Monthly Archives: August 2002

Free Culture – Lawrence Lessig Keynote from OSCON 2002

Free Culture
Lawrence Lessig Keynote from OSCON 2002
by Lawrence Lessig


Editor’s Note: In his address before a packed house at the Open Source Convention, Lawrence Lessig challenges the audience to get more involved in the political process. Lawrence, a tireless advocate for open source, is a professor of law at Stanford Law School and the founder of the school’s Center for Internet and Society. He is also the author of the best-selling book Code, and Other Laws of Cyberspace. Here is the complete transcript of Lawrence’s keynote presentation made on July 24, 2002.

(You can also download an MP3 version of this presentation (20.2MB).)

Lawrence Lessig: I have been doing this for about two years–more than 100 of these gigs. This is about the last one. One more and it’s over for me. So I figured I wanted to write a song to end it. But then I realized I don’t sing and I can’t write music. But I came up with the refrain, at least, right? This captures the point. If you understand this refrain, you’re gonna’ understand everything I want to say to you today. It has four parts:

*Creativity and innovation always builds on the past.

*The past always tries to control the creativity that builds upon it.

*Free societies enable the future by limiting this power of the past.

*Ours is less and less a free society.

In 1774, free culture was born. In a case called Donaldson v. Beckett in the House of Lords in England, free culture was made because copyright was stopped. In 1710, the statute had said that copyright should be for a limited term of just 14 years. But in the 1740s, when Scottish publishers started reprinting classics (you gotta’ love the Scots), the London publishers said “Stop!” They said, “Copyright is forever!” Sonny Bono said “Copyright should be forever minus a day,” but the London publishers said “Copyright is forever.”

These publishers, people whom Milton referred to as old patentees and monopolizers in the trade of book selling, men who do not labor in an honest profession (except Tim here), to [them”> learning is indebted. These publishers demanded a common-law copyright that would be forever. In 1769, in a case called Miller v. Taylor, they won their claim, but just five years later, in Donaldson, Miller was reversed, and for the first time in history, the works of Shakespeare were freed, freed from the control of a monopoly of publishers. Freed culture was the result of that case.

Remember the refrain. I would sing it, but you wouldn’t want me to. OK. Well, by the end we’ll see.


“The O’Reilly conferences may, at first glance, look like other events you might have attended, where droning voices present canned speeches. Not so, though. The several conferences O’Reilly has launched and repeated in the last couple of years are uniformly considered to be summits, not conferences.”
– From GlennLogs by Glenn Fleishman

At O’Reilly we thrive on watching the “alpha geeks”, since the early adopters tell us a lot about the shape of the future. One of the most exciting things about our conferences is the opportunity for people to meet and share ideas and knowledge face to face on topics like:

· Mac OS X
· Bioinformatics
· Open Source
· Emerging Technology

O’Reilly Conferences


That free culture was carried to America; that was our birth–1790. We established a regime that left creativity unregulated. Now it was unregulated because copyright law only covered “printing.” Copyright law did not control derivative work. And copyright law granted this protection for the limited time of 14 years.

That was our birth, and more fundamentally, in 1790, because of the technology of the time, all things protected were free code. You could take the works of Shakespeare and read the source–the source was the book. You could take the work of any creativity protected by the law and understand what made it tick [by”> studying it. This was the design and the regime, and even in the context of patents, there were transparent technologies. You didn’t take, you didn’t need to take the cotton gin [for example”> and read the patent to understand how it worked, right? You could just take it apart.

These were legal protections in a context where understanding and learning were still free. Control in this culture was tiny. That was cute, right? Control, tiny . . . OK. And not just then, right? Forget the 18th century, the 19th century, even at the birth of the 20th century. Here’s my favorite example, here: 1928, my hero, Walt Disney, created this extraordinary work, the birth of Mickey Mouse in the form of Steamboat Willie. But what you probably don’t recognize about Steamboat Willie and his emergence into Mickey Mouse is that in 1928, Walt Disney, to use the language of the Disney Corporation today, “stole” Willie from Buster Keaton’s “Steamboat Bill.”

