Inkwell: Authors and Artists
Mike Godwin (mnemonic) Sun 11 Feb 01 18:24
<scribbled by mnemonic Thu 15 Feb 01 12:59>
Undo Influence (mnemonic) Sun 11 Feb 01 18:39
One of the more recent developments in crypto -- too recent to be included in CRYPTO -- is the increasing use of encryption technologies to secure (or attempt to secure) copyrighted content. I'm thinking specifically of the use of DeCSS to block the copying, and enforce the region-coding, of DVD movies, of the Secure Digital Music Initiative, which aims to make music CDs uncopyable, and of schemes like CPRM, which may be used to make computer storage devices themselves prevent the unlicensed copying of copyrighted works. Considering that some degree of unlicensed copying is built into the Copyright Act, Steven, do you see some irony in the prospect that crypto, which we've touted as a tool of liberty, may be used by the content companies to take some of our liberty away?
James Howard (howardjp) Sun 11 Feb 01 18:54
Or more interestingly, will there come a point where RIAA and the MPAA can have all the crypto they want but end-users will be specifically banned? And at that point, will breaking the cryptography be as illegal as using it? How can you write the law so that you are not violating it by using an MPAA product?
Steven Levy (steven) Sun 11 Feb 01 20:20
Interesting, the new copyright lawi indeed makes it illegal to break the cryptography protecting the music. One of the grounds being cited to overturn the DeCSS case is that this prevents legitimate academic study. It's also kind of mind boggling as a way to defend a cryptosystem. The obvious answer to someone breaking your system is .... use a new system, it's broken! In this case, the response is to ban people from disseminating (or even reading) information on how the break works. That's wacky, but of course replacing it with a new system (one that's halfway decent), would be kind of costly. But do I think it ironic that crypto is used to protect intellectual property in stuff like that? Not at all. Crypto is a tool and one point I consistently make is that thanks to the breakthroughs made by the people I write about (and promises of many more innvoations based on those) it's possible to do zillions of things with these. It's up to policymakers, business people, and citizens to decide what should be used and for what. Crypto can be a tool of liberty in the sense that it protects privacy and the free flow of information (and can hide it from anti-democratic authorities) but it can also be a tool of terrorists--or an entertainment industry that wants to zap not only illegal copying but even fair use of songs and movies.
Bob 'rab' Bickford (rab) Sun 11 Feb 01 20:28
Any thoughts on the now-ubiquitous use of digital watermarking of music? It seems that a lot of CDs released nowadays contain audio with this. Heck, even oldies from the 60s and 70s are now being broadcast only after digitally adding watermarks to them, or so I've read. No doubt the continued existend of people able and willing to play their original-release recordings over the air is slowing this, but all the signs seem to be pointing towards it someday being impossible to get any music which hasn't been mangled by some allegedly inaudible digital watermarking technology. And anything you process through Windows Media Player will forever carry your machine's identifying information in it. Do you think this was inevitable, Steven?
Life in the big (doctorow) Mon 12 Feb 01 05:59
Steven, I think that crypto being used to protect intellectual property and the anti-cirmumvention statutes are more closely related than you imply. The kinds of information that crypto's been used to protect in the past has had a pershibility that intellectual property lacks. What I mean is that a credit-card number or piece of military intel secured by crypto over an insecure channel is of limited utility if it get cracked a year later -- a new cryptosystem can replace the compromised crypto and new messages sent with the new system. Contrast that with, say, the musical catalog of Universal. If that's released into the Internet with crypto A, and crypto A is cracked, then all the copies of music locked with crypto A are in the clear, even if Universal starts sending out new material with the more-robust crypto B. If Universal believes that their ability to sell music online is based on the creation of scarcity-through-crypto, then they're out of luck if crypto A is compromised: all the previously CPU/key-locked copies of crypto A-protected music are now non-scarce, and can't be used to generate revenue for Universal. I don't actually believe that Universal can only make money off of scarcity, but it sure seems like they do -- as do other large IP concerns. I think that the really alarming thing about using crypto to protect IP is the erosion of fair-use rights previously enjoyed by consumers. Hardware- locked media can't be loaned, sold as used goods, or even linked to without violating the anti-circumvention laws.
