Journal renehollan's Journal: Might have weekend off 5
I haven't been writing here much lately, partially because of work-related project deadlines. However, I have been thinking a lot about SSSCA and the kinds of "anti-circumvention" devices that might be remotely acceptable. Search /. for my postings on the subject.
It does look like I won't have to work this weekend though. Yea! I get to clean the house. Er, maybe !Yea.
Update
Boo. I got more work from my boss. We've all been working a lot lately (nights, weekends) so I'd feel guilty if I didn't come in and get started on this latest enhancement to my previous work while others were here. Still, I was hoping for a weekend off for a change.
Acceptable SSSCA (Score:2)
Of course, the MPAA and RIAA won't support this type of protection, which just goes to show the issue isn't piracy at all. (I will admit my current sig was prompted by the suggestion of SSSCA to begin with. A little thought should reveal what error is requesting support from the government in this case.)
Re:Acceptable SSSCA (Score:2)
Basically, the idea is to leverage strong public-key crypto into a system with a trust structure where your equipment knows how to decrypt something, and what other equipment to trust, but you don't -- all you have are the public keys (or, likely, a single public key).
Keys are escrowed with escrow services so they are not lost if (a) your equipment dies, or (b) the manufacturer goes out of business. Basically, you have standardized key management modules, which are tamper hardened: the best you get out of something is an analog representation. With more and more interactive content (think DVDs with their "extra features", a static analog version will have less and less value over time).
Is key escrow scary? It shouldn't be in this context, because it isn't your data that can be decrypted: you don't have to trust the escrow companies, the content producers do.
Fair use is a bit more difficult. Taking movies or music to a friend's house is easy: you just take keys with you. Making extracts for critical review is a bit toughter: if you can do that, you could extract the whole thing and reassemble a perfect digital copy from the pieces. Let's presume that analog, or lower-resolution, extracts are not acceptable to you. One possiblility involves the production of proxies to the context extracted, or hyper-links to it. The problem with this is that the reader needs permission to resolve the links, so it is less than an ideal solution, but I am sure that a bit of thought could overcome this hurdle.
As for automatic protection expiry... Sure! Lessig notes that Code is Law, and this can be a bad thing. However, in this case, it can be a good thing, in that expirations could be enforced by the code. The encryption/decryption code would, of course, have to be freely available for review.
Naturally, existing "unprotected" devices could not be made retroactively illegal. That would be ludicrous. And yes, this means that there will be an interval where "almost as good" copies could flourish. But, as technology advances such copies will be sufficiently inferior as to not be desired.
I'm sure you could come up with other reasons to criticize this, and yes, DRM is a PITA. But, unless we offer DRM alternatives such that the public at large can see them as meeting the content-providers purported motives, I fear we will get stuck with something horrible.
Endnote: of course, copyright and patent protections have become extremely unbalanced in the U.S., and another front in this battle is restoring them to more reasonable terms.
Re:Acceptable SSSCA (Score:2)
Wow. It's refreshing to find another person who speaks as idealistically as I do, but in the diametrically opposed direction. Well, let's see how fast I disagree with what you have to say.
Basically, the idea is to leverage strong public-key crypto into a system with a trust structure where your equipment knows how to decrypt something, and what other equipment to trust, but you don't -- all you have are the public keys (or, likely, a single public key).
Hold it right there. "...system with a trust structure..."? What trust? If you mean trust as in "an illegal combination of companies controlled by a central board, making it possible to minimize costs, maximize income and reduce competition" -- well, there's way too much of that already. If by trust you mean "reliance on the integrity, strength, ability, surity, etc. of a person or thing"-- then you are being idealistic, because "there ain't nonesuch" in the market.
Oh, I'd love to be able to trust the media corporations, believe me! But they started distrusting the consumer-- with things like DVD region coding, or MacroVision-- which have little to no value for the end consumer. When the vendors treat me like a criminal, I will distrust them in return. I ask myself, "Why do they treat me like this? Have they been wronged, or are they just being greedy?" (I see no alternative motives for their actions.) Unfortunatly, the answer that comes ringing back in silence tells far more than any words could....
I'm sure you could come up with other reasons to criticize this, and yes, DRM is a PITA. But, unless we offer DRM alternatives such that the public at large can see them as meeting the content-providers purported motives, I fear we will get stuck with something horrible.
I'm not critizing your solution. Far from it. I am saying that we should question-- loudly and publically-- the corporate motives for asking for DRM in the first place and compare this to their stated objectives. The fix isn't to give them an inch and show how far out of line they are because they ask for a mile-- the only proper solution is to call them out. Providing any DRM solution is, IMO (and from my viewpoint), abandoning our cause (which is, for all intents and purposes, the empowerment of the average man via digital technology).
Re:Acceptable SSSCA (Score:2)
Sure, trust is always a problem. The question is who do you trust and to what degree. That depends what you trust them with. There are plenty of examples of trust in the modern world, some of which do not rely on state legislation: bond-rating companies are trusted and they are not regulated (as far as I know) -- their reputation requires maintaining objectivity. Banks are trusted with our money and they are regulated.
Trust can be earned in this context several ways: (1) Make the DRM system itself open, technologically. (2) Divorce key escrow services from major content providers. (3) Leverage the trust infrustructure in other ways: identification certification (voluntary, of course), low-security mail encryption (it would be nice to send encrypted email to anyone, even if they trusted key escrow providers that I didn't when I didn't care about privacy of content), legal summons delivery, etc.
Basically, any acceptable DRM would have to rely on a publicly acceptable neutral trust infrastructure. Right now, we have none. I think such an infrustructure, whether we use it or not, would be useful, even if it's use for content DRM is still undesired. Think of it as a trustnet in the same context as an internet (and yes, it would face the same risks as internet usurption (is that a word?)).
I am saying that we should question-- loudly and publically-- the corporate motives for asking for DRM in the first place and compare this to their stated objectives.
Yes. What they say and what they want do look like two different things.
However, there is a market for content crippled by DRM, and that means that the market will be filled, and the effects of that DRM will spill over (i.e. restrict non-DRM-aware PCs in an SSSCA-mandated horror). While challanging the need for DRM on it's face, and what DRM would be acceptable are two different things (one implicitly admitting a need for the other), I think that having a retrenchment position if the "need for DRM" battle is lost, would be wise.
Re:Acceptable SSSCA (Score:2)
Well said. I am unafraid to tell you: I trust the MPAA and RIAA with only one thing: producing trash. Why? Astonishingly, you put to words the other half of the equation very well...
[with reguard to DRM,]What they say and what they want do look like two different things.
The movie industry is built on appearances-- case in point, the Titanic sucess of the horrible moive of the same title just because of one song and one actor (and a really good sense of timing). Same sort of thing for music. So if they aren't disguising their motives too well with reguard to DRM, maybe we need to consider: what if they really were disguising their motives? (One moment while I adjust my tinfoil hat.)
All joking about conspiracy theories aside, I'm pretty sure that if reasonable DRM were to emerge, it would emerge due to market forces. Well, that won't happen... remember DIVX? (The product, not the codec.) Ergo this stupid legislative movement, and my total opposition to it.