Interesting People mailing list archives
IP: more on Thought crimes or better the joint plans of disk drive manufacturers and content providers to provide copy protection based on cryptographic means embedded within the drive technology
From: Dave Farber <farber () cis upenn edu>
Date: Mon, 25 Dec 2000 19:24:21 -0500
Date: Mon, 25 Dec 2000 15:32:17 -0800 To: "Jonathan S. Shapiro" <shap () eros-os org> From: "Mark S. Miller" <markm () caplet com> Subject: Re: Thought crimes Cc: <farber () cis upenn edu>, <ip-sub-1 () majordomo pobox com>, <fsb () crynwr com>, "Marc Stiegler" <marcs () skyhunter com> At 09:07 AM Monday 12/25/00, Jonathan S. Shapiro wrote:Copyright has two purposes: (1) to allow an author to gain compensation for a work, and (2) to ensure that after an appropriate amount of time the work becomes public domain. As we think about the implications of cryptographic disk drives, it is important to remember that these technologies only address *half* of copyright. They allow a distributor to ensure that a copyrighted work is more difficult to steal. Unfortunately, by their very success, they ensure that the work will never be released as a public good. Cryptographic disk drives do not preserve copyright. They enforce something much much stronger.Because the descriptive and the normative -- "is" and "ought" -- are so rarely separated, I need to make it clear that, if I could wave a magic wand and have copyright, narrowly interpreted, continue to be enforceable in ways that serve both of these purposes, I would. This note explains why I don't think there is such a magic wand. I am not against copyright. I am just against tilting at windmills. Jonathan's paragraph above assumes that copy protection is possible, and that it is possible for these disks (or other means) to succeed at their purpose. For most of the media people are trying to protect, which we call "self revealing media", this is simply false. Books, movies, music, and such are all self revealing media -- the only way their information content delivers value to the customer is by revealing this information to the customer. Unless someone knows of a way from the player to distinguish an eyeball from a camera, then all hope is lost. (Assume attempts to recognize this difference would result in cameras embedded in eyeballs.) So if these disk drives and the hype surrounding them lull content owners into thinking that purpose #1 will be served, purpose #2 will instead be served in hours or days rather than years. Of course, after enough iterations of this, content owners will wise up or die. See "The Street Performer Protocol and Digital Copyrights" by John Kelsey and Bruce Schneier http://www.firstmonday.dk/issues/issue4_6/kelsey/ for more on why such copy protection is impossible, as well some ideas for addressing issue number #1 in the face of this. By contrast, programs and processes are examples of the other important media category, "behavioral media". Behavioral media delivers value to the customer by interacting with the customer. Each time, the interaction's value derives from the value of the information which is the media's content, but the information revealed by the interaction is generally not adequate to reverse engineer the media's content. For example, if you play chess or a video game, or use a symbolic algebra package, and you record all the information passing between you and the program with full fidelity, this doesn't help much in recreating the program itself. Of course, you can proxy interactions from others to the program itself -- be a man in the middle -- but if the program charges per-use and not per-copy, then the program owner's revenue isn't in the least threatened. This model, and how to accomplish it securely is explained at http://www.agorics.com/agoricpapers/aos/aos.6.html . (Although I've said publicly that I no longer advocate opaque boxes, my advocacy and preferences are besides the point of this note. Here we need to understand only technological possibility and inevitability.) For this kind of media, protected through these measures, there's no way to ensure purpose #2: The content is protected through an analog of trade-secret rather than copyright or patent. There is no means to enforce the eventual revelation of this content to the public. The irony of the above contrast is that while the purveyors of the protectable kind of media, the software industry, has made enormous strides in learning to live post-copyright, in the exploration of open source business models, the industries on whose neck the axe is rapidly falling know of nothing to do but panic. As they see no alternative to defending copyright, and as they are sitting on many many billions of dollars of accounting value in copyrighted works, it seems the only ethical thing they can do to serve the interests of their stockholders is to spend billions on anyone, like InterTrust or IBM's funny disks, that promise the hope of throwing some friction in the path of the inevitable. They may even be right -- the delay bought by this friction may actually be worth the money spent on it. For now. At some point, when billions of dollars only buys additional hours of friction, they will need to start thinking about non-copyright-based business models, perhaps along the lines of Street Performer, or perhaps along the of the open source models the software industry is pursuing. In the meantime, the money being spent on the impossible has diverted and distracted a huge amount of computer security professionals from pursuit of the achievable. Fortunately, it is possible to divide up the "Digital Rights Management" (DRM) issue into two parts, the achievable and the impossible. The sinking dinosaurs, by funding the creation of DRM systems, also effectively fund the parts of the technology that will be useful in other contexts. If people are interested, I can explain a way to partition DRM to achieve this. The "dinosaur" reference isn't a value judgement -- I also feel sorry for those dinosaurs. But though the dinosaurs died, during the transition their rotting flesh may have helped feed the early mammals. (Actually, I have no idea. But it is a vivid image.)The content manufacturers and the disk drive makers are formulating a new contract with the viewing public.This is indeed a Smart Contract, in the sense that Nick Szabo and the E project use the term -- it's a contract "written" in the behavior of an automated enforcement mechanism. However, a key component of contracts is enforceability. Only once we understand what terms are enforceable in this new medium will we understand what kinds of contract we can successfully write.If the content providers have concluded that copyright provides inadequate protection, they are certainly free to devise other means. However, they should not be simultaneously entitled to claim the benefit of copyright for their works.To address this, we must first resolve a terminological ambiguity: Would you say that technologically enforced copy protection is really just "copyright" in a new medium, or is it "other means"? If content owners only engage in technological means without legacy-legal backing, are they "claiming the benefits of copyright" or giving up on those benefits? Given the trans-jurisdictional nature of the Internet and the identity hiding power of crypto and mix-networks, when the law goes against the logic of technological enforceability, it will still be able to prohibit, but no longer to inhibit. Cheers, --MarkM
For archives see: http://www.interesting-people.org/
Current thread:
- IP: more on Thought crimes or better the joint plans of disk drive manufacturers and content providers to provide copy protection based on cryptographic means embedded within the drive technology Dave Farber (Dec 25)