G53SEC

1

Copyright and Privacy`

G53SEC

2

Today’s Lecture:

• Introduction

• Copyright

- Software, Books, Audio, Video

- DVD

- Information Hiding

• Privacy Mechanisms

- Content Hiding, Deniability

- Association Hiding, Deniability

- Other Issues

G53SEC

3

Introduction:

• At system level

- Copyright

- Censorship

- Privacy

Access Control Issues

G53SEC

4

Introduction:

• How is Copyright and Privacy linked?

• Unprotected resources:

- freely distributable

- no payment to creators

- any action to stop dissemination futile

• Protected resources:

- encrypted content

- decrypted using a key obtained from license server

- key bought using private information

G53SEC

5

Copyright:

• Obsession of the film, music and publishing industries

• It didn’t start with the internet

- Tax for blank tapes

- Royalties for books in libraries

- Introduction of photography

- fear of book publishers that their trade is doomed

G53SEC

6

Copyright:

• Past

- protected by cost of small scale duplication

- cheaper to buy than duplicate

- large scale duplication traceable

• Then

- cost barrier eroded by photocopiers, recorders

- basic economics not changed

G53SEC

7

Copyright:

• Now

- digital world is changing this

- copyright sometimes based on physical device

- most copyright control moving towards registration

- this however undermines privacy

G53SEC

8

Copyright - Software:

• Early software given away for free with hardware

• IBM setup sharing scheme (1960s)

• Software copyright not an issue

• Introduction of software packages

- Code either stolen or re-implemented

• Software birthmarks – features of how an implementation is done (e.g. Course-marker)

• Hardware identifiers – processor serial number

G53SEC

9

Copyright - Software:

• Time bomb

• Introduction of microcomputers – start of piracy

• Technological techniques

- dongle – physical device attached to pc

- copying resistant software – e.g. bad sector

- pc identification by hardware (Windows XP)

• Psychological techniques

- embedded company/user name

- stories of failures due to missing patches

- early Microsoft scare example

G53SEC

10

Copyright - Software:

• Industry moved to legal solutions

- to enforce

- to limit – time bombs illegal

• Industry now moving back to technical mechanisms

• e.g. License servers – like dongles

• Current model

- Combination of technical and legal measures

G53SEC

11

Copyright - Software:

• Latest development

Online registration:

- Keeps logs of everyone using the software

- Privacy implications

• Increasingly changes of business model apparent

• Free limited version (shareware, demos)

• Free version to universities (Unix)

• Free version to individuals

• Free software, paid service (Linux)

G53SEC

12

Copyright - Audio:

• Audio pirated much longer than software

• Cassettes

- tax, technical measures (spoiler tone)

- not a great problem due to loss of quality

• Digital Audio Tape

- Serial copy management system

- Recorders did not implement it

- Not widespread

G53SEC

13

Copyright - Audio:

• Recently a headline concern due to MP3

- previously digital audio too large

- MP3 compresses this into manageable size

- in 1998 40% of MIT traffic due to MP3 traffic

- no royalties paid to copyright owners

• Initially industry focused on technical fixes

- Alternative audio compression

- copyright protection mechanisms (DRM)

- but unsuccessfully

G53SEC

14

Copyright - Audio:

• Unsuccessful due to

- PC an open platform

- backward compatibility issues with hardware solutions

- Many CD’s already sold – effectively master disks

• Next step was to sue

- Web sites allowing MP3 sharing

- Sharing technologies attacked (Napster etc..)

G53SEC

15

Copyright - DVD:

• DVD must have a suitable copyright protection

• Regions introduced – broken first

• Content Scrambling System (CSS) introduced

• CSS known to be vulnerable at time of release

• Key too short (possibly due to U.S. export restrictions)

• CSS depended on algorithm kept secret

• Story - developers had 2 weeks for CSS

• CSS still in court

G53SEC

16

Copyright – Information Hiding:

• New DVD protection techniques developed

- copyright marking

• Based on information hiding

- a technique that enables data to be hidden in other data

• Copyright marks – marks hidden unobtrusively in digital video, audio and artwork

- Watermarks

- Steganography – message existence undetectable

G53SEC

17

Copyright – Information Hiding:

• Roots in Camouflage

• Greek Persian war - Tattoos on slave’s heads

• Francis Bacon (15th Century)

- binary message in books by alternating font

• Many consider information hiding more important than enciphering it – e.g. military, criminals

G53SEC

18

Copyright – Information Hiding:

• Embedding schemes

- Hiding message in the least significant bit

- Hide message at locations determined by key

- Modern version – hides message in .gif files

- Using characteristics of a media (e.g. echoes)

- Spread spectrum encoding

• Introduction of noise or distortion causes problems

- e.g. with lossy compression

G53SEC

19

Copyright – Information Hiding:

• Attacks on marking schemes:

- Many marks additive

- If all video frames carry same mark, averaging them yields the mark

- Steganalysis techniques exist

- Suitably chosen distortions

G53SEC

20

Privacy:

• Confidentiality

- Keeping information secret due to obligation to a third party

• Privacy

- Ability to control the dissemination of information about oneself

G53SEC

21

Privacy – Content Hiding:

• Hiding the content of messages

• example – Pretty Good Privacy (PGP)

• encryption only part of the solution

• Governments can request keys

• Encryption use may mark your message for traffic analysis

l

G53SEC

22

Privacy – Content Deniability:

• Destroying keys is not enough

• Existence of protected material sufficiently suspicious

• If message well hidden (steganography), no one knows of its existence

• Steganographic file systems exist

G53SEC

23

Privacy – Association Hiding:

• The fact that communication between two parties exists is enough to raise suspicion

• Criminals – emphasis on anonymous communication rather than encryption

• Legitimate uses - Anonymous helplines

- abuse victims

- whistleblowers

- police informants

G53SEC

24

Privacy – Association Hiding:

• Existing technologies

• Anonymous remailers

• Crowds – users group together and do web page forwarding for each other

• Anonymizing proxies – caches keep logs though

• Internet Café’s

• Web based e-mails

• Implementing high-quality anonymity is hard

• Also due to market demands for data

G53SEC

25

Summary:

• Copyright

• Privacy

• Anonymity