Inkwell: Authors and Artists

    <scribbled by mnemonic Thu 15 Feb 01 12:59>
  

    

One of the more recent developments in crypto -- too recent to be included
in CRYPTO -- is the increasing use of encryption technologies to secure
(or attempt to secure) copyrighted content.

I'm thinking specifically of the use of DeCSS to block the copying, and
enforce the region-coding, of DVD movies, of the Secure Digital Music
Initiative, which aims to make music CDs uncopyable, and of schemes like
CPRM, which may be used to make computer storage devices themselves prevent
the unlicensed copying of copyrighted works.

Considering that some degree of unlicensed copying is built into the
Copyright Act, Steven, do you see some irony in the prospect that crypto,
which we've touted as a tool of liberty, may be used by the content
companies to take some of our liberty away?
  

    
Or more interestingly, will there come a point where RIAA and the MPAA can
have all the crypto they want but end-users will be specifically
banned?  And at that point, will breaking the cryptography be as illegal
as using it?  How can you write the law so that you are not violating it
by using an MPAA product?
  

    
Interesting, the new copyright lawi indeed makes it illegal to break
the cryptography protecting the music.   One of the grounds being cited
to overturn the DeCSS case is that this prevents legitimate academic
study.  It's also kind of mind boggling as a way to defend a
cryptosystem.    The obvious answer to someone breaking your system is
.... use a new system, it's broken!    In this case, the response is to
ban people from disseminating (or even reading) information on how the
break works.  That's wacky, but of course replacing it with a new
system (one that's halfway decent), would be kind of costly.

But do I think it ironic that crypto is used to protect intellectual
property in stuff like that?  Not at all.  Crypto is a tool and one
point I consistently make is that thanks to the breakthroughs made by
the people I write about (and promises of many more innvoations based
on those) it's possible to do zillions of things with these.  It's up
to policymakers, business people, and citizens to decide what should be
used and for what.    Crypto can be a tool of liberty in the sense
that it protects privacy and the free flow of information (and can hide
it from anti-democratic authorities) but it can also be a tool of
terrorists--or an entertainment industry that wants to zap not only
illegal copying but even fair use of songs and movies.  
  

    

  Any thoughts on the now-ubiquitous use of digital watermarking of
music?  It seems that a lot of CDs released nowadays contain audio with
this.  Heck, even oldies from the 60s and 70s are now being broadcast
only after digitally adding watermarks to them, or so I've read.  No
doubt the continued existend of people able and willing to play their
original-release recordings over the air is slowing this, but all the
signs seem to be pointing towards it someday being impossible to get
any music which hasn't been mangled by some allegedly inaudible digital
watermarking technology.  And anything you process through Windows Media
Player will forever carry your machine's identifying information in it.
Do you think this was inevitable, Steven?
  

    
Steven, I think that crypto being used to protect intellectual property and
the anti-cirmumvention statutes are more closely related than you imply. The
kinds of information that crypto's been used to protect in the past has had
a pershibility that intellectual property lacks.

What I mean is that a credit-card number or piece of military intel secured
by crypto over an insecure channel is of limited utility if it get cracked a
year later -- a new cryptosystem can replace the compromised crypto and new
messages sent with the new system.

Contrast that with, say, the musical catalog of Universal. If that's
released into the Internet with crypto A, and crypto A is cracked, then all
the copies of music locked with crypto A are in the clear, even if Universal
starts sending out new material with the more-robust crypto B. If Universal
believes that their ability to sell music online is based on the creation of
scarcity-through-crypto, then they're out of luck if crypto A is
compromised: all the previously CPU/key-locked copies of crypto A-protected
music are now non-scarce, and can't be used to generate revenue for
Universal.

I don't actually believe that Universal can only make money off of scarcity,
but it sure seems like they do -- as do other large IP concerns.

