files. Two different people distribute two different files. One of them is totally innocent and the party distributing that file doesn't even have to be in on it or have any relationship with the other person, but there is no way to tell which one it is.
The legal system is forced into either punishing and taking down the innocent file or not doing so for the infringing one. There is no other option when you can't distinguish between them.
But it isn't supposed to do that to the one which is just an ordinary use of a one-time pad by an innocent independent third party who has e.g. posted it in a public place for the intended recipient of the non-infringing message to receive it without there being a direct one-to-one communication between sender and the recipient. Or because there are multiple intended recipients and only those with the correct pad can read the original message so it's safe to publish widely.
The fact that some totally different person has come along and used your published file to encode an infringing one is not supposed to affect your legal status. But if nobody can tell which one is the original, the legal system has to choose between punishing the innocent and not punishing the guilty.
It isn't an algorithmic problem, it's an evidentiary problem. There are two different sets of bits and one is supposed to have a different "Colour" but the legal system has no information as to which one it is.
It's like someone discovering that the flashlight on certain phones is bright enough to blind surveillance cameras, and when someone points out that criminals could use this to prevent surveillance cameras from capturing their faces while they're committing their crimes, you respond that the legal system doesn't work like that because having an effective way to avoid being identified doesn't make your conduct legal. But that wasn't the original claim.
Suppose that Alice is an innocent bystander who has done nothing more than publish some innocent data encrypted with a one-time pad and Bob is a pirate who xors a copyrighted work with Alice's data and publishes it. Or vice versa. Anybody who downloads both of them can xor them together and get the copyrighted work, but only one of them was actually derived from the copyrighted work, and you don't know which one.
There are only three things that can happen next, right? Either you punish both Alice and Bob even though one of them is innocent, or you let them both go even though one of them is guilty, or you punish only one of them arbitrarily and thereby, because they're indistinguishable, have a 50% chance of punishing the innocent person while the guilty one goes free.
Which one of those would you propose the legal system should do in that case, and why?
The legal system would of course persecute Bob the pirate, and possibly also everyone who purchases or consumes infringing material distributed by Bob.
The whole xor scheme is irrelevant. If you give people a file and the information about what other file to xor it with to get the cleartext, that is just the same as giving them the cleartext straight away.
But you still don't know who that is. How do you know the pirate is Bob? It could be Alice.
Nobody said you were getting the information on which two files to download from Alice or Bob. Those are just URLs, which could be hosted by a third party, and are tiny so much easier to host on a system which is extrajurisdictional or anonymous.
And if you don't know that it's Bob, under what justification would you punish people who download things from Bob?
I mean suppose Alice is Google and Bob is Dropbox and the two URLs are hosted on The Pirate Bay. Which service do you even propose to remove the file from? According to the rules the innocent one is supposed to stay up.
You suggest Bob can publish the "key" to some anonymous extrajudicial server so it can't the tracked to him. Well if this is possible, why wouldn't he just post the full unencrypted movies (or whatever) there instead of bothering with the xor'ing scheme? The xor'ing doesn't change the legality of anything.
> And if you don't know that it's Bob, under what justification would you punish people who download things from Bob?
Er...under the justification that they are downloading infringing material?
> Well if this is possible, why wouldn't he just post the full unencrypted movies (or whatever) there instead of bothering with the xor'ing scheme?
The movie is 30GB. The URL is 30 bytes. It's like asking why The Pirate Bay uses BitTorrent instead of hosting the movies directly on their servers.
Or how about this. The full list of URL pairs is provided after the end of each movie, so if you get one pair you get all of them. And the same scheme is also used for all kinds of things that aren't allowed to be distributed everywhere, like public domain or permissively licensed works that are banned in some countries over content.
If someone openly posts the URL pair for one of those works, which is permissible to distribute in the US because it's not copyright infringement and the content is only proscribed in some other country, would you punish them for that just because at the end of the work they actually intended for people to watch, someone else had included the URLs for all the copyrighted films?
> Er...under the justification that they are downloading infringing material?
Not if Bob was the innocent party, which you still don't know.
The judicial system looks at which persons acted with the intent of committing a criminal act.
Are you suggesting the judicial system would treat Bob and Alice as equally guilty because the bits in the xor'ed infringing material are coming equally from both files? That is not how it works. One of them acted with criminal intent, which is the one who will be persecuted.
Of course you can't see from the bits themselves who the guilty party is. But in this hypothetically scenario you could just look at the timestamps on the files.
A person who purchase or download the material is also guilty of copyright infringement. And it doesn't matter if the system can figure out who distributed it in the first place - consuming it is an independent crime.
It doesn't matter if the material was distributed as one unencrypted file or as multiple fragments on different servers which has to be combined or whether it was hidden among public domain material, or any other clever scheme.
I see it all the time and it's quite frustrating to see people being so naive. The law is not purely mathematical and algorithmic. I think a good example that moves outside of IP law is murder vs manslaughter. Two identical killings could fall under different charges simply due to what the killer was thinking at the time. And we want it that way. It would be unfair and not accomplish anything good to treat an accidental and an intentional killer the same way.
I don't know why you were downvoted because you are exactly on point. In the GP example, two files can be xor'ed to yield some pirated document. The poster thinks this would require the judicial system to punish the creators of both files equally because both files contribute bits equally. But the judicial system looks at intent, and only one of the files was created with criminal intent.
It is common among computer people to think the law can be hacked like an algorithm. It does not work like that. If you xor two apparently random files and they surprisingly produce the full text of the Harry Potter series, you do not have plausible deniability if you start distributing it.