Ross's TCPA paper - DRM and privacy

C Wegrzyn wegrzyn at garbagedump.com
Wed Jun 26 13:02:24 PDT 2002 

One more thing, there are different types of DRM. For instance you might
want to make sure that only a specific number of accesses to a media
document are made, and no more. A second type of DRM access might be
allowing only one concurrent access, again I'm not sure that this requires
much private information.A third type of DRM might be time limited. You
might also want a DRM access to a specific IP/location. These don't seem to
require private information, unless prosecution is in the model of
operation.

Chuck Wegrzyn


----- Original Message -----
From: "Adam Back" <adam at cypherspace.org>
To: cypherpunks at lne.com
X-Orig-To: "bear" <bear at sonic.net>
Cc: <cryptography at wasabisystems.com>; <cypherpunks at lne.com>
Sent: Wednesday, June 26, 2002 3:37 PM
Subject: Re: Ross's TCPA paper


> On Wed, Jun 26, 2002 at 10:01:00AM -0700, bear wrote:
> > As I see it, we can get either privacy or DRM,
> > but there is no way on Earth to get both.
> > [...]
>
> Hear, hear!  First post on this long thread that got it right.
>
> Not sure what the rest of the usually clueful posters were thinking!
>
> DRM systems are the enemy of privacy.  Think about it... strong DRM
> requires enforcement as DRM is not strongly possible (all bit streams
> can be re-encoded from one digital form (CD->MP3, DVD->DIVX),
> encrypted content streams out to the monitor / speakers subjected to
> scrutiny by hardware hackers to get digital content, or A->D
> reconverted back to digital in high fidelity.
>
> So I agree with Bear, and re-iterate the prediction I make
> periodically that the ultimate conclusion of the direction DRM laws
> being persued by the media cartels will be to attempt to get
> legislation directly attacking privacy.
>
> This is because strong privacy (cryptographically protected privacy)
> allows people to exchange bit-strings with limited chance of being
> identified.  As the arms race between the media cartels and DRM
> cohorts continues, file sharing will start to offer privacy as a form
> of protection for end-users (eg. freenet has some privacy related
> features, serveral others involve encryption already).
>
> Donald Eastlake wrote:
>
> | There is little *tehcnical* difference between your doctors records
> | being passed on to assorted insurance companies, your boss, and/or
> | tabloid newspapers and the latest Disney movies being passed on from a
> | country where it has been released to people/theaters in a country
> | where it has not been released.
>
> There is lots of technical difference.  When was the last time you saw
> your doctor use cryptlopes, watermarks etc to remind himself of his
> obligations of privacy.
>
> The point is that with privacy there is an explicit or implied
> agreement between the parties about the handling of information.  The
> agreement can not be technically *enforced* to any stringent degree.
>
> However privacy policy aware applications can help the company avoid
> unintentionally breaching it's own agreed policy.  Clearly if the
> company is hostile they can write the information down off the screen
> at absolute minimum.  Information fidelity is hardly a criteria with
> private information such as health care records, so watermarks, copy
> protect marks and the rest of the DRM schtick are hardly likely to
> help!
>
> Privacy applications can be successful to the in helping companies
> avoid accidental privacy policy breaches.  But DRM can not succeed
> because they are inherently insecure.  You give the data and the keys
> to millions of people some large proportion of whom are hostile to the
> controls the keys are supposedly restricting.  Given the volume of
> people, and lack of social stigma attached to wide-spread flouting of
> copy protection restrictions, there are ample supply of people to
> break any scheme hardware or software that has been developed so far,
> and is likely to be developed or is constructible.
>
> I think content providors can still make lots of money where the
> convenience, and /or enhanced fidelity of obtaining bought copies
> means that people would rather do that than obtain content on the net.
>
> But I don't think DRM is significantly helping them and that they ware
> wasting their money on it.  All current DRM systems aren't even a
> speed bump on the way to unauthorised Net re-distribution of content.
>
> Where the media cartels are being somewhat effective, and where we're
> already starting to see evidence of the prediction I mentioned above
> about DRM leading to a clash with privacy is in the area of
> criminalization of reverse engineering, with Skylarov case, Ed
> Felten's case etc.  Already a number of interesting breaks of DRM
> systems are starting to be released anonymously.  As things heat up we
> may start to see incentives for the users of file-sharing for
> unauthorised re-distribution to also _use_ the software anonymsouly.
>
> Really I think copyright protections as being exploited by media
> cartels need to be substantially modified to reduce or remove the
> existing protections rather than further restrictions and powers
> awareded to the media cartels.
>
> Adam
>
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to
majordomo at wasabisystems.com

More information about the cypherpunks-legacy mailing list