The Politics of the InternetLecture 11: Copyright II – Where Code Meets Law • Last week • How copyright was challenged by MP3s and file sharing – and how copyright owners responded • This week • How copyright law and computer code are coming to reinforce each other. • New policy issues on the frontier of cyberspace
The Politics of the InternetLecture 11: Copyright II – Where Code Meets Law • Cryptograpic technology • Early disputes about cryptography • States versus individuals and firms • Cryptography in e-commerce • Wire-cutters or barbed wire fence? • Current issues • The relationship between code and law • Firms and states versus individuals
The Politics of the InternetWhere Code Meets Law • Illustration of Lessig’s key argument. • Law and (software) code are two possible forms of social control. • Software code doesn’t necessarily increase individual freedom • Depending on how it is written, it may control as well as liberate
The Politics of the InternetLecture 9: Copyright II – Where Code Meets Law • Lessig’s cutesy definition • East coast code is law in the traditional sense • West coast code is software code • When the two reinforce each other, they can exert considerable control over what individuals can or cannot do.
The Politics of the InternetRecent history of cryptography • 2 phases • Phase One – establishing the right to strong cryptography • Battles where individuals and firms fought government • Phase Two – when cryptography becomes generalized • New battles – governments and firms cooperate in ways that may limit traditional individual freedoms
The Politics of the InternetCryptography • Cryptography – the science of creating codes • Cryptanalysis – the science of breaking codes • Long history – stretching back thousands of years • But recently given impetus by computer revolution • Indeed opposite is also true - Enigma
The Politics of the InternetCodes and states • Until relatively recently, codes primarily the domain of governments, diplomatic communications etc. • But as computer technology became more widespread, easier for others to use codes • Commercial applications began to develop – still deferential to state interests. Relatively weak standards. • Government didn’t want strong standards in the commercial sector – this would have made it too hard to break codes when necessary for national security reasons etc.
The Politics of the InternetCode Warriors • Revolution came in mid-1970’s, with invention (or public discovery at least) of public key encryption. • Devised by a couple of mathematicians – Whitfield Diffie, Martin Hellman and Ralph Merkle • Then developed further by Ron Rivest, Adi Shamir, Leonard Adleman - RSA
The Politics of the InternetWhat is Public Key Encryption? • Allows easy communication with codes – difficult for others to break. • An individual can have a public key and a private key • Can distribute the public key – so that others can communicate securely with her. • But can maintain the private key – so only she can read communications • 2 keys are distinct – v.hard to derive one from the other (involve massive prime numbers).
The Politics of the InternetImplications of Public Key Encryption • Made it much more difficult for outsiders to break strong encryption (governments, spies, other firms etc). • Meant (together with advances in hardware/software) that encryption could be brought to the masses. • Encryption was no longer the preserve of states.
The Politics of the InternetEncryption as killer app – the Internet and e-commerce • Public key encryption was answer to a major difficulty for e-commerce • How to keep commercial transactions with sensitive information (e.g. credit card numbers) secure? • Banks etc could use this technology to communicate securely with their users. • One could combine public key encryption with other (‘symmetric’) forms of encryption to provide security.
The Politics of the InternetObjections from the spies • But public key encryption could also make life far more difficult for law enforcement – if it became generally used. • Terrorists/other states could communicate securely. • US and its allies classified encryption schemes as military technologies. • Major restrictions on their export. • In US, Digital Encryption Standard only allowed for 56 bit encryption. • Only 40 bit encryption could be used for export purposes – relatively weak and easy to break (which was the point).
The Politics of the InternetLines of first battles over encryption • Thus, major battles of early 1990’s over encryption. • On one side – privacy activists – wanted universal access to strong encryption. • On the other – government and law enforcement • Wanted to maintain old regime where states had control over process.
The Politics of the InternetActivists • Saw access to cryptography as a privacy issue. • Diffie had been a strong pro-privacy activist – this is what got him interested in cryptography in the first place. • Cryptography would allow individuals to keep information safe from governments, firms, whoever.
