Outreach Volunteers Needed - Content Control is a Dead End

Thu Aug 30 12:50:06 EDT 2001

Dan Geer writes:

> > Content control is a dead end.
> 
> Folks,
> 
> You only get an even number of {privacy, copyright} -- either the
> owner of information controls how it is used or he does not.  Either
> you embrace copyright-and-privacy, or you embrace neither.  
> 
> It really is time to be careful what you ask for.

The Association of American Publishers said something like this in reply
to DMCA critics.

http://www.loyalty.org/~schoen/publishers.html

Amy Gwiazdowski said:

> In response to those who attempt to justify circumventing, or trafficking in
> devices that circumvent, encryption and other technological measures that
> protect copyright in the digital environment,  AAP urges them to carefully
> consider how their arguments would apply to precisely the same activities in
> connection with encryption and other technological measures used to protect
> privacy in that same environment.

But the argument was completely bogus.

As we know, there are many kinds of things that get called "privacy".
One is the ability to prevent information from becoming known
(communications privacy, or confidentiality; and then also privacy
relating to what you do, or where you are, which has nothing to do
with communications or cryptography).  Then there's the ability to
prevent people from publishing, sharing, or using that information in
certain ways.  This includes the legal rights of privacy and
publicity, as well as things like consumer protection legislation (the
Fair Credit Reporting Act, more recent U.S. credit legislation, and
EU laws on publishing data about individuals).

All of these things are different, and treated differently by law.
Just as patents are not the same as copyrights, which are not the same
as trademarks, so copyrights are not the same as consumer privacy,
which is not the same as communications privacy.  These things are not
treated in the same way by the law.  (There are lots of examples: for
instance, there's fair use doctrine in copyright law, but I don't
think there's a fair use doctrine in EU consumer privacy law.)

Some kinds of control of information -- like the confidentiality of a
communication between two consenting parties, whose interests are
aligned -- can be protected by engineering and technology.  Some
kind of control -- like preventing copying of digital data _by a
customer who buys a copy of that data_ -- cannot be protected by
engineering.  When different kinds of control are protected by
legislation (or, per Lessig, by technology backed by legislation), the
legislation is drafted differently for each particular case, and is
not equivalent.

Meanwhile, PGP is not insecure just because DRM systems are insecure.
(U.S. law and regulations used to make it illegal to export PGP, which
may have been secure, but legal to export DRM and copy protection, which
was not.)

We should not say that all kinds of "information control" are
equivalent.  They have different motives, different threat models,
different social and legislative traditions, and probably even
different moral presuppositions.

-- 
Seth David Schoen <schoen at loyalty.org> | Its really terrible when FBI arrested
Temp.  http://www.loyalty.org/~schoen/ | hacker, who visited USA with peacefull
down:  http://www.loyalty.org/   (CAF) | mission -- to share his knowledge with
     http://www.freesklyarov.org/      | american nation.  (Ilya V. Vasilyev)

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com