Privacy abuse is first and foremost the failure of a digital rights management system. A broken safe is not evidence that banks shouldn't use safes. It is only an argument that they shouldn't use the safe than was broken. I'm hard pressed to imagine what privacy without DRM looks like. Perhaps somebody can describe a non-DRM privacy management system. On the other hand, I easily can imagine how I'd use DRM technology to manage my privacy. Yes, it would be nice if we didn't need safes but until we don't, I'll use one. You can choose not to use DRM to manage your privacy but like stacking your money on your front porch, you don't get to grump if people take it. It's called contributory negligance, I believe. Cheers, Scott -----Original Message----- From: Ross Anderson To: Dan Geer Cc: cryptography@wasabisystems.com; cypherpunks@lne.com; Ross.Anderson@cl.cam.ac.uk; Ross.Anderson@cl.cam.ac.uk Sent: 6/25/02 11:56 AM Subject: Re: Ross's TCPA paper I don't believe that the choice is both privacy and TCPA, or neither. Essentially all privacy violations are abuses of authorised access by insiders. Your employer's medical insurance scheme insists on a waiver allowing them access to your records, which they then use for promotion decisions. The fizx is fundamentally legislative: that sort of behaviour is generally illegal in Europe, but tolerated in the USA. There may be symmetry when we consider the problem as theoretical computer scientists might, as an issue for abstract machines. This symmetry breaks rapidly when the applications are seen in context. As well as the legal aspects, there are also the economic aspects: most security systems promote the interests of the people who pay for them (surprise, surprise). So I do not agree with the argument that we must allow DRM in order to get privacy. Following that line brings us to a world in which we have DRM, but where the privacy abuses persist just as before. There is simply no realistic prospect of American health insurers or HMOs settling for one-time read-only access to your medical records, no matter how well that gets implemented in Palladium Ross --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
I'm hard pressed to imagine what privacy without DRM looks like. Perhaps somebody can describe a non-DRM privacy management system. On the other hand, I easily can imagine how I'd use DRM technology to manage my privacy.
Oh please, this is absurd. How hard is it to violate my privacy? How much good does DRM do here? If you can't plug the analog hole for something as data-intensive as a DVD, how do you plug the analog hole for something as trivial as a social security number? I have to assume that what you're saying is that I will somehow use DRM to secure information that I give to a company with whom I want to do business. But this is unlikely ever to happen in any meaningful way - in order for this to work, the company with whom I am doing business has to have some incentive to implement DRM. The incentive can't be that I refuse to do business with them if they don't, because most people *do not* refuse to do business with companies that violate their privacy. Indeed, in many cases, we have no choice - if you want water, you sign up with the water department. If you want power, you sign up with the power company. There's no market there - these are monopolies. There's no opportunity for market leverage to impose DRM on them, even if the average person cared enough to make that happen, which they don't. I know this will come as a terrible blow to those who are morally against government coercion, and prefer the subtle coercion of the market, but if you want privacy, there's gotta be a law. And at that point, DRM for your personal information becomes something that I suspect is too expensive to be worth it. Do you keep all your money in a safe, or is some of it in a bank, or in a wallet, or in your dresser drawer? Why don't you keep all of it in a safe? --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
On Wed, 26 Jun 2002, Scott Guthery wrote:
Privacy abuse is first and foremost the failure of a digital rights management system. A broken safe is not evidence that banks shouldn't use safes. It is only an argument that they shouldn't use the safe than was broken.
I'm hard pressed to imagine what privacy without DRM looks like. Perhaps somebody can describe a non-DRM privacy management system. On the other hand, I easily can imagine how I'd use DRM technology to manage my privacy.