The Politics of the InternetCypherpunks • Some took a cyberlibertarian perspective. • Code would allow exchange of illicit information, sharing of copyrighted material etc – and states could do nothing about it. • “Cypherpunks” active and vocal in debate – opposing government efforts to reimpose control.
The Politics of the InternetCypherpunk manifesto “just as a seemingly minor invention like barbed wire made possible the fencing-off of vast ranches and farms, thus altering forever the concepts of land and property rights in the frontier West, so too will the seemingly minor discovery out of an arcane branch of mathematics come to be the wire clippers which dismantle the barbed wire around intellectual property”
The Politics of the InternetFirms’ interests • Firms lined up with (and sometimes funded) privacy activists. • Worried that firms in US would lose out to foreign competitors if they could not use strong cryptography in their products. • Lobbied US government to change policy – but strong resistance from intelligence community.
The Politics of the InternetPretty Good Privacy • Much of controversy focused on “Pretty Good Privacy” • Software written by Phil Zimmerman to implement public key cryptography and make it generally available. • 128 bit encryption – while proposed new US standard was 64 bit. • 18,446,744,073,709,551,616 times more powerful.
The Politics of the InternetWhere code beats law • US government investigated Zimmerman for exporting PGP. • Tried to impose Clipper chip, and strict export controls. • But too late – and by 1996 the US government’s bluff had been called. • Norwegians found a loophole which allowed PGP to be exported. • US company started exporting strong encryption. • An apparent victory for cryptography, privacy and individual rights
The Politics of the InternetCryptography Part II • Basic victories of mid-1990’s established cryptography as a mainstream product. • E-commerce began to take advantage of cryptography on a wide scale. • Not only to protect confidentiality of communication – but also, more and more to protect control of copyright.
The Politics of the InternetCryptography and communication • Cryptography could be used to control how people accessed content. • Example – DVDs • DVDs are encrypted to prevent copying • DVD players supply a key – but because public key technology is used, there is only limited access to information on the DVD • Specifically – information can be accessed under certain restrictions – but cannot be copied.
The Politics of the InternetPublic keys and control • More generally, cryptography allows strong control of content. • Companies can encrypt their content – and then impose restrictions on how people use, access or copy their content. • Control of the code is control of the content – without being able to decrypt the information, one can’t use it. • (although note that there is a key weakness here with consumer devices which need to decode at some point– hence in part need for law to supplement technology).
The Politics of the InternetLimits of codes • With good enough codes, it is extremely difficult to carry out cryptanalysis successfully. • But some cryptographic codes were less powerful. • Codes protecting DVDs are very weak. • In theory, it’s 40 bit – to comply with US regulation. • But in practice, it’s even weaker than that.
The Politics of the InternetCode meets law • Firms would like to prevent people from even trying to break their codes. • How? • Through passing laws to make it illegal to try to break codes • In late 1990’s a new set of issues – as firms fought for legislation to ban code-breaking
The Politics of the InternetDMCA • US Digital Millenium Copyright Act • Sought to implement an international copyright treaty – but with additions. • Music and film industry lobbied for laws to make it illegal to break copy protection schemes. • Even if you tried to do so for an otherwise legitimate purpose. • Can’t even discuss these schemes
The Politics of the InternetDVD’s and DeCSS • DVD copy protection was broken by hackers. • DVD’s can’t be played on Linux – so programmers used the broken codes to work around this. • A website www.2600.com linked to foreign websites with the program that allowed you to do this. • Was taken down under the DMCA
The Politics of the InternetSkylarov case • Russian programmer, Dimitri Skylarov visited the US for a conference. • Found himself arrested because his company had put out a program that decrypted Adobe’s encryption scheme for its e-books. • Was released – but under condition that he testified against his firm.
The Politics of the InternetFelten Case • Music industry tried to create an MP3 alternative called the Secure Digital Music Initiative. • Involved encryption scheme – invited people to try to break it. • A Princeton professor succeeded – and then found himself threatened with legal action when he tried to present an academic paper on his findings.
The Politics of the InternetNew battles about copyright and cryptography • New battles about how this should be extended to computer industry • Relatively easy for owners of copyright to get cryptographic controls installed on DVDs etc. • They have control of content – if they do not release music/movies in a format, then it dies. • Computers are different – have uses besides playing DVDs.
