[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FYI] (Fwd) FC: Inside.com int'v with Eben Moglen on surveillance pr


------- Forwarded message follows -------
Date sent:      	Mon, 24 Sep 2001 01:15:45 -0400
To:             	politech@politechbot.com
From:           	Declan McCullagh <declan@well.com>
Subject:        	FC: Inside.com int'v with Eben Moglen on surveillance proposals
Copies to:      	rparloff@inside.com
Send reply to:  	declan@well.com


*********

Date: Fri, 21 Sep 2001 14:17:37 -0400
Subject: eben moglen Q&A
From: Roger Parloff <rparloff@inside.com>
To: Declan McCullagh <declan@well.com>

if they can put out of their minds the disturbing thought that i may
have had anything to do with commissioning and editing this article,
your readers might inadvertently find themselves enjoying it. it's a
q&a with eben moglen, conducted by reporter rafat ali, about how
current talk of imposing legislative restrictions on encryption
technologies conflicts with the (equally wrongheaded) efforts of the
entertainment industry to protect its content through increasingly
robust encryption. as always your readers should probably be WARNED to
steer clear of our Web site at all costs, and to read only the
attachment below. though the article itself is currently free, it may
within a few days slip behind the firewall and become -- AN
ADVERTISEMENT!!!!! -- convertible into an actual editorial product
only upon payment of a 40-cent ransom. the pay-per-view society
incarnate.

Entertainment Companies Have a Lot to Lose If Government Cracks Down
on Security Systems, Professor Argues In an interview with Inside,
Columbia University's cyberlaw expert Eben Moglen argues that if the
authorities are given 'backdoor' access to security software, all
sorts of online commerce will face greater threats from hackers. An
Inside interview. by Rafat Ali

Friday, September 21, 2001


Since the Sept. 11 attack, the U.S. Congress has been considering a
slew of reforms that could significantly alter the current balance
that our laws strike between protecting individual privacy and helping
law enforcement to fight terrorism. Already, the Senate has voted to
broaden the wiretapping authority of government agencies. And
legislators are discussing whether to require that encryption
technologies have built-in "backdoors" to allow the authorities easy
access, and whether to re-institute strict export controls on such
security technologies. Many legislators fear -- though no evidence has
yet emerged to confirm those fears -- that terrorists may have used
electronic communications to coordinate their attacks, relying on
encryption technologies to make sure their messages could not be
intercepted by intelligence agencies.

In an interview with Inside on Thursday, Prof. Eben Moglen of Columbia
University Law School, discussed how these new proposals -- ostensibly
about questions of national security and free speech -- could affect
the entertainment and media industries. Formerly a software developer,
Professor Moglen, 42, teaches courses focusing on cyberlaw issues, is
affiliated with the privacy advocacy group Electronic Frontier
Foundation, and serves as general counsel to the Free Software
Foundation, an organization that backs the open-source software
movement. He is currently working on a book, The Invisible Barbecue,
analyzing the socio-political implications of technology and media
policy. What follows is a chunk of the Q & A with Prof. Moglen that is
more A than Q:

Inside:What do you, as a cyberlaw professor, think of the wisdom and
workability of the new proposals to impose export restrictions on
encryption and allow the government to snoop on software?

Professor Moglen: I agree that the U.S. Government, components of
which have always sought to weaken the spread of encryption, will
certainly present their agenda now. But it will do so in a world in
which it is fundamentally no longer possible to get a consensus on
weakening encryption rules, for the following reasons:

First, backdoor encryption now means putting a backdoor in the global
financial system, because global financial transactions depend on
secure encryption. Backdoor will immediately result in the creation of
security weaknesses throughout the global financial system, raising
the possibility of attacks by ordinary as well as politically
motivated criminals against the global financial structure. Because
encryption is a critical aspect of global financial security, to
require backdoors -- now in particular -- would be like removing
security from airplanes and buildings this week. And that wonıt be
done.

