Privacy-enhancing uses for TCPA

Seth David Schoen schoen at loyalty.org
Tue Aug 6 12:11:39 PDT 2002


AARG!Anonymous writes:

> I could go on and on, but the basic idea is always the same, and hopefully
> once people see the pattern they will come up with their own ideas.
> Being able to write software that trusts other computers allows for an
> entirely new approach to security software design.  TCPA can enhance
> freedom and privacy by closing off possibilities for surveillance and
> interference.  The same technology that protects Sony's music content
> in a DRM application can protect the data exchanged by a P2P system.
> As Seth Schoen of the EFF paraphrases Microsoft, "So the protection of
> privacy was the same technical problem as the protection of copyright,
> because in each case bits owned by one party were being entrusted to
> another party and there was an attempt to enforce a policy."
> (http://vitanuova.loyalty.org/2002-07-05.html, 3rd bullet point)

I would just like to point out that the view that "the protection of
privacy [is] the same technical problem as the protection of
copyright" is Microsoft's and not mine.  I don't agree that these
problems are the same.

An old WinHEC presentation by Microsoft's Peter Biddle says that
computer security, copyright enforcement, and privacy are the same
problem.  I've argued with Peter about that claim before, and I'm
going to keep arguing about it.

For one thing, facts are not copyrightable -- copyright law in the
U.S. has an "idea/expression dichotomy", which, while it might be
ultimately incoherent, suggests that copyright is not violated when
factual information is reproduced or retransmitted without permission.
So, for example, giving a detailed summary of the plot of a novel or
a movie -- even revealing what happens in the ending! -- is not an
infringement of copyright.  It's also not something a DRM system can
control.

But privacy is frequently violated when "mere" facts are redistributed.
It often doesn't matter that no bits, bytes, words, or sentences were
copied verbatim.  In some cases (sexual orientation, medical history,
criminal history, religious or political belief, substance abuse), the
actual informational content of a "privacy-sensitive" assertion is
extremely tiny, and would probably not be enough to be "copyrightable
subject matter".  Sentences like "X is gay", "Y has had an abortion",
"Z has AIDS", etc., are not even copyrightable, but their dissemination
in certain contexts will have tremendous privacy implications.

"Technical enforcement of policies for the use of a file within a
computer system" is a pretty poor proxy for privacy.

This is not to say that trusted computing systems don't have interesting
advantages (and disadvantages) for privacy.

-- 
Seth David Schoen <schoen at loyalty.org> | Reading is a right, not a feature!
     http://www.loyalty.org/~schoen/   |                 -- Kathryn Myronuk
     http://vitanuova.loyalty.org/     |





More information about the cypherpunks-legacy mailing list