Computer underground Digest    Sun  Oct 26, 1997   Volume 9 : Issue 77
                           ISSN  1004-042X

       Editor: Jim Thomas (cudigest@sun.soci.niu.edu)
       News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu)
       Archivist: Brendan Kehoe
       Shadow Master: Stanton McCandlish
       Shadow-Archivists: Dan Carosone / Paul Southworth
                          Ralph Sims / Jyrki Kuoppala
                          Ian Dickinson
       Field Agent Extraordinaire:   David Smith
       Cu Digest Homepage: http://www.soci.niu.edu/~cudigest

CONTENTS, #9.77 (Sun, Oct 26, 1997)

File 1--Telerights II - Current Digital Copyright Controversy
File 2--Cu Digest Header Info (unchanged since 7 May, 1997)

CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION APPEARS IN
THE CONCLUDING FILE AT THE END OF EACH ISSUE.

---------------------------------------------------------------------

Date: Sun, 26 Oct 1997 13:46:48 -0600 (CST)
From: Wade Riddick <riddick@MAIL.LA.UTEXAS.EDU>
Subject: File 1--Telerights II - Current Digital Copyright Controversy

                Open Letter to Chairman Tauzin Concerning
                the Current Digital Copyright Controversy

                        (c) 1997 By Wade Riddick
                           All rights reserved
                   Circulate freely without alteration


     The following is an edited version of an open letter sent to
House Telecommunications Subcommittee Chairman Billy Tauzin
(R-Houma, LA) calling for legislative action (and in some
instances, inaction).
     It is an overview of market forces involved in the current
digital copyright debate and an analysis of the broad
evolutionary changes occurring in technology.  Because of
its general nature, more advanced readers will no doubt
find some technical inconsistencies and omissions.
     I make it available to encourage you to support Chairman
Tauzin and others in Congress in their effort to forge a
compromise between the conflicting interests involved.  This is
not easy work and our representatives deserve our
assistance and sympathy in this matter.

     Wade Riddick
     Department of Government
     University of Texas-Austin
     RIDDICK@JEEVES.LA.UTEXAS.EDU

----------------------------------------------------------
--

The Honorable Billy Tauzin
2183 Rayburn House Office Building
Washington, DC 20515
(o)202-225-4031


Dear Chairman Tauzin,
10/23/97

    My name is Wade Riddick.  I am in graduate school studying
political
science at the University of Texas, with a particular focus on
technology and economic regulation.
    As a fellow Louisiana citizen, I have for some time followed
your work on HDTV, data privacy and encryptionA0issues
with keen interest, most recently with respect to H.R.
2368.  You are one of the few members of Congress witha
deep understanding of the concerns involved and the balance that
must be struck between public and private interests to make
the digital economy work.
    I am writing to bring to your attention the important way in
which these issues intersect with respect to digital
copyrights and the opportunity this provides you.  As you
know, the Internet Service Provider (ISP) liability

problem has recently flared up again on Capitol Hill, which is
disappointing.  There is a fairly simple method for
creating strong digital property rights

which will benefit both authors and consumers-namely through the
use of public key encryption-and yet, for several years
now, the industry has been at loggerheads over whether and
how to do this.  I believe Congress can provide the
leadership to unite these diverse and often opposing viewpoints.
    A little over a year ago, I proposed just such a solution that
would

favor most parties in this debate (_BYTE Magazine_, Feb. '96).  My
work is by no means unique and in the following year
several companies including powerhouses like Xerox and IBM
have moved forward in marketing various components of this
digital copyright enforcement model.
    However, these commercial solutions have tended to be closed,
proprietary in design and niche oriented.  Their
development has also tended to exclude

players outside the computer industry, where lies much of the
impetus for

making harmful revisions to the copyright law.  Because no uniform
standards exist, companies have been reluctant to invest
in these systems and use them to sell their most valuable
forms of property.
    It is no surprise given the relative youth of the computer
industry that it lacks the political experience necessary
to forge a broad consensus and lay the foundations for
the public infrastructureA0necessary to address these

digital concerns.  Bold (and incorrect) statements like
'information wants to be free' frequently leave copyright
holders ill at ease and casting about for ways to
strengthen their rights.
    Congress, however, is in a position to bring these opposing
sides together, reduce the anxiety surrounding such solutions
and create a level

playing field of benefit to the greater economy.

