If everything can ultimately be liberated, then why bother trying to control it?

Matthew X profrv at nex.net.au
Tue Aug 27 14:36:00 PDT 2002 

http://www.ozzie.net/blog/stories/2002/08/22/nondiscretionaryControlsCantLiveWithemCant.html
Nondiscretionary Controls: can't live with 'em, can't...
...can't get 'em right.
In my quest to build real security into both Notes and Groove, I've 
repeatedly run into tough issues related to nondiscretionary controls and 
other challenges in the ex post facto control of released information.
I'm well aware of the fact that this sounds, to most people, like a very 
geeky and obscure problem; something that they shouldn't have to deal with. 
But in fact it's an issue that's at the forefront of Hollywood's digital 
dilemma, and it's something that every PC user should really understand. 
And it's probably worth a rant.
Let me first try to explain it in straightforward terms:
1) In order to view or use or otherwise consume information on your PC - 
regardless of whether it's text, or music, or numbers in a spreadsheet - 
the information must first be transmitted to your PC. It's there, on your PC.
2) The originator of that information sometimes wishes to exercise 
restrictive controls over how you may consume that information, even once 
it's resident on your PC. Perhaps they want to limit it to one listening, 
or one viewing. Maybe they don't want you to press the "Print Screen" key. 
Maybe they don't want you exporting it, or forwarding it to someone else, 
or taking it with you after you leave the company. Let's refer to this as 
"Digital Restrictions Management", or DRM.
3) Let's even go further and say that you are the original creator of 
content. But that you create it within the context of a DRM system. Thus, a 
party other than the creator can limit the creator's free will in 
exercising control over the content that they created.
Welcome to the world of Nondiscretionary Controls. That is, controls that 
can involuntarily release you of your control.
Why is this an issue? Well, people who are serious about security insist 
that, on principle, you shouldn't give people a false sense of security by 
creating products that protect information with a veneer that can trivially 
be stripped away by a competent programmer, engineer, or rocket scientist. 
The simple rule of thumb is as follows: if the data is on your PC and can 
be consumed even once, it's ultimately uncontrollable. Why? Because then 
it's just a matter of cleverness and time and cost before someone can 
"liberate" it from its controls.
(Trusted Computing initiatives and efforts such as Palladium aim to close 
even these holes, but require hardware not present in today's PC.)
MORE ON
http://www.ozzie.net/blog/stories/2002/08/22/nondiscretionaryControlsCantLiveWithemCant.html

More information about the cypherpunks-legacy mailing list