[Mac_crypto] STATEMENT OF THE INTERNET SOCIETY ON DIGITAL RIGHTS MANAGEMENT

R. A. Hettinga mac_crypto@vmeng.com
Thu, 15 Aug 2002 18:02:06 -0400
Previous message: [Mac_crypto] Encrypting fixed drives?
Next message: [Mac_crypto] Schneier on Palladium and the TCPA (was Re: CRYPTO-GRAM, August 15, 2002)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
--- begin forwarded text


Status: RO
Date: Thu, 15 Aug 2002 22:18:29 +0100
From: Somebody
To: "R. A. Hettinga" <rah@shipwright.com>
Subject: STATEMENT OF THE INTERNET SOCIETY ON DIGITAL RIGHTS MANAGEMENT


FOR IMMEDIATE RELEASE
August 15, 2002
Contact: Julie Williams
703-326-9880, x111; 703-402-6715 cell

STATEMENT OF THE INTERNET SOCIETY ON DIGITAL RIGHTS MANAGEMENT

Washington, D.C. - The Internet Society strongly opposes attempts to impose
governmental technology mandates that are designed to protect only the
economic interests of certain owners of intellectual property over the
economic interests of much larger portions of society.  The current debate
in many countries of the world regarding digital rights management (DRM)
has illustrated the inevitable conclusion of technology mandates in law: a
world where all digital media technology is either forbidden or compulsory.
The effect of these mandates is to grant veto power over new technologies
to special interest groups who have continually opposed innovation.

There are many policy reasons that can be advanced to oppose government
intervention in technology.  Society at large has a powerful economic
interest in promoting research resulting in the creation of new products
and services as well as new jobs. Many of the legislative proposals
currently under consideration would shackle technology and the research
needed to support it, solely for the benefit of one small group. From the
standpoint of sound public policy, intellectual property rights must be
respected but must also be kept in balance with other rights and interests.
In particular, copyright law is a kind of "bargain" between rights owners
and consumers. Copyright, except in rare instances, is not perpetual, and
there are a wide range of fair use exceptions to copyright that limit its
restraints. Without these limits, copyright would soon become an oppressive
burden on creativity and freedom of expression. The Internet Society
acknowledges these policy considerations, but also believes that there are
other even more persuasive arguments, based on sound engineering and
technological principles, that show the folly of government mandated
technology.

Technology mandates are inherently anti-innovative. The entire concept of a
mandate is that it freezes a particular technology at a point in time, and
inhibits research and development on new and better technology.
Technological standards are desirable and even necessary for widespread
implementation of new technology, but all standards sooner or later must
give way to new standards. This process should not be impeded by
legislation that effectively prohibits research and development.

A classic illustration of the dangers of DRM legislation may be found in
legislation enacted by many countries as part of their treaty obligations
under the World Intellectual Property Organization (WIPO) copyright
treaties. The so-called Digital Millennium Copyright Act (DMCA), passed by
the United States Congress in 1998, is an example. Under the WIPO treaties,
the United States, like the other countries bound by the treaties, had an
obligation to "provide 'legal protection and effective legal remedies'
against circumventing technological measures, e.g., encryption and password
protection, that are used by copyright owners to protect their works from
piracy . . ." [See S. Rep. No. 105-190, at 8, 10-11 (1998)].  The DMCA, in
responding to this obligation, illustrates the "law of unintended
consequences." While purporting to help copyright owners, it seriously
threatens research in the field of encryption for security.

The DMCA prohibits "circumvention" of existing technological measures (such
as encryption) that control access to a work and encryption; it prohibits
"trafficking" in technology designed to circumvent access control; and it
prohibits "trafficking" in technology designed to circumvent copying. These
prohibitions are subject to certain exceptions; the DMCA acknowledges
rights of fair use, so that, in certain limited circumstances,
circumvention of copying protection for purposes of fair use of an
encrypted work does not violate the act.

Another important exception is the separate provision of the DMCA that
allows circumvention of access controls for the purpose of encryption
research to identify flaws and vulnerabilities of encryption technology.
This provision is narrowly drawn with explicit conditions relating to good
faith in performing research. Most significantly, the exception is for
access only; it does not permit what the act refers to as trafficking in
such research.

The danger to research presented by statutes like the DMCA is best
illustrated by a real world example of a researcher in the field of
encryption. Just because cryptography can be or is being used for purposes
other than copyright protection, does not mean it is not also used for
copyright protection and therefore subject to the provision of the DMCA.
Although a researcher may be looking at a certain type of cryptographic
technology that is used to protect packets containing information in the
public domain, that same technology might also be used to protect other
packets that contain copyrighted data, unknown to the researcher. Likewise,
a researcher might attempt to break the protection on an item without
realizing that the protected item is a copyrighted work, which may not be
discovered, if at all, until it is too late. But the issue isn't whether
the researcher has cracked the protection - the issue is what the
researcher may do with the resulting information.

A central question for encryption researchers is whether publishing the
results of their research amounts to disseminating something whose primary
purpose is to circumvent copyright protection. Under the DMCA, the act of
circumventing access controls for good faith research, standing alone, is,
generally speaking, legitimate. This does not present great problems to
researchers. However, when the researcher then wishes to publish the
results of the research, the DMCA provides a test of the intent of the
original circumvention that depends on whether the subsequent publication
is made to "advance the state of knowledge" of encryption research, or
whether it is made "in a manner that facilitates infringement." In other
words, if the researcher acts in good faith to circumvent access control
and publishes with the intent of reaching other researchers, but the
information ends up being "disseminated in a manner that facilitates
infringement," then the original circumvention of the access controls may
have been illegal. Since there are both civil and criminal remedies
available to copyright owners, the researcher faces serious dilemmas in
deciding whether, how and when to publish.

There are already court decisions in the United States and elsewhere
involving both civil and criminal aspects of the publication of encryption
research. Many prominent figures in the field have already spoken out
against the chilling effect of legislative interference with research in
technology. The Internet Society calls on the legislatures of the world to
limit the damage caused by shortsighted legislative efforts, intended to
carry out the seemingly high-minded purposes of the copyright treaties,
that instead threaten the advancement of science and technology.

About ISOC
The Internet Society is a not-for-profit membership organization founded in
1991 to provide leadership in the management of Internet related standards,
educational, and policy development issues.  It has offices in Washington,
DC and Geneva, Switzerland. Through its current initiatives in support of
education and training, Internet standards and protocol, and public policy,
ISOC has played a critical role in ensuring that the Internet has developed
in a stable and open manner.  It is the organizational home of the Internet
Engineering Task Force (IETF), the Internet Architecture Board (IAB), the
Internet Engineering Steering Group (IESG) and other Internet-related
bodies.

For over 10 years ISOC has run international network training programs for
developing countries which have played a vital role in setting up the
Internet connections and networks in virtually every country that has
connected to the Internet during this time, while at the same time working
to protect the Internet's stability.  ISOC is taking the next step in this
evolution with the recent announcement of its intent to bid for the .ORG
registry based on the belief that a thriving non-commercial presence is a
key element in developing a strong social and technical infrastructure in
all nations.  For additional information see http://www.ISOC.org.

--- end forwarded text


-- 
-----------------
R. A. Hettinga <mailto: rah@ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Previous message: [Mac_crypto] Encrypting fixed drives?
Next message: [Mac_crypto] Schneier on Palladium and the TCPA (was Re: CRYPTO-GRAM, August 15, 2002)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]