the politics of the internet lecture 11: copyright ii – where code meets law last week last week...
TRANSCRIPT
The Politics of the InternetThe Politics of the InternetLecture 11: Copyright II – Where Code Meets LawLecture 11: Copyright II – Where Code Meets Law
Last weekLast week• How copyright was challenged by MP3s How copyright was challenged by MP3s
and file sharing – and how copyright and file sharing – and how copyright owners respondedowners responded
This weekThis week• How copyright law and computer code How copyright law and computer code
are coming to reinforce each other.are coming to reinforce each other.• New policy issues on the frontier of New policy issues on the frontier of
cyberspacecyberspace
The Politics of the InternetThe Politics of the InternetLecture 11: Copyright II – Where Code Meets LawLecture 11: Copyright II – Where Code Meets Law
Cryptograpic technologyCryptograpic technology• Early disputes about cryptographyEarly disputes about cryptography• States versus individuals and firmsStates versus individuals and firms
Cryptography in e-commerceCryptography in e-commerce• Wire-cutters or barbed wire fence?Wire-cutters or barbed wire fence?
Current issuesCurrent issues• The relationship between code and lawThe relationship between code and law• Firms and states versus individualsFirms and states versus individuals
The Politics of the InternetThe Politics of the InternetWhere Code Meets LawWhere Code Meets Law
Illustration of Lessig’s key argument.Illustration of Lessig’s key argument. Law and (software) code are two Law and (software) code are two
possible forms of social control.possible forms of social control. Software code doesn’t necessarily Software code doesn’t necessarily
increase individual freedomincrease individual freedom Depending on how it is written, it Depending on how it is written, it
may control as well as liberatemay control as well as liberate
The Politics of the InternetThe Politics of the InternetLecture 9: Copyright II – Where Code Meets LawLecture 9: Copyright II – Where Code Meets Law
Lessig’s cutesy definitionLessig’s cutesy definition East coast code is law in the East coast code is law in the
traditional sensetraditional sense West coast code is software codeWest coast code is software code When the two reinforce each other, When the two reinforce each other,
they can exert considerable control they can exert considerable control over what individuals can or cannot over what individuals can or cannot do.do.
The Politics of the InternetThe Politics of the InternetRecent history of cryptographyRecent history of cryptography
2 phases2 phases Phase One – establishing the right to Phase One – establishing the right to
strong cryptographystrong cryptography• Battles where individuals and firms Battles where individuals and firms
fought governmentfought government Phase Two – when cryptography Phase Two – when cryptography
becomes generalizedbecomes generalized• New battles – governments and firms New battles – governments and firms
cooperate in ways that may limit cooperate in ways that may limit traditional individual freedomstraditional individual freedoms
The Politics of the InternetThe Politics of the InternetCryptographyCryptography
Cryptography – the science of Cryptography – the science of creating codescreating codes
Cryptanalysis – the science of Cryptanalysis – the science of breaking codesbreaking codes
Long history – stretching back Long history – stretching back thousands of yearsthousands of years
But recently given impetus by But recently given impetus by computer revolutioncomputer revolution
Indeed opposite is also true - EnigmaIndeed opposite is also true - Enigma
The Politics of the InternetThe Politics of the InternetCodes and statesCodes and states
Until relatively recently, codes primarily Until relatively recently, codes primarily the domain of governments, diplomatic the domain of governments, diplomatic communications etc.communications etc.
But as computer technology became more But as computer technology became more widespread, easier for others to use codeswidespread, easier for others to use codes
Commercial applications began to develop Commercial applications began to develop – still deferential to state interests. – still deferential to state interests. Relatively weak standards.Relatively weak standards.
Government didn’t want strong standards Government didn’t want strong standards in the commercial sector – this would have in the commercial sector – this would have made it too hard to break codes when made it too hard to break codes when necessary for national security reasons necessary for national security reasons etc.etc.
The Politics of the InternetThe Politics of the InternetCode WarriorsCode Warriors
Revolution came in mid-1970’s, with Revolution came in mid-1970’s, with invention (or public discovery at invention (or public discovery at least) of public key encryption.least) of public key encryption.