You are fundamentally confusing the problem of privacy (controlling unpublished information and not being compelled to publish it) with the problem of DRM (attempting to control published information and compelling others to refrain from sharing it). Privacy does not require anyone to be compelled against their will to do anything. DRM does. As I see it, we can get either privacy or DRM, but there is no way on Earth to get both. Privacy can happen only among citizens who are free to manage their information and DRM can happen only among subjects who may be compelled to disclose or abandon information against their will. Privacy without DRM is when you don't need anyone's permission to run any software on your computer. Privacy without DRM is when you are absolutely free to do anything you want with any bits in your posession, but people can keep you from *getting* bits private to them into your posession. Privacy without DRM means being able to legally keep stuff you don't want published to yourself, even if that means using pseudonymous or anonymous transactions for non-fraudulent purposes. Privacy without DRM means being able to simply, instantly, and arbitrarily change legal identities to get out from under extant privacy infringements, and not have the new identity easily linkable to the old. Privacy without DRM means people being able to create keys for cryptosystems and use them in complete confidence that no one else has a key that will decrypt the communication -- this is fundamental to keeping private information private. Privacy without DRM means no restrictions whatsoever on usable crypto in the hands of citizens. It may be a crime to withhold any stored keys when under a subpeona, but that subpeona should issue only when there is probable cause to believe that you have committed a crime or are withholding information about one, and you should *ALWAYS* be notified of the issue within 30 days. It also means that keys which are in your head rather than stored somewhere are not subject to subpeona -- on fifth amendment grounds (in the USA) if the record doesn't exist outside your head, then you cannot be coerced to produce it. Privacy without DRM means being able to keep and do whatever you want with the records your business creates -- but not being able to force someone to use their real name or linkable identity information to do business with you if that person wants that information to remain private. Bear --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
On Wed, Jun 26, 2002 at 10:01:00AM -0700, bear wrote:
As I see it, we can get either privacy or DRM, but there is no way on Earth to get both. [...]
Hear, hear! First post on this long thread that got it right. Not sure what the rest of the usually clueful posters were thinking! DRM systems are the enemy of privacy. Think about it... strong DRM requires enforcement as DRM is not strongly possible (all bit streams can be re-encoded from one digital form (CD->MP3, DVD->DIVX), encrypted content streams out to the monitor / speakers subjected to scrutiny by hardware hackers to get digital content, or A->D reconverted back to digital in high fidelity. So I agree with Bear, and re-iterate the prediction I make periodically that the ultimate conclusion of the direction DRM laws being persued by the media cartels will be to attempt to get legislation directly attacking privacy. This is because strong privacy (cryptographically protected privacy) allows people to exchange bit-strings with limited chance of being identified. As the arms race between the media cartels and DRM cohorts continues, file sharing will start to offer privacy as a form of protection for end-users (eg. freenet has some privacy related features, serveral others involve encryption already). Donald Eastlake wrote: | There is little *tehcnical* difference between your doctors records | being passed on to assorted insurance companies, your boss, and/or | tabloid newspapers and the latest Disney movies being passed on from a | country where it has been released to people/theaters in a country | where it has not been released. There is lots of technical difference. When was the last time you saw your doctor use cryptlopes, watermarks etc to remind himself of his obligations of privacy. The point is that with privacy there is an explicit or implied agreement between the parties about the handling of information. The agreement can not be technically *enforced* to any stringent degree. However privacy policy aware applications can help the company avoid unintentionally breaching it's own agreed policy. Clearly if the company is hostile they can write the information down off the screen at absolute minimum. Information fidelity is hardly a criteria with private information such as health care records, so watermarks, copy protect marks and the rest of the DRM schtick are hardly likely to help! Privacy applications can be successful to the in helping companies avoid accidental privacy policy breaches. But DRM can not succeed because they are inherently insecure. You give the data and the keys to millions of people some large proportion of whom are hostile to the controls the keys are supposedly restricting. Given the volume of people, and lack of social