-----BEGIN PGP SIGNED MESSAGE----- [ To: cypherpunks, sci.crypt ## Date: 10/08/96 01:05 pm ## Subject: Copyright protection schemes discussed at ESORICS ] Last week, I returned from the ESORICS conference in Italy. (If you're going to have a computer security conference, Rome is a nice place for it.) I've been busy since then, but I wanted to post something about a panel discussion held there about copyright protection in the electronic world. This is all a little fuzzy in my memory, since it's been about two weeks and my notes aren't terribly detailed. However, I think the discussion's contents will be of interest to a lot of people out there working at the interface between cryptography and politics. There were three people involved in the presentation: 1. Gerard Eizenberg (chairing the discussion) 2. Dominique Gonthier (from the European Commission) 3. Alstair Kelman (a lawyer from the UK specializing in computer and copyright issues) Jean-Jacques Quisquater was supposed to be there, but had to cancel (I think he was ill). The basic problem they're trying to solve is that it's very hard to conditionally control access to digital information. It's not too hard to keep me from ever seeing some piece of information (encrypt it with a key I can't guess and a cipher I can't break), but it *is* hard to keep me from giving a copy to a few hundred friends and acquaintances, once I *have* seen it. The solutions they proposed (and I can't think of anything better) centered around two ideas: 1. Embedding identification codes into the digital information which are hard to remove, but easy for the authorities to detect. (They call this ``tattooing.'') This allows the authorities or copyright holders to trace the source of illegal copies. (This is a little like asking for the user's name and phone number during software installation--it makes things a little less convenient if he later wants to give away copies to all his friends.) 2. Providing users with access to the information only on hardware controlled by the copyright holder or people working in his interests. (They call this the ``black box.'') This black box is sold or given away to users to allow them to have limited access to copyrighted data, and presumably goes through various gyrations to make sure that the user continues to pay for what he gets. The market for these would probably be similar to the market for satellite decoder boxes. (I don't think the system would be hard to design intelligently, though there would be a lot of opportunity for implementation errors.) Some of the interesting comments I recall from Mr. Gonthier: 1. The ultimate solution to this problem will have to involve technical, legal, and political methods. 2. Not every country in Europe (let alone the world) recognizes the same kind of rights with regard to copyright. 3. The solution will have to involve published and well-accepted standards--if we wind up with a dozen noninteroperable systems, then they will probably all fail in the marketplace. 4. The current solution is basically that owners of really valuable content don't make it electronically available. 5. Either people plan out a solution, or they wait and see what kind of market-driven solutions emerge. Mr. Gonthier favored the first approach, and appeared to take it as a given that almost everyone else would, too. (I suppose if he didn't feel this way, he would be in some other line of work....) Some of the interesting comments I recall from Mr. Kelman: 1. Copyright law isn't terribly well designed, and there are lots of ambiguities. It's going to be impossible to try to make automated systems that make the kinds of judgements that are currently done over several days or weeks, in court. 2. Some of the ambiguities in copyright law get much worse with digital systems. 3. There are serious privacy implications in many of the solutions discussed here. Is it acceptable to have someone have a list of every movie you've rented and every book you've bought or checked out of the library? Is it okay if they sell that list to (say) the government, people who might want to sell you things, people who might want to sue you, etc? 4. The system has to be expensive to start breaking. If we put out an easy-to-break system now, and successively harder-to-break ones later, then we train and provide capital for people who break the copyright systems for money. This is essentially what happened with satellite decoder boxes. Mr. Eizenberg made some interesting points, but since they were mostly technical, I didn't take a lot of notes. (I already have thought about the technical side--it's the political and legal side that I don't understand so well.) One comment of his I *do* remember, which I thought was an excellent point, was that electronic commerce systems were a prerequisite for electronic copyright management systems, and that the properties of those electronic commerce systems would constrain what was possible for the electronic commerce systems. (For example, if your commerce system doesn't support anonymous payments, then it's going to be very hard to support the anonymous purchase of books in the copyright management systems.) I thought the discussion was very interesting, though I wish there had been more time for questions and discussion. My main comments are: Political/social: 1. I think the privacy issues are potentially monstrous, especially when we add in consideration of billing records. We have to worry, not only about police-state measures (``lock up everyone who has purchased more than three books on this list''), but also about blackmail (``gee, Senator, I suppose you read `Naughty Boys in Leather' each month for their incisive political commentary.''). 