Copyright protection schemes discussed at ESORICS

[JMKELSEY at delphi.com]

-----BEGIN PGP SIGNED MESSAGE-----

[ To: cypherpunks, sci.crypt ## Date: 10/08/96 01:05 pm ##
  Subject:  Copyright protection schemes discussed at ESORICS ]

Last week, I returned from the ESORICS conference in Italy.  (If
you're going to have a computer security conference, Rome is a nice
place for it.)  I've been busy since then, but I wanted to post
something about a panel discussion held there about copyright
protection in the electronic world.

This is all a little fuzzy in my memory, since it's been about two
weeks and my notes aren't terribly detailed.  However, I think the
discussion's contents will be of interest to a lot of people out
there working at the interface between cryptography and politics.

There were three people involved in the presentation:

1.   Gerard Eizenberg (chairing the discussion)
2.   Dominique Gonthier (from the European Commission)
3.   Alstair Kelman (a lawyer from the UK specializing in computer
                     and copyright issues)

Jean-Jacques Quisquater was supposed to be there, but had to cancel
(I think he was ill).

The basic problem they're trying to solve is that it's very hard to
conditionally control access to digital information.  It's not too
hard to keep me from ever seeing some piece of information (encrypt
it with a key I can't guess and a cipher I can't break), but it *is*
hard to keep me from giving a copy to a few hundred friends and
acquaintances, once I *have* seen it.  The solutions they proposed
(and I can't think of anything better) centered around two ideas:

1.   Embedding identification codes into the digital information which
are hard to remove, but easy for the authorities to detect.  (They
call this ``tattooing.'')  This allows the authorities or copyright
holders to trace the source of illegal copies.  (This is a little
like asking for the user's name and phone number during software
installation--it makes things a little less convenient if he later
wants to give away copies to all his friends.)

2.   Providing users with access to the information only on hardware
controlled by the copyright holder or people working in his
interests.  (They call this the ``black box.'')  This black box is
sold or given away to users to allow them to have limited access to
copyrighted data, and presumably goes through various gyrations to
make sure that the user continues to pay for what he gets.  The
market for these would probably be similar to the market for
satellite decoder boxes.  (I don't think the system would be hard to
design intelligently, though there would be a lot of opportunity for
implementation errors.)

Some of the interesting comments I recall from Mr. Gonthier:

1.   The ultimate solution to this problem will have to involve
technical, legal, and political methods.

2.   Not every country in Europe (let alone the world) recognizes
the same kind of rights with regard to copyright.

3.   The solution will have to involve published and well-accepted
standards--if we wind up with a dozen noninteroperable systems, then
they will probably all fail in the marketplace.

4.   The current solution is basically that owners of really
valuable content don't make it electronically available.

5.   Either people plan out a solution, or they wait and see what
kind of market-driven solutions emerge.  Mr. Gonthier favored the
first approach, and appeared to take it as a given that almost
everyone else would, too.  (I suppose if he didn't feel this way, he
would be in some other line of work....)

Some of the interesting comments I recall from Mr. Kelman:

1.   Copyright law isn't terribly well designed, and there are lots
of ambiguities.  It's going to be impossible to try to make
automated systems that make the kinds of judgements that are
currently done over several days or weeks, in court.

2.   Some of the ambiguities in copyright law get much worse with
digital systems.

3.   There are serious privacy implications in many of the solutions
discussed here.  Is it acceptable to have someone have a list of
every movie you've rented and every book you've bought or checked
out of the library?  Is it okay if they sell that list to (say) the
government, people who might want to sell you things, people who
might want to sue you, etc?

4.   The system has to be expensive to start breaking.  If we put
out an easy-to-break system now, and successively harder-to-break
ones later, then we train and provide capital for people who break
the copyright systems for money.  This is essentially what happened
with satellite decoder boxes.

Mr. Eizenberg made some interesting points, but since they were
mostly technical, I didn't take a lot of notes.  (I already have
thought about the technical side--it's the political and legal side
that I don't understand so well.)  One comment of his I *do*
remember, which I thought was an excellent point, was that
electronic commerce systems were a prerequisite for electronic
copyright management systems, and that the properties of those
electronic commerce systems would constrain what was possible for
the electronic commerce systems.  (For example, if your commerce
system doesn't support anonymous payments, then it's going to be
very hard to support the anonymous purchase of books in the
copyright management systems.)

I thought the discussion was very interesting, though I wish there
had been more time for questions and discussion.

My main comments are:

Political/social:

1.   I think the privacy issues are potentially monstrous,
especially when we add in consideration of billing records.  We have
to worry, not only about police-state measures (``lock up everyone
who has purchased more than three books on this list''), but also
about blackmail (``gee, Senator, I suppose you read `Naughty Boys in
Leather' each month for their incisive political commentary.'').

