FC: Inside.com int'v with Eben Moglen on surveillance proposals

[Declan McCullagh <declan () well com>]

*********

Date: Fri, 21 Sep 2001 14:17:37 -0400
Subject: eben moglen Q&A
From: Roger Parloff <rparloff () inside com>
To: Declan McCullagh <declan () well com>

if they can put out of their minds the disturbing thought that i may have
had anything to do with commissioning and editing this article, your readers
might inadvertently find themselves enjoying it. it's a q&a with eben
moglen, conducted by reporter rafat ali, about how current talk of imposing
legislative restrictions on encryption technologies conflicts with the
(equally wrongheaded) efforts of the entertainment industry to protect its
content through increasingly robust encryption. as always your readers
should probably be WARNED to steer clear of our Web site at all costs, and
to read only the attachment below. though the article itself is currently
free, it may within a few days slip behind the firewall and become -- AN
ADVERTISEMENT!!!!! -- convertible into an actual editorial product only upon
payment of a 40-cent ransom. the pay-per-view society incarnate.

Entertainment Companies Have a Lot to Lose If Government Cracks Down on
Security Systems, Professor Argues
In an interview with Inside, Columbia University's cyberlaw expert Eben
Moglen argues that if the authorities are given 'backdoor' access to
security software, all sorts of online commerce will face greater threats
from hackers. An Inside interview.
by Rafat Ali

Friday, September 21, 2001


Since the Sept. 11 attack, the U.S. Congress has been considering a slew of
reforms that could significantly alter the current balance that our laws
strike between protecting individual privacy and helping law enforcement to
fight terrorism. Already, the Senate has voted to broaden the wiretapping
authority of government agencies. And legislators are discussing whether to
require that encryption technologies have built-in "backdoors" to allow the
authorities easy access, and whether to re-institute strict export controls
on such security technologies. Many legislators fear -- though no evidence
has yet emerged to confirm those fears -- that terrorists may have used
electronic communications to coordinate their attacks, relying on encryption
technologies to make sure their messages could not be intercepted by
intelligence agencies.

In an interview with Inside on Thursday, Prof. Eben Moglen of Columbia
University Law School, discussed how these new proposals -- ostensibly about
questions of national security and free speech -- could affect the
entertainment and media industries. Formerly a software developer, Professor
Moglen, 42, teaches courses focusing on cyberlaw issues, is affiliated with
the privacy advocacy group Electronic Frontier Foundation, and serves as
general counsel to the Free Software Foundation, an organization that backs
the open-source software movement. He is currently working on a book, The
Invisible Barbecue, analyzing the socio-political implications of technology
and media policy. What follows is a chunk of the Q & A with Prof. Moglen
that is more A than Q:

Inside:What do you, as a cyberlaw professor, think of the wisdom and
workability of the new proposals to impose export restrictions on encryption
and allow the government to snoop on software?

Professor Moglen: I agree that the U.S. Government, components of which have
always sought to weaken the spread of encryption, will certainly present
their agenda now. But it will do so in a world in which it is fundamentally
no longer possible to get a consensus on weakening encryption rules, for the
following reasons:

First, backdoor encryption now means putting a backdoor in the global
financial system, because global financial transactions depend on secure
encryption. Backdoor will immediately result in the creation of security
weaknesses throughout the global financial system, raising the possibility
of attacks by ordinary as well as politically motivated criminals against
the global financial structure. Because encryption is a critical aspect of
global financial security, to require backdoors -- now in particular --
would be like removing security from airplanes and buildings this week. And
that won¹t be done.

Of specific interest to the media and entertainment industry, encryption now
is an essential part of the strategy of all media companies, because from
e-books to DVDs to protected music formats, the strategic direction of the
global entertainment industries is to sell strongly encrypted material and
keys.... The strength of the encryption is, fundamentally, the strength of
producer¹s intellectual property.

The ongoing litigation about DVDs, for example, [in which Hollywood studios
are suing to stop the distribution of contraband software that descrambles
digital movie files, allowing them to be copied and distributed over the
Internet] would not now be going on if the encryption system selected for
encrypting DVD content had been stronger. The reason that the system chosen
was not stronger was precisely because the DVD content control system was
designed at a time when both America and Japan had encryption export
controls. [After Sept. 11, some members of Congress have discussed returning
to those stricter standards in the United States.] And the hardware and
content manufacturers were, therefore, compelled to use a system weak enough
to be exportable, which was also weak enough for a 15-year-old Norwegian to
break. [In late 1999, teenager Jon Johansen helped write the software that
descrambles DVDs.]

Any step to create new encryption export controls, or to weaken the strength
of encryption in civil society, would inhibit the central strategic
objective of the global entertainment companies, which is to protect their
content by technical means, and then use law to protect their technical
means.

With the support of the Walt Disney Company, among others, Senator Fritz
Hollings of South Carolina has on the Hill managed to work out the Security
Systems Standards and Certification Act [which was drafted in August, before
the attacks, and has not yet been formally introduced as a bill]. The SSSCA
is proposing, in essence, a federal takeover of technology design in the
hardware, consumer electronics and the software industry, requiring the U.S.
government to interfere in the design of all these devices on behalf of the
technological content protection schemes of the content manufacturers.

Leaving aside the obnoxiousness and unconstitutionality of such a statute,
its great unwisdom would mean the unlikelihood of political adoption, given
that the constituencies would resent being told by the federal government
how to design their products and their businesses. But I should also point
out that the whole theory of the SSSCA is to create a free global movement
in strong encryption hardware and software for the benefit of entertainment
companies. Renewed export controls or limitations on encryption technologies
would effectively defeat those plans. I don¹t support those plans; I think
those plans are abhorrent, unconstitutional, politically unattainable and
socially unwise. But I would also point out that they conflict with the very
thing which we now believe the government¹s security apparatus may wish to
do.

Inside: Would this picture, which seems very dystopian in some aspects, have
a middle ground for the government and companies to arrive at?

Professor Moglen: We need to think about encryption as containing two
components: cryptography, which is about finding better and better ways to
keep secrets, and cryptanalysis, which is about finding more and more
ingenious ways to break codes. When the government seeks to interfere in the
encryption structure in society, for reasons of national security or
domestic law enforcement, it does so by trying to weaken cryptography --
[either by imposing] export controls that inhibit the spread of
cryptographic innovations, or by [requiring] ³backdoors² and other means to
weaken encryption schemes, so that the spook and the cop have an easier time
[decoding] the encryption scheme.

But when government acts to weaken cryptography, it therefore also acts to
strengthen cryptanalysis. It does so in order to assist government
cryptanalysts like the NSA, but in doing so it also strengthens criminal
cryptanalysts who wish to attack the global financial system and civil
cryptanalysts who wish to help users undo technological controls over media
content. The result is that there is an intimate relationship in the
Internet society where we all now live between ownership and keeping
secrets, because keeping a bit-stream secret is how you establish your
ownership right over it. When the government acts to limit cryptography, it
destabilizes property. The most important kind of property it destabilizes
is everybody¹s bank account, but it also destabilizes the property interests
that media producers have in the content they electronically distribute.




-------------------------------------------------------------------------
POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if you include this notice.
Declan McCullagh's photographs are at http://www.mccullagh.org/
To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
-------------------------------------------------------------------------