Devised by a couple of Devised by a couple of mathematicians – Whitfield Diffie, mathematicians – Whitfield Diffie, Martin Hellman and Ralph MerkleMartin Hellman and Ralph Merkle
Then developed further by Ron Then developed further by Ron Rivest, Adi Shamir, Leonard Adleman Rivest, Adi Shamir, Leonard Adleman - RSA - RSA
The Politics of the InternetThe Politics of the InternetWhat is Public Key Encryption?What is Public Key Encryption?
Allows easy communication with codes – Allows easy communication with codes – difficult for others to break.difficult for others to break.
An individual can have a public key and a An individual can have a public key and a private keyprivate key
Can distribute the public key – so that Can distribute the public key – so that others can communicate securely with her.others can communicate securely with her.
But can maintain the private key – so only But can maintain the private key – so only she can read communicationsshe can read communications
2 keys are distinct – v.hard to derive one 2 keys are distinct – v.hard to derive one from the other (involve massive prime from the other (involve massive prime numbers).numbers).
The Politics of the InternetThe Politics of the InternetImplications of Public Key EncryptionImplications of Public Key Encryption
Made it much more difficult for Made it much more difficult for outsiders to break strong encryption outsiders to break strong encryption (governments, spies, other firms (governments, spies, other firms etc).etc).
Meant (together with advances in Meant (together with advances in hardware/software) that encryption hardware/software) that encryption could be brought to the masses.could be brought to the masses.
Encryption was no longer the Encryption was no longer the preserve of states.preserve of states.
The Politics of the InternetThe Politics of the InternetEncryption as killer app – the Internet and e-commerceEncryption as killer app – the Internet and e-commerce
Public key encryption was answer to a Public key encryption was answer to a major difficulty for e-commercemajor difficulty for e-commerce
How to keep commercial transactions with How to keep commercial transactions with sensitive information (e.g. credit card sensitive information (e.g. credit card numbers) secure?numbers) secure?
Banks etc could use this technology to Banks etc could use this technology to communicate securely with their users.communicate securely with their users.
One could combine public key encryption One could combine public key encryption with other (‘symmetric’) forms of with other (‘symmetric’) forms of encryption to provide security.encryption to provide security.
The Politics of the InternetThe Politics of the InternetObjections from the spiesObjections from the spies
But public key encryption could also make But public key encryption could also make life far more difficult for law enforcement – life far more difficult for law enforcement – if it became generally used.if it became generally used.
Terrorists/other states could communicate Terrorists/other states could communicate securely.securely.
US and its allies classified encryption US and its allies classified encryption schemes as military technologies.schemes as military technologies.
Major restrictions on their export.Major restrictions on their export.• In US, Digital Encryption Standard only allowed In US, Digital Encryption Standard only allowed
for 56 bit encryption.for 56 bit encryption.• Only 40 bit encryption could be used for export Only 40 bit encryption could be used for export
purposes – relatively weak and easy to break purposes – relatively weak and easy to break (which was the point).(which was the point).
The Politics of the InternetThe Politics of the InternetLines of first battles over encryptionLines of first battles over encryption
Thus, major battles of early 1990’s Thus, major battles of early 1990’s over encryption.over encryption.
On one side – privacy activists – On one side – privacy activists – wanted universal access to strong wanted universal access to strong encryption.encryption.
On the other – government and law On the other – government and law enforcementenforcement
Wanted to maintain old regime where Wanted to maintain old regime where states had control over process.states had control over process.
The Politics of the InternetThe Politics of the InternetCode WarsCode Wars
Political battles took place – mostly in Political battles took place – mostly in US – over terms of use of US – over terms of use of cryptography.cryptography.
Government proposed heavy Government proposed heavy controls.controls.• ““Clipper” chip as means to cryptographyClipper” chip as means to cryptography
Would have given government access to Would have given government access to communication as necessary.communication as necessary.
• Strong export controls on cryptographyStrong export controls on cryptography Privacy activists and firms protested.Privacy activists and firms protested.
• New “Trusted Third Party” system.New “Trusted Third Party” system.
The Politics of the InternetThe Politics of the InternetActivistsActivists
Saw access to cryptography as a Saw access to cryptography as a privacy issue.privacy issue.
Diffie had been a strong pro-privacy Diffie had been a strong pro-privacy activist – this is what got him activist – this is what got him interested in cryptography in the first interested in cryptography in the first place.place.
Cryptography would allow individuals Cryptography would allow individuals to keep information safe from to keep information safe from governments, firms, whoever.governments, firms, whoever.
The Politics of the InternetThe Politics of the InternetCypherpunksCypherpunks
Some took a cyberlibertarian Some took a cyberlibertarian perspective.perspective.
Code would allow exchange of illicit Code would allow exchange of illicit information, sharing of copyrighted information, sharing of copyrighted material etc – and states could do material etc – and states could do nothing about it.nothing about it.
““Cypherpunks” active and vocal in Cypherpunks” active and vocal in debate – opposing government debate – opposing government efforts to reimpose control.efforts to reimpose control.
The Politics of the InternetThe Politics of the InternetCypherpunk manifestoCypherpunk manifesto
““just as a seemingly minor invention like just as a seemingly minor invention like barbed wire made possible the fencing-off barbed wire made possible the fencing-off of vast ranches and farms, thus altering of vast ranches and farms, thus altering forever the concepts of land and property forever the concepts of land and property rights in the frontier West, so too will the rights in the frontier West, so too will the seemingly minor discovery out of an seemingly minor discovery out of an arcane branch of mathematics come to be arcane branch of mathematics come to be the wire clippers which dismantle the the wire clippers which dismantle the barbed wire around intellectual property” barbed wire around intellectual property”
The Politics of the InternetThe Politics of the InternetFirms’ interestsFirms’ interests
Firms lined up with (and sometimes Firms lined up with (and sometimes funded) privacy activists.funded) privacy activists.
Worried that firms in US would lose Worried that firms in US would lose out to foreign competitors if they out to foreign competitors if they could not use strong cryptography in could not use strong cryptography in their products.their products.
Lobbied US government to change Lobbied US government to change policy – but strong resistance from policy – but strong resistance from intelligence community.intelligence community.
The Politics of the InternetThe Politics of the InternetPretty Good PrivacyPretty Good Privacy
Much of controversy focused on Much of controversy focused on “Pretty Good Privacy”“Pretty Good Privacy”
Software written by Phil Zimmerman Software written by Phil Zimmerman to implement public key to implement public key cryptography and make it generally cryptography and make it generally available.available.
128 bit encryption – while proposed 128 bit encryption – while proposed new US standard was 64 bit.new US standard was 64 bit.
18,446,744,073,709,551,616 times 18,446,744,073,709,551,616 times more powerful.more powerful.
The Politics of the InternetThe Politics of the InternetWhere code beats lawWhere code beats law
US government investigated Zimmerman US government investigated Zimmerman for exporting PGP.for exporting PGP.
Tried to impose Clipper chip, and strict Tried to impose Clipper chip, and strict export controls.export controls.
But too late – and by 1996 the US But too late – and by 1996 the US government’s bluff had been called.government’s bluff had been called.• Norwegians found a loophole which allowed Norwegians found a loophole which allowed
PGP to be exported.PGP to be exported.• US company started exporting strong US company started exporting strong
encryption.encryption. An apparent victory for cryptography, An apparent victory for cryptography,
privacy and individual rightsprivacy and individual rights
The Politics of the InternetThe Politics of the InternetCryptography Part IICryptography Part II
Basic victories of mid-1990’s Basic victories of mid-1990’s established cryptography as a established cryptography as a mainstream product.mainstream product.
E-commerce began to take E-commerce began to take advantage of cryptography on a wide advantage of cryptography on a wide scale.scale.
Not only to protect confidentiality of Not only to protect confidentiality of communication – but also, more and communication – but also, more and more to protect control of copyright.more to protect control of copyright.
The Politics of the InternetThe Politics of the InternetCryptography and communicationCryptography and communication
Cryptography could be used to control how Cryptography could be used to control how people accessed content.people accessed content.
Example – DVDsExample – DVDs DVDs are encrypted to prevent copyingDVDs are encrypted to prevent copying DVD players supply a key – but because DVD players supply a key – but because
public key technology is used, there is only public key technology is used, there is only limited access to information on the DVDlimited access to information on the DVD
Specifically – information can be accessed Specifically – information can be accessed under certain restrictions – but cannot be under certain restrictions – but cannot be copied.copied.