I think that the really alarming thing about using crypto to protect IP is
the erosion of fair-use rights previously enjoyed by consumers. Hardware-
locked media can't be loaned, sold as used goods, or even linked to without
violating the anti-circumvention laws.
  

    

Steven, I wonder if you could comment on this whole CARNIVORE thing I
mentioned above. It seems at once lke an invasion of privacy and a
hopelessly inadequate tool against real bad guys -- is there somethign I am
missing?

There is an interesting strain in your book, the history of the development
of cryptography (with a niftyy surprise ending, to boot) about whether or
not NSA was three jumps ahead of the public crypto people or not. Was what
they came up with all old news to thehm, or were they in fact enlightened by
those developments as well? They sundry responses responses were so knee-
jerk its hard to read much into them.

I wonder too, based on your description ofthe first Bush administraion's
response to crypto ("they didn;t want to get their suits dirty," is the line
I think) a good indication of what this administration, with so many of the
same people, will do in the same area, with the landscape sao radically
changed.
  

    
Hi, and welcome back, Steven, and thanks for another great book.  I hope
Crypto will spark interest in a relatively obscure subject the way that
Artificial Intelligence did for me.  

To address an earlier point, the best summary of the status of quantum
computing I've seen is Rob Pike's Usenix presentation last summer:
http://www.usenix.org/publications/library/proceedings/usenix2000/
invitedtalks/pike_html/

Back to Crypto... I have a couple of questions.

1.  Bruce Schneier's theme in Secrets and Lies is that he didn't really
    understand until sometime in 1998 that strong crypto wasn't enough
    for real (not "perfect") security.  I have the highest regard for
    Bruce, he's one of the top practitioners in the crypto world, and
    even more rare, a thoroughly common sensical person.  So this strikes
    me as a bit odd; is it typical for crypto people in your experience
    to not, in effect, see the forest for the trees in this way?

2.  Whit Diffie and Susan Landau did a great job in Privacy on the Line
    to suss out, as best they could with the deliberately sloppy federal
    crime reports, how much actual law enforcement wiretapping is going
    on in the US.  It was a lot less than I had suspected, mostly due to
    the cost and logistics involved.  The FBI's digital telephony agenda
    has been approved by Congress but no real money has been forthcoming,
    as you noted in Crypto.  I think we're all concerned that this opens
    the door to another realm that has little to do with what "wiretapping"
    has meant operationally and legally for the last 70 years.  With the
    new administration and especially the change of the guard at Justice,
    do you think the FBI will be able to break the tenuous truce on this?
    Or will the telecom providers push back and keep them at bay?  I'm
    not asking for a prediction, just your estimate of the relative
    political forces involved.
  

    
I just wanted to let you know that downtown Chicago, It's getting
predominant displays in several bookstrore windows.... Nice to see!
  

    
Ah, sweet home Chicago...

Two big issues here to answer, and I'll talk about FBI/Carnivore first.
(The second one,about intellectual property and crypto comes next.)

Carnivore (or whatever they're calling it now) is scary because it
apparently does not have the controls that the authorities promised with key
escrow.  In the latter, a wiretapper would have to get not only a warrent
(or some other authorization) and then present that to two storehouses to
get the info necessary to decipher the conversation/email.  With Carnivore,
as I understand it, the whole stream is mainlined, and tappers only have to
get the ISP to let 'em in to get to it. (Correct me,someone,if I got this
wrong.)  In any case, strong crypto screws up Carnivore, because these
messages will be scrambled when they leave a sender's computer and not
unscrambled until they hit the recipient's computer.  So if Microsoft or
someone else gets a standard system out where everything is automatically
encrypted (like Groove Networks is, right now), Carnivore gets starved.
What happens them is obvious:  Louis Freeh or some future equivalent marches
to Congress and howls.  Then it gets interesting. Will a legislature just
getting used to Silicon Valley/Redmond bucks turn tail and back up the G-
men?  Or will they ask the hard questions -- what do we get from Carnivore
intercepts and what might we lose in terms of privacy? how many of the
suspects being monitored can figure out on their own how to get crypto?  And
so on.

I keep going back to the keyboard sniffer that the cops put on the Philly
mobster who was using PGP.  That got 'em what they needed without capturing
emails about Alan Iverson or cheesesteak suggestions.  Or banning PGP.
  

    
Doctorow's point about the difference between the needs for persistant
security in something like an email and that of a DVD is well taken.  But
overall, I have to say that the role of crypto in securing intellectual
property is going to wind us as crucial -- though ultimately political and
legal battles will have to be fought over just what the crypto does and how
it works.

One of the things I'm most concerned about is the nature of crypto to seal
off an entire work.  What if you buy a DVD movie and want to include a clip
of it in, say, your paper for a college course.  This would seem a classic
"fair use" of a work.  You'd want to use just a piece of it for a non-
commercial, educational purpose.  Yet you might not be able to do this
because the encryption prevents replay on anything except a player designed
to read off the original disk.

Clearly this is a case where crypto in not in synch with the positive view I
have of people like Diffie, Rivest, and Zimmermann.  But realistically,
crypto is not a warm fuzzy thing but a tool that can be used all sorts of
ways.  I tried to treat the cryptosystem in Crypto the same way I treated
the various computer systems in Hackers -- as characters.  Some were
friendlier than others.
  

    

To reiterate a historical question up there -- and I do know you have a day
job, steven -- I wonder what your sense is concering whether the people
behind the triple fence were surprised by the technology being discovered by
people like Diffie, Rivest and Zimmerman -- or had they already hit on the
same ideas.
  

    

I'd also like to ask a broader Steven Levy question.

When one looks over the list of your books, "one of these things is not
like the others." To wit, we have the true-crime book THE UNICORN'S SECRET,
recently made into a TV movie, and nary a computer or nerd in sight.

How did you come to write that book, Steven, and how had the work you did
on that one informed the writing of subsequent books?
  

    
Jon, the short answer is this.   The actual discovery of public key itself
actually first occured in the intelligence community (the UK version of the
NSA) but was shelved as not practical.  What the people at the NSA certainly
did not believe was that an independent community would spontaneously spring
up, and that it would eventually become a commercially viable enterprise.
After an initial panic, they figured that not many people would actually use
the stuff, and when evidence appeared to indicate they were wrong, many
behind the Triple Fence were slow off the mark to understand this.  By the
1990s, they had no such illusions.

As for Mike's question...  After I finished Hackers I had the opportunity to
pursue a story I had always been fascinated with, the strange case of my
home town's leading hippie -- the guy who was a metaphor for the Sixties
themselves in Philadelphia -- getting arrested when his girlfriend was found
dead in a trunk in his apartment.  At the time, it also seemed a good idea
not to get "typecast" as a tech writer. As it turned out, writing The
Unicoren's Secret was incredibly depressing, despite periodic exhilatations
when I uncovered new material. I don't know how people like my wife (a true
crime writer) do it all the time. So I stopped worrying about typecasting
and learned to love what was easy to love -- writing about the most
important story of our time, the digital revolution and its participants,
talking to very smart people and recounting the inside story of this or
that.

That said, Mike it right, in that I learned a lot about going very very deep
into the human drama while writing Unicorn, and I think it's reasonable to
think that helps what I've done since.
  

    

Of your books, is CRYPTO the one that took longest to write, and, if so,
why?

(You've mentioned once or twice that the book was late, and I was wondering
to what extent that was due to the fact that your wife, Teresa, also had a
major book due in the same period. At the same time, this was a story that
has kept developing, so I wondered if it was just difficult to figure out
when to say "this is the end of the book".)
  

    

Also, if I had kept my "Voyage to the Bottom of the Sea" or "Flintstones"
lunchboxes in good condition, what would they be worth today?
  

