faustus@ic.Berkeley.EDU (Wayne A. Christopher) (11/27/88)
I've seen discussion on the topic of copyrights as they apply to digital information in a few places, and I'd like to know what newsgroup is most appropriate for this sort of topic. In particular, I'm interested in what people think about how copyright laws must be modified to accomodate such things as software and digital images, and how to enforce such laws. Clearly, the current laws don't apply very well, and enforcement techniques such as copy-protection on disks are becoming increasingly ineffective. How about discussions of using public-key cryptography for identification? Why hasn't this become more widespread? Is there really not that much of a need for reliable authentication? Wayne
bzs@PINOCCHIO.BERKELEY.EDU (Barry Shein) (11/27/88)
From: agate!pasteur!ic.Berkeley.EDU!faustus@ucbvax.Berkeley.EDU (Wayne A. Christopher) >I've seen discussion on the topic of copyrights as they apply to digital >information in a few places, and I'd like to know what newsgroup is most >appropriate for this sort of topic. In particular, I'm interested in what >people think about how copyright laws must be modified to accomodate such >things as software and digital images, and how to enforce such laws. >Clearly, the current laws don't apply very well, and enforcement techniques >such as copy-protection on disks are becoming increasingly ineffective. USENET has a misc.legal list but if you're interested in speculative changes in the copyright law to better support a digital inforamation society I think you're on the right list already (INFO-FUTURES.) The problem with legal issues, of course, is that people generally don't understand them although they often have strong opinions anyhow, usually representing what they wished the law said to better fit their own moral sense. That said (ahem!) I wonder if there *are* any folks on this list with real legal training who might step forward as referees in such a discussion and we'd all agree voluntarily to seriously consider their referee'ing? If you like send me private e-mail and I'd be glad to introduce you (it's so embarrassing to introduce oneself :-) The idea of designated guest referees seems provocative, no? >How about discussions of using public-key cryptography for identification? >Why hasn't this become more widespread? Is there really not that much of >a need for reliable authentication? Reliable authentication has certainly become a major issue of late with this latest Internet "worm" and other similar problems. There is a system from MIT's Project Athena called Kerebros which does this and is publicly available. Authentication is, of course, only part of the story. As we all (should) know data passes on networks right now in the clear so anyone with the ability to eavesdrop can own the store. The current issue seems to be the performance trade-off of encrypting every packet (and the administrative issues of managing the encryption strategy.) Let's try some quick numbers: Assume a desired host-to-host throughput rate of 100KBytes/second and a 512 byte packet (although hosts are capable of transferring more quickly right now the limitations of their target devices such as disks or screens tends to throttle things.) That's 200 packets per second or 5 milliseconds to encrypt and anything else you need to do, let's say 3 ms to encrypt. On a 2 MIPS workstation that's time for about 6,000 machine instructions. Assuming you can encrypt four bytes (one 32 bit word) at a time and loop 128 (512/4) times to encrypt, the loop has to be somewhat less than 50 machine instructions long, including loop and pointer overhead, to keep up. Anyone know a good encryption algorithm that can be implemented in less than 50 machine instructions? The only one I know of uses a large table of random values copied at each site which are kept in sync, each word is (eg) XOR'd with the next random value. That's only low security (although a lot more secure than cleartext) and of course the tables getting out of sync is a definite problem as well as guaranteeing the security of the tables. I know, buy a faster machine :-) The fastest *software* DES implementation I know of runs significantly less than 100 encrypted words/second on a 2 MIPS machine, more than 2 orders of magnitude too slowly for packet encryption in real time. There are chip implementations of DES etc which might help although I'm not sure how well suited they are to general public key methods (perhaps someone else knows more and can even talk about it) or if they're that much faster. -Barry Shein, ||Encore||
sac@well.UUCP (Steve Cisler) (11/28/88)
One problem with copyright is that technological changes are coming at a faster pace than legal changes. Even if there were a court system devoted to these issues, I don't think you could streamline the process. As Barry said, there are a lot of people with strong opinions about these matters. Without (or even with) legal rules most of them will go their own way. I tend to think that there will continue to be a relative disregard for intellectual property laws (unless there is a powerful deterrent such as peer pressure or legal pressure to comply). Let's talk about a few of the problems. I have one specific case that does not bode well. I have to talk in generalities because I don't have permission to give out the details: A electronic publishing firm placed a set of CD-ROMs in a number of academic libraries. They contained the images of pages from dozens of business journals. There was a text disc with the indexes pointing to the correct article