Of specific interest to the media and entertainment industry,
encryption now is an essential part of the strategy of all media
companies, because from e-books to DVDs to protected music formats,
the strategic direction of the global entertainment industries is to
sell strongly encrypted material and keys.... The strength of the
encryption is, fundamentally, the strength of producerıs intellectual
property.

The ongoing litigation about DVDs, for example, [in which Hollywood
studios are suing to stop the distribution of contraband software that
descrambles digital movie files, allowing them to be copied and
distributed over the Internet] would not now be going on if the
encryption system selected for encrypting DVD content had been
stronger. The reason that the system chosen was not stronger was
precisely because the DVD content control system was designed at a
time when both America and Japan had encryption export controls.
[After Sept. 11, some members of Congress have discussed returning to
those stricter standards in the United States.] And the hardware and
content manufacturers were, therefore, compelled to use a system weak
enough to be exportable, which was also weak enough for a 15-year-old
Norwegian to break. [In late 1999, teenager Jon Johansen helped write
the software that descrambles DVDs.]

Any step to create new encryption export controls, or to weaken the
strength of encryption in civil society, would inhibit the central
strategic objective of the global entertainment companies, which is to
protect their content by technical means, and then use law to protect
their technical means.

With the support of the Walt Disney Company, among others, Senator
Fritz Hollings of South Carolina has on the Hill managed to work out
the Security Systems Standards and Certification Act [which was
drafted in August, before the attacks, and has not yet been formally
introduced as a bill]. The SSSCA is proposing, in essence, a federal
takeover of technology design in the hardware, consumer electronics
and the software industry, requiring the U.S. government to interfere
in the design of all these devices on behalf of the technological
content protection schemes of the content manufacturers.

Leaving aside the obnoxiousness and unconstitutionality of such a
statute, its great unwisdom would mean the unlikelihood of political
adoption, given that the constituencies would resent being told by the
federal government how to design their products and their businesses.
But I should also point out that the whole theory of the SSSCA is to
create a free global movement in strong encryption hardware and
software for the benefit of entertainment companies. Renewed export
controls or limitations on encryption technologies would effectively
defeat those plans. I donıt support those plans; I think those plans
are abhorrent, unconstitutional, politically unattainable and socially
unwise. But I would also point out that they conflict with the very
thing which we now believe the governmentıs security apparatus may
wish to do.

Inside: Would this picture, which seems very dystopian in some
aspects, have a middle ground for the government and companies to
arrive at?

Professor Moglen: We need to think about encryption as containing two
components: cryptography, which is about finding better and better
ways to keep secrets, and cryptanalysis, which is about finding more
and more ingenious ways to break codes. When the government seeks to
interfere in the encryption structure in society, for reasons of
national security or domestic law enforcement, it does so by trying to
weaken cryptography -- [either by imposing] export controls that
inhibit the spread of cryptographic innovations, or by [requiring]
³backdoors² and other means to weaken encryption schemes, so that the
spook and the cop have an easier time [decoding] the encryption
scheme.

But when government acts to weaken cryptography, it therefore also
acts to strengthen cryptanalysis. It does so in order to assist
government cryptanalysts like the NSA, but in doing so it also
strengthens criminal cryptanalysts who wish to attack the global
financial system and civil cryptanalysts who wish to help users undo
technological controls over media content. The result is that there is
an intimate relationship in the Internet society where we all now live
between ownership and keeping secrets, because keeping a bit-stream
secret is how you establish your ownership right over it. When the
government acts to limit cryptography, it destabilizes property. The
most important kind of property it destabilizes is everybodyıs bank
account, but it also destabilizes the property interests that media
producers have in the content they electronically distribute.




----------------------------------------------------------------------
--- POLITECH -- Declan McCullagh's politics and technology mailing
list You may redistribute this message freely if you include this
notice. Declan McCullagh's photographs are at
http://www.mccullagh.org/ To subscribe to Politech:
http://www.politechbot.com/info/subscribe.html This message is
archived at http://www.politechbot.com/
----------------------------------------------------------------------
---

------- End of forwarded message -------