Privacy abuse is first and foremost the failure of a digital rights management system. A broken safe is not evidence that banks shouldn't use safes. It is only an argument that they shouldn't use the safe than was broken. I'm hard pressed to imagine what privacy without DRM looks like. Perhaps somebody can describe a non-DRM privacy management system. On the other hand, I easily can imagine how I'd use DRM technology to manage my privacy. Yes, it would be nice if we didn't need safes but until we don't, I'll use one. You can choose not to use DRM to manage your privacy but like stacking your money on your front porch, you don't get to grump if people take it. It's called contributory negligance, I believe. Cheers, Scott -----Original Message----- From: Ross Anderson To: Dan Geer Cc: cryptography@wasabisystems.com; cypherpunks@lne.com; Ross.Anderson@cl.cam.ac.uk; Ross.Anderson@cl.cam.ac.uk Sent: 6/25/02 11:56 AM Subject: Re: Ross's TCPA paper I don't believe that the choice is both privacy and TCPA, or neither. Essentially all privacy violations are abuses of authorised access by insiders. Your employer's medical insurance scheme insists on a waiver allowing them access to your records, which they then use for promotion decisions. The fizx is fundamentally legislative: that sort of behaviour is generally illegal in Europe, but tolerated in the USA. There may be symmetry when we consider the problem as theoretical computer scientists might, as an issue for abstract machines. This symmetry breaks rapidly when the applications are seen in context. As well as the legal aspects, there are also the economic aspects: most security systems promote the interests of the people who pay for them (surprise, surprise). So I do not agree with the argument that we must allow DRM in order to get privacy. Following that line brings us to a world in which we have DRM, but where the privacy abuses persist just as before. There is simply no realistic prospect of American health insurers or HMOs settling for one-time read-only access to your medical records, no matter how well that gets implemented in Palladium Ross --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com