FC: Inside.com int'v with Eben Moglen on surveillance proposals

From: Declan McCullagh (declanat_private)
Date: Sun Sep 23 2001 - 22:15:45 PDT

  • Next message: Declan McCullagh: "FC: Feds ground crop dusters amidst worry about biochem attacks"

    *********
    
    Date: Fri, 21 Sep 2001 14:17:37 -0400
    Subject: eben moglen Q&A
    From: Roger Parloff <rparloffat_private>
    To: Declan McCullagh <declanat_private>
    
    if they can put out of their minds the disturbing thought that i may have
    had anything to do with commissioning and editing this article, your readers
    might inadvertently find themselves enjoying it. it's a q&a with eben
    moglen, conducted by reporter rafat ali, about how current talk of imposing
    legislative restrictions on encryption technologies conflicts with the
    (equally wrongheaded) efforts of the entertainment industry to protect its
    content through increasingly robust encryption. as always your readers
    should probably be WARNED to steer clear of our Web site at all costs, and
    to read only the attachment below. though the article itself is currently
    free, it may within a few days slip behind the firewall and become -- AN
    ADVERTISEMENT!!!!! -- convertible into an actual editorial product only upon
    payment of a 40-cent ransom. the pay-per-view society incarnate.
    
    Entertainment Companies Have a Lot to Lose If Government Cracks Down on
    Security Systems, Professor Argues
    In an interview with Inside, Columbia University's cyberlaw expert Eben
    Moglen argues that if the authorities are given 'backdoor' access to
    security software, all sorts of online commerce will face greater threats
    from hackers. An Inside interview.
    by Rafat Ali
    
    Friday, September 21, 2001
    
    
    Since the Sept. 11 attack, the U.S. Congress has been considering a slew of
    reforms that could significantly alter the current balance that our laws
    strike between protecting individual privacy and helping law enforcement to
    fight terrorism. Already, the Senate has voted to broaden the wiretapping
    authority of government agencies. And legislators are discussing whether to
    require that encryption technologies have built-in "backdoors" to allow the
    authorities easy access, and whether to re-institute strict export controls
    on such security technologies. Many legislators fear -- though no evidence
    has yet emerged to confirm those fears -- that terrorists may have used
    electronic communications to coordinate their attacks, relying on encryption
    technologies to make sure their messages could not be intercepted by
    intelligence agencies.
    
    In an interview with Inside on Thursday, Prof. Eben Moglen of Columbia
    University Law School, discussed how these new proposals -- ostensibly about
    questions of national security and free speech -- could affect the
    entertainment and media industries. Formerly a software developer, Professor
    Moglen, 42, teaches courses focusing on cyberlaw issues, is affiliated with
    the privacy advocacy group Electronic Frontier Foundation, and serves as
    general counsel to the Free Software Foundation, an organization that backs
    the open-source software movement. He is currently working on a book, The
    Invisible Barbecue, analyzing the socio-political implications of technology
    and media policy. What follows is a chunk of the Q & A with Prof. Moglen
    that is more A than Q:
    
    Inside:What do you, as a cyberlaw professor, think of the wisdom and
    workability of the new proposals to impose export restrictions on encryption
    and allow the government to snoop on software?
    
    Professor Moglen: I agree that the U.S. Government, components of which have
    always sought to weaken the spread of encryption, will certainly present
    their agenda now. But it will do so in a world in which it is fundamentally
    no longer possible to get a consensus on weakening encryption rules, for the
    following reasons:
    
    First, backdoor encryption now means putting a backdoor in the global
    financial system, because global financial transactions depend on secure
    encryption. Backdoor will immediately result in the creation of security
    weaknesses throughout the global financial system, raising the possibility
    of attacks by ordinary as well as politically motivated criminals against
    the global financial structure. Because encryption is a critical aspect of
    global financial security, to require backdoors -- now in particular --
    would be like removing security from airplanes and buildings this week. And
    that wonıt be done.
    
    Of specific interest to the media and entertainment industry, encryption now
    is an essential part of the strategy of all media companies, because from
    e-books to DVDs to protected music formats, the strategic direction of the
    global entertainment industries is to sell strongly encrypted material and
    keys.... The strength of the encryption is, fundamentally, the strength of
    producerıs intellectual property.
    