stigma attached to wide-spread flouting of copy protection restrictions, there are ample supply of people to break any scheme hardware or software that has been developed so far, and is likely to be developed or is constructible. I think content providors can still make lots of money where the convenience, and /or enhanced fidelity of obtaining bought copies means that people would rather do that than obtain content on the net. But I don't think DRM is significantly helping them and that they ware wasting their money on it. All current DRM systems aren't even a speed bump on the way to unauthorised Net re-distribution of content. Where the media cartels are being somewhat effective, and where we're already starting to see evidence of the prediction I mentioned above about DRM leading to a clash with privacy is in the area of criminalization of reverse engineering, with Skylarov case, Ed Felten's case etc. Already a number of interesting breaks of DRM systems are starting to be released anonymously. As things heat up we may start to see incentives for the users of file-sharing for unauthorised re-distribution to also _use_ the software anonymsouly. Really I think copyright protections as being exploited by media cartels need to be substantially modified to reduce or remove the existing protections rather than further restrictions and powers awareded to the media cartels. Adam --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
If a DRM system is based on X.509, according to Brand I thought you could get anonymity in the transaction. Wouldn't this accomplish the same thing? Chuck Wegrzyn ----- Original Message ----- From: "Adam Back" <adam@cypherspace.org> To: cypherpunks@lne.com X-Orig-To: "bear" <bear@sonic.net> Cc: <cryptography@wasabisystems.com>; <cypherpunks@lne.com> Sent: Wednesday, June 26, 2002 3:37 PM Subject: Re: Ross's TCPA paper
On Wed, Jun 26, 2002 at 10:01:00AM -0700, bear wrote:
As I see it, we can get either privacy or DRM, but there is no way on Earth to get both. [...]
Hear, hear! First post on this long thread that got it right.
Not sure what the rest of the usually clueful posters were thinking!
DRM systems are the enemy of privacy. Think about it... strong DRM requires enforcement as DRM is not strongly possible (all bit streams can be re-encoded from one digital form (CD->MP3, DVD->DIVX), encrypted content streams out to the monitor / speakers subjected to scrutiny by hardware hackers to get digital content, or A->D reconverted back to digital in high fidelity.
So I agree with Bear, and re-iterate the prediction I make periodically that the ultimate conclusion of the direction DRM laws being persued by the media cartels will be to attempt to get legislation directly attacking privacy.
This is because strong privacy (cryptographically protected privacy) allows people to exchange bit-strings with limited chance of being identified. As the arms race between the media cartels and DRM cohorts continues, file sharing will start to offer privacy as a form of protection for end-users (eg. freenet has some privacy related features, serveral others involve encryption already).
Donald Eastlake wrote:
| There is little *tehcnical* difference between your doctors records | being passed on to assorted insurance companies, your boss, and/or | tabloid newspapers and the latest Disney movies being passed on from a | country where it has been released to people/theaters in a country | where it has not been released.
There is lots of technical difference. When was the last time you saw your doctor use cryptlopes, watermarks etc to remind himself of his obligations of privacy.
The point is that with privacy there is an explicit or implied agreement between the parties about the handling of information. The agreement can not be technically *enforced* to any stringent degree.
However privacy policy aware applications can help the company avoid unintentionally breaching it's own agreed policy. Clearly if the company is hostile they can write the information down off the screen at absolute minimum. Information fidelity is hardly a criteria with private information such as health care records, so watermarks, copy protect marks and the rest of the DRM schtick are hardly likely to help!
Privacy applications can be successful to the in helping companies avoid accidental privacy policy breaches. But DRM can not succeed because they are inherently insecure. You give the data and the keys to millions of people some large proportion of whom are hostile to the controls the keys are supposedly restricting. Given the volume of people, and lack of social stigma attached to wide-spread flouting of copy protection restrictions, there are ample supply of people to break any scheme hardware or software that has been developed so far, and is likely to be developed or is constructible.
I think content providors can still make lots of money where the convenience, and /or enhanced fidelity of obtaining bought copies means that people would rather do that than obtain content on the net.
But I don't think DRM is significantly helping them and that they ware wasting their money on it. All current DRM systems aren't even a speed bump on the way to unauthorised Net re-distribution of content.