image and a laser printer for the student to print out the article. The print publishers did not want the ascii on disc because it would be too easy to manipulate. They insisted on the images of the pages, ads and all, be on the discs (about 24 of them). Each time the journal was accessed, it logged it in a file for the vendor. Though this was a beta test and the students and faculty liked it, the librarians all said they would not buy the service. Why? partly because it did not take into account 'Fair use" of printed materials. I think this experiment was very significant as was the impasse between the publishers and the librarians. My point is that 'progress' in electronic publishing will be slow. How can information continue to flow as fast at the technology allows but still give a fair return to the creators/owners. Steve Cisler Connect: Libraries & Telecommunications Box 992 Cupertino, CA 95014
faustus@ic.Berkeley.EDU (Wayne A. Christopher) (12/01/88)
Somebody mentioned a case where a journal publisher wouldn't provide the ascii form of their articles. Has anybody had any experience with IEEE or ACM on this issue? They say "permission is granted to make a few copies, not for profit", but would they allow the ascii versions of the articles to be posted to the net? What if the author wanted to post it? Do the groups hold the sole copyright? It seems that since these are non-profit organizations, they shouldn't mind, but maybe this sort of thing would eventually reduce their paper circulation enough that they would have to raise rates. Wayne
doug@isishq.FIDONET.ORG (Doug Thompson) (12/02/88)
BS>From: bzs@PINOCCHIO.BERKELEY.EDU (Barry Shein) >>I've seen discussion on the topic of copyrights as they apply to >>digital information in a few places, and I'd like to know what >>newsgroup is most appropriate for this sort of topic. In >>particular, I'm interested in what people think about how >>copyright laws must be modified to accomodate such things as >>software and digital images, and how to enforce such laws. >>Clearly, the current laws don't apply very well, and enforcement >>techniques such as copy-protection on disks are becoming >>increasingly ineffective. >USENET has a misc.legal list but if you're interested in speculative >changes in the copyright law to better support a digital inforamation >society I think you're on the right list already (INFO-FUTURES.) >The problem with legal issues, of course, is that people >generally don't understand them although they often have strong >opinions anyhow, usually representing what they wished the law >said to better fit their own moral sense. >That said (ahem!) I wonder if there *are* any folks on this list >with real legal training who might step forward as referees in >such a discussion and we'd all agree voluntarily to seriously >consider their referee'ing? If you like send me private e-mail >and I'd be glad to introduce you (it's so embarrassing to >introduce oneself :-) Methinks the copyright problem centres on the problem of control. Large scale paper reproduction and sale is easy to identify and control. Computers ruin that. Copyright is no longer enforcable. Expressed somewhat differently, the computer has caused the intrinisc value of a "copy" to change. No longer is the physical and matieral tangible object the item which contains value. Rather the value is in the information, whose tangible physical form has been transformed by the computer from a kilogram of paper to so many bytes of disk space. You can control kilograms of paper, but bytes moving at the speed of light are more problematic. The first rule of politics is, never make a law you cannot enforce. Copyright has been rendered unenforcable by the computer. It follows that our concept of copyright will have to change. =Doug -- Doug Thompson - via FidoNet node 1:221/162 UUCP: ...!watmath!isishq!doug Internet: doug@isishq.FIDONET.ORG
doug@isishq.FIDONET.ORG (Doug Thompson) (12/02/88)
WAC>From: faustus@ic.Berkeley.EDU (Wayne A. Christopher) >How about discussions of using public-key cryptography for >identificati on? Why hasn't this become more widespread? Is there >really not that much of a need for reliable authentication? The newsgroup sci.crypt has carried on some useful discussion. The software is pretty straightforward. I wrote a pretty straightforward implementation some months ago. I dropped the project when some good friends in several countries assured me in very emphatic tones that the security and intelligence authorities in the USA would take extreme interest in my work. I have no way to evaluate the merits of those concerns. Suffice to to say that good software exists, the technique is exceedingly simple, and the lack of implementation does lead one to scratch one's head. There seems to be, especially in the USA, a profound fear that even mentioning the topic, let alone implementing PKE techniques will result in unpleasant correspondence with Big Brother. As I said, I have no way of appraising the validity of the concerns expressed. I sometimes wonder why I dropped my own PKE project. Am I chicken-shit or am I just too busy with other things?? Again, I'm really not well enough informed to make that judgement call. Or am I just chicken-shit?? Hard to say . . . . =Doug -- Doug Thompson - via FidoNet node 1:221/162 UUCP: ...!watmath!isishq!doug Internet: doug@isishq.FIDONET.ORG
sac@well.UUCP (Steve Cisler) (12/05/88)
>IEEE and ACM republishing rights:
I know that Carnegie Mellon's Project Mercury (big Electronic Library)
will include online versions of pubs from the aforementioned organizations.