[ISN] SSSCA = Digital Rectal Thermometer Security Act ?

From: InfoSec News (isnat_private)
Date: Mon Sep 10 2001 - 23:08:00 PDT

  • Next message: InfoSec News: "[ISN] 3 comments on SSSCA"

    ---------- Forwarded message ----------
    Date: Mon, 10 Sep 2001 00:55:51 -0400
    From: Ronald L. Rivest <rivestat_private>
    To: cryptographyat_private, farberat_private
    Subject: SSSCA = Digital Rectal Thermometer Security Act ?
    
    Hi all --
    
    I just sat down and read the proposed text of the Holling's SSSCA bill.
             http://cryptome.org/sssca.htm
    Boy is this bill breathtaking in its breadth! I have tried to understand
    its language.  It says in Section 101:
    
         "It is unlawful to manufacture, import, offer to the public, provide
    or otherwise traffic in any interactive digital device that does not
    include and utilize certified security technologies that adhere to
    the security systems standards adopted under section 104."
    
    and says in Section 109:
    
             "The term "interactive digital device" means any machine, device,
    product, software, or technology, whether or not included with or as
    part of some other machine, device, product, software, or technology,
    that is designed, marketed or used for the primary purpose of, and
    that is capable of, storing, retrieving, processing, performing,
    transmitting, receiving, or copying information in digital form."
    
    Putting 2+2 together, we see that essentially all digital devices and
    software will have to have "certified security technologies" in them.
    Anything that works primarily with digital data is covered.
    
    My feeble brain came up with the following list of things that would
    have to be secured.  I'm sure you can think of lots more.
             -- All bar-code scanners
             -- All computer-controlled ignition systems
             -- All metro ticket readers
             -- All digital watches and calculators
             -- All ATM machines
             -- All digital cellular phones
             -- All digital answering machines
             -- All GPS receivers
             -- All sports scoreboards and the marquee signs in Times Square
             -- All electronic parking meters
             -- Almost all lab equipment (everything is digital these days)
             -- All software, for sure
             -- All digital cameras and digital movie cameras
             -- All PC's and game consoles
             -- All remote key-entry systems and most home security systems
             -- All stop-light controllers
    Well, I should leave some of the fun to you. But of course
    my favorite should be listed:
             -- All digital rectal thermometers
    
    Presumably some staffers will try to rescue this
    laughable (albeit a bit scary) lobbyist-written proposal.
    Of course, just letting the bill die is probably best.  But if
    they want to fix things, they should consider adding language
    that makes it ILLEGAL to sell copy-protection technology
    that doesn't permit at least
    
             -- fair use, including time-shifting and making a reasonable
               number of copies for personal or educational use, or
               for backups,
    
             -- free use of a copyrighted item once the copyright has
               expired
    
    (This list should be expanded.)
    
    But in any case, making any security technology *mandatory* on all
    digital devices and computers is clearly a non-starter.  Why, we'd probably
    have to close down all the country's computer science departments
    (can't have these kids making unsecured devices, you know, even if
    it is their homework assignment to build a computer...)
    
             Cheers,
             Ron Rivest
    
    
    
    Ronald L. Rivest
    Room 324, 200 Technology Square, Cambridge MA 02139
    Tel 617-253-5880, Fax 617-258-9738, Email <rivestat_private>
    
    
    
    
    ---------------------------------------------------------------------
    The Cryptography Mailing List
    Unsubscribe by sending "unsubscribe cryptography" to majordomoat_private
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.
    



    This archive was generated by hypermail 2b30 : Tue Sep 11 2001 - 01:54:32 PDT