On Sun, 23 Jun 2002, Lucky Green wrote:

Anonymous writes:

...

Lucky Green writes regarding Ross Anderson's paper at: Ross and Lucky should justify their claims to the community in general and to the members of the TCPA in particular. If you're going to make accusations, you are obliged to offer evidence. Is the TCPA really, as they claim, a secretive effort to get DRM hardware into consumer PCs? Or is it, as the documents on the web site claim, a general effort to improve the security in systems and to provide new capabilities for improving the trustworthiness of computing platforms?

Anonymous raises a valid question. To hand Anonymous additional rope, I will even assure the reader that when questioned directly, the members of the TCPA will insist that their efforts in the context of TCPA are concerned with increasing platform security in general and are not targeted at providing a DRM solution.

Unfortunately, and I apologize for having to disappoint the reader, I do not feel at liberty to provide the proof Anonymous is requesting myself, though perhaps Ross might. (I have no first-hand knowledge of what Ross may or may not be able to provide).

That makes the claim a might weak, at least in my perspective.

I however encourage readers familiar with the state of the art in PC platform security to read the TCPA specifications, read the TCPA's membership list, read the Hollings bill, and then ask themselves if they are aware of, or can locate somebody who is aware of, any other technical solution that enjoys a similar level of PC platform industry support, is anywhere as near to wide-spread production as TPM's, and is of sufficient integration into the platform to be able to form the platform basis for meeting the requirements of the Hollings bill.

Is the Hollings bill you refer to S.2048? In S.2048 they want to "plug the analog hole". It's far worse both econmicly and "big brother" wise. How are they going to deal with all the processors now running that don't have this "fritz" chip? Deny them access to data? Won't win over a whole lot of votes that way, pissing off every grandfather in the country. Patience, persistence, truth, Dr. mike

I, for one, can vouch for the fact that TCPA could absolutely be applied to a DRM application. In a previous life I actually designed a DRM system (the company has since gone under). In our research and development in '96-98, we decided that you need at least some trusted hardware at the client to perform any DRM, but if you _did_ have some _minimal_ trusted hardware, that would provide a large hook to a fairly secure DRM system. Check the archives of, IIRC, coderpunks... I started a thread entitled The Black Box Problem. The issue is that in a DRM system you (the content provider) wants to verify the operation of the client, even though the client is not under your control. We developed an online interactive protocol with a sandbox environment to protect content, but it would certainly be possible for someone to crack it. Our threat model was that we didn't want people to be able to use a hacked client against our distributation system. We discovered that if we had some trusted hardware that had a few key functions (I don't recall the few key functions offhand, but it was more than just encrypt and decrypt) we could increase the effectiveness of the DRM system astoundingly. We thought about using cryptodongles, but the Black Box problem still applies. The trusted hardware must be a core piece of the client machine for this to work. Like everything else in the technical world, TPCA is a tool.. It is neither good nor bad; that distinction comes in how us humans apply the technology. -derek "Lucky Green" writes:

Anonymous writes:

...

Lucky Green writes regarding Ross Anderson's paper at: Ross and Lucky should justify their claims to the community in general and to the members of the TCPA in particular. If you're going to make accusations, you are obliged to offer evidence. Is the TCPA really, as they claim, a secretive effort to get DRM hardware into consumer PCs? Or is it, as the documents on the web site claim, a general effort to improve the security in systems and to provide new capabilities for improving the trustworthiness of computing platforms?

Anonymous raises a valid question. To hand Anonymous additional rope, I will even assure the reader that when questioned directly, the members of the TCPA will insist that their efforts in the context of TCPA are concerned with increasing platform security in general and are not targeted at providing a DRM solution.

Unfortunately, and I apologize for having to disappoint the reader, I do not feel at liberty to provide the proof Anonymous is requesting myself, though perhaps Ross might. (I have no first-hand knowledge of what Ross may or may not be able to provide).

I however encourage readers familiar with the state of the art in PC platform security to read the TCPA specifications, read the TCPA's membership list, read the Hollings bill, and then ask themselves if they are aware of, or can locate somebody who is aware of, any other technical solution that enjoys a similar level of PC platform industry support, is anywhere as near to wide-spread production as TPM's, and is of sufficient integration into the platform to be able to form the platform basis for meeting the requirements of the Hollings bill.

