Interesting People mailing list archives
IP: Fears of Misuse of Encryption System Are Voiced
From: Dave Farber <dave () farber net>
Date: Sat, 22 Jun 2002 06:30:26 -0400
I have attached to the end of this article the email I sent John (on request) With my opinions which were quotable djf June 20, 2002 Fears of Misuse of Encryption System Are Voiced By JOHN MARKOFF AN FRANCISCO, June 19 A leading European computer security and privacy advocate is challenging an effort by the American computer industry to create a standard to protect software and digital content, calling the plan a smoke screen by established companies to protect their existing markets. In a paper to be presented at a technical conference in Toulouse, France, on Thursday, Ross Anderson, a University of Cambridge computer scientist, attacks the Trusted Computing Platform Alliance, an organization formed in October 1999 by Compaq Computer, Hewlett-Packard, I.B.M., Intel and Microsoft. The companies say their intent is to provide a cryptographic system that would ensure privacy and protect intellectual property. The technology that the alliance has developed uses an encryption method intended to identify computer hardware and operating system software and determine that their configuration has not been altered. The companies say it will help detect virus invasions and provide security for commercial transactions like online purchases and banking. But Dr. Anderson argues that the potential exists for the technology to be used in a more sinister fashion: to create a new form of censorship based on the ability to track and identify electronic information. He compares the technology to a proposal by Intel in January 1999 to insert a distinct serial number into each of its Pentium processors, an effort that drew widespread consumer opposition after privacy advocates warned that the technology could be used for surveillance purposes. The plan was withdrawn. Dr. Anderson also warns that widespread adoption of the standard from the alliance, known as T.C.P.A., could put large United States computer companies in a position to thwart competition by controlling who gets to use the standard and on what computer platforms. "The T.C.P.A. appears likely to change the ecology of information goods and services markets so as to favor incumbents, penalize challengers and slow down the pace of innovation and entrepreneurship," he wrote. Spokesmen for Intel and for Microsoft said their companies had not been able to review the paper and would not comment. Dr. Anderson is a Cambridge computer scientist who is also chairman of the Foundation for Information Policy Research, a British Internet policy research group. In a telephone interview today from France, he said there was growing concern within the European Union that the T.C.P.A. standard could emerge into a competitor for so-called smart cards, used for authentication, which are now the basis of a significant European industry. "This is something that has potential macroeconomic effects, and it will become the big new controversy over the next six months," he said. Although encryption technologies have not been used widely in the personal computer industry to protect intellectual property, they have become standard in the video game market, where companies like Sony, Nintendo and Microsoft use built-in encryption to protect against piracy and to force software developers to pay royalties to write software for the game machines. The T.C.P.A. standard would not directly control what software a user could run on a personal computer. But according to several people who have examined the specification, it could be used to make a catalog of software on a machine available for action by a third party barring, for example, someone with decryption software from playing a copy-protected DVD. That capability has touched off an internal debate within at least one privacy rights group in the United States. The Electronic Frontier Foundation has been discussing the implications of the technology this week and is divided on the consequences. "On the one hand some of our board members have argued that it might effectively protect you from viruses," said Seth Schoen, the foundation's staff technologist. "On the other hand some of our board members believe that if any information is made available automatically to a third party that is a privacy issue." Among the board members who are potential defenders of the technology is David Farber, a longtime computer industry technologist and a computer scientist at the University of Pennsylvania. Dr. Farber said that he had been on the alliance's advisory board for the last three years and more recently had consulted with Intel and others about technical and social issues related to the proposed standard. "I was attracted to the T.C.P.A. effort due to its focus on providing security and privacy in a dynamic, flexible way," he said. "It should be capable of supporting a digital rights management regime that can be used to both protect intellectual property and individual privacy and the individual's fair use of the intellectual property." The initiative, which would encrypt information while it was being processed inside the computer, would also violate European Union directives governing the transparency of computer data, Dr. Anderson said. He said he was concerned as well that the advent of the standard would permit the pursuit of previously impossible electronic censorship campaigns, because the technology could make it possible to locate and delete specific documents on any computer connected to the Internet. "We could have a huge swing from the current situation where the Internet can be used to distribute information to something at the other extreme," he said. In May, with a fellow researcher, Dr. Anderson reported on a vulnerability in the current generation of smart cards, which are used for identity and financial transactions. From: David Farber <dave () farber net> Date: Wed, 19 Jun 2002 17:02:25 -0400 To: markoff () nyt com Cc: farber () cis upenn edu Subject: Comments on TPCA Quotable slight change I have been associated with the TPCA effort for about three years as an Advisory Board member pf TPCA and recently advising Intel and others on both the technical and societal issues raised by TPCA. It is worth noting that an extraordinary amount of my time with them was spent understanding and dealing with the impacts on individual privacy and fair use doctrines. In the past there have been a large number of attempts, often through the Hill, to impose access rights to IP by the use of hardware with serious problems -- both technical and in the usage models they allowed. Often they required "cops to enforce" them in the long run. I was attracted to the TPCA effort due to its focus on providing security and privacy in a dynamic flexible way. It should be capable, among a lot of other uses, of supporting a Digital Rights Management (DRM) regime that can be used to both protect intellectual property and individual privacy and the individuals fair use of the IP. As in any such technology it could be miss-used in the market place by devious suppliers of hardware and software. But for what it is worth I found a remarkable sensitivity and caution to the societal issues at all levels of the TPCA leading companies and the willingness to "do things right" Only time will tell but I , for one, would like to take the decisions out of the hands of the Congress and into the hands of intelligently motivated industry. Finally note that if things end up going wrong, I and others who have helped the activity as Advisors will be among the first to bring it into the light no matter who likes or dislikes that. For archives see: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- IP: Fears of Misuse of Encryption System Are Voiced Dave Farber (Jun 22)