It was a parody, a take-off; it was built upon Steamboat Bill. Steamboat Bill was produced in 1928, no [waiting”> 14 years–just take it, rip, mix, and burn, as he did [laughter”> to produce the Disney empire. This was his character. Walt always parroted feature-length mainstream films to produce the Disney empire, and we see the product of this. This is the Disney Corporation: taking works in the public domain, and not even in the public domain, and turning them into vastly greater, new creativity. They took the works of this guy, these guys, the Brothers Grimm, who you think are probably great authors on their own. They produce these horrible stories, these fairy tales, which anybody should keep their children far from because they’re utterly bloody and moralistic stories, and are not the sort of thing that children should see, but they were retold for us by the Disney Corporation. Now the Disney Corporation could do this because that culture lived in a commons, an intellectual commons, a cultural commons, where people could freely take and build. It was a lawyer-free zone.

(Audience Applauds.)

Related Resources:

Lawrence Lessig Home Page–Includes links to books (The Future of Ideas and Code and Other Laws of Cyberspace), articles, projects, and news.

An MP3 version of this presentation (20.2MB).

A flash version of Lessig’s presentation, including audio and other source files.

Creative Commons–A nonprofit organization founded on the notion that some people would prefer to share their creative works (and the power to copy, modify, and distribute their works) instead of exercising all of the restrictions of copyright law.

The Electronic Frontier Foundation (EFF)

O’Reilly Network Policy DevCenter

O’Reilly Open Source Convention Coverage

It was culture, which you didn’t need the permission of someone else to take and build upon. That was the character of creativity at the birth of the last century. It was built upon a constitutional requirement that protection be for limited times, and it was originally limited. Fourteen years, if the author lived, then 28, then in 1831 it went to 42, then in 1909 it went to 56, and then magically, starting in 1962, look–no hands, the term expands.

Eleven times in the last 40 years it has been extended for existing works–not just for new works that are going to be created, but existing works. The most recent is the Sonny Bono copyright term extension act. Those of us who love it know it as the Mickey Mouse protection act, which of course [means”> every time Mickey is about to pass through the public domain, copyright terms are extended. The meaning of this pattern is absolutely clear to those who pay to produce it. The meaning is: No one can do to the Disney Corporation what Walt Disney did to the Brothers Grimm. That though we had a culture where people could take and build upon what went before, that’s over. There is no such thing as the public domain in the minds of those who have produced these 11 extensions these last 40 years because now culture is owned.

Remember the refrain: We always build on the past; the past always tries to stop us. Freedom is about stopping the past, but we have lost that ideal.

Things are different now, [different”> from even when Walt produced the Walt Disney Corporation. In this year now, we have a massive system to regulate creativity. A massive system of lawyers regulating creativity as copyright law has expanded in unrecognizable forms, going from a regulation of publishing to a regulation of copying. You know the things that computers do when you boot them up? Going from copies to, not just copies of the original work, but even derivative works on top of it. Going from 14 years for new works produced by a real author–there are fewer and fewer of those people out there–to life plus 70 years. That’s the expansion of law, but also there’s been an expansion of control through technology.

OK, so first of all, this reality of opaque creativity, you know that as proprietary code. Creativity where you don’t get to see how the thing works, and the law protects the thing you can’t see. It’s not Shakespeare that you can study and understand because the code is, by nature, open. Nature has been reformed in our modern, technological era, so nature can be hidden and the law still protects it–and not just through the protection, but through increasing control of uses of creative work.

Here’s my Adobe eBook Reader, right. Some of you have seen this before, I’m sure. Here’s Middle March; this is a work in the public domain. Here are the “permissions” (a lawyer had something to do with this) that you can do with this work in the public domain: You are allowed to copy ten selections into the clipboard every ten days–like, who got these numbers, I don’t know–but you can print ten pages of this 4 million page book every ten days, and you are allowed to feel free to use the read-aloud button to listen to this book, right?

Now, Aristotle’s Politics, another book in the public domain [that was”> never really protected by copyright, but with this book, you can’t copy any text into the selection, you can’t print any pages, but feel free to listen to this book aloud. And to my great embarrassment, here’s my latest book, right? No copying, no printing, and don’t you dare use the technology to read my book aloud. [Laughter”> I’ll have a sing button in the next version of Adobe. Read a book; read a book.

