Ross's TCPA paper
Scott Guthery
SGuthery at mobile-mind.com
Tue Jun 25 22:31:34 PDT 2002
Privacy abuse is first and foremost the failure
of a digital rights management system. A broken
safe is not evidence that banks shouldn't use
safes. It is only an argument that they shouldn't
use the safe than was broken.
I'm hard pressed to imagine what privacy without
DRM looks like. Perhaps somebody can describe
a non-DRM privacy management system. On the other
hand, I easily can imagine how I'd use DRM
technology to manage my privacy.
Yes, it would be nice if we didn't need safes but
until we don't, I'll use one. You can choose not to
use DRM to manage your privacy but like stacking
your money on your front porch, you don't get to
grump if people take it. It's called contributory
negligance, I believe.
Cheers, Scott
-----Original Message-----
From: Ross Anderson
To: Dan Geer
Cc: cryptography at wasabisystems.com; cypherpunks at lne.com;
Ross.Anderson at cl.cam.ac.uk; Ross.Anderson at cl.cam.ac.uk
Sent: 6/25/02 11:56 AM
Subject: Re: Ross's TCPA paper
I don't believe that the choice is both privacy and TCPA, or neither.
Essentially all privacy violations are abuses of authorised access by
insiders. Your employer's medical insurance scheme insists on a
waiver allowing them access to your records, which they then use for
promotion decisions. The fizx is fundamentally legislative: that sort
of behaviour is generally illegal in Europe, but tolerated in the USA.
There may be symmetry when we consider the problem as theoretical
computer scientists might, as an issue for abstract machines. This
symmetry breaks rapidly when the applications are seen in context. As
well as the legal aspects, there are also the economic aspects: most
security systems promote the interests of the people who pay for them
(surprise, surprise).
So I do not agree with the argument that we must allow DRM in order to
get privacy. Following that line brings us to a world in which we have
DRM, but where the privacy abuses persist just as before. There is
simply no realistic prospect of American health insurers or HMOs
settling for one-time read-only access to your medical records, no
matter how well that gets implemented in Palladium
Ross
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to
majordomo at wasabisystems.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cypherpunks-legacy
mailing list