Would Anonymous perhaps like to take this question?

--Lucky Green

--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com

-- Derek Atkins Computer and Internet Security Consultant derek@ihtfp.com www.ihtfp.com

Speaking personally, if asked "DRM & privacy, both or neither?" then I will take "both" -- YMMV.

This bullshit is getting deeper and thicker. (dis)ability to replay received information at will has next to nothing to do with ability to stop unwanted parties from obtaining secret information. Let me rephrase this for stupids: DRM is about enforcing NDA between me and someone who made information available to me. DRM is about preventing me to transmit information which became a part of my experience. DRM is about who owns my memories. One *is* the sum of information obtained from the outside world. Information becomes (a small) part of you. This is why people share songs - they identify with something there and want to communicate it. THAT'S WHY THEY LIKE IT IN THE FIRST PLACE. The ultimate DRM is city government stopping you from describing streets, leased apartment owner stopping you from reminiscing sex you had there, school suing you from passing on the knowledge learned. Put a newborn in a sensory deprivation tank and twenty years later observe someone who fully obeys "rights". There is no moderate answer to this. The only possible answer is FUCK YOU. Privacy is about stopping unwanted from knowing my private bits, bits I share with my chosen circle of associates and friends. And guess what - I am not a friend or associate with entertainment publishers. I am not a member. Sale of information is always a sale to the group one belongs to. After few iterations it quickly expands to the whole connected world. So publishers can choose to (a) become pipes more convenient and faster than information working its way through degrees of separations or (b) go out of business. In the meantime a lot of money and maybe some blood will be spent trying to accomodate sheer greed. There is no middle road. Keep your fingers off my memories or I'll pulverize yours. ===== end (of original message) Y-a*h*o-o (yes, they scan for this) spam follows: Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com

On Tue, 25 Jun 2002, John S. Denker wrote:

Date: Tue, 25 Jun 2002 22:21:36 -0400 From: John S. Denker To: Dan Geer , cryptography@wasabisystems.com, cypherpunks@lne.com, Ross.Anderson@cl.cam.ac.uk Subject: Re: privacy <> digital rights management

Dan Geer wrote:

...

Over the last six months, I'd discovered that Carl Ellison (Intel), Joan Feigenbaum (Yale) and I agreed on at least one thing: that the problem statements for "privacy" and for "digital rights management" were identical,

...

...

... YMMV.

Uhhh, my mileage varies rather considerably. Perhaps we are using wildly divergent notions of "privacy" -- or wildly divergent notions of "identical".

DRM has to do mainly with protecting certain rights to _published_ material. Private material is not "identical" with published material -- it is more opposite than identical.

The spectrum from 2 people knowing something to 2 billion knowing something is pretty smooth and continuous. Both DRM and privacy have to do with controlling material after you have released it to someone who might wish to pass it on further against your wishes. There is little *tehcnical* difference between your doctors records being passed on to assorted insurance companies, your boss, and/or tabloid newspapers and the latest Disney movies being passed on from a country where it has been released to people/theaters in a country where it has not been released.

Private material is, according to the usual definitions, in the hands of persons who have a common interest in keeping the information private and restricted.

The only case where all holders of information always have a common interest is where the number of holder is one.

Published material, in contrast, is in the hands of persons who have no interest in keeping it private, and indeed commonly have an interest in defeating whatever restrictions are in place.

"Privacy", according to the usual definitions, involve controlling the spread of information by persons autorized to have it. Contrast with secrecy which primarily has to do with stopping the spread of information through the actions of those not authorized to have it.

We have thousands of years of experience with military crypto, where the parties at both ends of the conversation are highly motivated to restrict the flow of private information. The current state of this technology is very robust.

That's secrecy technology, not privacy technology.

Ending about 20 years ago we had a 500-year era where it was not practical for anyone except an established publisher to infringe copyrights in a big way. During this era, Rights Management had essentially nothing to do with crypto; it mainly had to do with the economics of printing presses and radio transmitters, supplemented by copyright laws that were more-or-less enforceable. This era was killed by analog means (widespread photocopy machines) and the corpse was pulverized by digital means (widespread computers and networking).