    If I may, I would like to briefly outline how such a copyright
system

would function, how it would benefit the currently squabbling
interest groups, what kind of opposition it might
encounter and why Congress should get involved in brokering a
settlement.
    My personal position on digital IP reform is quite simple; I
do not have one.  I believe it is first necessary to
enforce current property rights before we can address their
inadequacies.  The existing copyright code provides adequate
*legal* protection for authors and gives them the ability
to seek restitution for their work.  What is lacking
electronically is a *practical* means of enforcing these
rights which makes it easy for consumers to comply with
the law.
    My research goal has been to discover and then advocate such
methods in the hopes that we can return to more of an
open market in intellectual property.  I believe that if
someone buys a book in hardback, they ought tobe able to
buy, 'own' and resell its digital 'copy' in exactly the same
fashion they can with the physical document.  Decisions
like 'renting' software are

most efficiently left to free enterprise and not mandated in the
law.  Once

intellectual property is open to rental, lease, outright purchase
and even

bundling like financial options-just as any other form of
property-then its

market will expand as fruitfully as other capital markets have in
the last

decade.  The more flexible the law is in rewarding entrepreneurs,
the more

complex, developed and profitable the marketplace will become.  I
do not believe this will come about by adding further
restrictions and regulations2E
    How will it happen?  The technical alterations which must be
    made to digital 'publishing' are quite simple, though
    they require a great deal of forethought and coordinat
    ion among many companies to implement.  The changes rely
    on one basic foundation of digital communication-that
    while information can be easily *copied*, it

cannot always be easily *used*.  The best example of this is
encryption.

Without the proper key, any encrypted document is worthless.  If
that key can be protected and monitored by networking
utilities, then the entire document can be tracked as
well without regard to how its encrypted form is duplicated.
    This thinking is the basis of many different efforts in
digital copyright protection.  Under a system which I
call telerights and others call 'cryptolopes' (or, more
generally, 'digital libraries') *each* copy of a document
which is published for sale is encrypted with a key unique to
that

document, thus personalizing the copy for each purchaser.  In the
    accompanying diagram, I have outlined four different steps
    to

illustrate how such a system works.  In the first stage, the
publisher creates several different copies of the same
document using distinct private encryption keys.  The public
key is later passed out to read the document.

Because of the nature of public key encryption, only the owner of
the private key (the publishing house) can ever fix
content into a publishable form that matches the public
key.  This makes it impossible for an outsider to switch

content and steal property during the transaction process.  A
    special bank or escrow agent is used to complete the actual
    sale, thereby shielding the user's identity from the
    publisher in much the same way cash does in a
    bookstore.  The publisher collects payment and passes along
    the encrypted document, together with a small
    signature which combines information about the
    publisher, the document and the privileges granted to a user.
    By

using a signature to communicate about the document, it is not
    necessary to

reveal the nature of the content in any transaction.  The escrow
    agent forwards the user's identity to a bookstore, which al
    so collects a copy of the signature and the actual public
    key from the publisher.  When the user is ready to
    'view' the document-and this could include anything
    from running PC software to listening to music-he sends the
    signature to the bookstore which returns the public
    key.  Because these bits of data are very small, this process
    requires very

little time to complete.  Even on a fairly slow modem, up to a
dozen keys per second can be transmitted compared to the
minutes or hours it would take to

re-download, say, a large movie.  (Pay Per View films and digital
TV broadcasts could avoid this speed problem by transmitting
each frame in a

series of single smaller documents).  When the user requests the
    key, the bookstore notifies the publisher that his
    particular key is in use, allowing them to search other
    bookstores for

evidence that the key has been pirated (e.g., someone else is
using it simultaneously).  If it has been, then the publisher
can either block access and contact the owner or go to
the extreme of invalidate the key and starting an
investigation, depending on whatever prior arrangement was reached
at the time of sale.
    Notice how this puts the burden of preventing intellectual
property theft on the actual purchaser of the material
and not the publisher, which is as it should be with any
form of property that is sold.  It becomes the user's du
ty to keep copies of his document out of circulation,
incurring a significant

risk of having his key invalidated if he carelessly 'loans out'
his material or fails to take other precautions.  It is
*his* property that is stolen in

any act of piracy.  The crucial part of this process-and where the
    need for corporate coordination is most evident-comes in
    the safeguards which must be built into the user's
    computer itself.  When the machine receives the key in the
    final

part of the third stage, it is placed in a tamper resistant area
of RAM where it is used to decrypt the document.  This is
essentially a portion of the

computer that is tied into the network and off limits to the user.
These

types of secure memory are already widely used in many inexpensive
smart cards and, even when combined with the other
alterations, should only add a few

dollars to the physical cost of a PC.  When the user finishes
    viewing the document in the final stage, the key and
    decrypted content are erased and a message is sent back to the
    bookstore (and on to the publisher) informing them
    the material is secured again.  The user, of course,
    retains the encrypted document to store and do with as he

pleases.  He may make unlimited multiple backups of his
    information without

raising the author's fears of illicit use.  He can also move
    copies around

between his home and office or take them on vacations and business
    trips.

    While this method of protection may seem quite simple, it
changes a variety of important behaviors in the marketplace,
giving digital materials

the properties we have come to appreciate in most physical goods.
For example, users could band together to purchase one copy
of a book and shareit among themselves at prearranged
times, much like a household can now 'share' software.
Several public libraries could pool their meager funds and
purchase a single copy of an expensive document that
would be available to patrons from several geographic
areas to check out.  Users could also carry materials cr
oss country and access them from several different computers,
provided they take the proper precautions.
    What is truly interesting is the way such an arrangement would
expand the publishing world.  The low cost of digital
distribution would be turned from a drawback into an
advantage.  Individuals could very inexpensively sell thei
r own content or repackage and distribute the content of
others, adding valuein any of a dozen ways.  By
collecting a fee for what was once considered piracy,
such distributors would be encouraged through market incentives to
enforce the property rights of other publishers.
    A new rental market would also be opened.  Users would be able
to loan

out their copies or even rent them by acting, in effect, as their
own publisher.  They could encrypt an item they have
purchased with their own set of keys and just follow the
four steps again, this time from the seller's

point of view.  Getting to the real content would require the
borrower to go through both keys.  The borrower would
have to go through both keys to get to the real content.
    'Returning' such borrowed material would be quite easy.  The
bookstore

would be instructed to simply stop honoring the new signature
after a given

period of time.  Thus keeping track of materials on loan in a
public library would become automatic, not to say
inexpensive.
    Material could be republished this way several times.  Indeed,
multiple copyright holders could easily mix their work
together and get reimbursed

according to a prearranged formula, thus simplifying, for example,
the negotiations a movie producer might have to go through to
acquire the rights of a hit song for the soundtrack.
    This infrastructure could also be used as a broadcast conduit
for ostensibly free information.  As I pointed out earlier,
only those individuals with the private key can publish
material that matches the public key.  A

television network, in order to protect its advertisers from
having their

messages stripped out, could encode their signals with a single
key whose

brother would then be provided freely to the public.
Rebroadcasters would not be able to piggyback their own
commercials over legitimate ones and users who 'tape' the
programs would not be able to avoid the commercials without
purchasing separate, clean copies.  And by tracking requests for
the public

key, networks could also assemble valuable demographic numbers.
    By breaking up the information needed to pay for and use
    copyrighted

materials and limiting the players to their own spheres of
self-interest, this process reinforces not only royalty
collections but also privacy rights.

Bookstores, for instance, would be in the business of monitoring
keys, the one duty they are contracted with both parties
to perform.  A bookstore would have no interest in the
type of content it was monitoring the same way the phone

company has no interest in what two parties are saying, only in
making the

connection.  Likewise a publisher would not care who in particular
    buys their product, only that they can collect their
    money and stem losses from piracy.  They

might like to know demographic information about their consumers,
    but this

could be collected quite easily though a third party auditor who
    could scan

bookstore records on behalf of the entire publishing industry,
stripping away individual user identities before matching
the pertinent statistics up with

the nature of the content.  In this way, user privacy can be
protected while still allowing businesses to acquire the
much needed marketing information

which benefits everyone.  Of course, as with any financial
    transaction, allowances would have tobe made for
    other types of auditing to prevent piracy and money laundering
    andto insure proper bookkeeping standards-but these
    last two issues will have to be faced in the broader
    context of digital commerce anyway and proper benchmar
    ks for such regulation already exist in the financial
    world.  The first issue, piracy, actually becomes much easier
    to deal with under this system.  In order to make
    money, a pirate will either have to enter the market
    as a legitimate publisher (in essence 'publishing' stolen
    material) or he will have to settle for selling the
    decrypted content and disguising his