2. Item 1 becomes more problematic when we consider the likely unwillingness of many governments to accept any kind of anonymous payment system that they can't trace. How many people think it would be okay for the government to have access to a list of what books you read, so long as they promised not to misuse it? 3. The ``tattooing of copyrighted data is really only interesting if the tattoo can be used to trace the person who made the illegal copies in the first place. This also relates to item 1. 4. Many countries have restrictions on what their citizens can read. This includes not only places like China, Iran, and Singapore, but also places like the US, Canada, the UK, Germany, and France. It seems unlikely that the copyright management system would be acceptable to many of these governments, if it ignored these restrictions. However, we're publishing the standards for how these are to work--so with a little extra work, each country can have their own implementation. The US version can restrict what we consider to be hardcore pornography (though someone will probably have to come up with a usable definition of this term), the French version can keep its citizens from watching too many American-made movies, and the Chinese system can prevent citizens from reading or watching anything with unacceptable political or social commentary. After the election of the Buchanan administration in 2000, the US version can even be modified (if designed well) to restrict the number of non-English-language movies and books you can see/read. Even if the US doesn't misuse this system, we'll be providing every dictator on Earth with a turnkey system for tracking or censoring what his citizens read and watch. Technical: 1. For most ways I can see these systems being built, the initial cost to break the system will be somewhat high, but the marginal cost per piece of copyrighted data extracted will be relatively low. This means that it may pay for someone to break one box, then buy a large number of movies, books, etc., and then, all at once, start offering to sell them. Each sale is available for only a few hours, so they don't have to worry about preventing people from making further copies too much. So long as there is any way they can do this (and if there's not, it means that anonymous cash and communications have been totally stamped out), they can make a nice profit on this stuff. If I were designing this system, I'd probably build in the ability to lock out the box that had violated the rules, if I could identify it--hence, the plan to buy up lots of titles, and only *then* to sell them. 2. The simplest attack on this kind of system is what I'd call an ``end-run'' attack--we do an end-run around their defenses. In the case of music, books, and movies, this is done by digitizing the output from the tamper-resistant viewing machine, and then making as many copies as we like. The cost for this attack is a. A one-time cost for building the equipment to intercept and digitize the output. b. A marginal cost per batch of sales--for each batch of sales we do, we probably lose the ability to buy anymore copyrighted items with that black box. Thus, we have to be able to buy a new black box with the revenues from each pirate sale, plus eventually pay back what we spent buying or building the machine. c. A marginal cost per item--we pay what all other consumers pay. Note that (a) shouldn't be *that* much money, though it will almost certainly be illegal in many places to have or sell such equipment. For many designs of the black boxes, we just intercept the video signal coming out of the box, which is trivial. For (b), we have to either buy the black boxes under a false name, or buy them somewhere that doesn't have much of a penalty for hacking them and won't extradite us somewhere that does have a harsh penalty for it. If people demand too much proof of identity before they'll sell you a black box, then they'll find it impossible to sell many of them. (Would you buy a television if they required three forms of ID, a fingerprint, and a blood sample?) 3. Ross Anderson's eternity service would obviously destroy this system. However, this is overkill. It takes only one country which is connected to the net, and which doesn't enforce laws against electronic copyright violations, to ruin the whole system. This raises an interesting point that's been raised many times before: What do you suppose will happen to countries that don't enforce these laws? I suspect the US and other countries will see countries that don't enforce these laws as damaging their interests, and will act accordingly. Some precedents include US threats to start a trade war with China over failure to protect copyright, and a long list of US interventions into Central and South American governments that did things we didn't like, i.e. Argentina, Nicaragua, Panama. (I'm sure other countries have done similar things, but being from the US, these are the cases I'm familiar with.) Comments? Note: Please respond via e-mail as well as or instead of posting, as I get CP-LITE instead of the whole list. --John Kelsey, jmkelsey@delphi.com / kelsey@counterpane.com PGP 2.6 fingerprint = 4FE2 F421 100F BB0A 03D1 FE06 A435 7E36 -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMl0BT0Hx57Ag8goBAQEOwQQA4Al1gU2aKfDRK7FLCdsJWAzmbR2bmB9I QwDMhmg102EclIU6R8powRICFgo6b2XsBkKaUJx3lEArqQ19SjPg5k2EM0Eyd4nO dtaNUggRRY+zaG1DhYK6gAlHS3paG5L+vYnXjo21Bt9FUUQO+KQd/TK/Qk77C6Hh zWP6DBF5B2s= =pCAE -----END PGP SIGNATURE-----