Ross's TCPA paper

bear bear at sonic.net
Wed Jun 26 10:01:00 PDT 2002 


On Wed, 26 Jun 2002, Scott Guthery wrote:

>Privacy abuse is first and foremost the failure
>of a digital rights management system.  A broken
>safe is not evidence that banks shouldn't use
>safes.  It is only an argument that they shouldn't
>use the safe than was broken.
>
>I'm hard pressed to imagine what privacy without
>DRM looks like.  Perhaps somebody can describe
>a non-DRM privacy management system.  On the other
>hand, I easily can imagine how I'd use DRM
>technology to manage my privacy.

You are fundamentally confusing the problem of
privacy (controlling unpublished information and
not being compelled to publish it) with the
problem of DRM (attempting to control published
information and compelling others to refrain
from sharing it).  Privacy does not require
anyone to be compelled against their will to
do anything.  DRM does.

As I see it, we can get either privacy or DRM,
but there is no way on Earth to get both.
Privacy can happen only among citizens who are
free to manage their information and DRM can
happen only among subjects who may be compelled
to disclose or abandon information against
their will.

Privacy without DRM is when you don't need anyone's
permission to run any software on your computer.

Privacy without DRM is when you are absolutely free
to do anything you want with any bits in your
posession, but people can keep you from *getting*
bits private to them into your posession.

Privacy without DRM means being able to legally
keep stuff you don't want published to yourself,
even if that means using pseudonymous or anonymous
transactions for non-fraudulent purposes.

Privacy without DRM means being able to simply,
instantly, and arbitrarily change legal identities
to get out from under extant privacy infringements,
and not have the new identity easily linkable to
the old.

Privacy without DRM means people being able to
create keys for cryptosystems and use them in
complete confidence that no one else has a key
that will decrypt the communication -- this is
fundamental to keeping private information
private.

Privacy without DRM means no restrictions whatsoever
on usable crypto in the hands of citizens.  It may
be a crime to withhold any stored keys when under a
subpeona, but that subpeona should issue only when
there is probable cause to believe that you have
committed a crime or are withholding information
about one, and you should *ALWAYS* be notified of the
issue within 30 days.  It also means that keys which
are in your head rather than stored somewhere are
not subject to subpeona -- on fifth amendment grounds
(in the USA) if the record doesn't exist outside
your head, then you cannot be coerced to produce
it.

Privacy without DRM means being able to keep and
do whatever you want with the records your business
creates -- but not being able to force someone to
use their real name or linkable identity information
to do business with you if that person wants that
information to remain private.

			Bear






---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cypherpunks-legacy mailing list