The point is that control is built into the technology. Book sellers in 1760 had no conception of the power that you coders would give them some day in the future, and that control adds to this expansion of law. Law and technology produce, together, a kind of regulation of creativity we’ve not seen before. Right? Because here, here’s a simple copyright lesson: Law regulates copies. What’s that mean? Well, before the Internet, think of this as a world of all possible uses of a copyrighted work. Most of them are unregulated. Talking about fair use, this is not fair use; this is unregulated use. To read is not a fair use; it’s an unregulated use. To give it to someone is not a fair use; it’s unregulated. To sell it, to sleep on top of it, to do any of these things with this text is unregulated. Now, in the center of this unregulated use, there is a small bit of stuff regulated by the copyright law; for example, publishing the book–that’s regulated. And then within this small range of things regulated by copyright law, there’s this tiny band before the Internet of stuff we call fair use: Uses that otherwise would be regulated but that the law says you can engage in without the permission of anybody else. For example, quoting a text in another text–that’s a copy, but it’s a still fair use. That means the world was divided into three camps, not two: Unregulated uses, regulated uses that were fair use, and the quintessential copyright world. Three categories.

Enter the Internet. Every act is a copy, which means all of these unregulated uses disappear. Presumptively, everything you do on your machine on the network is a regulated use. And now it forces us into this tiny little category of arguing about, “What about the fair uses? What about the fair uses?” I will say the word: To hell with the fair uses. What about the unregulated uses we had of culture before this massive expansion of control? Now, unregulated uses disappear, we argue about fair use, and they find a way to remove fair use, right? Here’s a familiar creature to many of you, right? The wonderful Sony Aibo Pet, which you can teach to do all sorts of things. Somebody set up a wonderful site to teach people how to hack their dogs. Now remember, their dogs, right? And this site actually wanted to help you hack your dog to teach your dog to dance jazz. Remember (Europeans are sometimes confused about this), it’s not a crime to dance jazz in the United States.

This is a completely permissible activity–even for a dog to dance jazz. In Georgia, there are a couple jurisdictions I’m not sure about [laughter”>, but mainly, dancing jazz is an OK activity. So said, “Here, here’s how to hack your dog to make it dance jazz.” If anything, it would be a fair use of this piece of plastic that costs over $1,500. You would think, “This is a fair use,” right?

Letter to the site: Your site contains information providing the means to circumvent Aibo, where copy protection protocol constitutes a violation of the anticircumvention provisions of the DMCA. Even though the use is fair use, the use is not permitted under the law. Fair use, erased by this combination of technological control and laws that say “don’t touch it,” leaving one thing left in this field that had three, controls copyright, [thereby”> controlling creativity.

Now, here’s the thing you’ve got to remember. You’ve got to see this. This is the point. (And Jack Valente misses this.) Here’s the point: Never has it been more controlled ever. Take the addition, the changes, the copyrights turn, take the changes to copyrights scope, put it against the background of an extraordinarily concentrated structure of media, and you produce the fact that never in our history have fewer people controlled more of the evolution of our culture. Never.

Not even before the birth of free culture, not in 1773 when copyrights were perpetual, because again, they only controlled printing. How many people had printers? You could do what you wanted with these works. Ordinary uses were completely unregulated. But today, your life is perpetually regulated in the world that you live in. It is controlled by the law. Here is the refrain: Creativity depends on stopping that control. They will always try to impose it; we are free to the extent that we resist it, but we are increasingly not free.

You or the GNU, you can pick, build a world of transparent creativity–that’s your job, this weird exception in the 21st century of an industry devoted to transparent creativity, the free sharing of knowledge. It was not a choice in 1790; it was nature in 1790. You are rebuilding nature. This is what you do. You build a common base that other people can build upon. You make money, not, well, not enough, but some of you make money off of this. This is your enterprise. Create like it’s 1790. That’s your way of being. And you remind the rest of the world of what it was like when creativity and innovation were a process where people added to common knowledge. In this battle between a proprietary structure and a free structure, you show the value of the free, and as announcements such as the RealNetworks announcement demonstrate, the free still captures the imagination of the most creative in this industry. But just for now. Just for now. Just for now, because free code threatens and the threats turn against free code.

Let’s talk about software patents. There’s a guy, Mr. Gates, who’s brilliant, right? He’s brilliant. A brilliant business man; he has some insights, he is even a brilliant policy maker. Here’s what he wrote about software patents: “If people had understood how patents would be granted when most of today’s ideas were invented and had taken out patents, the industry would be at a complete standstill today.” Here’s the first thing I’m sure you’ve read of Bill Gates that you all 100 percent agree with. Gates is right. He is absolutely right. Then we shift into the genius business man: “The solution is patenting as much as we can. A future startup with no patents of its own will be forced to pay whatever price the giants choose to impose. That price might be high. Established companies have an interest in excluding future competitors.” Excluding future competitors.

