Cryptography-Digest Digest #263, Volume #14 Sun, 29 Apr 01 13:13:00 EDT
Contents:
Re: A keen symmetric cipher idea ("Tom St Denis")
Another keen symmetric cipher idea ("Tom St Denis")
Re: Censorship Threat at Information Hiding Workshop (Xcott Craver)
Re: Another keen symmetric cipher idea (Rick Wash)
Re: Another keen symmetric cipher idea ("Tom St Denis")
Re: Secure Digital Music Initiative cracked? (Xcott Craver)
Re: Secure Digital Music Initiative cracked? ("M.S. Bob")
Re: Secure Digital Music Initiative cracked? ("Tom St Denis")
Re: Secure Digital Music Initiative cracked? (Xcott Craver)
Re: Secure Digital Music Initiative cracked? (William Hugh Murray)
factoring basis? ("Tom St Denis")
Re: Secure Digital Music Initiative cracked? (William Hugh Murray)
Re: Censorship Threat at Information Hiding Workshop (Xcott Craver)
----------------------------------------------------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: A keen symmetric cipher idea
Date: Sun, 29 Apr 2001 12:49:42 GMT
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
"Tom St Denis" <[EMAIL PROTECTED]> wrote in message
news:YmTG6.91125$[EMAIL PROTECTED]...
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> This is a symmetric private key system (not PK) so keep that in
> mind.
>
> 1. Both users pick two large primes p and q, then form N = pq
> 2. To encode a message you take 0 < M < N and do, c1 = M mod p, c2
> = M mod q
> 3. To decode use crt to recover the message from c1/c2.
>
> Off the top of my head I can't see how c1 or c2 will reveal p or q
> or M.
>
> Neater thing is if you use a 64-bit irreducible polynomials for p
> and q shouldn't this trick still work? Resulting in a 128-bit
> block
> cipher...
This isn't secure against a chosen plaintext attack since you can
simply do a binary search for c1 and c2.....but is it secure
otherwise?
Some form of padding would probably be required ... I dunno.
Tom
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
Comment: Key at: http://tomstdenis.home.dhs.org/key.asc
iQA/AwUBOuwN0wULrT+pXe8cEQJE2gCg5VskuKEoUyjbZr744SCmhFeAENsAoJuN
tHmellulqpHmyjVC/uDmkb53
=MSzu
=====END PGP SIGNATURE=====
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Another keen symmetric cipher idea
Date: Sun, 29 Apr 2001 14:36:31 GMT
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
This is yet another keen idea (note: I am posting these because they
pop in my head and I want to spark relevant on topic discussion in
this forum :-) ).
The users pick a random n-bit prime p and a number k. These are
fixed as secret.
To encode simply do
C = (M + k)^-1 mod p
M = C^-1 - k mod p
The time required is symmetric about inversion in Z*p. K must be
random since if the cipher was just
C = M^-1 mod p
M = C^-1 mod p
the attacker could solve for p with one chosen text i.e knowing C and
M givest hem the ability todo
CM - Rp = 1
Rp = -1 + CM
They can then factor Rp to get the largest prime which should be p.
Now it's
(M+k)C - k - Rp = 1
MC - kC - k - Rp = 1
Rp = -1 -MC + kC + k
Wait... with two chosen texts the attacker wins right since MC is
known the only unknowns are kC, k and Rp? .... back to the drawing
board...
What if it were layered? I.e
C = ((M + k1)^-1 + k2)^-1 (mod p)
- --
Tom St Denis
- ---
http://tomstdenis.home.dhs.org
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
Comment: Key at: http://tomstdenis.home.dhs.org/key.asc
iQA/AwUBOuwm4QULrT+pXe8cEQKzQQCgkIZb7nQzqXP/7/HFamgOb8eOh8YAoKEy
DtI+/q9hAyzFvEf5o5fVy2VN
=DOm1
=====END PGP SIGNATURE=====
------------------------------
Subject: Re: Censorship Threat at Information Hiding Workshop
From: [EMAIL PROTECTED] (Xcott Craver)
Date: Sun, 29 Apr 2001 14:47:34 GMT
Jonathan Edwards <[EMAIL PROTECTED]> wrote:
>
>Watermarking in itself is harmless. The Grand Design of which it is a
>part is repugnant, but hardly surprising.
This is an important point, I think, although I wouldn't
use the term "harmless."
