Ross's TCPA paper

Adam Back adam at cypherspace.org
Wed Jun 26 12:37:12 PDT 2002 

On Wed, Jun 26, 2002 at 10:01:00AM -0700, bear wrote:
> As I see it, we can get either privacy or DRM,
> but there is no way on Earth to get both.
> [...]

Hear, hear!  First post on this long thread that got it right.

Not sure what the rest of the usually clueful posters were thinking!

DRM systems are the enemy of privacy.  Think about it... strong DRM
requires enforcement as DRM is not strongly possible (all bit streams
can be re-encoded from one digital form (CD->MP3, DVD->DIVX),
encrypted content streams out to the monitor / speakers subjected to
scrutiny by hardware hackers to get digital content, or A->D
reconverted back to digital in high fidelity.

So I agree with Bear, and re-iterate the prediction I make
periodically that the ultimate conclusion of the direction DRM laws
being persued by the media cartels will be to attempt to get
legislation directly attacking privacy.

This is because strong privacy (cryptographically protected privacy)
allows people to exchange bit-strings with limited chance of being
identified.  As the arms race between the media cartels and DRM
cohorts continues, file sharing will start to offer privacy as a form
of protection for end-users (eg. freenet has some privacy related
features, serveral others involve encryption already).

Donald Eastlake wrote:

| There is little *tehcnical* difference between your doctors records
| being passed on to assorted insurance companies, your boss, and/or
| tabloid newspapers and the latest Disney movies being passed on from a
| country where it has been released to people/theaters in a country
| where it has not been released.

There is lots of technical difference.  When was the last time you saw
your doctor use cryptlopes, watermarks etc to remind himself of his
obligations of privacy.

The point is that with privacy there is an explicit or implied
agreement between the parties about the handling of information.  The
agreement can not be technically *enforced* to any stringent degree.

However privacy policy aware applications can help the company avoid
unintentionally breaching it's own agreed policy.  Clearly if the
company is hostile they can write the information down off the screen
at absolute minimum.  Information fidelity is hardly a criteria with
private information such as health care records, so watermarks, copy
protect marks and the rest of the DRM schtick are hardly likely to
help!

Privacy applications can be successful to the in helping companies
avoid accidental privacy policy breaches.  But DRM can not succeed
because they are inherently insecure.  You give the data and the keys
to millions of people some large proportion of whom are hostile to the
controls the keys are supposedly restricting.  Given the volume of
people, and lack of social stigma attached to wide-spread flouting of
copy protection restrictions, there are ample supply of people to
break any scheme hardware or software that has been developed so far,
and is likely to be developed or is constructible.

I think content providors can still make lots of money where the
convenience, and /or enhanced fidelity of obtaining bought copies
means that people would rather do that than obtain content on the net.

But I don't think DRM is significantly helping them and that they ware
wasting their money on it.  All current DRM systems aren't even a
speed bump on the way to unauthorised Net re-distribution of content.

Where the media cartels are being somewhat effective, and where we're
already starting to see evidence of the prediction I mentioned above
about DRM leading to a clash with privacy is in the area of
criminalization of reverse engineering, with Skylarov case, Ed
Felten's case etc.  Already a number of interesting breaks of DRM
systems are starting to be released anonymously.  As things heat up we
may start to see incentives for the users of file-sharing for
unauthorised re-distribution to also _use_ the software anonymsouly.

Really I think copyright protections as being exploited by media
cartels need to be substantially modified to reduce or remove the
existing protections rather than further restrictions and powers
awareded to the media cartels.

Adam

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cypherpunks-legacy mailing list