Where the media cartels are being somewhat effective, and where we're already starting to see evidence of the prediction I mentioned above about DRM leading to a clash with privacy is in the area of criminalization of reverse engineering, with Skylarov case, Ed Felten's case etc. Already a number of interesting breaks of DRM systems are starting to be released anonymously. As things heat up we may start to see incentives for the users of file-sharing for unauthorised re-distribution to also _use_ the software anonymsouly.
Really I think copyright protections as being exploited by media cartels need to be substantially modified to reduce or remove the existing protections rather than further restrictions and powers awareded to the media cartels.
Adam
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
On Wed, Jun 26, 2002 at 03:57:15PM -0400, C Wegrzyn wrote:
If a DRM system is based on X.509, according to Brand I thought you could get anonymity in the transaction. Wouldn't this accomplish the same thing?
I don't mean that you would necessarily have to correlate your viewing habits with your TrueName for DRM systems. Though that is mostly (exclusively?) the case for current deployed (or at least implemented with a view of attempting commercial deployment) copy-mark (fingerprint) systems, there are a number of approaches which have been suggested, or could be used to have viewing privacy. Brands credentials are one example of a technology that allows trap-door privacy (privacy until you reveal more copies than you are allowed to -- eg more than once for ecash). Conceivably this could be used with a somewhat online, or in combination with a tamper-resistant observer chip in lieu of online copy-protection system to limit someone for example to a limited number of viewings. Another is the "public key fingerprinting" (public key copy-marking) schemes by Birgit Pfitzmann and others. This addresses the issue of proof, such that the user of the marked-object and the verifier (eg a court) of a claim of unauthorised copying can be assured that the copy-marker did not frame the user. Perhaps schemes which combine both aspects (viewer privacy and avoidance of need to trust at face value claims of the copy-marker) can be built and deployed. (With the caveat that though they can be built, they are largely irrelevant as they will no doubt also be easily removable, and anyway do not prevent the copying of the marked object under the real or feigned claim of theft from the user whose identity is marked in the object). But anyway, my predictions about the impending collision between privacy and the DRM and copy protection legislation power-grabs stems from the relationship of privacy to the later redistrubtion observation that: 1) clearly copy protection doesn't and can't a-priori prevent copying and conversion into non-DRM formats (eg into MP3, DIVX) 2) once 1) happens, the media cartels have an interest to track general file trading on the internet; 3) _but_ strong encryption and cryptographically enforced privacy mean that the media cartels will ultimately be unsuccessful in this endeavour. 4) _therefore_ they will try to outlaw privacy and impose escrow identity and internet passports etc. and try to get cryptographically assured privacy outlawed. (Similar to the previous escrow on encryption for media cartel interests instead of signals intelligence special interests; but the media cartels are also a powerful adversary). Also I note an slip in my earlier post [of Bear's post]: | First post on this long thread that got it right. Ross Anderson's comments were also right on the money (as always). Adam
Adam Back wrote:
I don't mean that you would necessarily have to correlate your viewing habits with your TrueName for DRM systems. Though that is mostly (exclusively?) the case for current deployed (or at least implemented with a view of attempting commercial deployment) copy-mark (fingerprint) systems, there are a number of approaches which have been suggested, or could be used to have viewing privacy.