    The ongoing litigation about DVDs, for example, [in which Hollywood studios
    are suing to stop the distribution of contraband software that descrambles
    digital movie files, allowing them to be copied and distributed over the
    Internet] would not now be going on if the encryption system selected for
    encrypting DVD content had been stronger. The reason that the system chosen
    was not stronger was precisely because the DVD content control system was
    designed at a time when both America and Japan had encryption export
    controls. [After Sept. 11, some members of Congress have discussed returning
    to those stricter standards in the United States.] And the hardware and
    content manufacturers were, therefore, compelled to use a system weak enough
    to be exportable, which was also weak enough for a 15-year-old Norwegian to
    break. [In late 1999, teenager Jon Johansen helped write the software that
    descrambles DVDs.]
    
    Any step to create new encryption export controls, or to weaken the strength
    of encryption in civil society, would inhibit the central strategic
    objective of the global entertainment companies, which is to protect their
    content by technical means, and then use law to protect their technical
    means.
    
    With the support of the Walt Disney Company, among others, Senator Fritz
    Hollings of South Carolina has on the Hill managed to work out the Security
    Systems Standards and Certification Act [which was drafted in August, before
    the attacks, and has not yet been formally introduced as a bill]. The SSSCA
    is proposing, in essence, a federal takeover of technology design in the
    hardware, consumer electronics and the software industry, requiring the U.S.
    government to interfere in the design of all these devices on behalf of the
    technological content protection schemes of the content manufacturers.
    
    Leaving aside the obnoxiousness and unconstitutionality of such a statute,
    its great unwisdom would mean the unlikelihood of political adoption, given
    that the constituencies would resent being told by the federal government
    how to design their products and their businesses. But I should also point
    out that the whole theory of the SSSCA is to create a free global movement
    in strong encryption hardware and software for the benefit of entertainment
    companies. Renewed export controls or limitations on encryption technologies
    would effectively defeat those plans. I donıt support those plans; I think
    those plans are abhorrent, unconstitutional, politically unattainable and
    socially unwise. But I would also point out that they conflict with the very
    thing which we now believe the governmentıs security apparatus may wish to
    do.
    
    Inside: Would this picture, which seems very dystopian in some aspects, have
    a middle ground for the government and companies to arrive at?
    
    Professor Moglen: We need to think about encryption as containing two
    components: cryptography, which is about finding better and better ways to
    keep secrets, and cryptanalysis, which is about finding more and more
    ingenious ways to break codes. When the government seeks to interfere in the
    encryption structure in society, for reasons of national security or
    domestic law enforcement, it does so by trying to weaken cryptography --
    [either by imposing] export controls that inhibit the spread of
    cryptographic innovations, or by [requiring] ³backdoors² and other means to
    weaken encryption schemes, so that the spook and the cop have an easier time
    [decoding] the encryption scheme.
    
    But when government acts to weaken cryptography, it therefore also acts to
    strengthen cryptanalysis. It does so in order to assist government
    cryptanalysts like the NSA, but in doing so it also strengthens criminal
    cryptanalysts who wish to attack the global financial system and civil
    cryptanalysts who wish to help users undo technological controls over media
    content. The result is that there is an intimate relationship in the
    Internet society where we all now live between ownership and keeping
    secrets, because keeping a bit-stream secret is how you establish your
    ownership right over it. When the government acts to limit cryptography, it
    destabilizes property. The most important kind of property it destabilizes
    is everybodyıs bank account, but it also destabilizes the property interests
    that media producers have in the content they electronically distribute.
    
    
    
    
    -------------------------------------------------------------------------
    POLITECH -- Declan McCullagh's politics and technology mailing list
    You may redistribute this message freely if you include this notice.
    Declan McCullagh's photographs are at http://www.mccullagh.org/
    To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
    This message is archived at http://www.politechbot.com/
    -------------------------------------------------------------------------
    



    This archive was generated by hypermail 2b30 : Mon Sep 24 2001 - 00:11:19 PDT