[Cdn-DMCA] On the Sklyarov case

Sandy Harris pashley at storm.ca
Sun Apr 7 22:53:21 EDT 2002 

Kristofer Coward wrote:
 
> On Sat, Apr 06, 2002 at 07:57:52PM +0500, Krishna E. Bera wrote:
> > Are you saying we need an authoritative opinion or even a proof
> > of an isomorphism between information in the digital world
> > and information in the legal world (for example)?
> 
> Politically, that's exactly what we need.

If we did need such a proof, methinks we'd have a really difficult
problem. However, I think all we need is a clear demonstration
that the industries asking for these laws are using utterly bogus
"justifications" for their requests.

> Politicians and lawyers
> aren't technically minded, and therefore can't see the "obvious" truth
> of our arguments. Since we have an agenda, they're not about to trust
> us either. Reviewed articles OTOH are "neutral" and therefoe
> trustworthy.

It needs no elaborate technical argument to say that these alleged
"content protection" schemes do not in fact prevent large-scale
copying. Bit-for-bit copies of any medium can be made.

	Do not decrypt.
	Do not spend two bilion computer cycles.
	Go directly to copying the bits.

My guess would be that even the dumbest politician or bureaucrat
could understand that. Since quite a few aren't dumb, methinks
we're home free on that point.

On other points, you do need a bit of a technical argument, but
it is fairly straightforward and references are readily available.

The basic notion that all the security in an encryption system
must rest in the key goes back over a century.

Schneier's Applied Cryptography, 2nd edition has:

page 5:
	A fundamental assumption in cryptanalysis, first enuniciated
	by the Dutchman A. Kerckhoffs in the nineteenth century, is
	that the secrecy must reside entirely in the key.
page 7:
	And don't forget Kerckhoffs's assumption: If the strength
	of your new cryptosystem relies on the fact that the attacker
	does not know the algorithm's inner workings, you're sunk.
	If you believe that keeping the algorithm's insides secret
	improves security more than letting the academic community
	analyse it, you're wrong. And if you think that someone
	won't disassemble your source code and reverse-engineer 
	your algorithm, you're naive.

A web reference is:
http://www.ciphersbyritter.com/GLOSSARY.HTM#KerckhoffsRequirements

It follows immediately that no system which just puts the key on
the media (as Sklyarov says some e-books do) can possibly be
secure. If all security rests in the key, and the adversary can
get the key, then there is no security.

Of course you might try putting the key into some sort of device
that you hope is tamperproof. DVD CSS does this. The movie keys 
are on the disk, but they are encrypted so that to access them
you need a second key. The second key is embedded in the player.

This doesn't work either. See Schneier's second paragraph above,
especially the last sentence.

In general, "tamperproof" devices aren't tamperproof. Much of
the best academic research on this comes from Ross Anderson's
group at Cambridge. I don't have specific references, but see
Anderson's home page if you need to track them down:
http://www.cl.cam.ac.uk/users/rja14/

For non-academic examples, look at the history of attempts to
build secure decoders for cable or satellite TV.

This leads to an argument that you cannot give the vendors
what they are aking for without completely destroying the
"personal computer" as we know it, taking control of the
machine out of the hands of the user.
 
> > Perhaps testimony that information theory applies everywhere,
> > not just in math, computers, engineering.

I cannot see that that would be relevant.
 
> Testimony by whom? An "impartial" expert witness likely won't happen
> until a trial of some sort. I don't think we want things to get that
> far.
> 
> --
> Kristofer Coward                                http://unripe.melon.org/
> GPG Fingerprint: 2BF3 957D 310A FEEC 4733  830E 21A4 05C7 1FEB 12B3
> --
> For (un)subscription information, posting guidelines and
> links to other related sites please see http://www.flora.org/dmca/
--
For (un)subscription information, posting guidelines and
links to other related sites please see http://www.flora.org/dmca/

More information about the Discuss mailing list