    

Another CRYPTO question:

It seems to me that one of the true tragedies of the crypto revolution
is the story of David Chaum. He's a guy who seemed for a long time to
have done everything right -- he figured out the crypto theory necessary
for digital cash, he held the right patents, and he was able for a time
to drum up some business interest in his work ... and then it all fell
apart, and at the end he didn't even hold the patents anymore.

What do you think went wrong for David Chaum?
  

    
Email from Mad Dog:

The underlying horror in all this government snooping is that it is
filtering down to the home nerd like me on his computer. I am innocent
enough by legal standards but I would be considered dangerous for my
thoughts. Like the Kafka novel I am guilty and I will soon be traced down
and that creates a living nightmare for those of us out in cyber space.
What can be done?
  

    

Before Steven gets here, I would suggest to maddog that he read Crypto,
which is very hopeful about the balance of power between private citizens
and the government. Or os i read it, at any rate.
  

    
I'll swing at the two Mike pellets first...

Crypto took longer than expected mainly because I took the Newsweek job,
which provided me a much better platform to cover the tech story.  After I
signed the contract to write it (1994), I did a fellowship at the Freedom
Forum Media Studies Center and while it was productive, I didn't get on the
road as much as I would have had I not been somewhat anchored by their
schedule (which urged attendance at weekly seminars on Wednesdays).  I was
perfectly happy at this, figuring I'd pick up the slack in the coming year.
But that year I accepted a column at Newsweek, which quickly expanded to
general coverage.  At that point, I took a hard look at the progress of my
story itself and decided that maybe it wasn't so bad to take longer -- I'd
have a better chance at having a complete story if I waited, and maybe
government sources would open up.  (Teresa's crash project with Marcia Clark
was one more reason to hold off.) As it happened, the story did reach an end
point, and sources did open up, so everything turned out fine.  But I hope
my next book will be done more expediently.

As for Chaum, its true that there's a sad element to his story. But it was
his business that failed, not his ideas.  I'm not sure that I'd call the
failure of DigiCash a tragedy.  Remember, CyberCash, the supposedly "smart"
startup -- the one not affected by the "idealism" that would gum up a hard-
edged business team -- didn't exactly burn up the world, either.  And I
haven't heard much of Mondex lately. I came to like David immensely and
really enjoyed our sessions together.  His passion for his ideas were
inspiring, even if his dreams of a great company weren't realized.

And though my web page still had lunch boxes on it, I'm not really doing
much buying or thinking about them. eBay ruined it for me. I used to have a
couple pails in mind, and would enjoy the hunt for them.  But with eBay,
everything comes up for sale, sooner rather than later.  The thrill was
gone.
  

    
I am buying your book, Crypto, tomorrow.  However, for more information on
the NSA in general, what material would you recomend?
  

    

I have a feeling Steven's going to recommend James Bamford's THE PUZZLE
PALACE: A REPORT ON AMERICA'S MOST SECRET AGENCY.
  

    

  That's certainly the one I'd recommend.  But perhaps Steven also
knows of something more recent...?
  

    

Steven, could you give your assessment of how much of an effect the
Cypherpunks had on the debate about crypto? I know that for much of the
1990s, I was steeped in the Cypherpunks culture, hung out with Eric Hughes
and Tim May and (of course) John Gilmore, and, in the earliest days, I
posted plenty to the mailing list, including what I think was the first
stab at framing a (public) constitutional argument against banning or
regulating crypto.

In retrospect, though, it seems like the players that really mattered, in
terms of pushing the issues forward, were the industry players, plus the
growing cadre of legislators who were grappling with the issues. So,
did the cypherpunks make any difference?

Actually, now that I ask the question, one partial answer occurs to me:
it was the cypherpunks who were the chief arguers for the value of 
being anonymous in cyberspace and elsewhere.
  

    
One of my professors, who is ex-NSA, suggested "Puzzle Palace" last night
so I ordered it when I ordered "Crypto."