The Politics of the InternetThe Politics of the InternetPublic keys and controlPublic keys and control
More generally, cryptography allows strong More generally, cryptography allows strong control of content.control of content.
Companies can encrypt their content – and Companies can encrypt their content – and then impose restrictions on how people then impose restrictions on how people use, access or copy their content.use, access or copy their content.
Control of the code is control of the Control of the code is control of the content – without being able to decrypt the content – without being able to decrypt the information, one can’t use it.information, one can’t use it.• (although note that there is a key weakness (although note that there is a key weakness
here with consumer devices which here with consumer devices which needneed to to decode at some point– hence in part need for decode at some point– hence in part need for law to supplement technology).law to supplement technology).
The Politics of the InternetThe Politics of the InternetLimits of codesLimits of codes
With good enough codes, it is extremely With good enough codes, it is extremely difficult to carry out cryptanalysis difficult to carry out cryptanalysis successfully.successfully.
But some cryptographic codes were less But some cryptographic codes were less powerful.powerful.• Codes protecting DVDs are very weak.Codes protecting DVDs are very weak.• In theory, it’s 40 bit – to comply with US In theory, it’s 40 bit – to comply with US
regulation.regulation.• But in practice, it’s even weaker than that. But in practice, it’s even weaker than that.
The Politics of the InternetThe Politics of the InternetCode meets lawCode meets law
Firms would like to prevent people Firms would like to prevent people from even from even tryingtrying to break their codes. to break their codes.
How?How? Through passing laws to make it Through passing laws to make it
illegal to try to break codesillegal to try to break codes In late 1990’s a new set of issues – as In late 1990’s a new set of issues – as
firms fought for legislation to ban firms fought for legislation to ban code-breakingcode-breaking
The Politics of the InternetThe Politics of the InternetDMCADMCA
US Digital Millenium Copyright ActUS Digital Millenium Copyright Act Sought to implement an international Sought to implement an international
copyright treaty – but with additions.copyright treaty – but with additions. Music and film industry lobbied for Music and film industry lobbied for
laws to make it illegal to break copy laws to make it illegal to break copy protection schemes.protection schemes.
Even if you tried to do so for an Even if you tried to do so for an otherwise legitimate purpose.otherwise legitimate purpose.
Can’t even discuss these schemesCan’t even discuss these schemes
The Politics of the InternetThe Politics of the InternetDVD’s and DeCSSDVD’s and DeCSS
DVD copy protection was broken by DVD copy protection was broken by hackers.hackers.
DVD’s can’t be played on Linux – so DVD’s can’t be played on Linux – so programmers used the broken codes programmers used the broken codes to work around this.to work around this.
A website A website www.2600.comwww.2600.com linked to linked to foreign websites with the program foreign websites with the program that allowed you to do this.that allowed you to do this.
Was taken down under the DMCAWas taken down under the DMCA
The Politics of the InternetThe Politics of the InternetSkylarov caseSkylarov case
Russian programmer, Dimitri Russian programmer, Dimitri Skylarov visited the US for a Skylarov visited the US for a conference.conference.
Found himself arrested because his Found himself arrested because his company had put out a program that company had put out a program that decrypted Adobe’s encryption decrypted Adobe’s encryption scheme for its e-books.scheme for its e-books.
Was released – but under condition Was released – but under condition that he testified against his firm.that he testified against his firm.
The Politics of the InternetThe Politics of the InternetFelten CaseFelten Case
Music industry tried to create an MP3 Music industry tried to create an MP3 alternative called the Secure Digital alternative called the Secure Digital Music Initiative.Music Initiative.
Involved encryption scheme – invited Involved encryption scheme – invited people to try to break it.people to try to break it.
A Princeton professor succeeded – A Princeton professor succeeded – and then found himself threatened and then found himself threatened with legal action when he tried to with legal action when he tried to present an academic paper on his present an academic paper on his findings. findings.
The Politics of the InternetThe Politics of the InternetNew battles about copyright and cryptographyNew battles about copyright and cryptography
New battles about how this should be New battles about how this should be extended to computer industryextended to computer industry
Relatively easy for owners of Relatively easy for owners of copyright to get cryptographic copyright to get cryptographic controls installed on DVDs etc.controls installed on DVDs etc.
