This was written for a possible book in around 1993/4. Written in Microsoft word, copied to HTML and salvaged by hand. ..Tim BL.
This section as was written to point out some of the issues in the social and political implications. This needs to be clarifiedwhether it is a thesis or a backgrounder. It also is in 1997 very out of date wrt both social and tech developments and the refinement of my views on the subjects. This one could of course gro to be a book in itself... but never mind. Anothe colour of the rainbow.
(back to security)
At the time of writing, crytography is not generally available. In fact networking is not generally available. If you want to find out what the situation is in a war-stricken country, you probably have to go there, or believe a reporter who has a satelite dish. However, we are getting used to living in the slice of the world in which neworking does exist and geography is starting to fade as a major factor in defining to shape of society. Suddenly we can have a conversation with someone without regard to where they are.
When crytography is generally available, we will be able to have a secret conversation with someone without regard to where they are. What's the problem?
One problem is that some, in particuar the forces of law and order, see private conversations as a threat to stability of society, and private conversations over the net as too much of a threat. Others see private conversation as a fundamental right, and see no reason to change that just because of networking. The clash between these points ofview was summarised in the "Spy vs Nerd" Issue (ref) of Wired.
The "spy" argument is that terrorists are currently caught by intercepting and monitoring their conversation. The bombing of the World Trade Center mentioned above was an example, but there are any others. The argument is that, without the ability of the security services to break the codes and read the messages of terrorists, it will be too easy for subversive groups to get together across borders and plan the downfall of society.
The "nerd" argument points to George Orlwell's "1984", seeing the Natonal Security Agency with Big Brother, and network monitoring with the camera in every room. It argues that without the basic right of the citizen to believe and discuss what he or she wants, that the democratic system breaks down and the people are left the at the mercy of despotic dictatorial tendencies in government.
Of course these two arguments are idependent: they do not contradict each other, and indeed they both voice valid worries. Each predicts our more or less happy society being overturned for different reasons. We have to think about each individually. If both worries seem real, we are in trouble, and have to think a whole lot more...
The "spy" argument is repulsed by the augment that privacy is a right, but that does not answer the underlying. The world is changing (quote Truman or whoever again as quoted in intellectual property rights paper) and so the consitutions and laws which have proved to work over the centuries don't necessarily hold. These laws have been based strongly on the two-dimensional world. Groups of people (typically of similar race) form nations, which are associated with particular land areas, countries. The whole system of government is devolvd into smaller and smaller geographical units. By securing a one dimensional border around its country, a nation could consider itself safe.
The multiplicity of natural languages is one facet of our earthly culture which has survived because languages have been associated with areas of land. All other aspects of our culture have spread and mingled according to the topology of the surface of our planet, just as have the species.
All this has changed. Already travel has mixed races and lnguages within countries, and air travel has distorted the gegraphy by introducing, between airports, wormholes in the continuum. Satelite TV breaks up langauge blocks which have remained intact for many centuries. Can we still say that fredom of speech and assembly, which we see as a valuable rules within the two dimensional world, will still hold when we change the axioms to a world in which there is no concept of distance?
We can't. Maybe in fact our society has depended on isolated groups developing in individual ways, limiting the spread of social rot which set in for example in Germany in 1939. We have in the word a richness of cultures which we can regard as an important resource, just as the diversity of plant life in a forest protects it against changes of climate and sudden fires and epidemics. Now we put all our people into one cutural pot, how do we know it will be stable? Our feeling that freedom of speech and freedom to associate are requirements of, and allow, a stable society is based not on common sense but on a set of values passed on to us by great thinkers and lawmakers, historians and teachers, and stems from a certain historical perspective. During that history, isolated groups have become oranized into totalitarian oppressive regimes, but at the end of the 20th century we are left with a cozy feeling that freedom in the end tends to prevail. That is, the democratic system has not only the properies of equality and liberty which we demand but also hs the property that, like a benign mold spreaading though the petri dish of the planet's surface, it can defend itself. This is no accident: just as our species has evolved in competetion with but in genetic isolation from other species, western society has been honed by constant competition. In fact, democracy seems finely tuned, and breaks when conditions change only slightly.
There are two types of danger that appear to me. The one is that in the relatively near future our society will be unstabl in its inability to protect itself from pathalogical minority elemnts. It might be that the net provides too easy a method of organizing terrorism or crime, or simply that minority pressure groups can use it to the extent that it is difficult for the average person to get a balanced view which will enable him or her to vote effectively. These are worries about the relatively short term. The NSA's worries seem to be in thi area. This problem could present itself quite rapidly, and in fact one might worry about the dangers already.
In the longer term worry is about the evolution of a society which is no longer divided into isolated cells. ( This applies to a web even without encryption.) When the global information infrastructure brings about the long dreamed-of global village, we are putting all our cultural eggs into one basket. If our society goes rotten, we all fall, and there is no neighbouring state with an alternative politics and economy to take over and though invasion, colonization or aid, rescue us from our mistake. This longer term worry is not of a sudden disaster, but of a creeping insidious malaise which overcomes us, and which our system provides us no method of escape. We've seen other regimes set up with the best intentions drive themselves into the ground, and it would be arrogant of us to assume we had a perfect recipe.
At the moment, the net is an alternative society. It has an altruistic tradition of freedom and anarchy, and an absense of country, which John Lennon imagined and the Internet pioneers established . But would one network "brotherhood of man", once established, allow itself for an further alternative society?
I would contend, then, that we don't know that society will be stable, that this a serious problem -- but that doesn't mean that banning crytography is going to help.
Consider a world in which cryptography is illegal, and supplying cryptographic tools is illegal. Is that imaginable? Is it imagineable that a mathematical algorithm should become illegal? That posssing an implementation of a well-known program should be illegal?
For one thing, its illegality woudld be difficult to enforce. It is not as though this facility is going to be complicated: we're talking about the sort of software module which installs itself from a floppy disk, inserts itself into your existing web and mail software through some existing flexibility point, and thereafter pretends to be an image converter for example, or some other harmless object. So in this world the criminal element which really wanted privacy would be able to get it. Once they have it, it won't be trivial to detect its use by spying on the net. A characteristic of encrypted material is that first glance, it appears to have he properties of random bit pattern. This is also true of compressed data -- so it may e easy to disguise an encrypted message as one using just annother form of comression.
Currently there is a law in China against the unregistered use of a modem. Licenses are expensive and as a result the authorities have a stranglehold on the use of digital media at all. As a modem is a piece of hardware, this is much easier to enforce than a ban on cryptography. If the Chinese phone switches were as powerful as western ones, it would also be easy to randomly tap and check for modem signals.
(An interesting common feature is that better and better compressing modems sound more and more like white noise, just as cryptography loos like random patterns. It is possible to disguise either as real nise, underneath a valid signal but we can assume when it comes to hadware that centrl agencies will have the edge on disruptive individuals if not on foreign sies. For software, it is not the case as the net nerd will collectibey put in more resources than a government may be able to muster!)
Can we imagine ethically that an algorithm should be made illegal? There is some precedent that we have already accepted the illegality of possessing an unauthorized decoder for for-pay satelite TV channels. Ignoring the practical problems of enforcement (which are enormous there too) society in general, if not the many people who have pirate decoders, has accepted that the possesion of the decoder is sufficiently indicative of an intent to break copyright law that it can be made illegal in its own right. We have also accepted that it can be illegal to posess a copy of a bit pattern if the pattern represents somting pornographic. We also in many countries rule it illegal to posses the means to recieve the unencoded TV signals impinging on one's house unless one has paid a licence fee to subsidize public television, on the basis that if you have a TV you will probably be using it to watch at least some public television, and that anyway there is no better way of charging. So the illegality of algorithms and bit patterns is nothing new.
However, in all these examples, it is a reasonable concusion that possesion of the means indicates an intention to perform the act. In the case of encrytion, however, the act is to have a private commuication. The thing we are trying to avoid is illegal private communcation: communication about insurrectionist or terrrist or other illegal activities, or communication which itslef is illegal. There are lots of examples of illegal activities which involve only information exchange, including for example, convyance of pornography, soliciting clients for prostitution, exchage of information involving insider dealing, illegal gambling, espoinage and various types of fraud, which could all be done over the network. But it is quite unreasonable to assume that the posession of the means to encryption indicates an intent to illegal communication. The vast majority of communication is legal. To ban the ecrypton is like banning paper bags in case they are used to conceal illegal drugs.
It is true that society does and must do ironic things to protect itself. Peace-loving nations go to war to protect their state of peace, and we put away certain individuals to allow the rest the right to roam freely. During a war, censors filter the letters of those who are defending free speech. But these are desperate measures, taken ony in extremis, when we admit that we have to sink below exactly those standards for which we fight for in order to preserve them.
