Interesting People mailing list archives
Re: Advanced Workshop and Summer School on Architectures for Trustworthy Computing
From: David Farber <dave () farber net>
Date: Tue, 28 Apr 2009 09:48:06 -0400
Begin forwarded message: From: "Seth Johnson" <seth.johnson () realmeasures dyndns org> Date: April 28, 2009 8:40:35 AM EDT To: "David Farber" <dave () farber net>, "ip" <ip () v2 listbox com>Subject: Re: [IP] Advanced Workshop and Summer School on Architectures for Trustworthy Computing
Hi Dave -- perhaps IP-suitable :-) . . . In light of this workshop, reflecting the progress of "virtualization" technology which proceeds apace despite the failure in our policy channels to distinguish private interest concerns from the concerns and purposes of copyright policy; and in light of the upcoming DMCA Exemptions Hearings by the US Copyright Office, I thought folks would find the following submissions and testimony from the 2006 and 2003 DMCA exemptions hearings of no small interest: New Yorkers for Fair Use's 2006 Request for an Exemption (drafted by Jay Sulzberger):
http://www.copyright.gov/1201/2006/reply/10sultzberger_NYFU.pdf
Jay's testimony at the hearing itself begins on page 36 here (the text is pasted below as well):
http://www.copyright.gov/1201/2006/hearings/transcript-mar31.pdf
Jay's testimony at the 2003 hearing may also be found to be salient. Here's a good transcript (also pasted below):
http://thread.gmane.org/gmane.org.dmca-activists/570/focus=572
It starts at the bottom of page 171 of the official transcript here:
http://www.copyright.gov/1201/2003/hearings/transcript-may2.pdf
Note that the discussion proceeds further both years, and you can track that in the copyright.gov transcript links above. This year's hearings are imminent: http://www.copyright.gov/1201/hearings/2009/ Seth Johnson Corresponding Secretary New Yorkers for Fair Use --- Request for an Exemption, 2006:
http://www.copyright.gov/1201/2006/reply/10sultzberger_NYFU.pdf
This is a comment on the class of works proposed by Edward W. Felten and Deirdre K. Mulligan to be exempt from the prohibition on circumvention of DRM under the DMCA. Our comment is that the Felten-Mulligan class is drawn too narrowly. We present an amended definition of the Felten-Mulligan class of works, with brief arguments. 0. The class of works which should be exempt from the Anti-Circumvention Clauses of the DMCA consists of all malicious software, including viruses, worms, spywares, trojan horses, remote controllers, rootkits, and more. The phrase "malicious software" designates programs which cause harms to a computer and/or its owner, and which are placed on the computer against the owner's wishes and without the owner's express consent. Malicious software might be delivered with a computer or be installed later. Some malicious software may be contained in, or make use of, components installed as hardware. 1. Harms from not granting the exemption: Millions of home and business computer owners have had to remove malicious software from their computers. Many computer owners have had credit card numbers and bank passwords appropriated and compromised. If the circumvention of Technological Protective Measures preventing malicious software from being detected, analyzed, or removed, were illegal, then the DMCA would be used as a shield against computer owners' rights to maintain control over their computers. The numbers here are easy to estimate as being in the billions of dollars per year losses caused by malicious software, and the number ofpeople adversely affected by malicious software as being in the millions.
2. Harms from granting the exemption: Some malicious software works are under copyright. The malicious software author would lose an apparent right of concealment, and thus, often, the practical ability to commit a crime, or crimes, against the intended victim or victims. In some cases the author, or other rightsholder, might be unable to make a living by making and distributing malicious software, or software which is in part malicious. The numbers here are harder to estimate, since we know of no successful suit by a malicious software rightsholder against a person who has discovered the malicious software and removed it, on the basis of copyright infringement, or DMCA violation. Perhaps a thousand, or perhaps ten thousand, malicious software authors/rightsholders might lose their chance to sue their victims under the DMCA Anti-Circumvention Clauses. 3. General argument for exemption: Decrypting lists of blocked sites in filtering software presently enjoys an exemption to the anti-circumvention provisions of the DMCA. Computer owners throughout the world are today at great risk of infestation by malicious software. If an exemption were not available for circumvention of malicious software, the scale of harm that would ensue would be far greater than for filtering software. Fewer computer owners are at risk of missing/seeing some sites due to false positives and false negatives on blocked sites lists. The danger from malicious software is in most cases much higher. The harms our exemption would defend against are not hypothetical: Recently many computers have been infested by the Sony BMG rootkit, and the rootkit has been used by other distributors of malicious software to compromise home and business computers. The Sony BMG rootkit attempts to conceal itself, is under copyright (though it likely also infringes others' copyrights) and is itself malicious software, in that it is installed without consent and damages the computer. Our exemption would prevent Sony BMG from successfully claiming that the computer owner who gains access to the rootkit has violated the Anti-Circumvention Clauses of the DMCA. For information on the Sony BMG rootkit see: http://www.eff.org/IP/DRM/Sony-BMG The Sony BMG rootkit is an example of a kind of DRM which Microsoft, in cooperation with Intel, IBM, and various computer vendors, intend to place in many home computers in the next few years. The Sony BMG rootkit is weak in practice, in that an expert in Microsoft OSes, if hired to find, analyze, and craft defenses against it, would almost surely succeed pretty quickly. The system of DRM once called by Microsoft "Palladium", and today called by Microsoft "NGSCB", would offer to licensees of Microsoft the same cloaking capabilities as the Sony BMG rootkit does today. But Palladium is much harder to crack open and remove than the Sony BMG rootkit. And Palladium offers other services to authors of malicious software beyond what the Sony BMG rootkit has made available. Here is a quote which shortly conveys part of the threat Palladium poses to owners of home computers: Fromhttp://zgp.org/linux-elitists/20031211171507.GK3918 () cannabis html#20031211164911.V52507 @shaitan.lightconsulting.com
Re: [linux-elitists] Monday 15 Dec: first all-Open Source System-on-Chip Jason Spence <jspence () lightconsulting com> Thu, 11 Dec 2003 16:49:11 -0800 rfc822 mailmethis On Thu, Dec 11, 2003 at 01:23:33PM -0600, D. Joe Anderson wrote:
w00t! Here's a good start to the the back-up plan if TCPA/Longhorn/Palladium/"Fritz-chips"* get out of hand.
You know, the black hat community is drooling over the possibility of a secure execution environment that would allow applications to run in a secure area which cannot be attached to via debuggers and such. -Jason Last known location: 2.5 miles northwest of MOUNTAIN VIEW, CA Under a government which imprisons any unjustly, the true place for a just man is also a prison. --Henry David Thoreau End quote. Our exemption would, in part, lift the burden of legal risk a computer owner would face in the attempt to remove malicious software that lies behind the cloak of Palladium. For information about Palladium see http://en.wikipedia.org/wiki/Trusted_computing http://en.wikipedia.org/wiki/Talk:Next-Generation_Secure_Computing_Base 4. Our proposed exemption differs from some proposed exemptions in that our exemption is not aimed at preserving decades old textbook examples of fair use rights, such as the right to quote a work in argument, the right of parody, etc.. Rather, our exemption, if granted, would defend important personal property, that is, the home computer. The exemption would also defend privacy and free speech rights, because of the use of home computers to communicate using the world's Net. The dangers our exemption defends against cannot be classed as picayune inconveniences nor as negligible impairments of rights. Our exemption would help defend fundamental human rights. New Yorkers for Fair Use http://www.nyfairuse.org Jay Sulzberger jays () panix com US Mail Address: New Yorkers for Fair Use 622A President Street Brooklyn, NY 11215 --- 2006 Opening Testimony: MR. SULZBERGER: My name is Jay Sulzberger, and I’m a working member of New Yorkers for Fair Use. I’d like to address Matthew Schruers’ last statement and expand on it. I think lawyers are terribly important here and, of course, the part of the law that is terribly important in these considerations is not copyright law. It’s the law of private property. It’s the law of privacy. Those are the parts of the law. Now, Matthew also mentioned that should we be handing the entire computer and communications infrastructure of the United States and the world over to copyright holders in cooperation with hardware manufacturers and Microsoft? And the answer is of course not. But we have to first be clear on this. This is so obvious when stated in those terms that I believe there’s not a single person in this -- just a moment. Is there anybody here who is disabled from understanding the concept of private property? If anybody is not clear on it, and I know lawyers will raise all sorts of objections because there’s a too simple notion of a perfect freehold, a perfect ownership of a chattel. But look. Your computer and your house, your relationship and ownership to it, if you’ve bought it and are legally running it and you’re not violating, you’re not committing copyright infringement by publishing for profit other people’s works for which you don’t have a license, copyright holders should not be inside your computer, and they shouldn’thave pieces of code that you can’t look at to get control of your computer.
And I had a sentence in my comment up on Professor Felten’s proposal foran exemption, and, of course, people would think, "Oh, he’s being witty."