Watermarking is, like crypto, a technological measure that
can be used for different things. But it is inherently
harmful, albeit very very slightly harmful, in that slight
modifications are made to media that is watermarked. This
is not usually true of other approaches to copyright control.
This is an issue we raised in the book _Information Hiding_.
Watermark companies are stuck between user quality standards,
which tend to be pretty low; and quality standards of recording
engineers or photographers, which tend to be extremely high.
It's hard enough to engineer a watermark that is "unobtrusive"
but unremovable without "severe" quality degredation, when
you're dealing with just one person's definition of "unobtrusive"
and "severe." Use a Golden Ear's definition of "unobtrusive"
and a consumer's definition of "severe," and things get harder.
Of course, this is just the entertainment industry biting it's
own ass, pardon my French. Consumer quality standards are low
for a reason.
-S
------------------------------
From: Rick Wash <[EMAIL PROTECTED]>
Subject: Re: Another keen symmetric cipher idea
Date: 29 Apr 2001 10:59:14 -0400
"Tom St Denis" <[EMAIL PROTECTED]> writes:
> This is yet another keen idea (note: I am posting these because they
> pop in my head and I want to spark relevant on topic discussion in
> this forum :-) ).
>
> The users pick a random n-bit prime p and a number k. These are
> fixed as secret.
>
> To encode simply do
>
> C = (M + k)^-1 mod p
> M = C^-1 - k mod p
Hmm.... Known plaintext attack? Since this is all done mod p, this
means the number of possible plaintexts is p. If you observe enough
ciphertexts, you can get a good idea of what p is? For example, you
know that p is always greater than the greatest value of C that you
see. I am not entirely sure how easy it would be to figure out p, but
it would not require trying all possible p's.
Once you have p, a single known plaintext will give you k:
k = C^-1 - M (mod p) (from eq. 2 above)
So, if you observer enough ciphertext to limit p down enough that you
can guess it. From each guess and a single known plaintext, you can
get a value of k. You can then check this by attempting to decrypt
the remaining ciphertexts you gathered. If it is intelligible, then
the guess was right, if not, guess another value of p.
> The time required is symmetric about inversion in Z*p. K must be
> random since if the cipher was just
>
> C = M^-1 mod p
> M = C^-1 mod p
>
> the attacker could solve for p with one chosen text i.e knowing C and
> M givest hem the ability todo
>
> CM - Rp = 1
> Rp = -1 + CM
>
> They can then factor Rp to get the largest prime which should be p.
> Now it's
>
> (M+k)C - k - Rp = 1
> MC - kC - k - Rp = 1
> Rp = -1 -MC + kC + k
>
> Wait... with two chosen texts the attacker wins right since MC is
> known the only unknowns are kC, k and Rp? .... back to the drawing
> board...
>
> What if it were layered? I.e
>
> C = ((M + k1)^-1 + k2)^-1 (mod p)
Hmm... I was thinking iterated as a round function? In a similar
structure to rc5?
Key: Prime p, key schedule generating 2N+2 subkeys k_i
Message: (Left half (M_l), Right half (M_r)
Encrypt:
L_0 = (M_l + k1)^-1 (mod p)
R_0 = (M_r + k2)^-1 (mod p)
L_i = (L_{i-1} + R_{i-1} + k_{2i})^-1 (mod p)
R_i = (R_{i-1} + L_i + k_{2i+1}) ^-1 (mod p)
Ciphertext: (L_N, R_N)
for i=1..N, N rounds of the cipher?
It would definately not be the fastest cipher out there, and would
suffer from the problem listed above about the possibility of guessing
p after observing ciphertexts. But in this case, I think it may be
possible to make p public?
I haven't done any analysis on this yet, just popped in my head as a
modification to Tom's idea.
Rick
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Another keen symmetric cipher idea
Date: Sun, 29 Apr 2001 15:01:43 GMT
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
"Rick Wash" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> "Tom St Denis" <[EMAIL PROTECTED]> writes:
>
> > This is yet another keen idea (note: I am posting these because
> > they pop in my head and I want to spark relevant on topic
> > discussion in this forum :-) ).
> >
> > The users pick a random n-bit prime p and a number k. These are
> > fixed as secret.
> >
> > To encode simply do
> >
> > C = (M + k)^-1 mod p
> > M = C^-1 - k mod p
>
> Hmm.... Known plaintext attack? Since this is all done mod p, this
> means the number of possible plaintexts is p. If you observe
> enough ciphertexts, you can get a good idea of what p is? For
> example, you know that p is always greater than the greatest value
> of C that you see. I am not entirely sure how easy it would be to
> figure out p, but it would not require trying all possible p's.
>
> Once you have p, a single known plaintext will give you k:
> k = C^-1 - M (mod p) (from eq. 2 above)
>
> So, if you observer enough ciphertext to limit p down enough that
> you can guess it. From each guess and a single known plaintext,
> you can get a value of k. You can then check this by attempting to
> decrypt the remaining ciphertexts you gathered. If it is
> intelligible, then the guess was right, if not, guess another value
> of p.
True. Hmm didn't think of that really :-)
> > The time required is symmetric about inversion in Z*p. K must be
> > random since if the cipher was just
> >
> > C = M^-1 mod p
> > M = C^-1 mod p
> >
> > the attacker could solve for p with one chosen text i.e knowing C
> > and M givest hem the ability todo
> >
> > CM - Rp = 1
> > Rp = -1 + CM
> >
> > They can then factor Rp to get the largest prime which should be
> > p. Now it's
> >
> > (M+k)C - k - Rp = 1
> > MC - kC - k - Rp = 1
> > Rp = -1 -MC + kC + k
> >
> > Wait... with two chosen texts the attacker wins right since MC is
> > known the only unknowns are kC, k and Rp? .... back to the
> > drawing board...
> >
> > What if it were layered? I.e
> >
> > C = ((M + k1)^-1 + k2)^-1 (mod p)
>
> Hmm... I was thinking iterated as a round function? In a similar
> structure to rc5?
>
> Key: Prime p, key schedule generating 2N+2 subkeys k_i
> Message: (Left half (M_l), Right half (M_r)
>
> Encrypt:
> L_0 = (M_l + k1)^-1 (mod p)
> R_0 = (M_r + k2)^-1 (mod p)
>
> L_i = (L_{i-1} + R_{i-1} + k_{2i})^-1 (mod p)
> R_i = (R_{i-1} + L_i + k_{2i+1}) ^-1 (mod p)
>
> Ciphertext: (L_N, R_N)
>
> for i=1..N, N rounds of the cipher?
>
> It would definately not be the fastest cipher out there, and would
> suffer from the problem listed above about the possibility of
> guessing p after observing ciphertexts. But in this case, I think
> it may be possible to make p public?
>
> I haven't done any analysis on this yet, just popped in my head as
> a modification to Tom's idea.
With a known P the only key is the K array...a little simpler to
explain I would think. How about just like a Feistel structure
instead?
Tom
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
Comment: Key at: http://tomstdenis.home.dhs.org/key.asc
iQA/AwUBOuwsyQULrT+pXe8cEQJwVQCfbP1RHDCRDUWagmCuBWSR/rqdSvQAoOGb
gDyxZosVmbE0InKYPzr0jHOB
=Gqw1
=====END PGP SIGNATURE=====
------------------------------
Subject: Re: Secure Digital Music Initiative cracked?
From: [EMAIL PROTECTED] (Xcott Craver)
Date: Sun, 29 Apr 2001 16:12:59 GMT
David A Molnar <[EMAIL PROTECTED]> wrote:
>
>A few things come to mind as the next questions to ask...
>
> * Is it possible for a contest to be run and agreements to be
> drawn up such that the SDMI Foundation-style creative
> reinterpretation is impossible?
For this, I would guess "no," but it depends on where you
work and live. An entity does not necessarily need to have any chance
of winning a suit to get someone silenced, especially if that someone
is a representative of a corporation. Heck, a random kook on Usenet can
do that. No shield can stop a saber from rattling.
> Do we know how broad the DMCA's exemption for security research is?
While people might not know exactly how much, we do know that
the exemption is too strict. Any policy that entails the *asking of
permission*, from private industry, in order to perform univerisity research,
is just so insanely unreasonable that I have trouble believing all the money
in the world could have gotten this bill passed. I hope tobacco companies
don't get wind of this idea.
Here are some other questions:
* What about general tools, like StirMark? Stirmark damages a
lot of different kinds of watermarks, probably including ones that
have not been invented yet. How would one go about getting
permission to develop such a program?
Also notice that there is a distribution issue. You might have
permission to _use_ StirMark on a particular watermarking system,
but how to get a copy of StirMark in the first place, with
prohibitions on distributing such a tool? Of course, it's a bit
academic, since StirMark is available from outside the US.
* How about reverse engineering tools? I mean, tools that do
not and can not remove watermarks, but can tell you what kind of
mark is in the music, and what its parameters are?
