Encryption Wars II?
Encryption Wars II?
Encryption Wars II?

    Get Involved Today

    On March 19, I was invited to a symposium at Penn Law entitled “Copyright and the Internet: Solutions for a Digital World.” The panel before mine was dedicated to reconciling copyright and the first amendment in the areas of filtering, takedown notices, and fair use.

    The panel discussion was fascinating, and covered more ground than I can do justice to here. What I want to focus on was a particular point addressed by Jannifer Pariser, Senior Vice President of Sony BMG's Litigation and Anti-Piracy department.

    A questioner asked what good network filtering would do, given that infringers can simply encrypt traffic so as to obscure the content. Pariser replied that, just as there are encryption technologies, there are decryption technologies, but further, there are ways to get around encryption—such as banning encrypted P2P traffic.

    I had thought that this debate had been settled in decades past. User-available cryptography is a critical resource, and it is here to stay.

    In fact, what Pariser proposed is more radical than the debates over export controls or building in a government back door into an encryption standard. Banning traffic from a network simply because it is encrypted is a basic assault on privacy principles. It assumes that private communications are illicit communications, that messages that are not broadcast for all the world to hear are somehow tainted.

    This is a view that has been rejected in the principles of the fourth amendment, of communications privacy law, and in the policy decisions regarding encryption over the past several years. It's bad enough when DRM assumes that the customer is a thief; policies like this assume that everyone communicating confidential information is a thief as well.

    I should note that Pariser was targeting P2P applications in particular—she qualified her proposed ban as not affecting encrypted email or other means of transferring information. This paralleled some of the other statements she made, which set out P2P as a disfavored protocol—one that used up a large share of bandwidth and one that was widely used by infringers.

    Yet banning encryption on P2P for these reasons makes even less sense than banning P2P as a protocol outright. In both cases, the banning authority is depriving legitimate users of a resource because it is used for illegitimate purposes. But in targeting encryption as well as the P2P protocol, this authority figure stigmatizes a technology that provides benefits beyond mere efficiency. Encryption, like other technologies that ensure privacy and information security, is fundamental to preserving the right to privacy as more and more information is transferred and stored by more and more third parties. Marking it out as a disfavored technology—a tool of scum and villainy—will hamper more than innovation; it will hamper individual liberties.

    It's not clear from Pariser's brief comment whether this ban would be mandated by the government or by the ISP's policies—to my mind, the practical effect is the same. In most markets, consumers don't have many providers to choose from—in many, there is only one. If that sole source of broadband implements these policies, users of encryption are just as badly off—worse off, in fact, from a certain standpoint, since they would lack firm first amendment grounds for a legal challenge against the policy.

    All of this calls to mind a point made by Lawrence Lessig in a talk he gave the very next day. He mentioned the incredibly short amount of time that elapsed between the attacks of September 11, 2001 and the introduction of the Patriot Act about a month later. A month is an incredibly short amount of time to draft such a massive and wide-ranging piece of legislation. But the time frame makes more sense when you realize that the bill had existed in draft form long before the attacks—it simply needed a large enough tragedy to spur its swift passage.

    Lessig then notes the possibility—in fact, the inevitability—of a major attack on the digital infrastructure: an i9/11. And he notes the likelihood that a bill waits in the wings to clamp down on the freedoms of the Internet: an iPatriot Act that only needs the justification of a digital crisis to be passed without much debate.

    I'm hoping that both of these predictions are wary pessimism, but even so, it seems that a national calamity isn't required for certain interests to press for restrictions on digital freedom.

    But the fact is that Sony is already willing to challenge encryption in order to defend its bottom line, when restrictions to the technology based on more pressing matters—like national security—have been met with real, well-reasoned objections. If there were an i9/11, there would be a surfeit of political capital to restrict all sorts of technologies disfavored by the content industry, and renewed reminders of the tenuous ties between drugs, terrorism, ID theft, and copyright infringement. Let's hope that any legislation designed to address digital security actually does just that, instead of becoming a wish list for anyone with a stake in limiting users' use of technology.