I’m not being witty. Who are the copyright holders? For whom do you have to give authorization under the Section -- I’ll have to check it -- J, I think, of the 1201(j) of the DMCA, you have to get authorization from people who’ve written a piece of malware that’s gotten on your machine without your express consent that’s damaging your machine. I think there’s no member of the panel and I think there’s no member of the people up on the dias who can possibly defend the concept that United States copyright law is going to require me to go and get permission from somebody who’s invaded my machine, done damage to my machine, cost me hours of effort, and, if I’m a business, perhaps cost me thousands and thousands of dollars. These are the issues. Now, why are we unclear on this? It’s because we don’t know what a computer is. Copyright has already been misused to allow Microsoft and Apple to place stuff in our machine when we go to the store we’re not allowed to look at. It’s my right to look at every darn piece of code. It’s my right to publish what the code does. It’s my right to decompile. You might find me agreeing it’s not my right to sell an improved version of their operating systems without getting a copyright license for it, but that’s quite a separate issue. The issue here is private ownership and wiretapping. And this is ridiculous that the DMCA should be misinterpreted so as to actually defend people who write malware. We have heard testimony from people who have tried to get the people who wrote the malware to do something about it, and their response was nothing or, "We promise not to sue you," or, "Maybe we’ll sue you." This isn’t okay. Every lawyer here has taken a course or one or two or more on the law of private property. And, my gosh, copyright law can never say that I lose my right of ownership of a computer because some copyright holder appeals to the DMCA after they’ve written a trojan, a virus, whatever it is they’ve written, something that goes into my machine, a rootkit. Now, I was going to explain more, but I think I’ve come to the end of my time. I see these introductory comments are short. And what I wanted to do was explain how Sony BMG rootkit is negligible in its damage compared to what the DMCA anticircumvention clauses are enabling in the near future. They’re enabling Microsoft, as announced, it announced in 2002 that it was going to install and license a rootkit to anybody who paid the money. The system, the OS, and the hardware together, let’s briefly call them Palladium -- they’ve changed the name, I think I made the same joke three years ago, into mom’s apple pie and the anti-terrorist loveable operating system with lots of bright, shiny colors. I’ve forgotten if that’s their latest name for it. Look. They’ve got something called the curtain. When you pay Microsoft a certain amount of money in the future, they claim they will let you write programs that are hidden behind the curtain. You can never look at them. The Sony BMG rootkit is a joke today. It’s based on the Microsoft operating system. You can get around it in a few weeks, if you’re really competent and have hotshot students or if you’ve a professional and know what you’re doing and know about Microsoft operating system. You can get right around it, and, of course, it always has the joke get-around that I think if you press the shift key while the thing is loading there’s certain circumstances it doesn’t get installed. Look. That’s nothing. You should hardly be concerned about it, except we know that people who write viruses and trojans that damage your machines will appeal to the anticircumvention clauses in the DMCA. It’s a joke how little damage it’s caused compared to what’s coming down the pike real soon unless you act. I know it seems ridiculous. You’re specialists in copyright. You’re specialists in learning, publication, making sure authors get paid, what are the rights here, what are the rights there. It’s because the country has gone crazy and because people don’t know what ownership of computers means that we have this thing. I think I’ve come to the end of my opening statement. I’m sorry to rant so hard, but I know that you’re prepared for it. --- 2003 Opening Testimony: I'm Jay Sulzberger, and I'm here to represent New Yorkers for Fair Use. Well, I was a little bit puzzled as to what to say on this panel, because seemingly this particular panel is about very specific harms of a very specific part of a big, complex law. But as a matter of fact, I've been provided by the first three panelists with a parade of horribles. Mr. Montoro seems to have an 86 page parade of horribles, and of course CERT has an extraordinary parade of horribles -- things that one would not have thought could happen in America, things that one would have expected in the old Russian Communist empire. And of course, Mr. Band has just brought up the problem of the looting, spontaneous or planned, of ancient libraries of Earth's heritage [as had been reported in Iraq -- Seth]. I will just try to make what I thought was a difficult argument: We should not be discussing particular exemptions of particular clauses of the DMCA. But I think that with the three panelists before me, the pattern is clear: There's no excuse for any anticircumvention law in the United States of America. Because in each and every case, it is not that we have a parade of particular offenses against good sense, offenses against our freedom, attacks on free markets, attacks on scientific research, attacks of artists rights, attacks on our right to free speech, and most important, a fundamental, general