Criminalizing crypto criticism

Ben Laurie ben at algroup.co.uk
Wed Aug 1 01:42:21 PDT 2001


Alan wrote:
> 
> On Friday 27 July 2001 11:13, Steven M. Bellovin wrote:
> > In message <20010727015656.A22910 at cluebot.com>, Declan McCullagh writes:
> > >One of those -- and you can thank groups like ACM for this, if my
> > >legislative memory is correct -- explicitly permits encryption
> > >research. You can argue fairly persuasively that it's not broad
> > >enough, and certainly 2600 found in the DeCSS case that the judge
> > >wasn't convinced by their arguments, but at least it's a shield of
> > >sorts. See below.
> >
> > It's certainly not broad enough -- it protects "encryption" research,
> > and the definition of "encryption" in the law is meant to cover just
> > that, not "cryptography".  And the good-faith effort to get permission
> > is really an invitation to harrassment, since you don't have to
> > actually get permission, merely seek it.
> 
> Even worse is if the "encryption" is in bad faith to begin with. (i.e. They
> know it is broken and/or worthless, but don't want the general public to find
> out.)
> 
> Imagine some of the usual snake-oil cryto-schemes applied to copyrighted
> material.  Then imagine that they use the same bunch of lawyers as the
> Scientologists.
> 
> This could work out to be a great money-making scam!  Invent a bogus copy
> protection scheme.  Con a bunch of suckers to buy it for their products. Sue
> anyone who breaks it or tries to expose you as a fraud for damages.
> 
> I mean if they can go after people for breaking things that use ROT-13
> (eBooks) and 22 bit encryption (or whatever CSS actually uses), then you can
> go after just about anyone who threatens your business model.
> 
> I guess we *do* have the best government money can buy.  We just were not the
> ones writing the checks...

The fundamental problem is that crypto for rights protection doesn't
work in general, and certainly can't work where the decryption
technology has to be in the hands of the person you are trying to
protect it from.

Criticising the DMCA because it protects weak crypto seems to me to be
the wrong angle - it doesn't matter whether the crypto is weak or
strong, it can be broken. The important thing is that we should continue
to be able to demonstrate that fact.

Rights management can only be done by legal and social means, not
technological ones.

Cheers,

Ben.

--
http://www.apache-ssl.org/ben.html

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff





More information about the cypherpunks-legacy mailing list