To ban crytography is to sink below them permanently.
I don't want to go into details of the attempts at compromise offered by the "Clipper chip" proposed by the US goverment at the time of writing. Suffice to say that it rquires of the public an Orwellian suspension of distrust of goverment, and as a government-centered thing, it forces a system which cannot be said to scale either with the increasing size or number of countries using it.
As there is no obvious flaw in any of the above worries, we are left with the job of designing a scalable, stable society for a networked world. We could start from scratch, except that we know that attempts to design societies (such as communism) or operting systems (see Fred Brooks, The Mytical Man Month) from scrath solve a lot of problems but generally suffer from many of the faults which through many generations the previous systems had been refined to avoid. So our changes should be incremental, but we should question the assumptions of our current models.
It would be useful to look at the emerging web, to see to what extent the society has allowed the forming of clusters of interest. Are there groups of information representing minority ideas, or do the vast majority share much of their "hotlists" of cool web pages? Is the web becomming a medium for intellectual enqiry, or is turnig into another broadcast channel? We can measure this. For example, _____ [paper in www94 on DEC's gateway] found that caching all documents read by members of Digtal Equipment Corporation only reduced the number of requests to sources outside DEC by a third. One third of all requests were for documents not read by any other employee for the last cache period. These people were exploring on their own or involved in different areas of activity, rather than all watching the latest movie clips. [Footnote: The documet reading, ____ found, had a Zipf distribution]
So maybe that clustering will happen by itself, and we need not wory there. There may be other things which have to be established:-
-- what parts of the law can be left as ettiquette, enforced by the pressure of socity itself, and enforced merely by boycot and peer pressure, and what parts are essential and must be linked by law to puishmet in the real world? (axiomatic laws). This is social engineering, and as with other large scale engineering such as the web, we try to minimize the axiom set, to give us some cnfidence that our solution is more lasting than a collection of quick fixes, exceptions, and bylaws.
-- how enforcement can be done
An example of a small axiomatic law which might make all the difference one way or another is to make a negotiation system beteen those under trial and the pubic prosecutor such that the refusal to disclose encryption details to the authorities be an offence carrying a heavy penalty or, worse, as taken as an impication of guilt. I'm not advocating that particular scheme, I'm just giving an example of an axxiomatic principle. It violates the right to silence. (which amendment? 5th?)
In the last section, the aspects of security on the web pointed to serious conflict between the tenets of the current system, and the natural effects of applying networking technology, that is, removing the geography from our world.
Nowhere has the web's emergence caused such immedate debate about legal issues as in the area of intellectual property. In this section, I'll sumarize the problems, and pint out my personal views on how we can and cannot proceede. Again, this is from the point of view of novice to this area, but without detailed legal knowledge a few things stand out, one of which is that the copyright law as it is is hopeless as a basis for the future handling of intellectual property on the net. The arguments which have already been used to attempt to relate the provisions of the law to the conditions of the web are sufficiently contrived to demonstrate that the process of refining the interpretation of the law through litigation will no be able to bridge the gap from paper to net.
The intellectual property rights debate focusses motly round the copyright law. This part of the problem is addressed to answer the questions of ownership of information and the generation of revenue from information. Related to this but not identical are the rights, the "moral rights" of french law, which an author has over the disposition, use reuse and abuse of his or her work, which may be presented as being more fundamental to human expression than rights derived simply from economic models. For example, even though economically one has renounced all monetary restrictions on distribution of a work, one might require that it be distributed always in its entirety, or always preented or performed in a certain way.
This is connected with privacy rights, the right of the author to restrict to whom the work can be presented. A special case of this restriction occurs when a work is branded "unfit for children" or other content labels are applied to filter it. In this context, there are rights of censorship, rights to be protected against harmful material.
Even if we start from the requirements of copyright law, we see a whole slew of other laws rapidly become involved. One approach is that the web should allow society to rppresent any structures of systems which, in its evolution, it finds necessary. We then let the same systems operate more efficienlt at network speed, amd without regard to geography. We saw in the previous section that this simply doesn't work.
Another approach is to go back deeper the the law to ssolve the problem by reference to consitutional material, to some statements of principle.
Technology makes it very difficult to give some rights while restricting others. For eample, given the ability communicate, the ablity to associate in groups follows from the use of a mail expander. The ability to communicate anonymously follows from the use of an anonymity providing gateway. The ability to communicate in secret follws from the use of cryptography. The ability to deal commercially follws from the use of cryptography.
