From: "William H. Geiger III" <whgiii@invweb.net>
Date: Sun, 9 Nov 1997 05:12:50 +0800
To: cypherpunks@cyberpass.net
Subject: Re: Content controls
In-Reply-To: <v02140b10b08a1ba0a4ac@[198.115.135.201]>
Message-ID: <199711082059.PAA13397@users.invweb.net>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

In <v02140b10b08a1ba0a4ac@[198.115.135.201]>, on 11/08/97 
   at 09:29 AM, hutchinson@ncri.com (Art Hutchinson) said:

>>>>A whole bunch of people are now talking about these cash-settled recursive
>>>>auction processes, and they're a direct, and now obvious, consequence of
>>>>bearer (or at least instant) settlement markets for information on geodesic
>>>>networks. When you add anonymity to the transaction, you pretty much have
>>>>the final straw for "rights" tracking. Watermarks just tell you who the
>>>>information was stolen from, for instance. So, one more industrial
>>>>information process bites the dust.
>>
>>>Whoa!  Hang on here.  Sure, watermarks will tell you who information was
>>>stolen from, but they're just a stalking horse... a weak second cousin to
>>>*persistent* content control technologies (such as IBM's Cryptolopes and
>>>Intertrust's Digiboxes).  These allow rightsholders to manage a wide
>>>range of parameters (including price, usage context, and any other
>>>variable for which you can imagine having a certificate).  Whats
>>>fundamentally different about what are generically referred to as secure
>>>envelopes, is that they can maintain controls *indefinitely*
>>>(persistence), across an un-
>>>known, ad hoc, web of distribution over which one otherwise has no
>>>control.  And yes, this can all work even in a completely disconnected
>>>environment (laptop at 35,000 feet).
>>
>>>They allow rightsholders, if they so choose, to *continue* being rights-
>>>holders in a highly networked, digital world, and in a wide range of new
>>>ways, based on entirely new (or old) business models, that take advantage
>>>of rich/elaborate conditions for usage (e.g. you can view this picture
>>>anonymously, but it will cost you 2X as much, and you can only get it at
>>>low resolution, and you can't view it at all unless you can prove that
>>>you don't live in the Middle East).  No certificate for these conditions?
>>>Sorry, no content.
>>
>>>They are based the same basic stuff (public key cryptography of course)
>>>that *can* fuel wild anarchic visions of anonymous exchange.  ;)
>>
>>>But they aren't at all deterministic of any particular economic model.
>>
>>Well how exactly does one prevent data from being stolen once it has been
>>unlocked? I pay my 2X to view the picture anonymously and now I copy it
>>save it and distribute it worldwide. I fail to see how any
>>encryption/watermark scheme can prevent me from doing so.

>The control technologies to which I referred earlier turn the lock/unlock
>idea into far more than a binary choice.  This is what I meant by 
>"persistence".  The content cannot be used without its accompanying
>control set (which again, *might* include payment).  Part of the control 
>set I may impose on anonymous viewers could include preventing them from
>copying or saving the content directly in digital form.

>This is counter-intuitive to those of us who are used to having cut/paste
> available at our fingertips in most applications, but its relatively
>trivial  to disable these functions on a file by file basis. 
>Alternatively, I might impose controls that permit anonymous users to see
>*only* lower reso-
>lution versions. (by analogy, if you're going to wear a ski mask into a 
>jewelry store, you aren't likely to be shown the expensive stuff - if
>they let you in the door in the first place).

Can't do it. :)

Once you have given me the keys to unlock and display the data I can save
it, copy it, reproduce it and distribut it. To assume otherwise shows a
lack of understanding of computer systems and moderen OS's. Sure I would
need to write some software and jump through some hoops to do it but there
is nothing that your system can do to prevent me from doing so. Now wether
it is worth the effort to do so will depend on the value of the data
involved. Once you have given me the ability to display the data you have
lost the battle as I can do whatever I want with it. 

As far as the anonymous purchaces, no a big deal. Wan Sin Soo pays the
full $$$ amount decrypts the data, copies it and send it too his buddies
in Bangledesh. Next week there is a million copies of your data floating
around the Far-East and Wan Sin Soo is nowhere to be found. The fact that
he bought it non-anonymously is of little relevance.

>If you were really determined, you could always take a photo of the 
>screen, re-scan it, do some image enhancement to get rid of the graini-
>ness, re-save it and post it on your web page for all to see, (the
>so-called digital-to-analog-to-digital work-around), but this is darned
>inconvenient.   Also, try doing that with music or movies.... while
>avoiding the roving  automated net 'bots that will be out looking for
>illegal copies of content  (these are already common).  Not worth it. 
>For most people.

digital-analog-digital is completly unnessasary.

>If it were, we'd already have massive illegal scanning operations in 
>third-world countries, and plenty of demand for their wares.  Sure, this
>exists, and may even grow a bit around the fringes, but this hardly 
>proves the case for a single vision of an anarchic Robin Hood future for
>all content (Sell today else I rip you off tomorrow!!)

There are. China, Russia, Eastern Europe, Far East. You have multi-million
dollar operations that all they do is pirate software, movies, music,
...ect. If the can make money pirating your data then the will do so.

>As a non-disclosed third party, I'm not at liberty to discuss the 'guts'
>of  either the Crytolope or Digibox technologies (though I have seen
>them) Both are covered, as you might imagine, by a fairly extensive array
>of  active and pending patents.  If you want to learn more, I'd recommend
> contacting them directly:

I have not looked at Digibox but I have looked at Crytolope and the
technology can be defeated. All these systems do is make it hard for Joe
SixPack running WinBlows 2000 to make a couple of copies for his freinds.
For anyone determined to pirate the data this is just a minor
inconvienance just like other such schemes in the past.

- -- 
- ---------------------------------------------------------------
William H. Geiger III  http://users.invweb.net/~whgiii
Geiger Consulting    Cooking With Warp 4.0

Author of E-Secure - PGP Front End for MR/2 Ice
PGP & MR/2 the only way for secure e-mail.
OS/2 PGP 2.6.3a at: http://users.invweb.net/~whgiii/pgpmr2.html                        
- ---------------------------------------------------------------

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: cp850
Comment: Registered_User_E-Secure_v1.1b1_ES000000

iQCVAwUBNGSJEY9Co1n+aLhhAQFOtQP/WlOYl/33Qeko3eFaBAWR6ajYcFoONYQ/
+vDLDgY55x3fVwoVumB62AjtUIXM+deHAruKjDw0rgLhzRhqilOndw/0D+FT8HV3
4W0rehoSG3s3T2hqkJq1vq29X+fQJ7LqE7nWTS0wWEZjBEMkPZyIv50/rRTSK+rB
/VIF1esIG3o=
=/qfm
-----END PGP SIGNATURE-----