Declined To State (jrc) Mon 12 Feb 01 11:26
Steven, I wonder if you could comment on this whole CARNIVORE thing I mentioned above. It seems at once lke an invasion of privacy and a hopelessly inadequate tool against real bad guys -- is there somethign I am missing? There is an interesting strain in your book, the history of the development of cryptography (with a niftyy surprise ending, to boot) about whether or not NSA was three jumps ahead of the public crypto people or not. Was what they came up with all old news to thehm, or were they in fact enlightened by those developments as well? They sundry responses responses were so knee- jerk its hard to read much into them. I wonder too, based on your description ofthe first Bush administraion's response to crypto ("they didn;t want to get their suits dirty," is the line I think) a good indication of what this administration, with so many of the same people, will do in the same area, with the landscape sao radically changed.
Fuzzy Logic (phred) Tue 13 Feb 01 02:53
Hi, and welcome back, Steven, and thanks for another great book. I hope Crypto will spark interest in a relatively obscure subject the way that Artificial Intelligence did for me. To address an earlier point, the best summary of the status of quantum computing I've seen is Rob Pike's Usenix presentation last summer: http://www.usenix.org/publications/library/proceedings/usenix2000/ invitedtalks/pike_html/ Back to Crypto... I have a couple of questions. 1. Bruce Schneier's theme in Secrets and Lies is that he didn't really understand until sometime in 1998 that strong crypto wasn't enough for real (not "perfect") security. I have the highest regard for Bruce, he's one of the top practitioners in the crypto world, and even more rare, a thoroughly common sensical person. So this strikes me as a bit odd; is it typical for crypto people in your experience to not, in effect, see the forest for the trees in this way? 2. Whit Diffie and Susan Landau did a great job in Privacy on the Line to suss out, as best they could with the deliberately sloppy federal crime reports, how much actual law enforcement wiretapping is going on in the US. It was a lot less than I had suspected, mostly due to the cost and logistics involved. The FBI's digital telephony agenda has been approved by Congress but no real money has been forthcoming, as you noted in Crypto. I think we're all concerned that this opens the door to another realm that has little to do with what "wiretapping" has meant operationally and legally for the last 70 years. With the new administration and especially the change of the guard at Justice, do you think the FBI will be able to break the tenuous truce on this? Or will the telecom providers push back and keep them at bay? I'm not asking for a prediction, just your estimate of the relative political forces involved.
police riots (dwaite) Tue 13 Feb 01 07:00
I just wanted to let you know that downtown Chicago, It's getting predominant displays in several bookstrore windows.... Nice to see!
Steven Levy (steven) Tue 13 Feb 01 09:33
Ah, sweet home Chicago... Two big issues here to answer, and I'll talk about FBI/Carnivore first. (The second one,about intellectual property and crypto comes next.) Carnivore (or whatever they're calling it now) is scary because it apparently does not have the controls that the authorities promised with key escrow. In the latter, a wiretapper would have to get not only a warrent (or some other authorization) and then present that to two storehouses to get the info necessary to decipher the conversation/email. With Carnivore, as I understand it, the whole stream is mainlined, and tappers only have to get the ISP to let 'em in to get to it. (Correct me,someone,if I got this wrong.) In any case, strong crypto screws up Carnivore, because these messages will be scrambled when they leave a sender's computer and not unscrambled until they hit the recipient's computer. So if Microsoft or someone else gets a standard system out where everything is automatically encrypted (like Groove Networks is, right now), Carnivore gets starved. What happens them is obvious: Louis Freeh or some future equivalent marches to Congress and howls. Then it gets interesting. Will a legislature just getting used to Silicon Valley/Redmond bucks turn tail and back up the G- men? Or will they ask the hard questions -- what do we get from Carnivore intercepts and what might we lose in terms of privacy? how many of the suspects being monitored can figure out on their own how to get crypto? And so on. I keep going back to the keyboard sniffer that the cops put on the Philly mobster who was using PGP. That got 'em what they needed without capturing emails about Alan Iverson or cheesesteak suggestions. Or banning PGP.
Steven Levy (steven) Wed 14 Feb 01 06:38
Doctorow's point about the difference between the needs for persistant security in something like an email and that of a DVD is well taken. But overall, I have to say that the role of crypto in securing intellectual property is going to wind us as crucial -- though ultimately political and legal battles will have to be fought over just what the crypto does and how it works. One of the things I'm most concerned about is the nature of crypto to seal off an entire work. What if you buy a DVD movie and want to include a clip of it in, say, your paper for a college course. This would seem a classic "fair use" of a work. You'd want to use just a piece of it for a non- commercial, educational purpose. Yet you might not be able to do this because the encryption prevents replay on anything except a player designed to read off the original disk. Clearly this is a case where crypto in not in synch with the positive view I have of people like Diffie, Rivest, and Zimmermann. But realistically, crypto is not a warm fuzzy thing but a tool that can be used all sorts of ways. I tried to treat the cryptosystem in Crypto the same way I treated the various computer systems in Hackers -- as characters. Some were friendlier than others.
Declined To State (jrc) Wed 14 Feb 01 15:12
To reiterate a historical question up there -- and I do know you have a day job, steven -- I wonder what your sense is concering whether the people behind the triple fence were surprised by the technology being discovered by people like Diffie, Rivest and Zimmerman -- or had they already hit on the same ideas.
Undo Influence (mnemonic) Wed 14 Feb 01 19:12
I'd also like to ask a broader Steven Levy question. When one looks over the list of your books, "one of these things is not like the others." To wit, we have the true-crime book THE UNICORN'S SECRET, recently made into a TV movie, and nary a computer or nerd in sight. How did you come to write that book, Steven, and how had the work you did on that one informed the writing of subsequent books?
Steven Levy (steven) Wed 14 Feb 01 20:14
Jon, the short answer is this. The actual discovery of public key itself actually first occured in the intelligence community (the UK version of the NSA) but was shelved as not practical. What the people at the NSA certainly did not believe was that an independent community would spontaneously spring up, and that it would eventually become a commercially viable enterprise. After an initial panic, they figured that not many people would actually use the stuff, and when evidence appeared to indicate they were wrong, many behind the Triple Fence were slow off the mark to understand this. By the 1990s, they had no such illusions. As for Mike's question... After I finished Hackers I had the opportunity to pursue a story I had always been fascinated with, the strange case of my home town's leading hippie -- the guy who was a metaphor for the Sixties themselves in Philadelphia -- getting arrested when his girlfriend was found dead in a trunk in his apartment. At the time, it also seemed a good idea not to get "typecast" as a tech writer. As it turned out, writing The Unicoren's Secret was incredibly depressing, despite periodic exhilatations when I uncovered new material. I don't know how people like my wife (a true crime writer) do it all the time. So I stopped worrying about typecasting and learned to love what was easy to love -- writing about the most important story of our time, the digital revolution and its participants, talking to very smart people and recounting the inside story of this or that. That said, Mike it right, in that I learned a lot about going very very deep into the human drama while writing Unicorn, and I think it's reasonable to think that helps what I've done since.
Undo Influence (mnemonic) Thu 15 Feb 01 07:18
Of your books, is CRYPTO the one that took longest to write, and, if so, why? (You've mentioned once or twice that the book was late, and I was wondering to what extent that was due to the fact that your wife, Teresa, also had a major book due in the same period. At the same time, this was a story that has kept developing, so I wondered if it was just difficult to figure out when to say "this is the end of the book".)
Undo Influence (mnemonic) Thu 15 Feb 01 07:28
Also, if I had kept my "Voyage to the Bottom of the Sea" or "Flintstones" lunchboxes in good condition, what would they be worth today?
Undo Influence (mnemonic) Thu 15 Feb 01 07:41
Another CRYPTO question: It seems to me that one of the true tragedies of the crypto revolution is the story of David Chaum. He's a guy who seemed for a long time to have done everything right -- he figured out the crypto theory necessary for digital cash, he held the right patents, and he was able for a time to drum up some business interest in his work ... and then it all fell apart, and at the end he didn't even hold the patents anymore. What do you think went wrong for David Chaum?
