re: The RIAA Succeeds Where the CypherPunks Failed

[Steve Schear]

At 12:39 PM 12/17/2003, Patrick Chkoreff on the [EMAIL PROTECTED] wrote:
Well, Clay Shirky has done it again, writing a very insightful article
on the current digital scene, this time on the unintended but
beneficial consequences of RIAA's crackdown on file sharing.
Here is one particularly telling excerpt:

Note that the broadening adoption of encryption is not because users
have become libertarians, but because they have become criminals; to a
first approximation, every PC owner under the age of 35 is now a > felon.
http://www.shirky.com/writings/riaa_encryption.html

I'm not sure if Clay ever hung out on the cypherpunks list.  None of this 
comes as a surprise.  Most knew early on that widespread adoption of crypto 
would require a killer app and that cypherpunks were not delivering these 
apps because one could not predict what they would be.  They would surely 
not be PGP and other encrypted email nor digital cash unless and until 
there was a small but lucrative market that could be addressed by such 
technology or a large market with broad citizen support.  That file sharing 
could be it was also recognized a long time ago on the cypherpunks list.

One interesting aspect of the current arms war being fought between 
consumers determined to ignore copyright, their technological helpers in 
the development community and the RIAA/MPAA is a possible resurgence of 
interest in non-file sharing P2P architectures.  By this I mean schemes 
where the information is distributed among sharing participants in a 
fashion where each holds only a portion of the desired file in a form not 
identifiable as such by individual users.

Freenet and MNet (previously Mojo Nation) both use such an approach.  They 
create an Internet RAID drive cluster across the storage participants have 
offered to the sharing system.  Individual users are not associated with 
offering individual files, they simply have offered storage for data the 
content of which they know not.  User downloads from such systems are, of 
course, organized as individually identifiable files, but these are 
separately stored and not exposed outside their PCs.  "NetRAID" P2P 
approaches have suffered from complexity and stability problems which 
greatly affected their popularity, but there is reason to believe that such 
shortcomings may soon be a thing of the past.

Another aspect of this is what it portends for the future.  If, as Clay 
suggests, the current situation is like Prohibition from citizen 
perspective can we expect a similar repeal of government surveillance?  If 
not, what will happen as large numbers of citizens adopt P2P systems that 
not only flaunt copyright law but communications more dear to those in power?

steve

"For nothing is more destructive of respect for the government and the law 
of the land than passing laws which cannot be enforced. It is an open 
secret that the dangerous increase of crime in this country is closely 
connected with this." -- Albert Einstein, "My First Impression of the 
U.S.A.", 1921  

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

The RIAA Succeeds Where the CypherPunks Failed

[John Gilmore]

From: [EMAIL PROTECTED]
Sent: Wednesday, December 17, 2003 12:29 PM
To: [EMAIL PROTECTED]
Subject: [NEC] #2.12: The RIAA Succeeds Where the CypherPunks Failed

NEC @ Shirky.com, a mailing list about Networks, Economics, and Culture

Published periodically / #2.12 / December 17, 2003
Subscribe at http://shirky.com/nec.html
   Archived at http://shirky.com
   Social Software weblog at http://corante.com/many/

In this issue:

  - Introduction
  - Essay: The RIAA Succeeds Where the Cypherpunks Failed
  Also at http://www.shirky.com/writings/riaa_encryption.html
  - Worth Reading:
 - GrokLaw: MVP of the SCO Wars
 - Tom Coates Talks With A Slashdot Troller

* Introduction ===

The end of another year. Thank you all for reading. See you in January.

-clay

* Essay ==

The RIAA Succeeds Where the Cypherpunks Failed
   http://www.shirky.com/writings/riaa_encryption.html

For years, the US Government has been terrified of losing surveillance
powers over digital communications generally, and one of their biggest
fears has been broad public adoption of encryption. If the average user
were to routinely encrypt their email, files, and instant messages,
whole swaths of public communication currently available to law
enforcement with a simple subpoena (at most) would become either
unreadable, or readable only at huge expense.

The first broad attempt by the Government to deflect general adoption of
encryption came 10 years ago, in the form of the Clipper Chip
[http://www.epic.org/crypto/clipper/]. The Clipper Chip was part of a
proposal for a secure digital phone that would only work if the
encryption keys were held in such a way that the Government could get to
them. With a pair of Clipper phones, users could make phone calls secure
from everyone except the Government.

Though opposition to Clipper by civil liberties groups was swift and
extreme [1] the thing that killed it was work by Matt Blaze, a Bell Labs
security researcher, showing that the phone's wiretap capabilities could
be easily defeated [2], allowing Clipper users to make calls that even
the Government couldn't decrypt. (Ironically, ATT had designed the
phones originally, and had a contract to sell them before Blaze sunk the
project.)

[2]
http://cpsr.org/cpsr/privacy/crypto/clipper/clipper_nist_escrow_comments
/
[3]
http://www.interesting-people.org/archives/interesting-people/199406/msg
6.html

The Government's failure to get the Clipper implemented came at a heady
time for advocates of digital privacy -- the NSA was losing control of
cryptographic products, Phil Zimmerman had launched his Pretty Good
Privacy (PGP) email program, and the Cypherpunks, a merry band of
crypto-loving civil libertarians, were on the cover of
[http://www.wired.com/wired/archive/1.02/crypto.rebels.html] the second
issue of Wired. The floodgates were opening, leading to...

...pretty much nothing. Even after the death of Clipper and the launch
of PGP, the Government discovered that for the most part, users didn't
_want_ to encrypt their communications. The single biggest barrier to
the spread of encryption has turned out to be not control but apathy.
Though business users encrypt sensitive data to hide it from one
another, the use of encryption to hide private communications from the
Government has been limited mainly to techno-libertarians and a small
criminal class.

The reason for this is the obvious one: the average user has little to
hide, and so hides little. As a result, 10 years on, e-mail is still
sent as plain text, files are almost universally unsecured, and so on.
The Cypherpunk fantasy of a culture that routinely hides both legal and
illegal activities from the state has been defeated by a giant
distributed veto. Until now.

It may be time to dust off that old issue of Wired, because the RIAA is
succeeding where 10 years of hectoring by the Cypherpunks failed. When
shutting down Napster turned out to have all the containing effects of
stomping on a tube of toothpaste, the RIAA switched to suing users
directly. This strategy has worked much better than shutting down
Napster did, convincing many users to stop using public file sharing
systems, and to delete MP3s from their hard drives. However, to sue
users, they had to serve a subpoena, and to do that, they had to get
their identities from the user's internet service providers.

Identifying those users has had a second effect, and that's to create a
real-world version of the scenario that drove the invention of
user-controlled encryption in the first place. Whitfield Diffie,
inventor of public key encryption
[http://www.webopedia.com/TERM/P/public_key_cryptography.html], the
strategy that underlies most of today's cryptographic products, saw the
problem as a version of "Who will guar