On Tue, 25 Jun 2002, John S. Denker wrote:
Date: Tue, 25 Jun 2002 22:21:36 -0400 From: John S. Denker <jsd@monmouth.com> To: Dan Geer <geer@TheWorld.com>, cryptography@wasabisystems.com, cypherpunks@lne.com, Ross.Anderson@cl.cam.ac.uk Subject: Re: privacy <> digital rights management
Dan Geer wrote:
Over the last six months, I'd discovered that Carl Ellison (Intel), Joan Feigenbaum (Yale) and I agreed on at least one thing: that the problem statements for "privacy" and for "digital rights management" were identical,
...
... YMMV.
Uhhh, my mileage varies rather considerably. Perhaps we are using wildly divergent notions of "privacy" -- or wildly divergent notions of "identical".
DRM has to do mainly with protecting certain rights to _published_ material. Private material is not "identical" with published material -- it is more opposite than identical.
The spectrum from 2 people knowing something to 2 billion knowing something is pretty smooth and continuous. Both DRM and privacy have to do with controlling material after you have released it to someone who might wish to pass it on further against your wishes. There is little *tehcnical* difference between your doctors records being passed on to assorted insurance companies, your boss, and/or tabloid newspapers and the latest Disney movies being passed on from a country where it has been released to people/theaters in a country where it has not been released.
Private material is, according to the usual definitions, in the hands of persons who have a common interest in keeping the information private and restricted.
The only case where all holders of information always have a common interest is where the number of holder is one.
Published material, in contrast, is in the hands of persons who have no interest in keeping it private, and indeed commonly have an interest in defeating whatever restrictions are in place.
"Privacy", according to the usual definitions, involve controlling the spread of information by persons autorized to have it. Contrast with secrecy which primarily has to do with stopping the spread of information through the actions of those not authorized to have it.
We have thousands of years of experience with military crypto, where the parties at both ends of the conversation are highly motivated to restrict the flow of private information. The current state of this technology is very robust.
That's secrecy technology, not privacy technology.
Ending about 20 years ago we had a 500-year era where it was not practical for anyone except an established publisher to infringe copyrights in a big way. During this era, Rights Management had essentially nothing to do with crypto; it mainly had to do with the economics of printing presses and radio transmitters, supplemented by copyright laws that were more-or-less enforceable. This era was killed by analog means (widespread photocopy machines) and the corpse was pulverized by digital means (widespread computers and networking).
Sure, you can't have either privacy or DRM with plain paper texts or plaintext digital data on untrusted hardware. That's pretty obvious. A xerographic copier works just as well on a "private" handwritten letter as it does on a mass produced printed page. And if you want to argue that total privacy and DRM are unobtainable because anyone knowing something in their mind can trasnmit it in plain text, sure. But that does not mean that, at least in principal, it is impossible to achieve "technical privacy" thorugh crypto and trusted hardware where the information can not be improperly passed on by an authorized holder other than via their mind.
I repeat: The main features of our experience with Privacy Management are disjoint from the main features of our experience with Publishers' Rights Management. They are about as different as different can be. The record is replete with spectacular failures attributable to non-understanding of the difference.
You are confusing privacy with secrecy and are confusing accidental/historic differences between privacy and DRM with their essential techncial identity. Donald --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com