They have control of content – if they They have control of content – if they do not release music/movies in a do not release music/movies in a format, then it dies.format, then it dies.
Computers are different – have uses Computers are different – have uses besides playing DVDs.besides playing DVDs.
The Politics of the InternetThe Politics of the InternetHollywood versus High TechHollywood versus High Tech
Content owners – movie companies, Content owners – movie companies, record industry want to impose new record industry want to impose new controls on computers.controls on computers.
Legislative bills have been proposed Legislative bills have been proposed to prevent computers or any other to prevent computers or any other devices being manufactured devices being manufactured unlessunless they protected content.they protected content.
i.e. computers would no longer be i.e. computers would no longer be able to copy CDs etc – without able to copy CDs etc – without permission from copyright owners.permission from copyright owners.
The Politics of the InternetThe Politics of the InternetDigital Rights ManagementDigital Rights Management
Copyright owners have lobby groups Copyright owners have lobby groups • Motion Picture Association of America Motion Picture Association of America
(MPAA)(MPAA)• Recording Industry Association of Recording Industry Association of
America (RIAA)America (RIAA) Pushing for legislation to support Pushing for legislation to support
“digital rights management”“digital rights management” i.e. systems in which they would i.e. systems in which they would
retain control of what happens to retain control of what happens to content.content.
The Politics of the InternetThe Politics of the InternetWhat trusted content meansWhat trusted content means
DRM goes beyond copyright protection, as Burk DRM goes beyond copyright protection, as Burk argues – imposes a whole new set of possible argues – imposes a whole new set of possible restrictions, which record companies and other restrictions, which record companies and other content owners could take advantage of.content owners could take advantage of.
One could play music/movies – but with One could play music/movies – but with restrictions.restrictions.
Movies might “expire” (become unplayable) after Movies might “expire” (become unplayable) after 24 hours.24 hours.
Music might be unplayable unless you kept up Music might be unplayable unless you kept up your subscription payments.your subscription payments.
Strong restrictions on copying/sharing with Strong restrictions on copying/sharing with others.others.
The Politics of the InternetThe Politics of the InternetExample – Broadcast Flag initiativeExample – Broadcast Flag initiative
Key example: Broadcast FlagKey example: Broadcast Flag TV broadcasters: worried that digital copies of their TV broadcasters: worried that digital copies of their
content could be disseminated on the Internet.content could be disseminated on the Internet. Threatened not to provide HDTV.Threatened not to provide HDTV. FCC in response mandated a ‘broadcast flag’ regime.FCC in response mandated a ‘broadcast flag’ regime. Targeted at various receivers – Tivos, computers, DVR Targeted at various receivers – Tivos, computers, DVR
boxes etc.boxes etc. Was shot down by courts but may be reintroduced.Was shot down by courts but may be reintroduced.
• Would have involved a small field in the broadcast Would have involved a small field in the broadcast that would have allowed broadcasters to determine that would have allowed broadcasters to determine whether you could copy something, only view it for whether you could copy something, only view it for a certain period of time etc etca certain period of time etc etc..
Example II – Plugging the Example II – Plugging the Analog HoleAnalog Hole
Analog (traditional non-digital) forms of Analog (traditional non-digital) forms of communication are difficult to control – communication are difficult to control – can be digitized and released on WWW.can be digitized and released on WWW.
Legislation put forward in 2006 would Legislation put forward in 2006 would have required that analog broadcasts have have required that analog broadcasts have a watermark (hidden control code) which a watermark (hidden control code) which would trigger DRM if someone tried to would trigger DRM if someone tried to copy it.copy it.
The watermark technology (VEIL) was The watermark technology (VEIL) was proprietary and secret.proprietary and secret.
Bill in abeyance – but again – likely to Bill in abeyance – but again – likely to resurface in new Congress.resurface in new Congress.
The Politics of the InternetThe Politics of the InternetHigh Tech viewHigh Tech view
Broadcast flag and efforts to plug analog Broadcast flag and efforts to plug analog hole are emblematic of a whole set of new hole are emblematic of a whole set of new techniques combining legal regime and techniques combining legal regime and cryptography based restrictions.cryptography based restrictions.