The Politics of the InternetHollywood versus High Tech • Content owners – movie companies, record industry want to impose new controls on computers. • Legislative bills have been proposed to prevent computers or any other devices being manufactured unless they protected content. • i.e. computers would no longer be able to copy CDs etc – without permission from copyright owners.
The Politics of the InternetDigital Rights Management • Copyright owners have lobby groups • Motion Picture Association of America (MPAA) • Recording Industry Association of America (RIAA) • Pushing for legislation to support “digital rights management” • i.e. systems in which they would retain control of what happens to content.
The Politics of the InternetWhat trusted content means • DRM goes beyond copyright protection, as Burk argues – imposes a whole new set of possible restrictions, which record companies and other content owners could take advantage of. • One could play music/movies – but with restrictions. • Movies might “expire” (become unplayable) after 24 hours. • Music might be unplayable unless you kept up your subscription payments. • Strong restrictions on copying/sharing with others.
The Politics of the InternetExample – Broadcast Flag initiative • Key example: Broadcast Flag • TV broadcasters: worried that digital copies of their content could be disseminated on the Internet. • Threatened not to provide HDTV. • FCC in response mandated a ‘broadcast flag’ regime. • Targeted at various receivers – Tivos, computers, DVR boxes etc. • Was shot down by courts but may be reintroduced. • Would have involved a small field in the broadcast that would have allowed broadcasters to determine whether you could copy something, only view it for a certain period of time etc etc.
Example II – Plugging the Analog Hole • Analog (traditional non-digital) forms of communication are difficult to control – can be digitized and released on WWW. • Legislation put forward in 2006 would have required that analog broadcasts have a watermark (hidden control code) which would trigger DRM if someone tried to copy it. • The watermark technology (VEIL) was proprietary and secret. • Bill in abeyance – but again – likely to resurface in new Congress.
The Politics of the InternetHigh Tech view • Broadcast flag and efforts to plug analog hole are emblematic of a whole set of new techniques combining legal regime and cryptography based restrictions. • Many technology companies against these new forms of DRM. • Imposes restrictions that they would have to pay to implement. • Make computers less attractive to consumers. • Some technology companies at least have been lobbying against these proposals.
The Politics of the InternetBut … • Signs that some software companies are seeking to create alliance with content owners. • Twofold motive • To encourage Hollywood to make content available. • And to have some control over how this content is made available that can be translated into commercial advantage
The Politics of the InternetMicrosoft proposal • Microsoft used public key cryptography to make large parts of the Windows Vista operating system off-limits to computer users/owners. • Theoretically to prevent viruses and hacking attacks. • But also makes digital rights management much easier. • Project went gone through various name changes. • Palladium • Next Generation Secure Computing Base NGSCB • But was implemented despite unease among technological community.
The Politics of the InternetLimits to DRM • There are clear limits to the ability of DRM to stop copying. • Not too hard for sufficiently determined and savvy individuals to break DRM. • Content companies say they are happy only to create speed bumps that prevent everyday users from copying files. • And, where appropriate and possible, to prosecute those who copy content more systematically.
The Politics of the InternetImplications for fair use • Principle of fair use • Certain kinds of use of copyrighted material are OK • Copying material for one’s own use – say for back up, or to play in a car. • The principle of fair use remains • But is a dead letter if digital rights management software prevents you from exercising it.
The Politics of the InternetConcerns of Lessig and others • Old balance of copyright and fair use is being tilted by cryptography and law • But cryptography has become the barbed wire – not the wirecutters • Reinforces intellectual property rights • Allows copyright owners to restrict individuals’ ability to exercise fair use.
The Politics of the InternetWhere Code Meets Law • Further, law and cryptography are reinforcing each other. • Illegal even to talk about how to circumvent encryption schemes that protect copyright. • Thus, substantial dampening effect on fair use.
The Politics of the InternetIronies of cryptography • Great irony of fight over cryptography. • Originally about protecting individual freedom and privacy • Victory won against government –cryptography got out of bag. • But when it did – was used to encroach on freedom and privacy, not to protect them.