Ross's TCPA paper

C Wegrzyn wegrzyn at garbagedump.com
Wed Jun 26 12:57:15 PDT 2002


If a DRM system is based on X.509, according to Brand I thought you could
get anonymity in the transaction. Wouldn't this accomplish the same thing?

Chuck Wegrzyn

----- Original Message -----
From: "Adam Back" <adam at cypherspace.org>
To: cypherpunks at lne.com
X-Orig-To: "bear" <bear at sonic.net>
Cc: <cryptography at wasabisystems.com>; <cypherpunks at lne.com>
Sent: Wednesday, June 26, 2002 3:37 PM
Subject: Re: Ross's TCPA paper


> On Wed, Jun 26, 2002 at 10:01:00AM -0700, bear wrote:
> > As I see it, we can get either privacy or DRM,
> > but there is no way on Earth to get both.
> > [...]
>
> Hear, hear!  First post on this long thread that got it right.
>
> Not sure what the rest of the usually clueful posters were thinking!
>
> DRM systems are the enemy of privacy.  Think about it... strong DRM
> requires enforcement as DRM is not strongly possible (all bit streams
> can be re-encoded from one digital form (CD->MP3, DVD->DIVX),
> encrypted content streams out to the monitor / speakers subjected to
> scrutiny by hardware hackers to get digital content, or A->D
> reconverted back to digital in high fidelity.
>
> So I agree with Bear, and re-iterate the prediction I make
> periodically that the ultimate conclusion of the direction DRM laws
> being persued by the media cartels will be to attempt to get
> legislation directly attacking privacy.
>
> This is because strong privacy (cryptographically protected privacy)
> allows people to exchange bit-strings with limited chance of being
> identified.  As the arms race between the media cartels and DRM
> cohorts continues, file sharing will start to offer privacy as a form
> of protection for end-users (eg. freenet has some privacy related
> features, serveral others involve encryption already).
>
> Donald Eastlake wrote:
>
> | There is little *tehcnical* difference between your doctors records
> | being passed on to assorted insurance companies, your boss, and/or
> | tabloid newspapers and the latest Disney movies being passed on from a
> | country where it has been released to people/theaters in a country
> | where it has not been released.
>
> There is lots of technical difference.  When was the last time you saw
> your doctor use cryptlopes, watermarks etc to remind himself of his
> obligations of privacy.
>
> The point is that with privacy there is an explicit or implied
> agreement between the parties about the handling of information.  The
> agreement can not be technically *enforced* to any stringent degree.
>
> However privacy policy aware applications can help the company avoid
> unintentionally breaching it's own agreed policy.  Clearly if the
> company is hostile they can write the information down off the screen
> at absolute minimum.  Information fidelity is hardly a criteria with
> private information such as health care records, so watermarks, copy
> protect marks and the rest of the DRM schtick are hardly likely to
> help!
>
> Privacy applications can be successful to the in helping companies
> avoid accidental privacy policy breaches.  But DRM can not succeed
> because they are inherently insecure.  You give the data and the keys
> to millions of people some large proportion of whom are hostile to the
> controls the keys are supposedly restricting.  Given the volume of
> people, and lack of social stigma attached to wide-spread flouting of
> copy protection restrictions, there are ample supply of people to
> break any scheme hardware or software that has been developed so far,
> and is likely to be developed or is constructible.
>
> I think content providors can still make lots of money where the
> convenience, and /or enhanced fidelity of obtaining bought copies
> means that people would rather do that than obtain content on the net.
>
> But I don't think DRM is significantly helping them and that they ware
> wasting their money on it.  All current DRM systems aren't even a
> speed bump on the way to unauthorised Net re-distribution of content.
>
> Where the media cartels are being somewhat effective, and where we're
> already starting to see evidence of the prediction I mentioned above
> about DRM leading to a clash with privacy is in the area of
> criminalization of reverse engineering, with Skylarov case, Ed
> Felten's case etc.  Already a number of interesting breaks of DRM
> systems are starting to be released anonymously.  As things heat up we
> may start to see incentives for the users of file-sharing for
> unauthorised re-distribution to also _use_ the software anonymsouly.
>
> Really I think copyright protections as being exploited by media
> cartels need to be substantially modified to reduce or remove the
> existing protections rather than further restrictions and powers
> awareded to the media cartels.
>
> Adam
>
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to
majordomo at wasabisystems.com





More information about the cypherpunks-legacy mailing list