Many technology companies against these Many technology companies against these new forms of DRM.new forms of DRM.
Imposes restrictions that they would have Imposes restrictions that they would have to pay to implement.to pay to implement.
Make computers less attractive to Make computers less attractive to consumers.consumers.
Some technology companies at least have Some technology companies at least have been lobbying against these proposals.been lobbying against these proposals.
The Politics of the InternetThe Politics of the InternetBut …But …
Signs that some software companies Signs that some software companies are seeking to create alliance with are seeking to create alliance with content owners.content owners.
Twofold motiveTwofold motive To encourage Hollywood to make To encourage Hollywood to make
content available.content available. And to have some control over how And to have some control over how
this content is made available that this content is made available that can be translated into commercial can be translated into commercial advantageadvantage
The Politics of the InternetThe Politics of the InternetMicrosoft proposalMicrosoft proposal
Microsoft used public key cryptography to make Microsoft used public key cryptography to make large parts of the Windows Vista operating large parts of the Windows Vista operating system off-limits to computer users/owners.system off-limits to computer users/owners.
Theoretically to prevent viruses and hacking Theoretically to prevent viruses and hacking attacks.attacks.
But also makes digital rights management much But also makes digital rights management much easier.easier.
Project went gone through various name Project went gone through various name changes.changes.• PalladiumPalladium• Next Generation Secure Computing Base NGSCBNext Generation Secure Computing Base NGSCB
But was implemented despite unease among But was implemented despite unease among technological community.technological community.
The Politics of the InternetThe Politics of the InternetLimits to DRMLimits to DRM
There are clear limits to the ability of DRM There are clear limits to the ability of DRM to stop copying.to stop copying.
Not too hard for sufficiently determined Not too hard for sufficiently determined and savvy individuals to break DRM.and savvy individuals to break DRM.
Content companies say they are happy Content companies say they are happy only to create speed bumps that prevent only to create speed bumps that prevent everyday users from copying files.everyday users from copying files.
And, where appropriate and possible, to And, where appropriate and possible, to prosecute those who copy content more prosecute those who copy content more systematically.systematically.
The Politics of the InternetThe Politics of the InternetImplications for fair useImplications for fair use
Principle of fair usePrinciple of fair use• Certain kinds of use of copyrighted Certain kinds of use of copyrighted
material are OKmaterial are OK• Copying material for one’s own use – Copying material for one’s own use –
say for back up, or to play in a car.say for back up, or to play in a car. The principle of fair use remainsThe principle of fair use remains But is a dead letter if digital rights But is a dead letter if digital rights
management software prevents you management software prevents you from exercising it.from exercising it.
The Politics of the InternetThe Politics of the InternetConcerns of Lessig and othersConcerns of Lessig and others
Old balance of copyright and fair use Old balance of copyright and fair use is being tilted by cryptography and is being tilted by cryptography and lawlaw
But cryptography has become the But cryptography has become the barbed wire – not the wirecuttersbarbed wire – not the wirecutters
Reinforces intellectual property rightsReinforces intellectual property rights Allows copyright owners to restrict Allows copyright owners to restrict
individuals’ ability to exercise fair use.individuals’ ability to exercise fair use.
The Politics of the InternetThe Politics of the InternetWhere Code Meets LawWhere Code Meets Law
Further, law and cryptography are Further, law and cryptography are reinforcing each other.reinforcing each other.
Illegal even to talk about how to Illegal even to talk about how to circumvent encryption schemes that circumvent encryption schemes that protect copyright.protect copyright.
Thus, substantial dampening effect Thus, substantial dampening effect on fair use.on fair use.
The Politics of the InternetThe Politics of the InternetIronies of cryptographyIronies of cryptography
Great irony of fight over cryptography.Great irony of fight over cryptography. Originally about protecting individual Originally about protecting individual
freedom and privacyfreedom and privacy Victory won against government –Victory won against government –
cryptography got out of bag.cryptography got out of bag. But when it did – was used to But when it did – was used to
encroach on freedom and privacy, not encroach on freedom and privacy, not to protect them.to protect them.