********* Date: Fri, 21 Sep 2001 14:17:37 -0400 Subject: eben moglen Q&A From: Roger Parloff <rparloffat_private> To: Declan McCullagh <declanat_private> if they can put out of their minds the disturbing thought that i may have had anything to do with commissioning and editing this article, your readers might inadvertently find themselves enjoying it. it's a q&a with eben moglen, conducted by reporter rafat ali, about how current talk of imposing legislative restrictions on encryption technologies conflicts with the (equally wrongheaded) efforts of the entertainment industry to protect its content through increasingly robust encryption. as always your readers should probably be WARNED to steer clear of our Web site at all costs, and to read only the attachment below. though the article itself is currently free, it may within a few days slip behind the firewall and become -- AN ADVERTISEMENT!!!!! -- convertible into an actual editorial product only upon payment of a 40-cent ransom. the pay-per-view society incarnate. Entertainment Companies Have a Lot to Lose If Government Cracks Down on Security Systems, Professor Argues In an interview with Inside, Columbia University's cyberlaw expert Eben Moglen argues that if the authorities are given 'backdoor' access to security software, all sorts of online commerce will face greater threats from hackers. An Inside interview. by Rafat Ali Friday, September 21, 2001 Since the Sept. 11 attack, the U.S. Congress has been considering a slew of reforms that could significantly alter the current balance that our laws strike between protecting individual privacy and helping law enforcement to fight terrorism. Already, the Senate has voted to broaden the wiretapping authority of government agencies. And legislators are discussing whether to require that encryption technologies have built-in "backdoors" to allow the authorities easy access, and whether to re-institute strict export controls on such security technologies. Many legislators fear -- though no evidence has yet emerged to confirm those fears -- that terrorists may have used electronic communications to coordinate their attacks, relying on encryption technologies to make sure their messages could not be intercepted by intelligence agencies. In an interview with Inside on Thursday, Prof. Eben Moglen of Columbia University Law School, discussed how these new proposals -- ostensibly about questions of national security and free speech -- could affect the entertainment and media industries. Formerly a software developer, Professor Moglen, 42, teaches courses focusing on cyberlaw issues, is affiliated with the privacy advocacy group Electronic Frontier Foundation, and serves as general counsel to the Free Software Foundation, an organization that backs the open-source software movement. He is currently working on a book, The Invisible Barbecue, analyzing the socio-political implications of technology and media policy. What follows is a chunk of the Q & A with Prof. Moglen that is more A than Q: Inside:What do you, as a cyberlaw professor, think of the wisdom and workability of the new proposals to impose export restrictions on encryption and allow the government to snoop on software? Professor Moglen: I agree that the U.S. Government, components of which have always sought to weaken the spread of encryption, will certainly present their agenda now. But it will do so in a world in which it is fundamentally no longer possible to get a consensus on weakening encryption rules, for the following reasons: First, backdoor encryption now means putting a backdoor in the global financial system, because global financial transactions depend on secure encryption. Backdoor will immediately result in the creation of security weaknesses throughout the global financial system, raising the possibility of attacks by ordinary as well as politically motivated criminals against the global financial structure. Because encryption is a critical aspect of global financial security, to require backdoors -- now in particular -- would be like removing security from airplanes and buildings this week. And that wonıt be done. Of specific interest to the media and entertainment industry, encryption now is an essential part of the strategy of all media companies, because from e-books to DVDs to protected music formats, the strategic direction of the global entertainment industries is to sell strongly encrypted material and keys.... The strength of the encryption is, fundamentally, the strength of producerıs intellectual property. The ongoing litigation about DVDs, for example, [in which Hollywood studios are suing to stop the distribution of contraband software that descrambles digital movie files, allowing them to be copied and distributed over the Internet] would not now be going on if the encryption system selected for encrypting DVD content had been stronger. The reason that the system chosen was not stronger was precisely because the DVD content control system was designed at a time when both America and Japan had encryption export controls. [After Sept. 11, some members of Congress have discussed returning to those stricter standards in the United States.] And the hardware and content manufacturers were, therefore, compelled to use a system weak enough to be exportable, which was also weak enough for a 15-year-old Norwegian to break. [In late 1999, teenager Jon Johansen helped write the software that descrambles DVDs.] Any step to create new encryption export controls, or to weaken the strength of encryption in civil society, would inhibit the central strategic objective of the global entertainment companies, which is to protect their content by technical means, and then use law to protect their technical means. With the support of the Walt Disney Company, among others, Senator Fritz Hollings of South Carolina has on the Hill managed to work out the Security Systems Standards and Certification Act [which was drafted in August, before the attacks, and has not yet been formally introduced as a bill]. The SSSCA is proposing, in essence, a federal takeover of technology design in the hardware, consumer electronics and the software industry, requiring the U.S. government to interfere in the design of all these devices on behalf of the technological content protection schemes of the content manufacturers. Leaving aside the obnoxiousness and unconstitutionality of such a statute, its great unwisdom would mean the unlikelihood of political adoption, given that the constituencies would resent being told by the federal government how to design their products and their businesses. But I should also point out that the whole theory of the SSSCA is to create a free global movement in strong encryption hardware and software for the benefit of entertainment companies. Renewed export controls or limitations on encryption technologies would effectively defeat those plans. I donıt support those plans; I think those plans are abhorrent, unconstitutional, politically unattainable and socially unwise. But I would also point out that they conflict with the very thing which we now believe the governmentıs security apparatus may wish to do. Inside: Would this picture, which seems very dystopian in some aspects, have a middle ground for the government and companies to arrive at? Professor Moglen: We need to think about encryption as containing two components: cryptography, which is about finding better and better ways to keep secrets, and cryptanalysis, which is about finding more and more ingenious ways to break codes. When the government seeks to interfere in the encryption structure in society, for reasons of national security or domestic law enforcement, it does so by trying to weaken cryptography -- [either by imposing] export controls that inhibit the spread of cryptographic innovations, or by [requiring] ³backdoors² and other means to weaken encryption schemes, so that the spook and the cop have an easier time [decoding] the encryption scheme. But when government acts to weaken cryptography, it therefore also acts to strengthen cryptanalysis. It does so in order to assist government cryptanalysts like the NSA, but in doing so it also strengthens criminal cryptanalysts who wish to attack the global financial system and civil cryptanalysts who wish to help users undo technological controls over media content. The result is that there is an intimate relationship in the Internet society where we all now live between ownership and keeping secrets, because keeping a bit-stream secret is how you establish your ownership right over it. When the government acts to limit cryptography, it destabilizes property. The most important kind of property it destabilizes is everybodyıs bank account, but it also destabilizes the property interests that media producers have in the content they electronically distribute. ------------------------------------------------------------------------- POLITECH -- Declan McCullagh's politics and technology mailing list You may redistribute this message freely if you include this notice. Declan McCullagh's photographs are at http://www.mccullagh.org/ To subscribe to Politech: http://www.politechbot.com/info/subscribe.html This message is archived at http://www.politechbot.com/ -------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Mon Sep 24 2001 - 00:11:19 PDT