Sure, you can't have either privacy or DRM with plain paper texts or plaintext digital data on untrusted hardware. That's pretty obvious. A xerographic copier works just as well on a "private" handwritten letter as it does on a mass produced printed page. And if you want to argue that total privacy and DRM are unobtainable because anyone knowing something in their mind can trasnmit it in plain text, sure. But that does not mean that, at least in principal, it is impossible to achieve "technical privacy" thorugh crypto and trusted hardware where the information can not be improperly passed on by an authorized holder other than via their mind.

I repeat: The main features of our experience with Privacy Management are disjoint from the main features of our experience with Publishers' Rights Management. They are about as different as different can be. The record is replete with spectacular failures attributable to non-understanding of the difference.

You are confusing privacy with secrecy and are confusing accidental/historic differences between privacy and DRM with their essential techncial identity. Donald --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com

I wrote:

...

Perhaps we are using wildly divergent notions of "privacy"

Donald Eastlake 3rd wrote:

You are confusing privacy with secrecy

That's not a helpful remark. My first contribution to this thread called attention to the possibility of wildly divergent notions of "privacy". Also please note that according to the US Office of Technology Assessment, such terms do not posess "a single clear definition, and theorists argue variously ... the same, completely distinct, or in some cases overlapping". Please let's avoid adversarial wrangling over terminology. If there is an important conceptual distinction, please explain the concepts using unambiguous multi-word descriptions so that we may have a collegial discussion.

The spectrum from 2 people knowing something to 2 billion knowing something is pretty smooth and continuous.

That is quite true, but quite irrelevant to the point I was making. Pick an intermediate number, say 100 people. Distributing knowledge to a group of 100 people who share a vested interest in not divulging it outside the group is starkly different from distributing it to 100 people who have nothing to lose and something to gain by divulging it. Rights Management isn't even directly connected to knowledge. Suppose I know by heart the lyrics and music to _The Producers_ --- that doesn't mean I'm free to rent a hall and put on a performance.

Both DRM and privacy have to do with controlling material after you have released it to someone who might wish to pass it on further against your wishes. There is little *tehcnical* difference between your doctors records being passed on to assorted insurance companies, your boss, and/or tabloid newspapers and the latest Disney movies being passed on from a country where it has been released to people/theaters in a country where it has not been released.

That's partly true (although overstated). In any case it supports my point that fixating on the *technical* issues misses some crucial aspects of the problem.

The only case where all holders of information always have a common interest is where the number of holder is one.

Colorful language is no substitute for a logical argument. Exaggerated remarks ("... ALWAYS have ...") tend to drive the discussion away from reasonable paths. In the real world, there is a great deal of information held by N people where (N>>1) and (N<

On Wed, Jun 26, 2002 at 09:51:58AM -0400, Donald Eastlake 3rd wrote: | "Privacy", according to the usual definitions, involve controlling the | spread of information by persons autorized to have it. Contrast with | secrecy which primarily has to do with stopping the spread of | information through the actions of those not authorized to have it. It sounds to me like you mean "data protection," not "privacy." By data protection, I mean the ability of the state to tell you not to use information about certain people in certain ways. See, for example, the EU Data Protection Directive. I find its really useful to not use the word privacy in debates about privacy; it simply means too many things to too many people. Bob Blakely once defined privacy as "The ability to lie about yourself and get away with it" which is an interesting definition. Other good ones include untracability, the inability to trace from a message to a person; unlinkability, the inability to link two instances of "theres a person here" to the same person; and unobservability, which is the ability to not be observed doing something (think curtains, my current favorite privacy technology.) | > We have thousands of years of experience with military crypto, where | > the parties at both ends of the conversation are highly motivated to | > restrict the flow of private information. The current state of this | > technology is very robust. | | That's secrecy technology, not privacy technology. I'm not getting into this one. :) -- "It is seldom that liberty of any kind is lost all at once." -Hume

On Tue, 25 Jun 2002, Dan Geer wrote:

the problem statements for "privacy" and for "digital rights management" were identical

Hmm, so: privacy : DRM :: wiretapping : fair use - RL "Bob" --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com