The Effect of Anti-Circumvention Provisions on Security

Jon Callas & Bruce Schneier

The Effect of Anti-Circumvention Provisions on Security

Jon Callas & Bruce Schneier

Introduction

• The Digital Millennium Copyright Act (DMCA)

• Anti-Circumvention

• Exception Provisions and Defenses

• These exceptions still leave a large problem

Models of Security Design

• Two basic models– The “Closed” Model– The “Open” Model

“Closed” Security Design

• The traditional way to do security

• Design done in a closed group

• Often has external review

• Reputable people claim it is the only way to get good security

“Closed” Security Design

• Advantages– No Committee-itis– It’s harder to break a closed design– Targeted designs– Security through obscurity

“Closed” Security Design

• Disadvantages– Team blindness– It’s easier to yield to temptation– Easier to design the wrong thing– Security through obscurity

“Open” Security Design

• The newer way to do security, perhaps 30 years old

• Design done in public journals, mailing lists, or simply through available specs and designs

• Actually a principle of minimal secrets

“Open” Security Design

• Advantages– More eyes find problems faster– There are fewer surprises

“Open” Security Design

• Disadvantages– Some problems can’t be solved without

obscurity– How do you keep openness from being

design-by-committee– You have fewer advantages over your

opponent

“Open” Security Design

• Open design is not open source

• Historically, all OSes were open-design

• Source-available, listing available, etc. are other options.

It’s Not Either/Or

• Mixing open and closed elements of a design can give you better security than either alone.

• Open designs give armor

• Closed designs give camouflage

Modern Civilian Cryptology

• Perhaps the greatest success of open design

• Question: Can secure systems be built if only keys are secret?

• Answer: Yes.

Protecting Intellectual Property

• Protecting IP with technology is hard

• It may be impossible– An irony here is that the cryptographers

are the ones who are unhappy, the customers seem to like it just fine.

• If it’s impossible, then legal protections are the only available

Backing up -- How Did We Get Here?

• IP exists to benefit society

• The goal of IP laws is that societal benefit

• It’s understandable that IP owners want more protection

• It’s understandable that “society” is skeptical of their desires and claims

IP Threats

• “Digital technology is the universal solvent of intellectual property rights”– Tom Parmenter

• Digital copies are easy to make and easy to distribute, bandwidth willing

• How do the artists get paid?– technological fixes don’t exist, and aren’t

proven

IP Skepticism

• IP owners have a history of wanting much, giving little, and being benefited by changes they claimed would crush them.– Videotapes– Audio Recordings– Clone computer peripherals– Parodies

Anti-Circumvention

• The DMCA makes it a felony to circumvent “a technological measure that effectively controls access to a work protected under this title”

• Note that this does not affect things that can’t be copyrighted

• Penalties include fines and prison

Anti-Circumvention Exceptions

• Encryption Research

• Computer Repair

• Reverse-engineering

• Security Testing

So What’s the Problem?

• Exemptions are defenses, not limitations– You can still end up in court

• Exemptions are torturous– They require notification, asking

permission, etc.

The Larger Issue

• An imbalance between the rights and and responsibilities of makers and breakers– There penalties for bad research– There is protection for bad security

• A lack of definition– “Effective” is never defined

Does This Protect Snake-Oil?

• Case in point: the DVD break– Reverse-Engineered by a minor– Cryptanalytic break of 18 mins compute

time

• Why is this “effective”?– Sure, kids are smart– If it can be broken by a minor, it’s not

effective

One Possible Fix

• Liabilities for bad security– Punish creating systems that can be

broken– Damages are probably enough– Few of us really want this, though

The Larger Issue

• Making and breaking is a dance

• If breaking is punished, makers are lax

• If breaking is punished there is no incentive for quality

Gresham’s Law of Security?

• There are advantages for a customer to use the least effective security– The real crooks may break the strong stuff– The weak stuff is cheaper– Extra opportunities for policing– More cases means more publicity

Fixing the Problem

• It’s actually easy– Tie circumvention to infringement– Circumventing and infringing is an

aggravated form of infringement– Leave the research alone

• This restores the balance– Permits IP holders to have extra penalties– Creates an incentive for good security

Questions?