profits.  Given the ease of legal republishing and assuming that
digital distribution will vastly lower prices, pirates should
usually opt to go legitimate as redistributors of goods.  On
the user side, most consumers should shy away from purchasing
decrypted goods, particularly if the costs of the
commercial items can be lowered sufficiently.
    In any event, one thing would stand in the way of exchanging
pirated

goods, decrypted or not: watermarks.  It is becoming quite easy to
insert

permanent, indelible watermarks into audio and video information
to identify the true author and purchaser.  The user's
computer could be instructed to

scan for one of these marks in a random audit of a decrypted
document and then forwarding it on to the bookstore or a
third party association specifically

set up to check for stolen goods.  This would provide a check on
unscrupulous publishers who dupe well-meaning consumers,
vastly increasing the risk associated with trafficking in
pirated goods.
    What I have just outlined is only one possible way to
structure digital copyright transactions.  A user's
identity and privacy, for instance, could

easily be shielded much earlier in the process.  The network
provider might

simply send the bank a guaranteed pseudonym and retain all the
user's personal information to themselves.  One could
also add more privacy through multiple banks and escrow
agents in the transaction.  As well, the bookstore does no
t necessarily need to hold the actual decryption key.  It
could merely act asa conduit through which the key passes
in a private channel to the user.  Should the publisher
go bankrupt or cease operations, the user could rely on a thi
rd party warehouse agreed to with the publisher for archiving
keys.

    I will turn now to the political questions involved in
developing sucha system.  This model makes two key
technical assumptions, neither of which is far-fetched
but both of which lie at the heart of Hollywood's fears.  The

first assumption is that the personal computer will become the
ubiquitous

device through which we consume information.  The second is that
every one of these computers will have a continuous
network connection out of the home. In terms of technical
advances, neither of these are terribly difficult obstac
les to overcome.  The know-how exists; it only needs
deployment in high volume

consumer goods.  The question is who will pay for it and who will
try to throw up regulatory hurdles.
    On the hardware side, it is becoming increasingly clear that
advanced

computing power will in a few years penetrate homes to the same
degree that

telephones and TVs have, perhaps even replacing both devices.  It
makes little difference whether the end product will be a
smart TV or a PC adapted to accept multimedia broadcasts.
Right now, the abilities of these devices to

quickly and cheaply reproduce digital information in volume has
copyright

holders justifiably worried.  So far, their response has been
quite typical2E  They have either tried to retard
these advances through litigation turned to dedicated
hardware like DVD players which limit the flow of information.
    This is not a viable long term strategy.  Computing history is
littered with the remains of dedicated platforms and
proprietary designs.  DVDs are

simply one more data storage format in a long line.  It is
inevitable that

consumers will acquire some kind of mass storage technology and
eventually

some arrangement of two-way accounting between publishers and
consumers must be agreed to.  Whether publishers like it
or not, PCs will become widespread, will overwhelm any
dedicated player and any long term solution must take th
is into account.
    The mistake made in past DVD negotiations is not that
encryption was

used, but that it was not taken far enough.  DVD keys are tied
into the players themselves, which in turn are geared toward
distinct geographic regions.  The goal, basically, is to
prevent Chinese pirates from cracking the code in their
region and then distributing movies released in China back in
to the U.S.  If these keys were geared to the individual
purchaser instead of an arbitrary region, then Chinese
utilities could be given a small financial

incentive to monitor and enforce the copyrights as key managers.
    But Hollywood interests did not turn to encryption with this
    goal in

mind.  They did so to protect their current distribution system
using the same logic that saved them from the analog
electronics revolution of the VCR.  When you copy a movie
onto videotape, its quality degrades quickly-as does that
of CDs transferred to audiotape.  Digital technology
eliminates this problem, but Hollywood has sought to use
these same methods to reign in pirates.  In the

case of Digital Audio Tape, individual recorders are specifically
designed to degrade the signal when copies are made.
    However, the worlds of software and movies are in for a rude
collision2E  Computer data cannot tolerate any such
degradation.  Mass storage devices like CDs, hard drives
and tape backups must do their jobs of reproduction
perfectly.  So far the entertainment industry has been protected
by the high costs of devices like CD-ROM burners, but as
prices for them drop rapidly and they become standard
components in computers the consumer electronics and PC
industries will inevitably collide.
    The second assumption this new copyright system makes is that
homes will have a continuous network connection.
Technically, this is not an onerous

requirement for the kind of model I have outlined.  Most homes
already havea continuous cable feed, often times
bi-directional.  Several companies are also working on
using power lines to transmit information continually into and
out of electrical sockets.  By the time such a copyright
management system could be developed and marketed, these
technologies will probably be widely available to consumers.
Even if they are not, the system I have proposed can work
with the intermittent contact of a regular phone line.  Indeed the
phone, coupled with the video store, becomes more
efficient at delivering movies than cable.  The data
required to transmit a key is minuscule compared to that o
f constantly rebroadcasting a movie on Pay-Per-View each time
a viewer wants to watch it.
    Politically, however, the issue of network connections is a
more subtle problem that tends to be finessed differently
by different players.  Here the focus of the fight is not
on preventing piracy from happening, as it is with DVD
players, but in shifting around the legal liability once it does
happen2E
    The main target for the entertainment industry are the
Internet Service Providers (ISPs) who supply networking
services to personal computer owners2E  Since ISPs
lack the tools to track piracy on every PC plugged into their
network, they have little choice but to try to claim that they are
not in the content business and seek protection under the
common carrier statutes.
    This is indeed an ironic trend.  Most companies in the
aftermath of the 1996 Telecommunications Act have been
more than happy to jump feet first into the content
business.  Just the opposite is true for ISPs.  Copyright
liability legislation being considered would vastly increase their
costs with little or no reward on their part for
enforcing any of these laws.
    The phone companies, who are ambivalent about the internet and
have not yet fully committed to being ISPs, are happy to
stand by and watch their ISP competitors get taken to the
cleaners on this issue.  Not only does it clear the ISP
field for the bells to enter (by vastly increasing the
administrative costs of regulatory compliance-something
they are very good at), it also knocks out all the companies
who are competing with their phone business by

using the internet.  Both ISPs and the Bells must be convinced
    that they can profit from the liability 'problem' by
    collecting key management fees.  When ISPs object th
    at they are not in the business of monitoring content,
    pay them to make it in

their interest.  Turn that liability into an advantage by making
them a rewarded part of the 'publishing' process.  Allow them
to collect a toll for keeping track of this valuable
information.  Convince publishers, in turn,

that such fees are be minimal compared to the money they would
save through

digital distribution.  In this part of the fight, phone companies
    are potentially your savviest ally if they can be
    convinced in the merits of altering the copyright
    landscape.  They already have an extensive accounting
    infrastructure that

could easily track these multiple individual transactions (unlike
cable companies and most ISPs).  The Bells are also far more
experienced with these kinds of large industry
negotiations and lobbying efforts, particularly on the
international front where much work would have to be done.  The
one major

objection the bells might have lies in moving closer to a packet
switched

network.  However, confounding any such rapprochement among the
    industries is the decision of the 1996
    Telecommunications Act to further blur the barriers
    between content carriers and producers.  There is ample
    incentive now for

companies who act as both a creator and distributor of content to
use both to their advantage.  Microsoft, for instance,
can propose proprietary software

solutions that only benefit *its* MSN network and *its* content
partners and/or charge others an exorbitant fee for the same
service.  Its recent acquisition of Web TV and its
investments in the cable industry only multiply the
possibilities.
    Under a telerights-like system, users would no long be locked
in to particular channels of distribution when they buy a
product.  A user on the

Microsoft Network, for instance, could purchase advice formerly
supplied only through AOL.  Producers would cut deals
with bookstores based on the price of monitoring their
keys, not on the type of digital content they provided.  I
f this blur is allowed to persist without clear regulatory
controls, one might see a market restriction tantamount
to, say, only Merrill Lynch traders being allowed to buy
and sell IBM stock.
    The problem is more pernicious within movie studios themselves
where

content and distribution have been wed the longest.  For decades
studios have relied on the huge expense of developing
negatives of film stock and making

and distributing prints as ways of protecting their property from
piracy-aided by the fact that theaters are also a
relatively public business.  The new

analog technologies of VCRs and cable-TV were adapted to this mold
closely

enough to suit Hollywood's expectations and they are now merely
extra stages in a film's release.  And in some case,
companies like Disney have sought even better integration
by combining with broadcast and cable entities.
    Under this new copyright model the increased profits due to
gains in

efficiency should benefit most publishing *and* distributing
operations-provided the two can be separated-but the movie making
business continues to be a tightly knit industry and, if
not properly appeased, may prove a further obstacle to
change.  The key problem will probably center around formats of

distribution.  Once a film goes from theatrical release (where it
can be closely tracked) to digital consumer form, the *type*
of format it is distributed on becomes irrelevant.  Bits are
bits whether delivered over a

cable connection, the airwaves, the phone or purchased on a disk
    platter.  Indeed, consumers may choose to forgo spending the
    extra dollars on, say, printed liner notes or fancy
    box artwork and instead have material copied

directly to their own blank disks.  Freeing the market this way
will, no doubt, prove beneficial for consumers, the
industries and the country as a

whole but not without first having an impact on advertising and
marketing in the film industry (if not to say the entire
video rental/retail and cable/broadcast sectors).