Now, it’s been four years since this battle came onto your radar screens in a way that people were upset about. Four years. And there have been tiny changes in the space. There have been a bunch of “Tim” changes, right? Tim went out there and he set up something to attack bad patents. That was fine. There were a bunch of Q. Todd Dickinson changes. He was a former head of the patent commission–never saw a patent he didn’t like. But he made some minor changes in how this process should work. But the field has been dominated by apologists for the status quo. Apologists who say, We’ve always patented everything, therefore we should continue to patent this. People like Greg Aharonian, who goes around and says every single patent out there is idiotic. But it turns out that the patent system’s wonderful and we should never reform it at all. Right?

This is the world we live in now, which produces this continued growth of software patents. And here’s the question: What have we done about it? What have you done about it? Excluding future competitors–that’s the slogan, right? And that company that gave birth to the slogan that I just cited has only ever used patents in a defensive way. But as Dan Gillmor has quoted, “They’ve also said, look, the Open Source Movement out there has got to realize that there are a lot of patents at stake, and don’t imagine we won’t use them when we must.”

Now, the thing about patents is, they’re not nuclear weapons. It’s not physics that makes them powerful, it’s lawyers and lawmakers and Congress. And the thing is, you can fight all you want against the physics that make a nuclear weapon destroy all of mankind, but you can not succeed at all. Yet you could do something about this. You could fuel a revolution that fights these legal threats to you. But what have you done about it? What have you done about it?

(Audience Applauds.)

Second, the copyright wars: In a certain sense, these are the Homeric tragedies. I mean this in a very modern sense. Here’s a story: There was a documentary filmmaker who was making a documentary film about education in America. And he’s shooting across this classroom with lots of people, kids, who are completely distracted at the television in the back of the classroom. When they get back to the editing room, they realize that on the television, you can barely make out the show for two seconds; it’s “The Simpsons,” Homer Simpson on the screen. So they call up Matt Groenig, who was a friend of the documentary filmmaker, and say, you know, Is this going to be a problem? It’s only a couple seconds. Matt says, No, no, no, it’s not going to be a problem, call so and so. So they called so and so, and so and so said call so and so.

Eventually, the so and so turns out to be the lawyers, so when they got to the lawyers, they said, Is this going to be a problem? It’s a documentary film. It’s about education. It’s a couple seconds. The so and so said 25,000 bucks. 25,000 bucks?! It’s a couple seconds! What do you mean 25,000 bucks? The so and so said, I don’t give a goddamn what it is for. $25,000 bucks or change your movie. Now you look at this and you say this is insane. It’s insane. And if it is only Hollywood that has to deal with this, OK, that’s fine. Let them be insane. The problem is their insane rules are now being applied to the whole world. This insanity of control is expanding as everything you do touches copyrights.

So, the broadcast flag, which says, “Before a technology is allowed to touch DTV, it must be architected to control DTV through watching for the broadcast flag.” Rebuild the network to make sure this bit of content is perfectly protected, or amend it for . . . chips that will be imposed on machines through the law, which Intel referred to as the police state in every computer, quite accurately. And they would build these computers, but are opposed to this police state system.

And then, most recently, this outrageous proposal that Congress ratify the rights of the copyright owners to launch a tax on P2P machines–malicious code that goes out there and tries to bring down P2P machines. Digital vigilantism. And not only are you allowed to sue if they do it and they shouldn’t have done it, but you have to go to the attorney general and get permission from the attorney general before you are allowed to sue about code that goes out there and destroys your machine . . . when it shouldn’t be allowed to destroy your machine. This is what they talk about in Washington. This is what they are doing. This is, as Jack Valente says, a terrorist war they are fighting against you and your children, the terrorists. Now you step back and you say, For what? Why? What’s the problem? And they say, It’s to stop the harm which you are doing.

So, what is that harm? What is the harm that is being done by these terrible P2P networks out there? Take their own numbers. They said last year [that”> five times the number of CDs sold were traded on the Net for free. Five times. Then take their numbers about the harm caused by five times the number sold being traded for free: A drop in sales of five percent. Five percent. Now, there was a recession last year, and they raised their prices and they changed the way they counted. All of those might actually account for the five percent, but even if they didn’t, the total harm caused by five times being traded for free was five percent. Now, I’m all for war in the right context, but is this the ground one stands on to call for a “terrorist war” against technology? This harm? Even if five percent gives them the right to destroy this industry, I mean, does anybody think about the decline in this industry, which is many times as large as theirs, caused by this terrorist war being launched against anybody who touches new content? Ask a venture capitalist how much money he is willing to invest in new technology that would touch content in a way that Hilary Rosen or Jack Valente don’t sign off on. The answer is a simple one: Zero. Zero.

They’ve shut down an industry and innovation in the name of this terrorist war, and this is the cause. This is the harm. Five percent.

And what have you done about it? It’s insane. It’s extreme. It’s controlled by political interests. It has no justification in the traditional values that justify legal regulation. And we’ve done nothing about it. We’re bigger than they are. We’ve got rights on our side. And we’ve done nothing about it. We let them control this debate. Here’s the refrain that leads to this: They win because we’ve done nothing to stop it.

There’s a congressmen: J.C. Watts. J.C. Watts is the only black member of the Republican Party in leadership. He’s going to resign from Congress. He’s been there seven and a half years. He’s had enough. Nobody can believe it. Nobody in Washington can believe it. Boy, not spend 700 years in Washington? He says, you know, I like you guys, but seven years is enough, eight years is too much. I’m out of here. Just about the time J.C. Watts came to Washington, this war on free code and free culture began. Just about that time.

In an interview two days ago, Watts said, Here’s the problem with Washington: “If you are explaining, you are losing.” If you are explaining, you’re losing. It’s a bumper sticker culture. People have to get it like that, and if they don’t, if it takes three seconds to make them understand, you’re off their radar screen. Three seconds to understand, or you lose. This is our problem. Six years after this battle began, we’re still explaining. We’re still explaining and we are losing. They frame this as a massive battle to stop theft, to protect property. They don’t get why rearchitecting the network destroys innovation and creativity. They extend copyrights perpetually. They don’t get how that in itself is a form of theft. A theft of our common culture. We have failed in getting them to see what the issues here are and that’s why we live in this place where a tradition speaks of freedom and their controls take it away.

Now, I’ve spent two years talking to you. To us. About this. And we’ve not done anything yet. A lot of energy building sites and blogs and Slashdot stories. [But”> nothing yet to change that vision in Washington. Because we hate Washington, right? Who would waste his time in Washington?

But if you don’t do something now, this freedom that you built, that you spend your life coding, this freedom will be taken away. Either by those who see you as a threat, who then invoke the system of law we call patents, or by those who take advantage of the extraordinary expansion of control that the law of copyright now gives them over innovation. Either of these two changes through law will produce a world where your freedom has been taken away. And, If You Can’t Fight For Your Freedom . . . You Don’t Deserve It.

But you’ve done nothing.

(Audience Applauds.)

There’s a handful, we can name them, of people you could be supporting, you could be taking. Let’s put this in perspective: How many people have given to EFF? OK. How many people have given to EFF more money than they have given to their local telecom to give them shitty DSL service? See? Four. How many people have given more money to EFF than they give each year to support the monopoly–to support the other side? How many people have given anything to these people, Boucher, Canon. . . . This is not a left and right issue. This is the important thing to recognize: This is not about conservatives versus liberals.

In our case, in Eldred [Eldred v. Ashcroft”>, we have this brief filed by 17 economists, including Milton Freedman, James Buchanan, Ronald Kost, Ken Arrow, you know, lunatics, right? Left-wing liberals, right? Freedman said he’d only join if the word “no-brainer” existed in the brief somewhere, like this was a complete no-brainer for him. This is not about left and right. This is about right and wrong. That’s what this battle is. These people are from the left and right. Hank Perritt, I think the grandfather of cyberspace–the law of cyberspace running in Illinois–is struggling to get support, to take this message to Washington. These are the sources, the places to go.

Then there is this organization. Now some of you say, I’m on the board of this organization. I fight many battles on that board. Some of you say we are too extreme; you say that in the wrong way, right? You send emails that say, “You are too extreme. You ought to be more mainstream.” You know and I am with you. I think EFF is great. It’s been the symbol. It’s fought the battles. But you know, it’s fought the battles in ways that sometimes need to be reformed. Help us. Don’t help us by whining. Help us by writing on the check you send in, “Please be more mainstream.” The check, right? This is the mentality you need to begin to adopt to change this battle. Because if you don’t do something now, then in another two years, somebody else will say, OK, two years is enough; I got to go back to my life. They’ll say again to you, Nothing’s changed. Except, your freedom, which has increasingly been taken away by those who recognize that the future is against them and they have the power in D.C. to protect themselves against that future. Free society be damned.

Thank you very much.

Lawrence Lessig is a Professor of Law at Stanford Law School and founder of the school’s Center for Internet and Society. Prior to joining the Stanford faculty, he was the Berkman Professor of Law at Harvard Law School. His book, Code, and Other Laws of Cyberspace, is published by Basic Books.


Return to the O’Reilly Network. Copyright © 2000 O’Reilly & Associates, Inc.

This entry was posted in weblog by .

Security industry’s hacker-pimping slammed – L0pht & US state funding

Security industry’s hacker-pimping slammed
By Thomas C Greene in Washington
Posted: 15/07/2002 at 15:48 GMT

I spent three days at H2K2 hoping someone would say something worth mentioning in The Register. Finally, on Sunday, a couple of speakers did just that (on which more tomorrow). Best of all was Gweeds’ savage synopsis of a thing which world + dog has no doubt long entertained as a vague suspicion, namely the way hackers pimp themselves in hopes of getting hired at great expense by security companies, and the way conferences provide fertile soil for the illusory threat exaggeration on which the security industry feeds.

The corporate model whereby hackers gravitate towards corporate greed and away from the liberation of data and private resources developed with public funds was pioneered by ISS, Gweeds noted. Hackers now work to expose security flaws with the specific intention of selling out and obtaining funding to become a security company, he said.

Security lists like BugTraq become the matter for resume stuffing. “Post to BugTraq, become a well-known gadfly on the list, and, like Sir Dystic, get a high-paying job at Microsoft. It’s an interesting progression: post a fix to a bug, work on the resume, release some software and then get offered a good job,” Gweeds noted with sarcasm.

He also mapped out the cyclical food chain whereby hacker sell-outs propagate cyber-crime FUD to feed the propaganda needs of government agencies, which helps to lard agency budgets with public funds, and which in turn helps to enrich the security industry.

“L0pht went in front of Congress and testified at the behest of NIPC and talked about how they could get into any network in the United States. The result is that NIPC got increased funds for cyber-defense and FBI got more funding to fight cyber crime. And now L0pht (@Stake) enjoys federal security auditing contracts,” Gweeds observed.

“They’re making money, sure; but they’re also increasing the reach of the Federal police state at the expense of fellow hackers who are being caught and put in jail.”

Gweeds also believes that the window between when an exploit is developed by the underground and publicly released is shrinking as hackers turned security-knights hasten to pad their resumes with proppies on BugTraq. This may be good for the computing public at large, but when the purpose of hacking is to liberate information which may well be of concern to the public, then it’s just another sell-out.

One of the nastier things a blackhat can do is exploit a company, say, for quick cash, which can be done many ways. Money can be leached from a bank; proprietary information can be sold to a competitor, or sold back to the owner in a simple blackmail scam. These familiar and dark scenarios, along with numerous others, are the ones eagerly propagated by the Feds through the mainsteam press.

Yet one of the best things a blackhat can do is obtain and disseminate information which the public needs to know, e.g., internal memos indicating unsafe products, discrepancies betwen a company’s SEC filing and its own acounts, dirty dealings with local property owners, and a hundred other routine crimes of corporations protected by walls of silence and spin and totalitarian internal rules.

The rush to publish and take credit for discovering and patching a new exploit hobbles the positive efforts of blackhats with a social conscience (though admittedly no one knows how big a category that is).

Finally, Gweeds elaborated the scam of corporate-sponsored security conferences and their role in nourishing the hacking/security/Fed food-chain, the most famous of which is BlackHat, and its handy companion side-show, Defcon.

“BlackHat brings together CEOs and corporate secuity people and government and military people, to tell them why they need to spend money on security services and products.” They then learn about intrusion techniques from hackers who are there essentially to frighten them.

And then, when it’s over, “BlackHat attendees get a free pass to Defcon, a hacker culture freak show, so they can see the people they’re supposed to be afraid of up close and personal,” Gweeds said.

It was a refreshing piece of cynicism well expressed, and for me the highlight of the entire conference. I do hope USA Today caught it. ®

This entry was posted in weblog by .

yer right – lets play hunt the brain cell…

Feds Open ‘Total’ Tech Spy System
By Eliot Borin

2:00 a.m. Aug. 7, 2002 PDT
Had Winston Churchill been alive in the months subsequent to Sept. 11 he might well have described U.S. intelligence agencies’ performance prior to the attack thusly: Never have so many known so much and done so little.

On Wednesday, the Defense Advanced Research Projects Agency (DARPA) will begin awarding contracts for the design and implementation of a Total Information Awareness (TIA) system.

It’s a system which, it hopes, will ferret out terrorists’ information signatures — clues available before an attack, but usually not correctly interpreted until afterwards — and decode them prior to an assault. It’s a task, the Information Awareness Office (IAO) says, that is beyond “our current intelligent infrastructure and other government agencies.”

TIA program directors make it clear they also believe the task to be beyond current technology, noting that they are primarily interested in revolutionary advances in science, technology or systems and “development of collaboration, automation and cognitive aids technologies that allow humans and machines to think together about complicated and complex problems.”

So insistent are they on building a better mousetrap — or, more accurately, a brand new terrorist trap — that they have officially warned potential contractors that not a dime will be invested in “research that primarily results in evolutionary improvements to existing technology.”

According to the IAO’s blueprint, TIA’s five-year goal is the “total reinvention of technologies for storing and accessing information … although database size will no longer be measured in the traditional sense, the amounts of data that will need to be stored and accessed will be unprecedented, measured in petabytes.”

It is precisely the thought of petabytes of raw data being under the control of an agency with limited public accountability that troubles civil liberties activists like Lee Tien, senior staff attorney of the Electronic Frontier Foundation.

“We should resist the expansion of any ‘data-veillance’ program that doesn’t have adequate safeguards and accountability,” Tien says. “This program sounds like a counterpart of the movement toward requiring a national ID card. People like to think of that as an identification system, but it’s actually a tracking system.

“The Total Information Awareness program, with its ability to provide persistent storage of everything from credit card, to employment, to medical, to ISP records, is a recipe for civil liberties disaster unless there are provisions for citizens to find out who is looking at their records and to see and correct those records.”

“What I don’t want to see is a system that’s the worst of both worlds, unable to predict acts of terrorism in a timely manner because of the sheer mass of mostly irrelevant information clogging its channels, but perfectly attuned for intimate spying on regular citizens and activists like Martin Luther King.”

Even in these early days, Tien’s concerns have some resonance. Among the topics DARPA spokespersons would not discuss in connection with this article were the program’s budget, whether the technology was being developed for deployment by an existing intelligence department or a new “super spy” agency, and which program elements the contracts being issued this month cover.

“This DARPA project sounds a lot like Spielberg’s Minority Report premise of ‘PreCrime,'” said security consultant and author Richard Forno, referring to the fictional law enforcement office that arrests folks before they commit a crime.

“I mean, I’m a geek, but my two degrees are in international relations. Does that mean if all of a sudden I start buying books on terrorism, bio-war or current affairs, I’m going to be labeled a potential bad guy?”,2100,54342,00.html

Protecting Privacy with Translucent Databases

… In Translucent Databases, Wayner extends this concept of hashing in new and important ways. For example, what if a police department needs to build a database of sexual-assault victims that lets them identify trends but hides personal information? You could use a translucent database where the first column is the hash of the victim’s name, and the second column is a hash of their full address, and the third column is a hash of their block and street. You can now group incidents together by grouping entries with identical block hashes; you can see if the incidents refer to the same person by checking to see if those hashes are different.

Wayner’s approach makes it possible to let victims update their records without giving anybody else the ability to search by a person’s name. You do this by adding a password to the victim’s name — a password known to the victim and nobody else.

For example, if you were to use the MD5 hash function, you could key a victim’s report with the value of MD5 (“J. Smith/color4”) where “color4” is Smith’s password. If Smith remembers that her password is “color4”, then she will be able to update her database entry in the future — perhaps to tell the database administrators that her perpetrator has been caught. If there is a concern that victims might forget their passwords, the database can have additional columns that are protected with other passwords, known to other people. For example, a second column where the password is known only to the intake officer. By creating multiple keys using different combinations of data, it’s possible to protect a translucent database against browsing while simultaneously providing for people’s natural tendency to forget critical pieces of information…