The TCPA specs were carefully designed to permit the user to obtain multiple certificates from multiple CA's and thus, if, and that's a big if, the CA's don't collude and furthermore indeed discard the true name identities of the customer, utilize multiple separate identities for various online applications. I.e., the user could have one cert for their True Name, one used to enable Microsoft Office, and one to authenticate the user to other online services. It is very much the intent of the TCPA to permit the use of pseudonymous credentials for many, if not most, applications. Otherwise, the TCPA's carefully planned attempts at winning over the online liberty groups would have been doomed from the start. --Lucky Green --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
One more thing, there are different types of DRM. For instance you might want to make sure that only a specific number of accesses to a media document are made, and no more. A second type of DRM access might be allowing only one concurrent access, again I'm not sure that this requires much private information.A third type of DRM might be time limited. You might also want a DRM access to a specific IP/location. These don't seem to require private information, unless prosecution is in the model of operation. Chuck Wegrzyn ----- Original Message ----- From: "Adam Back" <adam@cypherspace.org> To: cypherpunks@lne.com X-Orig-To: "bear" <bear@sonic.net> Cc: <cryptography@wasabisystems.com>; <cypherpunks@lne.com> Sent: Wednesday, June 26, 2002 3:37 PM Subject: Re: Ross's TCPA paper
On Wed, Jun 26, 2002 at 10:01:00AM -0700, bear wrote:
As I see it, we can get either privacy or DRM, but there is no way on Earth to get both. [...]
Hear, hear! First post on this long thread that got it right.
Not sure what the rest of the usually clueful posters were thinking!
DRM systems are the enemy of privacy. Think about it... strong DRM requires enforcement as DRM is not strongly possible (all bit streams can be re-encoded from one digital form (CD->MP3, DVD->DIVX), encrypted content streams out to the monitor / speakers subjected to scrutiny by hardware hackers to get digital content, or A->D reconverted back to digital in high fidelity.
So I agree with Bear, and re-iterate the prediction I make periodically that the ultimate conclusion of the direction DRM laws being persued by the media cartels will be to attempt to get legislation directly attacking privacy.
This is because strong privacy (cryptographically protected privacy) allows people to exchange bit-strings with limited chance of being identified. As the arms race between the media cartels and DRM cohorts continues, file sharing will start to offer privacy as a form of protection for end-users (eg. freenet has some privacy related features, serveral others involve encryption already).
Donald Eastlake wrote:
| There is little *tehcnical* difference between your doctors records | being passed on to assorted insurance companies, your boss, and/or | tabloid newspapers and the latest Disney movies being passed on from a | country where it has been released to people/theaters in a country | where it has not been released.
There is lots of technical difference. When was the last time you saw your doctor use cryptlopes, watermarks etc to remind himself of his obligations of privacy.
The point is that with privacy there is an explicit or implied agreement between the parties about the handling of information. The agreement can not be technically *enforced* to any stringent degree.
However privacy policy aware applications can help the company avoid unintentionally breaching it's own agreed policy. Clearly if the company is hostile they can write the information down off the screen at absolute minimum. Information fidelity is hardly a criteria with private information such as health care records, so watermarks, copy protect marks and the rest of the DRM schtick are hardly likely to help!
Privacy applications can be successful to the in helping companies avoid accidental privacy policy breaches. But DRM can not succeed because they are inherently insecure. You give the data and the keys to millions of people some large proportion of whom are hostile to the controls the keys are supposedly restricting. Given the volume of people, and lack of social stigma attached to wide-spread flouting of copy protection restrictions, there are ample supply of people to break any scheme hardware or software that has been developed so far, and is likely to be developed or is constructible.
I think content providors can still make lots of money where the convenience, and /or enhanced fidelity of obtaining bought copies means that people would rather do that than obtain content on the net.
But I don't think DRM is significantly helping them and that they ware wasting their money on it. All current DRM systems aren't even a speed bump on the way to unauthorised Net re-distribution of content.
Where the media cartels are being somewhat effective, and where we're already starting to see evidence of the prediction I mentioned above about DRM leading to a clash with privacy is in the area of criminalization of reverse engineering, with Skylarov case, Ed Felten's case etc. Already a number of interesting breaks of DRM systems are starting to be released anonymously. As things heat up we may start to see incentives for the users of file-sharing for unauthorised re-distribution to also _use_ the software anonymsouly.
Really I think copyright protections as being exploited by media cartels need to be substantially modified to reduce or remove the existing protections rather than further restrictions and powers awareded to the media cartels.
Adam
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
participants (6)
-
Adam Back -
bear -
C Wegrzyn -
Lucky Green -
Scott Guthery -
Ted Lemon