and effective attack upon our present right of private ownership of computers. Computers today are printing presses -- and it's shocking! I have certain conservative tendencies; I am also sympathetic to the socialists. But the idea that everybody who's a member of the middle classes can pick up a computer for 300 bucks, and pay their 20 bucks a month and get Internet access, and set up a web page -- it's shocking! Democracy is one thing, but mob rule is another. But yet, there's nothing that America can do about this. I hope there isn't. But it looks as though there is. The DMCA anticircumvention clauses, in combination with the loose association, the alliance of cartels, oligopolies and monopolies which I term the englobulators, is in process of placing spy machinery and remote control machinery at this very moment, into every single Intel motherboard that's going to be sold in the next year. When Microsoft completes the software part of its system of DRM called Palladium, this will end, completely, your right of ownership, your right of private use of your Palladiated computer. Now, the question arises: This can't be true, what I'm saying. I'm a nut, I'm an extremist, I'm strident. Yes. (Laughter) But I'm not nearly as much of a nut, I'm not nearly as much of an extremist, and I'm not nearly as crazy, vicious and strident, as the englobulators. The question arises as: Why hasn't the press picked up on the fact that I'm the less extreme of the extremists? I believe in the Constitution -- even though I didn't sign it; that's my anarchist side. I think there's something to the first ten Amendments. And I think we should take the Fourth Amendment very seriously. I think also the Fifth has something to say about takings. Why doesn't the press get it? It's a very simple reason -- I'm talking about rights and powers. I'm talking about fundamental rights of ownership, fundamental rights of free speech, fundamental rights of free association using our Internet and our computers. Why doesn't the press get it? Because in practice today, most people run a damaged, malfunctioning and obsolete operating system, usually called Microsoft Windows -- there's several versions. Copyright law has already been, I think, dreadfully misapplied for the last twenty years, to prevent people from gaining control of their own property in their own homes. This is important property. We know that Microsoft -- and as a matter of fact all other vendors and makers of source-secret operating systems -- it's almost impossible not to give in to the temptation to spy somewhat on your users, particularly if they're connected to the Internet. Sun has done it; other companies have done it. It's mainly Microsoft because it was only interested in the Internet after 1990, although some of us have used the Net since 1970. Now most people have a computer. It is their means of personal communication; it's also their means of authorship, and their means of publication. Now, let me deal with the accusation of copyright infringement. Yeah, sure -- there's going to be a heck of a lot more very serious copyright -- of the most dreadful sort -- because there are computers on the Internet, and I don't give a good gosh-darn about it. The invention of writing was dreadful to the ancient and honorable profession of the singing poet. The invention of the printing press did terrible things to the Catholic Church's position in Europe, particularly once the Bible was translated and then printed. Things change. And the cries of a small, unimportant industry -- I mean the whole of the "content providers" side -- who of course refuse to admit there are any more content providers -- I really enjoy my own stuff much more than anything Disney has made since 1935. I stand equal to them, by the way. New Yorkers for Fair Use, one of our favoritetropes is: "Nonsense! We're not consumers; we're owners and we're makers."
Okay. Let me try and outline what anticircumvention laws do, and what they're about. This is one of our standard pieces of propaganda; we've been handing it out since last summer (Shows flyer). "We are the Stakeholders" -- why do we say we're the stakeholders? This is an old joke, everybody knows it, I'm sure I'm not the first person to say this. In Washington parlance they say, what is a stakeholder? It's some organized group that can afford a full-time lobbyist, that's all. The bizarre spectacle of seeing small private interests -- when I say small, I mean small: the cotton subsidies last year in the United States were about, I think, 40% of the gross of Hollywood. You don't see huge articles about particular wrongs and a huge struggle on the basic principles over how much of a subsidy they should get. Okay. I'm not sure I'm actually going to read this whole thing, but -- "Freedom One: You may buy a copy of a movie recorded on DVD, you may watch this movie whenever you please, you may make copies of this movie, some of which may be exact copies, others of which may be variant copies." We all know that the legal underpinnings of DRM is anticircumvention. In the future, you won't be able to do that. Now, this is an assault on private ownership of computers. This is absurd. There's no need to say it, you all know this: Ernest Miller and Joan Feigenbaum, both at Yale, suggested that this is just a mistake, it's going to be corrected. Copyright law shouldn't say anything about private copies. In the first place, technically it's going to be very hard. You're going to have an endless line of the most difficult, subtle things. For example, something on a news spool. Is that a copy or is