Suddenly, types of behaviour which had been easy to recognise, define and potenially control become facets of the software one is running. The existence of any communications medium at all of an sort opens the way to the whole network living environment. Dependng on how we design the underlying principles of the virtual world, it may or may not be possible for the user of a mchine full of software even to know what rights he or she is exerising, what laws he or she may be breaking.
Already web users cut and paste images from fancy documents without quite understanding where they have come from. For users to be able to act responsibly, the legal model must appear at the user interface. For the model to be consistent across the wide world, it must be representable by the system architecture. If it is to be enforceable, the same model must map across onto the law.
Engineers generally try to define mechanisms to implement without bulding policy into the systems. So it should be with the web. However, we see a need to design a model for the description of rights. The form that model takes will dictate not the law itself, nor the license conditions of any item, but by being a framework for describing the law, conditions, etc, may still impose our implicit assumtions upon the future world. So we must be careful.
We are interested in how people react with informtion: with their creation of it, as authors and prformers, by their perception of it as readers, liteners, spetators, or whatevr we come up with next. Secondarily we are interested in how people and their agents control the information, by sending, forwarding, declassifying, censoring, broadcasting it. However these secondary actions re valid only because they are defined in terms of the primary actions of creation and perception.
(The derivation of one work from another can be regarded as the perception of one work and the creation of a new one, but this does not fit into the model well as it does not allow the relationship between the two works to be represented. It is hard to model the extent of derivation)
Suppose we exclude from our model anything relating to the means by which the information is technologically in the process of linking the creation and perception functions. We couch the rights of creators as rights to constrain on the perception or processing of information. We define a language in which to describe those contraints.
A very natural model, and indeed an assumption into which we have already fallen by this line of reasoning, is that the rights to information originally accrue solely to the creator. In fact in law, readers too have rights, but these only apply after the work has been publshed. The law seems to be written as though, a priori, anyone has the right to do anything with informtion, and then for the sake of promoting quality information, a deal is struck between creator and peceiver that, in return for the creator being given rights in law, those rights are limited in such a way as to allow, for example, libraries and academic dicourse to be practical. So there is some concpet of covenant with the rest of the world which one enters into when publishing something. The use of this system used to be flagged by a copyright statement and the famous c in a circle. This was necessary when the system was invented because the concept of ownership of information was new. But now, in some countries the statement is no longer required. Ownership of information has become the reasonable default.
As it happens, the covenant implied in copyright law has been expressed in terms of making copies, which do not apply to the future. This alone has prompted us to consider revising it. But now we can go back further to the basic ownership of information.
I find it hard to imagine a system which is not based on the principle that the creator of information originally has total control over and ownership of the material. The creation of information, like for example the writing of an original message, stems so entirely from one's own person that, even though in fact our output may be quite naively derived from our previous input, and even though the originality of some work is questionable, when information is created autonomously by an individual without reliance on other parties, there is noone else to whom ownership could accrue, a priori.
Of course there are many cases in which indivduals sign away right to their work when they enter employment contract, for example, or publish it through a publishing house. There may be times when they implicitly are presumed to give away rights, such as when writing to newspaper. Let's talk about the transfer of rights later, but for now take as our underlying assumption that the creator of information originally owns it.
Looking at the other end of the information transfer,
we look at how we constrain readership ofdocuments
A license conveys a right to access information. It may be provided under the terms of an agreements which includes many other factors -- for example:
Clearly an infinite variety. It is the infinite variety of such combinations which makes it easier to have some acceptable defaults available. It is necessry for software which aquired rights to be able to understnd such concpets,but once the right has been acquired the license expressing it need not be concerned with them. Nor need the communication system be concerned with those concpets. This suggests that we treat them at a higher level, wheras the license conditions must be treated as a lower level, part of the infrastructure.
Why do we restrict access?
The restriction on the use of information is often but not only made in order to protect the commercial value. Restricting access under one license allows further revenue to be raised from the market not covred by that license. Indeed, the art of marketting information is that of packaging the set of possible interlocking licenses such that the market is covered and revenue is maximized.
Other reasons for restricting use are varied. Condifentiality is a big one, with all its reasons and circumstnces; censorship is another. Should we design a system which treats these needs quite independantly? If we did, we would very likeley find that we had compromised the clean design of the system.
Why do we restrict processing?
