San Francisco – Leading digital rights champion and author Cory Doctorow has rejoined the Electronic Frontier Foundation (EFF) to battle the pervasive use of dangerous digital rights management (DRM) technologies that threaten users’ security and privacy, distort markets, confiscate public rights, and undermine innovation.
Doctorow will be a special consultant to the Apollo 1201 Project, a mission to eradicate DRM in our lifetime. Apollo 1201 will challenge the use of DRM as well as the legal structures that support it.
“Apollo was a decade-long plan to do something widely viewed as impossible: go to the moon. Lots of folks think it’s impossible to get rid of DRM. But it needs to be done,” said Doctorow. “Unless we can be sure that our computers do what we tell them, and don’t have sneaky programs designed to take orders from some distant corporation, we can never trust them. It’s the difference between ‘Yes, master’ and ‘I CAN’T LET YOU DO THAT DAVE.'”
Working in the United States and across the globe, Doctorow will accelerate the movement to repeal laws protecting DRM, assist EFF with DRM-related litigation, and work with industry to kick-start a vibrant market in viable, legal alternatives to digital locks.
For many years, EFF has fought the use of DRM technologies, explaining that such technologies-as well as the laws that support them-impede innovation, security, and basic user rights and expectations, while failing to inhibit copyright infringement. One example of this lose-lose proposition is Section 1201 of the Digital Millennium Copyright Act (DMCA), which generally prohibits unlocking “access controls” like DRM. That ban was meant to deter illegal copying of software, but many companies have misused the law to chill competition, free speech, and fair use. Software is in all kinds of devices, from cars to coffee-makers to alarm clocks. If that software is locked down by DRM, tinkering, repairing, and re-using those devices can lead to legal risk.
Section 1201 has also put a dangerous chill on security researchers, who face potential legal penalties for finding and disclosing critical flaws in systems-from smartphones to home automation. As a result, the public gets to find out about compromising vulnerabilities too late, or not at all.
“We’ve seen DRM misused again and again, whether it’s to thwart competition in printer-ink cartridges, to prevent videogame fans from modifying their consoles, or to block consumers from reading the parts’ specifications on their own cars,” said EFF Intellectual Property Director Corynne McSherry. “Cory has an unparalleled ability to show the public how bad copyright policy tramples on everyone’s rights.”
Doctorow worked for EFF for four years as its European Affairs Coordinator, and in 2007, he won EFF’s Pioneer Award for his body of work on digital civil liberties. He’s the originator of “Doctorow’s Law,” which has helped many around the world understand the dangers of DRM: “Anytime someone puts a lock on something you own, against your wishes, and doesn’t give you the key, they’re not doing it for your benefit.”
“No matter how noble your cause, you can’t advance it by insisting that computers everywhere be equipped with spyware to stop people from running the ‘wrong’ code,” said Doctorow. “The bad guys will still figure out how to run that code, and everyone else will end up with critical infrastructure that, by design, treats them as untrustable attackers and, by design, lets remote parties covertly seize control of the computers around them. We all deserve a better future-one without DRM.”
For more on DRM: https://www.eff.org/issues/drm
Cory Doctorow Special Consultant, Apollo 1201 Project Electronic Frontier Foundation firstname.lastname@example.org
Corynne McSherry Intellectual Property Director Electronic Frontier Foundation email@example.com
“Open Access” to information – the free, immediate, online access to the results of scholarly research, and the right to use and re-use those results as you need – has the power to transform the way research and scientific inquiry are conducted. Research funding agencies, universities, and the general public are supporting a move towards Open Access in increasing numbers every year.
Open Access Week, a global event now entering its sixth year, is an opportunity for you to learn about the benefits of Open Access, and to take action to keep the momentum moving forward!
Being a sequence of quotations from contemporary articles contextualizing the visit of the rising Vice President of China amidst a conspicuously timed introduction of unprecedented domestic cybersecurity legislation.
He arrives in Washington Tuesday on the first stop of a week-long tour of the United States in one of the final diplomatic rituals he must undergo before becoming China’s next leader.
Now vice-premier, Mr. Xi is widely expected to replace President Hu Jintao as secretary-general of the Chinese Communist Party in October, when China will change 60% of the members of the party’s Central Committee and replace seven of the nine members on the ruling Standing Committee of the Politburo.
By spring 2013, he should replace Mr. Hu as president, then become chairman of the Central Military Commission.
The legislation would task the Department of Homeland Security with determining which sectors of the economy would be covered by new cybersecurity regulations, after risk assessments in consultation with the private sector, the intelligence community and others.
But designated sectors would have the right to appeal whether the regulations apply to them. Several groups representing portions of the private sector considered part of the critical infrastructure have expressed concern about the impact of the regulations on both security and the bottom line.
“Passing the bill is crucial for national security, but not if the provisions on critical infrastructure regulation are watered down. This will be a real test for this Congress,” said James Lewis, senior fellow and director at the Center for Strategic and International Studies.
Examples of sectors considered likely to fall under the new regulations are utilities, water treatment plants and transportation providers. Some sectors, such as major financial institutions and telecom providers, may ask for exemptions based on a demonstrated ability to secure their systems.
After determining which firms are critical infrastructure, DHS would then, in consultation with the private sector, determine cybersecurity performance requirements for firms in the covered sectors.
“There would be a huge market incentive for designated sectors to meet the security standards. But if they don’t DHS and the AG would decide on penalties,” said the spokesman.
What about international cybersecurity standards and practices?