Mad Dog (jonl) Thu 15 Feb 01 10:10
Email from Mad Dog: The underlying horror in all this government snooping is that it is filtering down to the home nerd like me on his computer. I am innocent enough by legal standards but I would be considered dangerous for my thoughts. Like the Kafka novel I am guilty and I will soon be traced down and that creates a living nightmare for those of us out in cyber space. What can be done?
Declined To State (jrc) Thu 15 Feb 01 11:01
Before Steven gets here, I would suggest to maddog that he read Crypto, which is very hopeful about the balance of power between private citizens and the government. Or os i read it, at any rate.
Steven Levy (steven) Thu 15 Feb 01 16:15
I'll swing at the two Mike pellets first... Crypto took longer than expected mainly because I took the Newsweek job, which provided me a much better platform to cover the tech story. After I signed the contract to write it (1994), I did a fellowship at the Freedom Forum Media Studies Center and while it was productive, I didn't get on the road as much as I would have had I not been somewhat anchored by their schedule (which urged attendance at weekly seminars on Wednesdays). I was perfectly happy at this, figuring I'd pick up the slack in the coming year. But that year I accepted a column at Newsweek, which quickly expanded to general coverage. At that point, I took a hard look at the progress of my story itself and decided that maybe it wasn't so bad to take longer -- I'd have a better chance at having a complete story if I waited, and maybe government sources would open up. (Teresa's crash project with Marcia Clark was one more reason to hold off.) As it happened, the story did reach an end point, and sources did open up, so everything turned out fine. But I hope my next book will be done more expediently. As for Chaum, its true that there's a sad element to his story. But it was his business that failed, not his ideas. I'm not sure that I'd call the failure of DigiCash a tragedy. Remember, CyberCash, the supposedly "smart" startup -- the one not affected by the "idealism" that would gum up a hard- edged business team -- didn't exactly burn up the world, either. And I haven't heard much of Mondex lately. I came to like David immensely and really enjoyed our sessions together. His passion for his ideas were inspiring, even if his dreams of a great company weren't realized. And though my web page still had lunch boxes on it, I'm not really doing much buying or thinking about them. eBay ruined it for me. I used to have a couple pails in mind, and would enjoy the hunt for them. But with eBay, everything comes up for sale, sooner rather than later. The thrill was gone.
James Howard (howardjp) Thu 15 Feb 01 20:47
I am buying your book, Crypto, tomorrow. However, for more information on the NSA in general, what material would you recomend?
Undo Influence (mnemonic) Fri 16 Feb 01 08:26
I have a feeling Steven's going to recommend James Bamford's THE PUZZLE PALACE: A REPORT ON AMERICA'S MOST SECRET AGENCY.
Bob 'rab' Bickford (rab) Fri 16 Feb 01 09:43
That's certainly the one I'd recommend. But perhaps Steven also knows of something more recent...?
Undo Influence (mnemonic) Fri 16 Feb 01 10:21
Steven, could you give your assessment of how much of an effect the Cypherpunks had on the debate about crypto? I know that for much of the 1990s, I was steeped in the Cypherpunks culture, hung out with Eric Hughes and Tim May and (of course) John Gilmore, and, in the earliest days, I posted plenty to the mailing list, including what I think was the first stab at framing a (public) constitutional argument against banning or regulating crypto. In retrospect, though, it seems like the players that really mattered, in terms of pushing the issues forward, were the industry players, plus the growing cadre of legislators who were grappling with the issues. So, did the cypherpunks make any difference? Actually, now that I ask the question, one partial answer occurs to me: it was the cypherpunks who were the chief arguers for the value of being anonymous in cyberspace and elsewhere.
James Howard (howardjp) Fri 16 Feb 01 11:44
One of my professors, who is ex-NSA, suggested "Puzzle Palace" last night so I ordered it when I ordered "Crypto."
Members: Enter the conference to participate