We cannot make do with a model which only controls access to r perception of information. We must also allow control on the ways informtion is reused. This is impossible to simply define,, because the ways in which information can be reprocessed are so many and so varied. We must include processing by coputer and by human; subsetting, interpretation, inspiration, distortion, and even falsificatio.
There is a commonly held feeling that author's right extend beyond the simple restriction of access. There is a right for the information to b perceied only in a suitable context, in which its intent will not be compromised. A company required that its logo only be used on authoried spaer parts. An artist requires that his work only be shown in natural light. A poet or a politician require that their words are quoted either in full or not at all. These are the moral rights of French law. They seem to be different, part of the content, even: not negotiatable or transferble. They have enough diversity to make machine representation difficult. Perhaps because they cannot ne trnsferred or traded w can get by without addressing them for now.
Machine handling of rights
A test case we use as a thought experiment is that of an intermediate node N on the system which, having a copy of a document made by A and already transfered to B and now requested by C. We would like the distribution conditions imposed by A to be written in such a general way that N can decide from them whether the doument should or may be sent directly to C.
[pic]
The language we define for describing license terms, to be complete, should also have some concept of security level. We might say "suitable for those over the age of 16" and expect the level of scurity associated with cigarette sales. We might say "for the eyes of the President and the Special Task Force only" and expect the readers membership of the group to be verified at a higher level. So it would be useful to have an algebra for metastatements such as
"The reader is a member of the STFIS" according to the STFIS authentication service with very high confidence level.
So already we have a language powerful enough to make paradoxes in, and powerful enough to bore the human reader. We are, after all, proposing that the small print on the back of the floppy disc cover and some of the law behindd it be replaced with a mathematical function: we should not expect it to be very simple.
We do, however, need a certain simplicity. We need to be able to perform opertions on it. Suppose I have an non-exclusive but transferable family license for a couple of hours of video. This is what I effectively get when I buy a video from a store, but suppose we ignore the physical medium for now. I want to be able to lend my videos to a friend while I am vacation. I make up a derived transfered license for a given time slice. If there is a time clause in the original license I have to be able to find it and split it into two. So I don't want to find that the expression is so convoluted that it can't be subdivided simply.
So a license at the moment is looking something like the "Access Control List" used by some file systems to define access to files.
The transfer of rights
One thing is to allow someone licensed used of information. Another things is to allow them recursively to sub-license or to completely transfer the right. A transferable ight is interesting in that the right behaves like a token, or an article of value, and so can be treated as property.
How does a transferble right arise? A rght is transferble only by declaration: in principle, the oner of the information could declare the sam right to be transferable or not. Current law makes ownership of a sound recording a transferable right, by the so-called first sale doctrine. This tells us that the information owner has the right to make a copy, and has the right to sell a copy, but from that point on, the copy, and the right to listen to it which go along with that copy, behave like ownable objects. Whilst there is nothing in our model to prevent us from @@@@@@
Ownership of objects has to be transferable because our system needs at any time to be able to define an owner for any object. Even if the object becomes "public" property, some body has to take responsbility for it on behalf of the public. Informtion is different: if it beomes public property, it can be left to be archived or not, to cease to exist if there is no interest in it. When ownership of information was attached so closeley to the ownership of the recording object - disk, tape or whatever - it was reasonable for it to be treated in the same way as that object. In the networked age, a transferable right becomes a marketting option. Nevertheless, it is an important concept and often attractive, as it turns the lost expense of a license in principle into a capital investment.
Digital transferable rights
Modeling transferable objects on the network has the intrinsic difficulty that because any digital form of title is copiable, one has to be able if necessary to trace back to some authority which records the current ownership of each digital object. This is the same problem of cousrse as the digital money problem. An independent unique autonomous digital token, like a digital gold nugget, cannot exist. What can exist are numbered articles of transfer, such as dollar bills, checks and IOUs but they are only safe against duplication if they are eventually tallied with the issuing, numbering authority. So it is with transferable rights.
The digital transfer of ownership
Transferable rights, cash, and the title to physical property are then equivalent problems when it comes to digital transfer. Ownership can only be proved either be recourse to a definitive registry. Even if one can show a sequence of signed transfer deeds starting from the originator and terminating with the alledged owner, one can never prove that that owner has not in turn sold whatever it is.
There are many things which would become easier if there were som form of token ownership. In fact, once one has any system of token ownership, everything else can be hung from it. If the only such tokens were dollar bills, one could in a public signed statement declare that ownership of a given house, for example, was represnted by a dollar bill of given number. (if you do this for your house, make sure it is a bill you have@@@@