|
Date: Wed, 25 Jul 2001 00:25:25
-0400 Ms. Gwiazdowski: As a researcher who has invested
considerable effort in the study and design of privacy and security applications,
I wish to offer one answer to the challenge you pose in your reply to
Mr. Lawrence when you write, "In response to those who attempt to
justify circumventing... encryption... AAP urges them to carefully consider
how their arguments would apply... in connection with... technological
measures used to protect privacy." We fail miserably in the design
of any privacy mechanism if we are too selfsure (1) to acknowledge that
certain absolute protections simply cannot be delivered and (2) to avoid
naive implementation errors in those cases where good technological protections
are actually possible. When absolute protection is not truly possible,
we must act responsibly when setting expectations, to avoid promising
more than we can actually deliver. And if strong protections are in fact
possible, the irresponsible or incomplete implementation of good methods
will surely permit a determined party to circumvent the resulting "security." If you are not familiar with current practice in cryptography, I refer you to the work of Bruce Schneier, one of the world's foremost cryptographers and most credible authors on the subject, whose writings are freely available at http://www.counterpane.com/labs.html. There you will discover some long-standing facts that will no doubt shock and alarm you, including publicly accessible records of the common (and time tested) practice by which aggressive peer review and "cracking" (and public revelation of those "cracks") are the norm for establishing the trustworthiness of encryption systems. Good cryptography is an art form. Its prominent practitioners are mathematicians, theoreticians and thinkers of the highest caliber. Yet their work consists, to no small extent, of the design and testing of "cracks" of existing cryptographic systems. Why? Because no matter how many laws are passed, or how badly you may _wish_ that bad guys will leave your systems alone, a determined intruder will find a way in if there is one. And a system that is protected only by law and not by true security is not protected at all. As well, I believe Schneier has suggested that a good way to learn how to create a good encryption system is to break a bad one. To directly address your "challenge" regarding privacy, the revelation of the content of a personal-data privacy system may be assumed to be, prima facie, a significantly more damaging act than the revelation of a commercial electronic book. The revelation of much private personal data is not criminally actionable. Yet you imply that society will be so damaged in the event that a stray copy of "Judaism and Vegetarianism: New Revised Edition" should somehow work its way loose from the grasp of these overdesigned and undersecured machines that severe criminal charges are justified. I further remind you that the doctrine of "Fair Use," while not explicitly defined as a consumer "right" in extant law, is nonetheless a long-standing principle that has proven rather significant in the growth of the arts and academic achievement by enabling the creation of both derivative and interpretive new works based on the original. As well, "fair use" is in fact a right under the laws of other nations. I find it shocking to think that any but the most arrogant, greedy publisher would explicitly endorse a technology that:
I suppose you may wish to argue that a substantial portion of the e-book-reading public is not in fact composed of thieves and cheats, in which case I must complain that if a small number of e-book holders are in fact passing around unauthorized copies, then the actual damages incurred, if any, must represent an insignificant proportion of all sales. If that is the case, then the extreme measures of customer-hostile copy protection on every single e-book (and the over-the-top extreme of criminal prosecution for contributory acts) cannot be justified as economically necessary, nor even economically useful. I'll leave you with a brief
(fair use-sized) excerpt from "How I Became a Printer in Philadelphia",
by Benjamin Franklin, with thanks to http://www.ukans.edu/carrie/docs/texts/franklin_how.html
The behavior of the AAP smacks of a cash grab. It is insulting to the long history of writing and publishing in America by people who cared about the readers more than they cared about extracting every available bit of their readers' money. Sincerely, Jim Youll
>Subject: RE: Arrest of
Dimitri Sklyarov >Dear Mr. Lawrence: >AAP stands by its press
release of July 22 supporting the anticircumvention >In response to those who
attempt to justify circumventing, or trafficking in >Amy Gwiazdowski |