[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [dvd-discuss] Re: Sen. Hollings plans to introduce DMCA sequel:The SSSCA



Remember, this type of security is to:
  ``Allow secures software to run on insecure computing facilities. (IE,
to take control of your PC away from you.)   These techniques do very
little to address the real critical security problems: Protecting secure
PC's from insecure and malicious software.''

They're conflating the two meanings of security. When most people think of
security, they think of locks and technolgogies to preotect THEMSELVES
from evil people.. When the bill really means to address is building locks
in your home to keep you from being able to use your VCR and your TV.

See Larry Blunk's post in this mailing list a few days back. Look at the
trusted PC specification. Look at microsoft's presentation. (and then be
frightened, be very frightened)

TrustedPC is coming, the question is will it fail like Divx, or not.. All
this law would probably do is to require that people use 'trusted PC', and
make manufacturing of non-digitally-controlled hardware illegal. That can
be 'encouraged' without any law to enforce it.. Then the next question is
will it fail like Pentium ID, or will it succeed like PC98?


I've been saying for months now..

     [XYZ] is a digital control technology, in that its primary purpose
     is to control how a device is used and can use digital works.
     Although these technologies can be used for copyright enforcement,
     their control extends far beyond that mandate.
                                         -- Scott A Crosby

This applies to any digital control technologies like TrustedPC, HDCP,
CSS, DTCP, Adobe Ebook, ...

I'm still hoping that other people start copying this quote when they
explain whats going on. If anyone has a better quote that explains this
stuff easier and is the same length, I'd love to switch to it.

What these digital control technologies and this bill do is to setup a
mechanism of widespread digital control.  Once this mechanism is
established, regardless of the policy that it was intended to enforce,
that policy can be changed at any time. That's the horrifying truth,
that we're setting up a mechanism for widespread digital control..
IE, censorship. Now, the people building it claim that they only have
our best interests at heart. But its the people who control the strings in
the future who are dangerous.

We're already seeing this happening right now.. For example, after
building digital control technologies into HDTV, they're already lobbying
to change the 'defaults' to block >1 generation taping over-the-air
signals. (For example, your Tivo records something interesting, but you
won't be able to recopy from their to a VCR tape.)

On Sun, 9 Sep 2001, Jeffrey Altman wrote:

> The scariest part of this proposed bill is its definition of the term
> "Interactive Digital Device":
>
>   The term "interactive digital device" means "any machine, device,
>   product, software, or technology, whether or not included with or as
>   part of some other machine, device, product, software, or technology,
>   that is designed, marketed or used for the primary purpose of, and
>   that is capable of, storing, retrieving, processing, performing,
>   transmitting, receiving, or copying information in digital form."
>

Worse.. Think of it:
  This even applies to answering machines that store the message on a
digital chip. (Like the one my mother uses).

So, this like the DMCA, will be a law that will be very selectively
enforced.

> Is this meant to be an add-on to the DCMA to make it easier for
> commercial copyright holders to limit the types of devices that can be
> built, sold, and used?  This could be done by having the laws specify

I agree with Larry Blunk, in that it is most likely to make it illegal to
have computers that are under your own control.

> Is this meant to ensure that appropriate technologies are in all
> personal devices (PCs, phones, PDAs, set top boxes, ...) to unsure the
> privacy of the data sent and received by their users?  A worthy goal

Probably not.. This came from the Commerce committee. Privacy and security
(security in protecting yourself from other malicious people) usually
makes devices more expensive, both to build, and far far more expensive to
design, its also been practical for years.

So given the source of the bill, I'd offer a strong bet that they don't
care about privacy of users, and in fact plan on sacrificing user privacy
for their digital control aims. (what they're calling 'security')

>
> In either case, it seems unrealistic to assume that the government can
> regulate this effectively.  Will the government create their own
> security standard for each protocol, service, application, computing
> architecture, ... or will it simply order the use of standards

Utterly unreasonable. Which is one indication why the law probably isn't
intended to do this.  If it is, then it would require that all PC's
could not be controlled by the users.. To 'protect' users from
accidently sending any data they didn't mean to, to disallow them from
writing their own programs, or running 'unauthorized' applications
written by others, which could potentially cost privacy. So at the
minimum, you'd need an application registry, and you could run no
applications not in that registry.

With automatic update, they could ban any 'copyright infringing
technology' any time they wanted, they can also keep any 'untrusted' code
out of the kernel.

IE, do basically what SecurePC does.

> I think that the concerns about end user privacy and identity theft
> will lead the vast majority of the public at large to support bills
> similar to this even if the end result would be a sharp reduction in
> their rights.  Of course, my student also understands that there are
> serious implications that have to be considered.
>

By that token, we why don't we have operators listening into every phone
call.. Postal inspectors reading every letter.. Do you know how much
telephone or postal fraud goes on?

And, think of how much identity theft this could stop!


Scott