it something in transmission? The natural point which will defend us against the dreadful assault on private property which is all the anticircumvention clauses of the DMCA, is to draw a natural line. Inside your house, you've got a copy of something, if you've lawfully obtained it -- Oh, by the way, we're not copyright extremists. I myself am a big supporter of the GPL, which is a somewhat strict copyright license, and I consider it actually one of the main foundations of the defense of free software. If you don't draw the line, if you seek for exemptions, you'll have to make hundreds of exemptions -- and even if you enforce them -- and you could enforce them -- the principle would remain: you don't have control over your machine. You'd have to get lobbyists, or a grassroots organization to come to Washington, appear before you every three years, and beg, on bended knee, for particular exemptions. You don't have to do that. You are allowed to turn to Congress and say, we've seen the parade of horribles. And not just one parade. All of the people here, arguing for exemptions -- the principle is the same: These people can't reach into your house and tell you what to do! It's absurd! I'm going to try to avoid discussing the other side of the bundle of rights that these people want to take away from us: the right to free publication, the right to free dissemination -- which are of course restricted by copyright, which I support strongly. I don't think it right that I should be allowed to go down and steal a movie without paying for it and set up a movie house and charge admission for it. I'm sorry, I lost my track in one of my sentences -- You know, the Xerox machine -- it's always the same structure, we all know this here: the people who have the old methods for publication think their methods have to go on forever; always the words "business model" are used. Well, you know, we're not worried about their business models. We're worried about our computers and our rights. And I believe it is within your commission to turn and then say, "We've had it." What are we going to do, have to have these hearings every six months? We're going to have to have ten of you up there, and a hundred of us here, explaining the absolute terrible things that anticircumvention laws in the United States do to markets, do to freedom of speech, do to development of better computers, etc., etc., etc. I think you can turn and say, "We've heard enough. We suggest that Congress reconsider the entire bundle of anticircumvention clauses of the DMCA." And if I'm asked a specific question, I will be happy to try and connect by at most three half steps, any particular anticircumvention measure to truly horrible and very large scale things. Thank you. -----Original Message----- From: David Farber <dave () farber net> To: "ip" <ip () v2 listbox com> Date: Tue, 28 Apr 2009 04:33:02 -0400 Subject: [IP] Advanced Workshop and Summer School on Architectures for Trustworthy Computing
TIW 2009: TRUSTED INFRASTRUCTURE WORKSHOP: ADVANCED SUMMER SCHOOL ON ARCHITECTURES FOR TRUSTWORTHY COMPUTING JUNE 8-12, 2009, Carnegie Mellon University, Pittsburgh, PA, USA When IT infrastructure technologies fail to keep pace with emerging threats, we can no longer trust them to sustain the applications we depend on in both business and society at large. Ranging from Trusted Computing, to machine virtualization, new hardware architectures, and new network security architectures, trusted infrastructure technologies attempt to place security into the very design of commercial off-the-shelf technologies. The TIW is an open innovation event modelled as a highly interactive summer school, consisting of lectures, workshops, and other lab sessions. It is aimed at bringing together researchers in the field of IT security with an interest in systems and infrastructure security, as well as younger Master-1òùs or PhD students who are new to the field. Funding is available to support student attendance. AGENDA HIGHLIGHTS - 4 keynote lectures - 7 technology lectures: Trusted computing architecture, TPM module, attestation, SW-based attestation, virtualization security, network security, and trusted storage. - 4 research workshops: HW security, attestation in practice, OS security, verification and formal methods. - 3 hands-on labs: TPM, trusted virtualization, trusted network connect. Several social events and networking with other researchers are planned. For more details on the workshop and how to register, please visit http://www.cylab.cmu.edu/TIW TIW SPONSORS - Carnegie Mellon CyLab - Fujitsu - HP Labs - IBM - NSA - NSF - Seagate CONTACTS Workshop details: Michael Willett <michael.willett () seagate com> Registration details: Tina Yankovich <tinay () andrew cmu edu> SPEAKERS Leaders from academia, industry, and government are delivering the lectures, labs, and workshops. VENUE CyLab, Carnegie Mellon University CIC Building 4720 Forbes Avenue Pittsburgh, PA 15213 ------------------------------------------- Archives: https://www.listbox.com/member/archive/247/=now RSS Feed: https://www.listbox.com/member/archive/rss/247/ Powered by Listbox: http://www.listbox.com
------------------------------------------- Archives: https://www.listbox.com/member/archive/247/=now RSS Feed: https://www.listbox.com/member/archive/rss/247/ Powered by Listbox: http://www.listbox.com
Current thread:
- Advanced Workshop and Summer School on Architectures for Trustworthy Computing David Farber (Apr 28)
- <Possible follow-ups>
- Re: Advanced Workshop and Summer School on Architectures for Trustworthy Computing David Farber (Apr 28)