Re: [dvd-discuss] A TPM without use limitations -- thoughts?

[microlenz(at)earthlink.net]

On 30 Oct 2002 at 16:11, Joshua Stratton wrote:

Date sent:      	Wed, 30 Oct 2002 16:11:08 -0500 (EST)
From:           	Joshua Stratton <cpt@gryphon.auspice.net>
To:             	DVD Discuss <dvd-discuss@eon.law.harvard.edu>
Subject:        	Re: [dvd-discuss] A TPM without use limitations -- thoughts?
Send reply to:  	dvd-discuss@eon.law.harvard.edu

> I remain wary of this. The systems used for tracking themselves seem to 
> pose concerns of privacy to consumers and retailers, and could likely 
> impose burdens -- even if merely the cost of having to hire a clerk smart 
> enough to operate the new equipment, or the additional time it would take 
> to perform the identification at POS -- on retailers.

And it's an administrative nightmare....Somewhat equivalent to the key 
management problem with one-time pads...lets take 1M works to be protected 
against "bad stuff" by 1000 Users (multiply by 1000 for Britney) that's 1B keys 
that have to be tracked for how long? A hundred years? The laws cannot be 
selectively enforced. .002 may be right about the need to reduce copyright 
term. As more stuff gets copyrighted the administration of it for long periods 
is too much of a burden. As with any Kalman filter if you don't flush it out 
once in a while, you get garbage in the end.

> 
> It certainly doesn't seem to solve problems such as finding a user who 
> made a copy. E.g. if he paid with cash, if he bought it used, if he found 
> it abandonded in the street, etc.
> 

And the post first sale doctrine. But who can expect greedy bastards to 
understand the consequences of their actions...

> Nor does it provide a perfect trail backwards: if A distributed to B and 
> C, and B to D and E, how can you tell that B has infringed three times and C
> only one time, as there is no difference between the particular copy?
>

Only if you kept a detailed record....invading privacy..these people and 
Congress do not seen to understand how much of an administrative burden they 
want to impose on society. It dwarfs the criminal system for a "civil" action.
 
> And fundmentally, who cares about catching the original guy who infringed 
> from the CD? Why is he so much worse than the people who have been trading
> around the already-ripped file?

They have a defense and he doesn't

> 
> What good is this stuff if not to convey side-channel information such as 
> 'Copy me and the RIAA will make your life hell,' which I agree is also not
> desirable.
> 
> 
> On Wed, 30 Oct 2002, John Zulauf wrote:
> 
> > EMI is "fingerprinting" audio files to make them easier to track on the
> > internet.  Here's the link and my post to ZD.
> > 
> > http://zdnet.com.com/2100-1106-963756.html
> > 
> > Assuming this fingerprint isn't used to control access (like players
> > that lock-up if they do or don't see it), this is far to be preferred
> > over copy protection.  Helping copyright holders find the *real* P2P
> > infringers publicly trading copyrighted works should reduce the impetus
> > for the (MP|RI)AA to seek strong DRM/TPM protections - and reduce the
> > plausibility of their case in the public policy debate. This is a far
> > better result than the current trend toward "trusted" (i.e. sealed away
> > from the user) computing and player platforms. 

Until the P2Ps reverse engineer what's going on and start a counter counter 
measure activity to prevent them from finding the networks, getting the info or 
they just start trading lists of suspicious scanners. 

> > 
> > Remember that a fair objective is to reduce the number of infringing
> > copies and copiers of copyright works. Most of the complaints about the
> > RIAA and MPAA is that they are assuming the customers are crooks and
> > breaking our ability to use and dispose of our personal property --
> > while at the same time not stopping a single infringing copy.

I think that the RIAA, MPAA objective is beyond that. When someone infringes 
and makes an illegal copy they have violated the law. When I buy one of their 
copies, I have NOT. That copy is mine to do with what I wish. I may make ALL 
fair use of it that I can. I may sell it. I may copy it. I can space, media, 
time shift or throw it in the trash and someone else can acquire it. The law 
absolves the innocent...but with the RIAA MPAA, there are no innocents if you 
have infringing material.

> > 
> > Broken not-really-a-CD  (like those documented here (
> > http://crypto.stanford.edu/DRM2002/halderman_drm2002_pp.ps
> > ) do nothing about infringing copies, they only limit paying customers
> > from making ordinary and fair uses.  CSS limits the time, place, and
> > device of playback, but cannot prevent infringing copies.
> > 
> > 
> > There are three corollaries that should not be lost here:
> > 
> > (I) (Infringers take note!) If fingerprinting doesn't interfere with
> > normal, fair uses (back-up, personal copies, space-shifting, etc) then
> > anybody stripping the fingerprint is doing so *only* to attempt to
> > infringe and trade the work publicly -- and have clearly shown intent to
> > infringe. This works toward building "reasonable cause" for search and
> > seizure, and for overcoming "presumption of innocence" in the eventual
> > prosecutions.

Probable cause in civil , reasonable doubt in criminal...but there must not be 
a double standard in the law. Which this introduces. The perversion here is 
that the act can be procecuted under different scales-Lady Justice must now 
balance two scales. Lady Justice being blind is now directed which one to use 
but cannot assess which was the right one.

> > 
> > (II) (RIAA take note!) If the fingerprint IS used for even one fair-use
> > limiting restriction, the crack probability goes to unity and the
> > distribution/availability goes to ubiquity and the (a) fingerprinting
> > will lose it's meaning, and (b) (I) will be invalidated (as there will
> > be a significant non-infringing use).

Only if there is fair use....the LOC has been tasked to look at the availablily 
of other media. So one can copy from a VCR but not a DVD because the latter 
circimvents but the former doesn't. They confuse the media with the message. 
But that's the situation with the LOC.

> > 
> > (III) Finally (again RIAA take!) the fingerprint stripping crack
> > software (which will exist, probably within weeks) should not be made
> > illegal. Make sure that every infringer has a copy. Then (I) will truly
> > haunt those who infringe.
> > 

What if they put their own finger prints on? THe other problem here is 
prosecution of innocents. Remove the finger print and substitued another. DO we 
want JackBoots and the Internet Jackboots appearing at someone who has been 
"framed"

> > 
> > Note: the words pirate and thief are not used.  Infringer (one who
> > infringes) is the correct term, and words have meaning.  The village is
> > not being burned, the women are not being ravished, and the CD is still
> > in the store no matter how many infringing copies are made! (Hmmm, I
> > wonder if the shoplifting rate a music stores has fallen since Napster
> > and subsequent P2P…)
> > 
>