    As I have pointed out, most of the friction in the digital
copyright

fight has centered on the two fronts of computer hardware and
networking liability.  This conflict would be more profitable
for all parties concerned if it were not split in this
fashion.  As it stands, ISPs cannot turn the

lobbying pressure around to encourage PC makers to build
monitoring devices

into their products.  It raises the traditional hackles of Big
Brother intrusion even though phone companies already keep
track of this kind of information.  Computer companies, in
turn, cannot rely on ISPs to alleviate

the fear film makers have about the copying abilities of things
like DVD drives.  ISPs have to claim they are not in the
content monitoring business

because they are not even in a position to develop the necessary
hardware

tools.  The result is two separate industry battles inching
    forward.  It must be the business of Congress to address all
    of these concerns at the same time.  Despite this
    muddied copyright terrain, some companies have already
    sensed the underlying logic of the convergence.  They have
    tried to bridge the gap on their own but so far their
    efforts have been fragmented and far from

comprehensive.  IBM, for example, has proposed a system called
    cryptolopes

which sends purchased information across the internet in encrypted
    form.

However it lacks the ability to protect and track such information
once it is downstream.  Xerox's work on digital
libraries-which perhaps comes closest to the ideal-is not
currently geared toward the consumer PC market.  Neither

company's system shows any signs of turning into a universal data
standard for conveying books, movies, music and other
consumer goods.
    One of the most interesting recent innovations comes out of
the DVD industry itself.  Circuit City is developing a
special rentable DVD movie

format that makes consumers dial over the telephone for the
unlocking key if they decide to purchase the material.
Unfortunately, this appears to be a one time call and,
once again, it is far from being an industry standard product.
 Neither is it adapted for the most important digital
appliance, the personal computer, nor can it handle any
of the vast array of other forms of information like CDs and
computer software.
    These partial efforts are not enough.  As you can see, the
problems the market has had to date in reaching a
solution are mostly organizational and

not technological.  For the public good, a unified method of
handling copyrighted information needs to be developed to
ensure that we do not havea single market based on
competing and mutually exclusive currencies of transaction.
    Congress can encourage this by simplifying copyright liability
and transferring back to the buyer all the digital ownership
rights that have been stripped away (e.g. rental
rights)-provided of course that this information

can be delivered in a properly monitored, encrypted form.  This
will give ISPs a happy medium for accepting
responsibility for the copyrighted information

passing through them.  To do this, Congress will need to prod the
    ignorant sectors of each industry and educate them about
    one another.  Experts with deep understandings of all
    three parts of the economy need to be assembled to bridge this
    gap and help Congress provide leadership on this
    issue by creating incentives for

companies to collaborate on copyright enforcement systems.  To do
    this it may be necessary to sharpen the legal distinction
    between content and network service providers.
    Without some sort of Chinese wall,

these operations will have the incentive to piggyback on one
another to compete unfairly.  One might see certain
bookstores refusing to honor keys

with signatures that come from other publishers-a situation
equivalent to

phone companies refusing to take one another's calls.  Congress
    also needs to provide a stable landscape for the legal use
    of

encryption.  The way to do so-in this particular context only-is
to *entirely ignore* the wider controversy.  The type of
encryption needed for this infrastructure project is key
escrow by its very nature, something which no

one should object to.  By avoiding Fourth Amendment issues
altogether, you can also avoid any unnecessary
complications in the discussions.
    Stress instead the financial need publishers and consumers
will have for using trusted third parties to monitor
their agreements.  If a publisher goes bankrupt, buyers
should be able to retain ownership of their goods.
Bookstores can ensure this by holding on to an extra copy of the
key and acting, in effect, as a third party repository.  If
the key escrow issue is

treated properly in this context, everyone can win.  The proper
    contractual model for this type of relationship comes out t
    he computer programming industry.  When companies
    contract out specialized software, they often have
    concerns about what will happen to the source code if
    the company they hire goes out of business.  The programmers,
    on the other hand, do not want to allow their clients
    access to the code since that negates the value of
    future service and upgrade contracts.  Both parties
    typically

turn to a trusted third entity who is paid to hold on to a copy of
the source code as insurance against such eventualities.
By citing this example as your justification for key
escrow you can reduce the friction between civil libertarians
and national security concerns.
    I would also encourage you in particular, Mr. Chairman, to
continue your dual work on both strengthening privacy
rights and reinforcing public identities on the internet.
Give companies solid guidelines for protecting

individual privacy without stripping away the crucial ability to
collect important marketing information.
    Also continue your work to secure public discourse on the
internet.  Go beyond requiring spammers to use their real
email addresses and take steps to prevent all other forms
of spoofing.  Require businesses to use their own

addresses and email accounts.  A pirate can thwart this kind of
copyright

enforcement system if he pretends to be a bookstore and intercepts
its traffic.  This particular problem has implications well
beyond the digital

copyright issue.  If spoofing cannot be prevented, both through
technical and legal measures, then large chunks of the
digital economy simply will not work.
    Finally, some of the things like fair use which we have come
to love

about the copyright law must be adapted for the digital age.
Methods of quotation and incorporation must be worked out.
My personal suggestion is to force companies to grant
automatic key approval to any individual claiming a fair
use exemption.  This could, perhaps, be done by having a public
agency

like the Library of Congress act as a 'bookstore' for keys.  In
the event of a dispute, the publisher could request some
type of arbitration procedure and, if unsatisfied, could
challenge the fair use in court.  Since the key would

always be monitored there would be a clear auditing trail and
damages wouldbe easier to determine than they are today.

    In closing, I would like to point out that time is a critical
factor

here.  One technical obstacle I have not covered is the cost of
writing software for this system.  Since the methods of
delivering high volume digital information to consumers
have yet to be worked out, cost right now is not a

critical issue.  It can be bundled into the general expense of
developing the 'information superhighway.'  However, if
too much time passes and individual companies realize too
late that a new copyright enforcement system is in their
interests, then the upgrade effort could be considerable,
particularly with

respect to the needed PC hardware.  So while this idea for
    copyright enforcement is simple, speed is of the
    essence.  Its implementation is complex and requires agreement
    among several powerful players, some of whom may be
    risk averse and may feel it is opposed to their true
    interests.  With very few exceptions, I believe most
    industries will benefit and the market for digital
    goods will be vastly enhanced, providing the economy with
    even greater stimulus than we have seen in the

'90s.  By properly adapting encryption technology to give
networking authorities the ability to track such information,
we can decentralize the

distribution process, cut costs and expand the market for digital
intellectual property.
    This kind of delivery can occur over the phone, the cable
system and even through HDTV broadcasts.  All of these
industries stand to expand their markets and raise profits
for copyright holders if they can 1) agree on a

standard form of protected digital distribution, 2) get the
computer companies to implement it (perhaps with a
government mandate), 3) stop tampering with

the existing copyright and liability laws in ways that discourage
this and 4) negotiate with foreign governments to pull
them into such a system.
    These goals will eventually be accomplished through
marketplace experimentation already underway.  However, the
pain of trial and error and

non-standardization can be avoided now with a little
forward-looking leadership.  The various industries involved
need to be educated about the

future opportunities digital technology will provide them with and
a legal

path needs to be set down which eases the transition.  For
    purposes of brevity I have not discussed several important
    issues

pertaining to this idea, so this letter may raise more questions
with you than it answers.  If you or other parties would
like to pursue this, please contact me.  At this point in
my career, I am not in much of a position to implement
this idea beyond using my powers of persuasion and the time is
drawing close when leadership from within industry and
government must take over.

                               Sincerely,



                               Wade Riddick
                               Department of Government
                               University of Texas-Austin
                               RIDDICK@JEEVES.LA.UTEXAS.EDU

---------------------------------------------------------------------------
--

                 Telerights Digital Copyright Enforcement Model

3D3D Step 1 3D3D Publication 3D3D3D3D3D3D3D3D3D3D3D3D3D3D
3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D
3D3D3D3D3D3D3D3D3D3D3D3D3D


                       Private key A'; Public Key A
 Original Document -+----->----------------------------> Copy A
                    !
                    !  Private key B'; Public Key B
                    +-------->-------------------------> Copy B
                    !
                    !  Private key C'; Public Key C
                    +------------>---------------------> Copy C


3D3D Step 2 3D3D Purchasing Copy A 3D3D3D3D3D3D3D3D3D3D3D3D
3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D
3D3D3D3D3D3D3D3D3D


                  Signature A + Key A
     Publisher ------->-------------------------> Bookstore (ignorant of
       ^  !                                         ^            content)
       !  v                                         !
     $ !  ! Copy A (content)                        !
       !  !  + Signature A                          !
       ^  !                                         !
       !  v                     user's identity     !
  Escrow agent/bank --------->----------------------+
  (renders the buyer
  anonymous to the publisher)
       ^  !
       !  v
     $ !  ! Copy A (content)
       !  !  + Signature A
       ^  !
       !  v
A0       user


3D3D Step 3 3D3D Using Copy A 3D3D3D3D3D3D3D3D3D3D3D3D3D
3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D
3D3D3D3D3D3D3D3D3D3D3D3D3D


                                                        Publisher
                                                           ^
                                      Key A                ! The document
     +------<----- Copy A <----------------------<-----+   ! w/ Signature
A
     !               ^                                 !   ^ is in use
     v               !                                 !   !
  document ->-----> user ->-------------------------> Bookstore
                                    Signature A


3D3D Step 4 3D3D Finishing up 3D3D3D3D3D3D3D3D3D3D3D3D3D
3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D
3D3D3D3D3D3D3D3D3D3D3D3D3D


                                                      Publisher
                   Copy A (keep)                          ^
                        ^                                 ! finished
                        !           finished              !
  trash <--------<---- user ------>-----------------> Bookstore
           Key A +
           document

------------------------------

Date: Thu, 7 May 1997 22:51:01 CST
From: CuD Moderators <cudigest@sun.soci.niu.edu>
Subject: File 2--Cu Digest Header Info (unchanged since 7 May, 1997)

Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost electronically.

CuD is available as a Usenet newsgroup: comp.society.cu-digest

Or, to subscribe, send post with this in the "Subject:: line:

     SUBSCRIBE CU-DIGEST
Send the message to:   cu-digest-request@weber.ucsd.edu

DO NOT SEND SUBSCRIPTIONS TO THE MODERATORS.

The editors may be contacted by voice (815-753-6436), fax (815-753-6302)
or U.S. mail at:  Jim Thomas, Department of Sociology, NIU, DeKalb, IL
60115, USA.

To UNSUB, send a one-line message:   UNSUB CU-DIGEST
Send it to  CU-DIGEST-REQUEST@WEBER.UCSD.EDU
(NOTE: The address you unsub must correspond to your From: line)

Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT
libraries and in the VIRUS/SECURITY library; from America Online in
the PC Telecom forum under "computing newsletters;"
On Delphi in the General Discussion database of the Internet SIG;
on RIPCO BBS (312) 528-5020 (and via Ripco on  internet);
CuD is also available via Fidonet File Request from
1:11/70; unlisted nodes and points welcome.

         In ITALY: ZERO! BBS: +39-11-6507540

  UNITED STATES: ftp.etext.org (206.252.8.100) in /pub/CuD/CuD
    Web-accessible from: http://www.etext.org/CuD/CuD/
                  ftp.eff.org (192.88.144.4) in /pub/Publications/CuD/
                  aql.gatech.edu (128.61.10.53) in /pub/eff/cud/
                  world.std.com in /src/wuarchive/doc/EFF/Publications/CuD/
                  wuarchive.wustl.edu in /doc/EFF/Publications/CuD/
  EUROPE:         nic.funet.fi in pub/doc/CuD/CuD/ (Finland)
                  ftp.warwick.ac.uk in pub/cud/ (United Kingdom)


The most recent issues of CuD can be obtained from the
Cu Digest WWW site at:
  URL: http://www.soci.niu.edu/~cudigest/

COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views.  CuD material may  be reprinted for non-profit as long
as the source is cited. Authors hold a presumptive copyright, and
they should be contacted for reprint permission.  It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified.  Readers are encouraged to submit reasoned articles
relating to computer culture and communication.  Articles are
preferred to short responses.  Please avoid quoting previous posts
unless absolutely necessary.

DISCLAIMER: The views represented herein do not necessarily represent
            the views of the moderators. Digest contributors assume all
            responsibility for ensuring that articles submitted do not
            violate copyright protections.

------------------------------

End of Computer Underground Digest #9.77
************************************