From: [EMAIL PROTECTED]
Sent: Wednesday, December 17, 2003 12:29 PM
To: [EMAIL PROTECTED]
Subject: [NEC] #2.12: The RIAA Succeeds Where the CypherPunks Failed
NEC @ Shirky.com, a mailing list about Networks, Economics, and Culture
Published periodically / #2.12 / December 17, 2003
Subscribe at http://shirky.com/nec.html
Archived at http://shirky.com
Social Software weblog at http://corante.com/many/
In this issue:
- Introduction
- Essay: The RIAA Succeeds Where the Cypherpunks Failed
Also at http://www.shirky.com/writings/riaa_encryption.html
- Worth Reading:
- GrokLaw: MVP of the SCO Wars
- Tom Coates Talks With A Slashdot Troller
* Introduction ===
The end of another year. Thank you all for reading. See you in January.
-clay
* Essay ==
The RIAA Succeeds Where the Cypherpunks Failed
http://www.shirky.com/writings/riaa_encryption.html
For years, the US Government has been terrified of losing surveillance
powers over digital communications generally, and one of their biggest
fears has been broad public adoption of encryption. If the average user
were to routinely encrypt their email, files, and instant messages,
whole swaths of public communication currently available to law
enforcement with a simple subpoena (at most) would become either
unreadable, or readable only at huge expense.
The first broad attempt by the Government to deflect general adoption of
encryption came 10 years ago, in the form of the Clipper Chip
[http://www.epic.org/crypto/clipper/]. The Clipper Chip was part of a
proposal for a secure digital phone that would only work if the
encryption keys were held in such a way that the Government could get to
them. With a pair of Clipper phones, users could make phone calls secure
from everyone except the Government.
Though opposition to Clipper by civil liberties groups was swift and
extreme [1] the thing that killed it was work by Matt Blaze, a Bell Labs
security researcher, showing that the phone's wiretap capabilities could
be easily defeated [2], allowing Clipper users to make calls that even
the Government couldn't decrypt. (Ironically, ATT had designed the
phones originally, and had a contract to sell them before Blaze sunk the
project.)
[2]
http://cpsr.org/cpsr/privacy/crypto/clipper/clipper_nist_escrow_comments
/
[3]
http://www.interesting-people.org/archives/interesting-people/199406/msg
6.html
The Government's failure to get the Clipper implemented came at a heady
time for advocates of digital privacy -- the NSA was losing control of
cryptographic products, Phil Zimmerman had launched his Pretty Good
Privacy (PGP) email program, and the Cypherpunks, a merry band of
crypto-loving civil libertarians, were on the cover of
[http://www.wired.com/wired/archive/1.02/crypto.rebels.html] the second
issue of Wired. The floodgates were opening, leading to...
...pretty much nothing. Even after the death of Clipper and the launch
of PGP, the Government discovered that for the most part, users didn't
_want_ to encrypt their communications. The single biggest barrier to
the spread of encryption has turned out to be not control but apathy.
Though business users encrypt sensitive data to hide it from one
another, the use of encryption to hide private communications from the
Government has been limited mainly to techno-libertarians and a small
criminal class.
The reason for this is the obvious one: the average user has little to
hide, and so hides little. As a result, 10 years on, e-mail is still
sent as plain text, files are almost universally unsecured, and so on.
The Cypherpunk fantasy of a culture that routinely hides both legal and
illegal activities from the state has been defeated by a giant
distributed veto. Until now.
It may be time to dust off that old issue of Wired, because the RIAA is
succeeding where 10 years of hectoring by the Cypherpunks failed. When
shutting down Napster turned out to have all the containing effects of
stomping on a tube of toothpaste, the RIAA switched to suing users
directly. This strategy has worked much better than shutting down
Napster did, convincing many users to stop using public file sharing
systems, and to delete MP3s from their hard drives. However, to sue
users, they had to serve a subpoena, and to do that, they had to get
their identities from the user's internet service providers.
Identifying those users has had a second effect, and that's to create a
real-world version of the scenario that drove the invention of
user-controlled encryption in the first place. Whitfield Diffie,
inventor of public key encryption
[http://www.webopedia.com/TERM/P/public_key_cryptography.html], the
strategy that underlies most of today's cryptographic products, saw the
problem as a version of "Who will guar