The bottom line is this: China has a massive, inexpensive work force ravenous for economic growth. It is much more efficient for the Chinese to steal innovations and intellectual property—the source code of advanced economies—than to incur the cost and time of creating their own. They turn those stolen ideas directly into production, creating products faster and cheaper than the U.S. and others.
Cyberspace is an ideal medium for stealing intellectual capital. Hackers can easily penetrate systems that transfer large amounts of data, while corporations and governments have a very hard time identifying specific perpetrators.
Continuing with the perspectives expressed in the WSJ:
The report to Congress notes that the U.S. intelligence community has improved its collaboration to better address cyber espionage in the military and national-security areas. Yet today’s legislative framework severely restricts us from fully addressing domestic economic espionage. The intelligence community must gain a stronger role in collecting and analyzing this economic data and making it available to appropriate government and commercial entities.
Congress and the administration must also create the means to actively force more information-sharing. While organizations (both in government and in the private sector) claim to share information, the opposite is usually the case, and this must be actively fixed.
Feinstein’s proposal would require the government to designate an agency as a “cybersecurity exchange” to coordinate information sharing; allow the government to share classified cybersecurity information with certain private-sector organizations; and provide liability protection for companies that share information.
“Alongside terrorism, cybersecurity is perhaps the number one threat facing our nation today, but many obstacles exist that prevent the cooperation and coordination needed to deter this growing threat,” Feinstein said in a statement.
There is bipartisan support for improving computer network defenses, so the outlook may be positive for obtaining much of the proposed $769 million from Congress. The funding would go toward the National Cyber Security Division for protecting federal networks and coordinating with the private sector on safeguarding critical infrastructure systems such as utility grids.
The Department of Defense released today the military intelligence program (MIP) requested top line budget for fiscal 2013. The total request, which includes both the base budget and Overseas Contingency Operations appropriations, is $19.2 billion.
The department determined that releasing this top line figure does not jeopardize any classified activities within the MIP. No other MIP budget figures or program details will be released, as they remain classified for national security reasons.
What is the mood of the Senate, and the posture towards the private sector?
I was struck by the testimony of the leaders of our Intelligence Community at recent Intelligence Committee hearings. Director of National Intelligence James Clapper called cyber security “a profound threat to this country, to its future, its economy, and its very being.” And Robert Mueller, Director of the Federal Bureau of Investigation (FBI), stated that, “stopping terrorist attacks with the FBI is the present number one priority, but down the road, the cyberthreat, which cuts across all programs, will be the number one threat to the country.” Think about that: in the years to come, malicious cyber activity will pose a threat to our country greater than terrorism. We simply cannot afford to repeat the mistakes of the past by failing to prepare for the leading threats of the future.
Yet, addressing cyber security is not simply a matter of staving off a future threat; it demands that we stop the hemorrhaging of national security secrets, intellectual property, and jobs already underway. In a recent letter to Senate Republican Leader McConnell and myself, eight former high-ranking national security officials led by Secretary of Homeland Security Michael Chertoff and Secretary of Defense William Perry pointed out that, not only are critical infrastructure such as power plants and hospitals at risk; moreover, “foreign states are waging sustained campaigns to gather American intellectual property – the core assets of our innovation economy – through cyber-enabled espionage.” They counseled that the “constant barrage of cyber assaults has inflicted severe damage to our national and economic security, as well as to the privacy of individual citizens. The threat is only going to get worse. Inaction is not an acceptable option.”
At this point, all signs indicate informed consensus for this legislation to pass quickly through Committee into an opportunity for debate culminating in passage through the Senate.
In the 1990s, after a term as the National Security Agency’s top lawyer, I spoke out in favor of keeping a wall between spies and cops. The idea was simple enough. Agencies like the National Security Agency (NSA) gathered intelligence on a global scale, and they rarely observed the legal constraints that applied to domestic policemen. To protect the civil liberties of Americans, it only made sense to separate intelligence gathered in that way from evidence assembled in a criminal investigation. With a wall between the two, criminal investigators from agencies like the Federal Bureau of Investigation (FBI) would be forced to observe the legal restrictions that went with criminal investigative tools. They wouldn’t be tempted to take the shortcut of using intelligence that had been gathered with less attention to civil liberties.
That was the theory, anyway. In practice, the wall crippled our last, best chance to catch the hijackers before September 11, 2001. In August of that year, the wall kept the FBI from launching a fullscale criminal search for the hijackers—even though all of our security agencies were expecting an imminent al Qaeda attack, and even though both the FBI and the Central Intelligence Agency (CIA) knew that two dangerous al Qaeda operatives had entered the United States. The failure to track those operatives down wasn’t a matter of incompetence or a failure to communicate, at least not in the last weeks. FBI criminal investigators spent the last part of August begging for a chance to track the terrorists. They were shut down cold—by lawyers who told them the wall simply could not be breached.
I wasn’t the most enthusiastic proponent of the wall. I thought that the civil liberties dangers it was supposed to ward off were probably more theoretical than real. But I saw no harm in building in an extra margin of protection for civil liberties. If nothing else, the wall would reassure privacy advocates in the courts, in the newspapers, and on Capitol Hill that intelligence would not be misused. It was insurance, not just for civil liberties, but for the intelligence agencies themselves. For both reasons, I thought, it was best to keep the wall high.
It made eminent sense inside the Beltway.
Until the world outside the Beltway broke through, just a few yards from where I’m standing.
Will the world outside the Beltway be heard in the composition of these new laws and during the creation of these new authorities? Are the new cyber sabers already rattling?