LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 24, 2012

A uTouch architecture introduction

LWN.net Weekly Edition for May 17, 2012

Tasting the Ice Cream Sandwich

Highlights from the PostgreSQL 9.2 beta

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Security model

Security model

Posted May 3, 2007 8:45 UTC (Thu) by job (subscriber, #670)
In reply to: Security model by bojan
Parent article: EFF: 09 f9: A Legal Primer

Not at all. It's just us (the geekier types) who sees this as a technical problem. It is not. It is a economical and juridical problem.

As you can see, it's a solved problem in the US. They don't care about a skilled attacker, they care about the mass market, and they have taken their part in creating laws that enables them to sue the crap out of anybody who even dares to mention that key (or any other "circumvention device" for that matter).

It's almost a solved problem for them in the EU as well. We've got Infosoc and soon IPRED2. It's no secret that huge financial US interests pushed these laws on us, and it's hard to resist them. I don't know much about Asian politics but I suspect they may be even easier to convince using the existing free trade agreements etc.

Then the problem of making bits selectively uncopyable is completely solved, for all practical purposes.

(Log in to post comments)

Security model

Posted May 3, 2007 22:17 UTC (Thu) by man_ls (subscriber, #15091) [Link]

You have nailed it. There is only the small matter of keeping the mass market in the dark when all it takes is a few web searches. Even worse, when they have to raise the level of censorship this much for their goals to come true.

You know, banning some "malicious" DeCSS code might seem to be OK, but censoring a magical number from appearing on a bulletin board (and potentially crippling some devices in the process) starts to look positively creepy.

Security model

Posted May 4, 2007 14:09 UTC (Fri) by Nelson (subscriber, #21712) [Link]

Is the "censoring" part creepy? Or is the suggestion that it's just some random number creepy?

It's kind of like thinking of some proprietary source code as "just some random bytes" and they have no reason to sue anybody for posting it on the web. I understand that it's a number but what fuels the drive to post it? Technologically, we know, AACS can be broken, it's just a matter of time and effort and most of us knew that long before they shipped anything, what's the goal of posting actual keys?

What if instead of just foreclosing on you when you don't pay your mortgage, they posted your social security number ("just some random number..") and various credit card numbers and particulars on the web? So that other lenders and the whole world really know who you are and don't make the same mistake or for some other lame reason. Or when a major corporation as a security breach, maybe they should post all of the SSNs and credit card numbers that they believe were stolen so we can all check to see if our information was compromised, that's just good journalism, isn't it?

Security model

Posted May 4, 2007 18:12 UTC (Fri) by man_ls (subscriber, #15091) [Link]

The censoring is the creepy part, of course. That it is not only the owners who must keep their secrets, but we must keep them too. That people have to shut up so that a few can make a profit, what else?

This stuff is not like posting private data or proprietary code. With code the CSS consortium could give the impression that it was some evil code, even if they didn't fool anyone with a clue. This incident shows that any random sequence of letters can literally be made into a dangerous "circumvention device" and kept secret. Then they will close the dangerous "hacker" sites and then anyone with a clue will have to shut up if they accidentally step on a dirty little secret. Personally I find that creepy.

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds