Gary Shapiro: P2P File Sharing is Legal and Moral
(This essay hits many very effective points. One of the key things that needs to be borne in mind, however, is the fact that technological proposals currently on the table are implementations of the notion, foreign to American society and jurisprudence, of creators' moral rights -- a term basically saying that creators dictate how information may be used. This essay nevertheless clearly represents a very significant step forward in the discourse. Forwarded from POLITECH. -- Seth) Original Message Date: Wed, 18 Sep 2002 22:35:19 -0700 From: Declan McCullagh [EMAIL PROTECTED] To: [EMAIL PROTECTED] Some background: http://www.ce.org/press_room/press_release_detail.asp?id=10027 http://www.ce.org/press_room/speech.doc http://news.com.com/2100-1023-958324.html?tag=cd_mh File photo: http://www.mccullagh.org/image/d30-25/gary-shapiro.html -Declan --- Speech by Gary Shapiro, President and CEO of the Consumer Electronics Association. The Campaign to Have Copyright Interests Trump Technology and Consumer Rights We are at a critical juncture in history when the inevitable growth of technology is conflicting with the rising power and strength of copyright owners. How we resolve this tension between copyright and technology will define our future ability to communicate, create and share information, education and entertainment. Today I would like to share with you my views on this situation and the questions we must confront as we wind through this confusing, but historic maze. There is no doubt that this eras rapid shift to digital and other technology is changing the rules of the game. Reproduction, transmission and storage technology all are progressing exponentially, resulting in an unprecedented power to copy, send and save all forms of media. Reproduction technology has become incredibly cheap and reliable. Transmission technology, including satellite, cable, broadcast, wired or wireless, and often connecting through the Internet, has linked everyone at ever increasing speeds and competitive pricing. Storage technologies also quickly have expanded in capacity as total storage media costs have plummeted. With each new technology, the fears of the music and motion picture industries have grown. With television and the VCR, it was going to be the end of movies. With CDs and cassettes, it was the supposed harm from real-time transfers and one-at-a-time copies. Todays technologies make these perceived threats seem naïve and harmless. With high-speed connectivity and the Internet, its not buying a CD and making a copy for a friend; its downloading from a stranger or making available thousands of copies with the touch of a keystroke. The growth of reproduction, storage and transmission technology has terrified copyright owners. The RIAA claims that 3.6 billion songs are downloaded each month. The RIAA also estimates that $4.5 billion has been lost by the music industry due to pirating. And the motion picture industry also sees the writing on the wall. Fox Group CEO and News Corp. President Peter Chernin in an August 21 keynote speech at an Aspen conference claimed that Spiderman and the latest Star Wars movie were downloaded four million times following the weekend after their release. Based on these and similar threats the content community has gone on a scorched earth campaign attacking and burning several new recording and peer-to-peer technologies. They have used the Congress, media and courts to challenge the legality of technology and morality and legality of recording. In the same Aspen speech, Chernin attacked computers as untrustworthy and the Internet as primarily used for pornography and downloading. I believe that hardware and software companies have a mutual interest in working together, so that they can sell more products. For years, consumer electronics companies have been working with both the recording and motion picture industries on developing technological measures that meet the needs of both industries. For instance, the DVD standard includes anti-copying protection. It also includes an anti-fast forward technology designed to ensure copyright warnings are shown, but instead is being used to require consumers to sit through movie previews. CE companies also have provided digital interfaces that allow consumers to share content among their own devices while restricting unauthorized redistribution to the Internet. By protecting content at the source, content providers can be assured their intellectual property rights are respected, while consumers can enjoy unimpeded personal use. However, source protection should not be used to mislead consumers to purchase CDs that can only be played on certain CD players. Indeed, despite the cooperative efforts, the copyright community has declared war on technology and is using lawsuits, legislatures and clever public relations to restrict the ability to sell and use
Fwd: Physics News Update 605 - liquid crystal random numbergenerator
Date: Wed, 18 Sep 2002 14:27:56 -0400 From: [EMAIL PROTECTED] Subject: Physics News Update 605 PHYSICS NEWS UPDATE The American Institute of Physics Bulletin of Physics News Number 605 September 18, 2002 by Phillip F. Schewe, Ben Stein, and James Riordon [...] FAST, CHEAP RANDOM NUMBERS. The keys needed to encrypt credit card transactions and other crucial information floating in cyberspace often rely on an infusion of random numbers. Generating true random numbers is actually harder than it seems since the generation process generally follows some deterministic algorithm, permitting the possible reappearance of unwanted predictability. James Gleeson, a physicist at Kent State University (330-672-9592, [EMAIL PROTECTED]) has come up with a cheap, fast solution. He shoots laser light into a sample of liquid crystals. But because the sample is subject to a turbulent flow, causing haphazard fluctuations in the orientation of the liquid crystals, the digitized transmitted light coming from the sample represents a stream of random numbers. Gleeson believes that because his device depends on standard liquid-crystal-display technology, his compact device can be used for many processes requiring random-number generation. (Applied Physics Letters, 9 September 2002.) *** PHYSICS NEWS UPDATE is a digest of physics news items arising from physics meetings, physics journals, newspapers and magazines, and other news sources. It is provided free of charge as a way of broadly disseminating information about physics and physicists. For that reason, you are free to post it, if you like, where others can read it, providing only that you credit AIP. Physics News Update appears approximately once a week. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Fwd: Physics News Update 605 - liquid crystal random numbergenerator
Charles McElwain wrote: James Gleeson, a physicist at Kent State University (330-672-9592, [EMAIL PROTECTED]) has come up with a cheap, fast solution. He shoots laser light into a sample of liquid crystals. But because the sample is subject to a turbulent flow, causing haphazard fluctuations in the orientation of the liquid crystals, the digitized transmitted light coming from the sample represents a stream of random numbers. There's no way a laser's going to be cheaper than a Johnson noise generator. Really, the random number generation has been solved - use a Johnson noise generator for the random bits, and (not withstanding /dev/random's suboptimal behavior) put them through a cryptographic device which will spew out indefinite amounts of random numbers once it's gotten sufficiently seeded. -Bram Cohen Markets can remain irrational longer than you can remain solvent -- John Maynard Keynes - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Cryptogram: Palladium Only for DRM
Hi Nomen I am sending to crypto only as I am not on any of the other aliases you sent to. Feel free to fwd. How about hacked instead of broken? Broken implies that a machine doesn't work; hacked implies it has been changed somehow but that it still works. Let's say that a hacked Pd machine is a machine whose root keys have been discovered through any means outside of the security model for that machine. So a machine designed to give up its keys or to take keys in from an outisde source isn't hacked. A machine whose security model includes protecting the keys from everything, but whose keys have become known, is a hacked machine. I can certainly imagine situations where Pd will be on a hacked machine and won't know it. Once the machine has been hacked, a user (or process, or piece of SW, or whatever) can unlock all secrets which use the local keys as root keys. So the symmetric keys used to protect a given piece of data would be compromised, and all data which uses the same symmetric key can now be unlocked. Rather than having to hand someone data, you could hand them keys (presuming they have the data already). The less global a secret, the less vulnerable it is to key hand-offs, but if more than one existence of something is protected by the same key, that key represents an easily distributed attack. Even in cases where a given piece of data is secured with a unique key or keys, once you have hacked those keys (or more likely the root keys used to gen those keys) you can decrypt the data itself. If all data in the world only existed in Pd virtual vaults and was encrypted using different unique keys, the data itself is still it's own secret. You can still extract everything in Pd via a HW attack. Now rather than hand off the keys, you hand off the data. How is this BORE resistant? The Pd security model is BORE resistant for a unique secret protected by a unique key on a given machine. Your hack on your machine won't let you learn the secrets on my machine; to me that's BORE resistant. Any use of Pd to protect global secrets reduces the BORE resistance for the information protected by those secrets. Only the Pd nexus (sorry, new name for the nub, er I mean TOR, er I mean secure kernel, ...) knows each applications secrets, and it protects those secrets from everything else absolutely. The nexus won't analyze data and decide if it should or shouldn't be there; no Pd DRL's. (A DRM scheme on top of Pd could enforce DRL's for content within its own vault, of course, but it can't cross the vault boundary to try to enforce a DRL in someone else's vault.) The goal is to protect data for whomever is asking for protection, and to keep that data secure for that application. (I must note that we are basing our design on existing US law. Should the law change and require different behaviors, or should other countries require different behaviors, we will need to find a way to comply.) Palladium systems won't seek out and destroy anything, either locally or remotely. Additionally the nexus has no understanding of what legitmate or illicit means, so Pd really couldn't do this if it wanted to (it doesn't). Data will be protected by Pd (in memory; on disk). Only applications with the right hash (or those named by the original hashee) can access any given piece of data. P - Original Message - From: Nomen Nescio [EMAIL PROTECTED] To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Wednesday, September 18, 2002 5:10 PM Subject: Re: Cryptogram: Palladium Only for DRM Peter Biddle writes: Pd is designed to fail well - failures in SW design shouldn't result in compromised secrets, and compromised secrets shouldn't result in a BORE attack. Could you say something about the sense in which Palladium achieves BORE (break once run everywhere) resistance? It seems that although Palladium is supposed to be able to provide content security (among other things), a broken Palladium implementation would allow extracting the content from the virtual vault where it is kept sealed. In that case the now-decrypted content can indeed run everywhere. This seems to present an inconsistency between the claimed strength of the system and the description of its security behavior. This discrepancy may be why Palladium critics like Ross Anderson charge that Microsoft intends to implement document revocation lists which would let Palladium systems seek out and destroy illicitly shared documents and even programs. Some have claimed that Microsoft is talking out of both sides of its mouth, promising the content industry that it will be protected against BORE attacks, while assuring the security/privacy community that the system is limited in its capabilities. If you could clear up this discrepancy that would be helpful. Thanks... - The Cryptography Mailing List
Re: Cryptogram: Palladium Only for DRM
Peter N. Biddle wrote: [...] You can still extract everything in Pd via a HW attack. [...] How is this BORE resistant? The Pd security model is BORE resistant for a unique secret protected by a unique key on a given machine. Your hack on your machine won't let you learn the secrets on my machine; to me that's BORE resistant. [...] Yes, but... For me, BORE (Break Once Run Everywhere) depends on the application. You can't analyze Palladium in isolation, without looking at the app, too. It doesn't make sense to say Palladium isn't susceptible to BORE attacks, if the applications themselves are subject to BORE attacks. For example, if a record company builds an app that stores a MP3 of the latest Britney Spears song in a Palladium vault, then this app will be susceptible to BORE attacks. Extracting that MP3 from any one machine suffices to spread it around the world. It won't comfort the record company much to note that the attacker didn't learn the Palladium crypto keys living on other machines; the damage has already been done. Palladium doesn't make DRM resistant to BORE attacks. It can't. In short, there are some applications that Palladium can't make BORE-resistant. Some apps (e.g., DRM) are simply fundamentally fragile. Maybe a more interesting question is: For which apps does Palladium provide resistance against BORE attacks that is not available by other means? - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]