On Wed, 26 Jun 2002, Scott Guthery wrote:
Privacy abuse is first and foremost the failure of a digital rights management system. A broken safe is not evidence that banks shouldn't use safes. It is only an argument that they shouldn't use the safe than was broken.
I'm hard pressed to imagine what privacy without DRM looks like. Perhaps somebody can describe a non-DRM privacy management system. On the other hand, I easily can imagine how I'd use DRM technology to manage my privacy.
You are fundamentally confusing the problem of privacy (controlling unpublished information and not being compelled to publish it) with the problem of DRM (attempting to control published information and compelling others to refrain from sharing it). Privacy does not require anyone to be compelled against their will to do anything. DRM does. As I see it, we can get either privacy or DRM, but there is no way on Earth to get both. Privacy can happen only among citizens who are free to manage their information and DRM can happen only among subjects who may be compelled to disclose or abandon information against their will. Privacy without DRM is when you don't need anyone's permission to run any software on your computer. Privacy without DRM is when you are absolutely free to do anything you want with any bits in your posession, but people can keep you from *getting* bits private to them into your posession. Privacy without DRM means being able to legally keep stuff you don't want published to yourself, even if that means using pseudonymous or anonymous transactions for non-fraudulent purposes. Privacy without DRM means being able to simply, instantly, and arbitrarily change legal identities to get out from under extant privacy infringements, and not have the new identity easily linkable to the old. Privacy without DRM means people being able to create keys for cryptosystems and use them in complete confidence that no one else has a key that will decrypt the communication -- this is fundamental to keeping private information private. Privacy without DRM means no restrictions whatsoever on usable crypto in the hands of citizens. It may be a crime to withhold any stored keys when under a subpeona, but that subpeona should issue only when there is probable cause to believe that you have committed a crime or are withholding information about one, and you should *ALWAYS* be notified of the issue within 30 days. It also means that keys which are in your head rather than stored somewhere are not subject to subpeona -- on fifth amendment grounds (in the USA) if the record doesn't exist outside your head, then you cannot be coerced to produce it. Privacy without DRM means being able to keep and do whatever you want with the records your business creates -- but not being able to force someone to use their real name or linkable identity information to do business with you if that person wants that information to remain private. Bear --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com