Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Effect of Anti-Circumvention Provisions on Security Jon Callas & Bruce Schneier.

Published byAndra Marsh Modified over 9 years ago

Similar presentations

Presentation on theme: "The Effect of Anti-Circumvention Provisions on Security Jon Callas & Bruce Schneier."— Presentation transcript:

1 The Effect of Anti-Circumvention Provisions on Security Jon Callas & Bruce Schneier

2 The Effect of Anti-Circumvention Provisions on Security Jon Callas & Bruce Schneier

3 Introduction The Digital Millennium Copyright Act (DMCA) Anti-Circumvention Exception Provisions and Defenses These exceptions still leave a large problem

4 Models of Security Design Two basic models –The “Closed” Model –The “Open” Model

5 “Closed” Security Design The traditional way to do security Design done in a closed group Often has external review Reputable people claim it is the only way to get good security

6 “Closed” Security Design Advantages –No Committee-itis –It’s harder to break a closed design –Targeted designs –Security through obscurity

7 “Closed” Security Design Disadvantages –Team blindness –It’s easier to yield to temptation –Easier to design the wrong thing –Security through obscurity

8 “Open” Security Design The newer way to do security, perhaps 30 years old Design done in public journals, mailing lists, or simply through available specs and designs Actually a principle of minimal secrets

9 “Open” Security Design Advantages –More eyes find problems faster –There are fewer surprises

10 “Open” Security Design Disadvantages –Some problems can’t be solved without obscurity –How do you keep openness from being design-by-committee –You have fewer advantages over your opponent

11 “Open” Security Design Open design is not open source Historically, all OSes were open-design Source-available, listing available, etc. are other options.

12 It’s Not Either/Or Mixing open and closed elements of a design can give you better security than either alone. Open designs give armor Closed designs give camouflage

13 Modern Civilian Cryptology Perhaps the greatest success of open design Question: Can secure systems be built if only keys are secret? Answer: Yes.

14 Protecting Intellectual Property Protecting IP with technology is hard It may be impossible –An irony here is that the cryptographers are the ones who are unhappy, the customers seem to like it just fine. If it’s impossible, then legal protections are the only available

15 Backing up -- How Did We Get Here? IP exists to benefit society The goal of IP laws is that societal benefit It’s understandable that IP owners want more protection It’s understandable that “society” is skeptical of their desires and claims

16 IP Threats “Digital technology is the universal solvent of intellectual property rights” –Tom Parmenter Digital copies are easy to make and easy to distribute, bandwidth willing How do the artists get paid? –technological fixes don’t exist, and aren’t proven

17 IP Skepticism IP owners have a history of wanting much, giving little, and being benefited by changes they claimed would crush them. –Videotapes –Audio Recordings –Clone computer peripherals –Parodies

18 Anti-Circumvention The DMCA makes it a felony to circumvent “a technological measure that effectively controls access to a work protected under this title” Note that this does not affect things that can’t be copyrighted Penalties include fines and prison

19 Anti-Circumvention Exceptions Encryption Research Computer Repair Reverse-engineering Security Testing

20 So What’s the Problem? Exemptions are defenses, not limitations –You can still end up in court Exemptions are torturous –They require notification, asking permission, etc.

21 The Larger Issue An imbalance between the rights and and responsibilities of makers and breakers –There penalties for bad research –There is protection for bad security A lack of definition –“Effective” is never defined

22 Does This Protect Snake-Oil? Case in point: the DVD break –Reverse-Engineered by a minor –Cryptanalytic break of 18 mins compute time Why is this “effective”? –Sure, kids are smart –If it can be broken by a minor, it’s not effective

23 One Possible Fix Liabilities for bad security –Punish creating systems that can be broken –Damages are probably enough –Few of us really want this, though

24 The Larger Issue Making and breaking is a dance If breaking is punished, makers are lax If breaking is punished there is no incentive for quality

25 Gresham’s Law of Security? There are advantages for a customer to use the least effective security –The real crooks may break the strong stuff –The weak stuff is cheaper –Extra opportunities for policing –More cases means more publicity

26 Fixing the Problem It’s actually easy –Tie circumvention to infringement –Circumventing and infringing is an aggravated form of infringement –Leave the research alone This restores the balance –Permits IP holders to have extra penalties –Creates an incentive for good security

27 Questions?

28

Download ppt "The Effect of Anti-Circumvention Provisions on Security Jon Callas & Bruce Schneier."

Similar presentations

The impact of IT Around the world By Eddie Cole. The positive social impacts of IT Social networking sites are huge now, bringing in hundreds of millions.

The impact of IT Around the world By Eddie Cole. The positive social impacts of IT Social networking sites are huge now, bringing in hundreds of millions.
Do the anti-circumvention provisions of the Digital Millennium Copyright (DMCA) Act further or harm public interests?

Do the anti-circumvention provisions of the Digital Millennium Copyright (DMCA) Act further or harm public interests?
The Digital Millennium Copyright Act Questions and Critical Observations Max Vilimpoc Washington Internship for Students of Engineering.

The Digital Millennium Copyright Act Questions and Critical Observations Max Vilimpoc Washington Internship for Students of Engineering.
Introduction to Copyright Principles © 2005 Patricia L. Bellia. May be reproduced, distributed or adapted for educational purposes only.

Introduction to Copyright Principles © 2005 Patricia L. Bellia. May be reproduced, distributed or adapted for educational purposes only.
Privacy No matter how exemplary your life is, there are things you want to keep to yourself © 2004, Lawrence Snyder.

Privacy No matter how exemplary your life is, there are things you want to keep to yourself © 2004, Lawrence Snyder.
The Anti-Piracy Campaign: The Drag Behind Their Efforts Jamal Haskin.

The Anti-Piracy Campaign: The Drag Behind Their Efforts Jamal Haskin.
U.S criminal law’s reinforcement of technological measures protecting property: where the DMCA fits in Elliot N. Turrini Assistant U.S. Attorney Computer.

U.S criminal law’s reinforcement of technological measures protecting property: where the DMCA fits in Elliot N. Turrini Assistant U.S. Attorney Computer.
CPSC156a: The Internet Co-Evolution of Technology and Society Lecture 12: October 21, 2003 Copyright Law, continued: the DMCA.

CPSC156a: The Internet Co-Evolution of Technology and Society Lecture 12: October 21, 2003 Copyright Law, continued: the DMCA.
Intellectual Property Boston College Law School February 4, 2009 Copyright – Indirect, Digital Issues.

Intellectual Property Boston College Law School February 4, 2009 Copyright – Indirect, Digital Issues.
Intellectual Property Boston College Law School February 1, 2008 Copyright – Digital Issues.

Intellectual Property Boston College Law School February 1, 2008 Copyright – Digital Issues.
Intellectual Property Boston College Law School February 1, 2007 Copyright – Digital Issues.

Intellectual Property Boston College Law School February 1, 2007 Copyright – Digital Issues.
Copyright Law Boston College Law School March 13, 2003 Rights - Digital Rights.

Copyright Law Boston College Law School March 13, 2003 Rights - Digital Rights.
Copyright Myths. If it doesn't have a copyright notice, it's not copyrighted. This was true in the past, but today almost all major nations follow the.

Copyright Myths. "If it doesn't have a copyright notice, it's not copyrighted." This was true in the past, but today almost all major nations follow the.
The Digital Millennium Copyright Act (DMCA) Claire Stewart MM450 February 14, 2006.

The Digital Millennium Copyright Act (DMCA) Claire Stewart MM450 February 14, 2006.
Ed Felton v. RIAA Fredrik Lundberg Matt Gong Sung Noh.

Ed Felton v. RIAA Fredrik Lundberg Matt Gong Sung Noh.
COPYRIGHT AND FAIR USE WITH DIGITAL PHOTOS By: Melissa Snell ITEC 7445.

COPYRIGHT AND FAIR USE WITH DIGITAL PHOTOS By: Melissa Snell ITEC 7445.
WHAT IS COPYRIGHT ?? BY KATIE LEE.  When you write a story or draw a drawing you automatically own the copyright to it. Copyright is a form of protection.

WHAT IS COPYRIGHT ?? BY KATIE LEE.  When you write a story or draw a drawing you automatically own the copyright to it. Copyright is a form of protection.
“Criminal Justice System” Training Session 21 Nov 2014.

“Criminal Justice System” Training Session 21 Nov 2014.
What is copyright? the exclusive legal right, given to an originator or an assignee to print, publish, perform, film, or record literary, artistic, or.

What is copyright? the exclusive legal right, given to an originator or an assignee to print, publish, perform, film, or record literary, artistic, or.
Cornell Institute for Digital Collections 1 Copyright and Distributed Learning Peter B. Hirtle Director Cornell Institute for Digital Collections

Cornell Institute for Digital Collections 1 Copyright and Distributed Learning Peter B. Hirtle Director Cornell Institute for Digital Collections

Similar presentations

Ads by Google