* Couldn't just about anything be retooled as a copy protection
mechanism? A snake-oil crypto company can write a copy-control
application with their cipher as the centerpiece; couldn't they
then hold a traditional cryptographic challenge in which
successfully cracking their system is illegal under the DMCA?
>_David
-Scott
------------------------------
From: "M.S. Bob" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Secure Digital Music Initiative cracked?
Date: Sun, 29 Apr 2001 17:16:52 +0100
David A Molnar wrote:
>
> Roger Schlafly <[EMAIL PROTECTED]> wrote:
> > And for what? At least the NSA had a national security argument.
> > The RIAA is only trying to protect hypothetical commercial
> > interests. And RIAA's legal position regarding those interests is
>
> * If it is too dangerous to take information from the
> manufacturers and illegal to take information from reverse
> engineering devices, then *how* is research on these technologies
> to be conducted? (I am taking it as a given that such research
> should be undertaken).
> Do we know how broad the DMCA's exemption for security research is?
Well if the DMCA was law earlier in US history, then the DMCA could of
been used against:
RC4/ARC4
WEP
PTPP
NT LAN Manager (NTLM)
A5 (the US effort, at Berkeley)
Netscape random number genenator
DMCA might be used as an argument against publicly reporting any
security vulnerability in a fielded proprietary system, eliminating
notification services such as CERT and bugtraq.
Long live security....
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Secure Digital Music Initiative cracked?
Date: Sun, 29 Apr 2001 16:29:52 GMT
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
"M.S. Bob" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> David A Molnar wrote:
> >
> > Roger Schlafly <[EMAIL PROTECTED]> wrote:
> > > And for what? At least the NSA had a national security
> > > argument. The RIAA is only trying to protect hypothetical
> > > commercial interests. And RIAA's legal position regarding those
> > > interests is
> >
> > * If it is too dangerous to take information from the
> > manufacturers and illegal to take information from
> > reverse
> > engineering devices, then *how* is research on these
> > technologies
> > to be conducted? (I am taking it as a given that such
> > research
> > should be undertaken).
> > Do we know how broad the DMCA's exemption for security
> > research is?
>
> Well if the DMCA was law earlier in US history, then the DMCA could
> of been used against:
>
> RC4/ARC4
> WEP
> PTPP
> NT LAN Manager (NTLM)
> A5 (the US effort, at Berkeley)
> Netscape random number genenator
To add to this list
The three RSA inc. DES challenges
The RSA RC5 challenges
The RSA RSA Challenges
The Certicom ECC challenges
The Samba hash crack (the one that uses a single round of DES etc..)
The Unix hash cracks (basically any password cracker).
Not to mention the wealth of public cryptanalysis that fills
euro/asia crypt journals.
> DMCA might be used as an argument against publicly reporting any
> security vulnerability in a fielded proprietary system, eliminating
> notification services such as CERT and bugtraq.
>
> Long live security....
In the DMCA perfect world crypto would involve "xor with 0xAA for med
security and 0xBB for highest" then they could say "anyone breaking
'highest' security faces higher charges"... ehhehehehe
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
Comment: Key at: http://tomstdenis.home.dhs.org/key.asc
iQA/AwUBOuxBcQULrT+pXe8cEQKtRwCgtz0rUJO7P0/Fvb2FoI8nROaECbsAn1BE
AMoSblj8lSBtXzCL/Gj1a07h
=vkow
=====END PGP SIGNATURE=====
------------------------------
Subject: Re: Secure Digital Music Initiative cracked?
From: [EMAIL PROTECTED] (Xcott Craver)
Date: Sun, 29 Apr 2001 16:30:23 GMT
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
>
>I have the fuzzy feeling that the issues have some
>parallels to export regulations both in respect of sanity,
>chance of long term upholding, etc.
At least those regulations were driven in part by a desire to
prevent terrorist bombings. In this case it is a desire
to protect Spice Girls CDs.
>I conjecture that it could well happen that at sometime later time
>point the industry find DMCA is actually having a rather negative
>impact on their revenues due to developments entirely outside their
>spheres of influence,
Ah, but there's the crucial difference between this and
export control. Unlike the government, private industry is
not likely to care if a Law hurts other industries. Even
if there is some feedback to their own.
The government is swayed by arguments that american industry
is hurt by a law. This same argument is not going to
make the entertainment industry release its grip on the
DMCA, or cause the industries who support UCITA to ease off.
>M. K. Shen
-S
------------------------------
From: William Hugh Murray <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Secure Digital Music Initiative cracked?
Date: Sun, 29 Apr 2001 16:27:00 GMT
Roger Schlafly wrote:
> "David Wagner" <[EMAIL PROTECTED]> wrote in message
> news:9ceu8n$3nn$[EMAIL PROTECTED]...
> > Douglas A. Gwyn wrote:
> > >Actually the paper you're thinking of was the subject of personal
> > >attention by an NSA employee working outside the proper scope of
> > >his duties, and the Agency didn't back him up.
> > But nonetheless there were still proposals (from the NSA)
> > that researchers should voluntarily submit their papers to
> > the NSA before publication for approval, weren't there?
>
> Yes, there were. And the academic community screamed bloody
> murder. The journals did not comply AFAIK, no academic crypto
> paper was suppressed.
>
> But now a music cartel has succeeded in going farther than the NSA
> ever did -- it intimidated legitimate scholars into withdrawing their
> work from publication.
>
> And for what? At least the NSA had a national security argument.
> The RIAA is only trying to protect hypothetical commercial
> interests. And RIAA's legal position regarding those interests is
> one that most music lovers don't agree with, if Napster use is any
> indication.
True. However, we should note that the RIAA have managed to coopt to
their purposes governments all over the world. The DMCA and the treaty
that it endorses is an abomination. At its most fundamental level it
outlaws not only research but knowledge. I hope that the courts will
rescue us from the dilemmas created by this law.
Napster users are another issue entirely. It is in the nature of music
that any performance is a shared experience; any performance creates
"copies." It is in the nature of music that "fair use" includes the
right to perform and, to a more limited extent, to copy. However, "fair"
use also includes the right of the authors, performers, and publishers to
be compensated for their efforts. The doctrine of "fair use" has always
been about how the purchaser of a copy is entitled to enjoy his copy. It
has never been, and should not now be, how someone who did not pay for a
copy should be able to enjoy that copy.
When looking at copyright issues, I find it helpful to look to the past
for analogies. Napster's role might be compared to that of a
broadcaster. The broadcaster pays a license fee for the right to
broadcast a performance of his copy for the enjoyment of others. Often
he pays on a "per performance" basis. The assumption of the copyright
holder has always included the risk that a few listeners will make copies
of the broadcast may make a copy of his reception for his own use in the
future. While this use may or may not be "fair," as long as the listener
did not attempt to sell his copy, it has been tolerated. The broadcaster
covers his cost and his profit by selling advertising. The assumption of
the advertiser is that at least some
of the listeners will listen to his ads. The advertiser has always
accepted the risk that a few listeners will avoid listening to the ad.
Of course, Napster is not a broadcaster; it is more an indexing and
directory service. While it is questionable why or that it needs one,
and while it has tried to negotiate one, it does not have a license from
the publishers. one might conclude that the industry has more interest
in trying to outlaw what Napster does than in making money from it.
The most recent instance where the publishers have tried to restrict
access to copying technology is when they attempted to restrict the
capability to record broadcasts of video programming on home VHS
machines. The courts struck that down. It should be noted that the
ability of people to make copies of video broadcasts has interfered with
the ability of the publishers to sell copies only at the margins. It is
to be hoped that the courts that would not restrict copying would not
have consented to the outlawing of the copying equipment, technology, or
knowledge.
The argument that the publishers must be able to control copying
equipment is older than the printing press. As technology makes copies
cheaper and more faithful, they amplify the argument. However, it is the
same old argument, no more valid now than a hundred years ago when they
complained about automatic type setting of music. We should continue to
reject it now as we have in the past. If history demonstrates anything
it is that, even if the public would rather have a lower price, they are
not reluctant to pay for information and entertainment. That some people
will steal, even when paying is cheaper, does not mean that most people
are out to cheat.
The position of the Napster user is a little more problematic. To the
extent that he is simply making a copy of a broadcast under a license to
Napster (a license which Napster does not now have), his position is like
that of the person who records a video broadcast for his own later use.
To the extent that he uses Napster to make a copy of his neighbor's copy,
he is in the position of one who goes to his neighbor's house to make a
copy of his neighbor's copy. While this is not a decision that I would
like to make for my neighbor, it seems to me to be a use which goes
beyond fair use of that copy. To the extent that one makes his copy,
however obtained, available to others, it seems to me that he has clearly
gone beyond fair use. At today's prices, if I want my neighbor to have a
copy, I buy him one.
However, the scariest part of all of this is that it attempts to make
Napster responsible for the use that its users make of its service. I
cannot for the life of me distinguish between Napster and Yahoo or
Google. If the courts can hold Napster responsible for copyright
violation by its users, can they not hold Yahoo or Google responsible?
How does one distinguish between the two? It seems to me that Judge
Patel wants to do so on the basis of the fact that Napster has "guilty
knowledge," that they know what their users are doing, that they knew
what the users would do when they created the service in the first
place. While I may be prepared to grant her that, at least in this case,
it is fairly obvious, as far as I know, there has been no such finding of
fact by the trial court.
If this judgement is permitted to stand, then it will call into question
the legitimacy of all the search and indexing services on which the
utility of the WWW rests. It will grant to government the right of prior
restraint over research, knowledge, technology, and tools. We did not
ask for this treaty, law, or finding. If we consent to them, we deserve
what we get.
William Hugh Murray
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: factoring basis?
Date: Sun, 29 Apr 2001 16:37:11 GMT
Most if not all current factoring methods are based on finding two squares
that are congruent to factor the modulus. What about a triplet basis?
I.e you have N=pq try to find a quad (X^-1, x^-1 mod p, X^-1 mod q). You
can guess X and solve for X^-1 easily now the trick is just to find the two
residues. If they are found then factoring is easy.
My question is can this actually be exploited? A naive version would
require a lot of work basically sqrt(q) * sqrt(p) which is about sqrt(pq) by
just guessing the residues. A correct guess would lead to the
factorization....Anything else?
--
Tom St Denis
---
http://tomstdenis.home.dhs.org
------------------------------
From: William Hugh Murray <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Secure Digital Music Initiative cracked?
Date: Sun, 29 Apr 2001 16:36:38 GMT
Roger Schlafly wrote:
> "David A Molnar" <[EMAIL PROTECTED]> wrote
> > ...
> > * How do we get the DMCA repealed or at least amended?
> > I think these are the sorts of practical questions we need to ask right
> now.
>
> I don't have answers. Crypto people lobbied against the DMCA, but
> were overwhelmed by the commercial interests.
I will not argue that they had a responsibility to do otherwise. However,
both crypto and security people argued against the DMCA on the narrow basis
of it how it might affect their right to engage in otherwise legitimate
activities rather than on the basis of the fact that it was bad public
policy. They succeeded in getting narrowly drawn exemptions and exceptions
but still got the bad public policy.
> The DMCA does
> make the law in this area a whole new game, and prior common sense
> reasoning may not apply.
"Few things in life are as difficult to remedy as bad law."
------------------------------
Subject: Re: Censorship Threat at Information Hiding Workshop
From: [EMAIL PROTECTED] (Xcott Craver)
Date: Sun, 29 Apr 2001 16:47:23 GMT
Leonard R. Budney <[EMAIL PROTECTED]> wrote:
>
>It deprives him of the livelihood derivable from charging for use of his
>creative effort.
Ah, but you are always depriving him of said livelihood, even
when you pay for his work.
Presently, people are attempting ways to derive more livelihood
from copyrighted works in more invasive fashions, such as
charging money per use, or restricting people's ability to use
what they bought except in very specific circumstances. Whenever
you lend a book to someone, or read it aloud, you are depriving
the author of livelihood derivable under these models, which are
now becoming technologically feasible.
For a while now Microsoft has enacted a "medialess" policy for
their OS, which means that if Windows comes with your computer,
you don't get the Windows CDs. You can't move your copy of
Windows to a new computer, even if you utterly destroy the old
computer. You can't even move your copy of windows to a bigger
hard drive. The license is only for the specific machine on
which it was installed. This is an example of how use is now
being restricted to very specific circumstances, and extra $$$
can be made as a result.
Perhaps it is better to speak of depriving a creator of
"reasonable" livelihood which is he is presently attempting to
derive. Not what money he could make, in general, by charging
for its use.
>> It is a public good to allow copying, just as it is believed
>> that the free market is also a public good.
>
>``Just as''? Copying may be a public good, but (supposing the existence
>of intellectual property) it is the opposite of a free market.
Copying is use. It is a necessary component of any market.
All media works that way: it can't be used in any fashion
without some kind of copying or transmission. It must
travel into a black box, into memory, through speakers, and
into somebody's brain.
>With a vital difference. Soviet laws protected government monopoly. In
>the US, a temporary monopoly is up for anyone's grab: just be the first
>to think of something.
>
>Len.
-S
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