2.   Item 1 becomes more problematic when we consider the likely
unwillingness of many governments to accept any kind of anonymous
payment system that they can't trace.  How many people think it
would be okay for the government to have access to a list of what
books you read, so long as they promised not to misuse it?

3.   The ``tattooing of copyrighted data is really only interesting
if the tattoo can be used to trace the person who made the illegal
copies in the first place.  This also relates to item 1.

4.   Many countries have restrictions on what their citizens can
read.  This includes not only places like China, Iran, and
Singapore, but also places like the US, Canada, the UK, Germany, and
France.  It seems unlikely that the copyright management system
would be acceptable to many of these governments, if it ignored
these restrictions.  However, we're publishing the standards for how
these are to work--so with a little extra work, each country can
have their own implementation.  The US version can restrict what we
consider to be hardcore pornography (though someone will probably
have to come up with a usable definition of this term), the French
version can keep its citizens from watching too many American-made
movies, and the Chinese system can prevent citizens from reading or
watching anything with unacceptable political or social commentary.
After the election of the Buchanan administration in 2000, the US
version can even be modified (if designed well) to restrict the
number of non-English-language movies and books you can see/read.
Even if the US doesn't misuse this system, we'll be providing every
dictator on Earth with a turnkey system for tracking or censoring
what his citizens read and watch.

Technical:

1.   For most ways I can see these systems being built, the initial
cost to break the system will be somewhat high, but the marginal
cost per piece of copyrighted data extracted will be relatively low.
This means that it may pay for someone to break one box, then buy a
large number of movies, books, etc., and then, all at once, start
offering to sell them.  Each sale is available for only a few hours,
so they don't have to worry about preventing people from making
further copies too much.  So long as there is any way they can do
this (and if there's not, it means that anonymous cash and
communications have been totally stamped out), they can make a nice
profit on this stuff.  If I were designing this system, I'd probably
build in the ability to lock out the box that had violated the
rules, if I could identify it--hence, the plan to buy up lots of
titles, and only *then* to sell them.

2.   The simplest attack on this kind of system is what I'd call an
``end-run'' attack--we do an end-run around their defenses.  In the
case of music, books, and movies, this is done by digitizing the
output from the tamper-resistant viewing machine, and then making as
many copies as we like.  The cost for this attack is
     a.   A one-time cost for building the equipment to intercept
     and digitize the output.
     b.   A marginal cost per batch of sales--for each batch of
     sales we do, we probably lose the ability to buy anymore
     copyrighted items with that black box.  Thus, we have to be
     able to buy a new black box with the revenues from each pirate
     sale, plus eventually pay back what we spent buying or building
     the machine.
     c.   A marginal cost per item--we pay what all other consumers
     pay.

Note that (a) shouldn't be *that* much money, though it will almost
certainly be illegal in many places to have or sell such equipment.
For many designs of the black boxes, we just intercept the video
signal coming out of the box, which is trivial.

For (b), we have to either buy the black boxes under a false name,
or buy them somewhere that doesn't have much of a penalty for
hacking them and won't extradite us somewhere that does have a harsh
penalty for it.  If people demand too much proof of identity before
they'll sell you a black box, then they'll find it impossible to
sell many of them.  (Would you buy a television if they required
three forms of ID, a fingerprint, and a blood sample?)

3.   Ross Anderson's eternity service would obviously destroy this
system.  However, this is overkill.  It takes only one country which
is connected to the net, and which doesn't enforce laws against
electronic copyright violations, to ruin the whole system.

This raises an interesting point that's been raised many times
before:  What do you suppose will happen to countries that don't
enforce these laws?  I suspect the US and other countries will see
countries that don't enforce these laws as damaging their interests,
and will act accordingly.  Some precedents include US threats to
start a trade war with China over failure to protect copyright, and
a long list of US interventions into Central and South American
governments that did things we didn't like, i.e. Argentina,
Nicaragua, Panama.  (I'm sure other countries have done similar
things, but being from the US, these are the cases I'm familiar
with.)

Comments?

Note:  Please respond via e-mail as well as or instead of posting,
as I get CP-LITE instead of the whole list.

   --John Kelsey, jmkelsey at delphi.com / kelsey at counterpane.com
 PGP 2.6 fingerprint = 4FE2 F421 100F BB0A 03D1 FE06 A435 7E36

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMl0BT0Hx57Ag8goBAQEOwQQA4Al1gU2aKfDRK7FLCdsJWAzmbR2bmB9I
QwDMhmg102EclIU6R8powRICFgo6b2XsBkKaUJx3lEArqQ19SjPg5k2EM0Eyd4nO
dtaNUggRRY+zaG1DhYK6gAlHS3paG5L+vYnXjo21Bt9FUUQO+KQd/TK/Qk77C6Hh
zWP6DBF5B2s=
=pCAE
-----END PGP SIGNATURE-----