Boing Boing: Cory's DRM talk to HP research

Wednesday, September 28, 2005

Cory's DRM talk to HP research

I've just come from giving a talk on DRM to HP's research group in Corvallis, Oregon -- a kind of sequel to last year's Microsoft DRM talk. The text of the talk is dedicated to the public domain, and live on the web.

* Privacy
In privacy scenarios, there is a sender, a receiver and an attacker. For example, you want to send your credit-card to an online store. An attacker wants to capture the number. Your security here concerns itself with protecting the integrity and secrecy of a message in transit. It makes no attempt to restrict the disposition of your credit-card number after it is received by the store.
* Use-restriction
In DRM use-restriction scenarios, there is only a sender and an attacker, *who is also the intended recipient of the message*. I transmit a song to you so that you can listen to it, but try to stop you from copying it. This requires that your terminal obey my commands, even when you want it to obey *your* commands.
Understood this way, use-restriction and privacy are antithetical. As is often the case in security, increasing the security on one axis weakens the security on another. A terminal that is capable of being remotely controlled by a third party who is adversarial to its owner is a terminal that is capable of betraying its owner's privacy in numerous ways without the owner's consent or knowledge. A terminal that can *never* be used to override its owner's wishes is by definition a terminal that is better at protecting its owner's privacy.

Link

posted by Cory Doctorow at 11:52:57 AM permalink | Other blogs' comments

suggest a link \| defeat censorware \| rss \| archives \| t-shirts \| digital emporium \| podcast feed \| mark \| cory \| david \| xeni \| john
Support Bloggers' Rights! HOWTO: Get a link posted to Boing Boing Boing Boing Mobile powered by Winksite Fark rules! This work is licensed under a Creative Commons License permitting non-commercial sharing with attribution. Boing Boing is a trademark of Happy Mutants LLC in the United States [and other countries]. Stats (About our stats) defeat censorware Policies Our first five years' worth of posts in one file	Wednesday, September 28, 2005 Cory's DRM talk to HP research I've just come from giving a talk on DRM to HP's research group in Corvallis, Oregon -- a kind of sequel to last year's Microsoft DRM talk. The text of the talk is dedicated to the public domain, and live on the web. * Privacy In privacy scenarios, there is a sender, a receiver and an attacker. For example, you want to send your credit-card to an online store. An attacker wants to capture the number. Your security here concerns itself with protecting the integrity and secrecy of a message in transit. It makes no attempt to restrict the disposition of your credit-card number after it is received by the store. * Use-restriction In DRM use-restriction scenarios, there is only a sender and an attacker, who is also the intended recipient of the message. I transmit a song to you so that you can listen to it, but try to stop you from copying it. This requires that your terminal obey my commands, even when you want it to obey your commands. Understood this way, use-restriction and privacy are antithetical. As is often the case in security, increasing the security on one axis weakens the security on another. A terminal that is capable of being remotely controlled by a third party who is adversarial to its owner is a terminal that is capable of betraying its owner's privacy in numerous ways without the owner's consent or knowledge. A terminal that can never be used to override its owner's wishes is by definition a terminal that is better at protecting its owner's privacy. Link posted by Cory Doctorow at 11:52:57 AM permalink \| Other blogs' comments Email this entry to: Your email address: Message (optional):	Boing Boing Sponsored by: Your Text Ad Here Get BB by email: