Donna Wentworth
( Archive | Home | Technorati Profile)

Ernest Miller
( Archive | Home )

Elizabeth Rader
( Archive | Home )

Jason Schultz
( Archive | Home )

Wendy Seltzer
( Archive | Home | Technorati Profile )

Aaron Swartz
( Archive | Home )

Alan Wexelblat
( Archive | Home )

About this weblog
Here we'll explore the nexus of legal rulings, Capitol Hill policy-making, technical standards development, and technological innovation that creates -- and will recreate -- the networked world as we know it. Among the topics we'll touch on: intellectual property conflicts, technical architecture and innovation, the evolution of copyright, private vs. public interests in Net policy-making, lobbying and the law, and more.

Disclaimer: the opinions expressed in this weblog are those of the authors and not of their respective institutions.

What Does "Copyfight" Mean?

Copyfight, the Solo Years: April 2002-March 2004

a Typical Joe
Academic Copyright
Jack Balkin
John Perry Barlow
Blogbook IP
David Bollier
James Boyle
Robert Boynton
Brad Ideas
Ren Bucholz
Cabalamat: Digital Rights
Cinema Minima
Consensus @ Lawyerpoint
Copyfighter's Musings
Copyright Readings
CopyrightWatch Canada
Susan Crawford
Walt Crawford
Creative Commons
Cruelty to Analog
Culture Cat
Deep Links
Derivative Work
Julian Dibbell
Digital Copyright Canada
Displacement of Concepts
Downhill Battle
Exploded Library
Bret Fausett
Edward Felten - Freedom to Tinker
Edward Felten - Dashlog
Frank Field
Seth Finkelstein
Brian Flemming
Frankston, Reed
Free Culture
Free Range Librarian
Michael Froomkin
Michael Geist
Michael Geist's BNA News
Dan Gillmor
Mike Godwin
Joe Gratz
James Grimmelmann
Groklaw News
Matt Haughey
Erik J. Heels
Induce Act blog
Inter Alia
IP & Social Justice
IPac blog
Joi Ito
Jon Johansen
JD Lasica
Legal Theory Blog
Lenz Blog
Larry Lessig
Jessica Litman
James Love
Alex Macgillivray
Madisonian Theory
Maison Bisson
Kevin Marks
Tim Marman
Matt Rolls a Hoover
Mary Minow
Declan McCullagh
Eben Moglen
Dan Moniz
Danny O'Brien
Open Access
Open Codex
John Palfrey
Chris Palmer
Promote the Progress
PK News
PVR Blog
Eric Raymond
Joseph Reagle
Recording Industry vs. the People
Lisa Rein
Thomas Roessler
Seth Schoen
Doc Searls
Seb's Open Research
Shifted Librarian
Doug Simpson
Stay Free! Daily
Sarah Stirland
Swarthmore Coalition
Tech Law Advisor
Technology Liberation Front
Siva Vaidhyanathan
Vertical Hold
Kim Weatherall
David Weinberger
Matthew Yglesias

Timothy Armstrong
Bag and Baggage
Charles Bailey
Beltway Blogroll
Between Lawyers
Blawg Channel
Chief Blogging Officer
Drew Clark
Chris Cohen
Crooked Timber
Daily Whirl
Dead Parrots Society
Delaware Law Office
J. Bradford DeLong
Betsy Devine
Ben Edelman
Ernie the Attorney
How Appealing
Industry Standard
IP Democracy
IP Watch
Dennis Kennedy
Rick Klau
Wendy Koslow
Elizabeth L. Lawley
Jerry Lawson
Legal Reader
Likelihood of Confusion
Chris Locke
Derek Lowe
MIT Tech Review
Paper Chase
Frank Paynter
Scott Rosenberg
Scrivener's Error
Jeneane Sessum
Silent Lucidity
Smart Mobs
Trademark Blog
Eugene Volokh
Kevin Werbach

Berkman @ Harvard
Chilling Effects
CIS @ Stanford
Copyright Reform
Creative Commons
Global Internet Proj.
Info Commons
IP Justice
ISP @ Yale
NY for Fair Use
Open Content
Public Knowledge
Shidler Center @ UW
Tech Center @ GMU
U. Maine Tech Law Center
US Copyright Office
US Dept. of Justice
US Patent Office

In the Pipeline: Don't miss Derek Lowe's excellent commentary on drug discovery and the pharma industry in general at In the Pipeline


« CFP: Gmail v. Corporate Mail | Main | Brewster Kahle on Universal Access to Human Knowledge »

April 23, 2004

Trusted Computing/DMCA v. Diebold's Pentagon Papers

Email This Entry

Posted by Jason Schultz

Ernie breaks a great story about Jones Day suing the Oakland Tribune to take back the memos they wrote about Diebold's risky ventures in California over uncertified e-voting machines.

While Jones Day chose to use legal tools to restrain news reporting and Free Speech in this case, keep in mind that if we had Trusted Computing, Jones Day could have written the documents in a word processing application that required an attestation that the reader was authorized to access the documents before decrypting them.

If this was the case, the reporters at the Tribune would never have been able to read the documents even after they had acquired them because the application would not "trust" them to decrypt the contents. Unless, of course, they attempted to circumvent the attestation requirement and "hack" into the document, thereby invoking dangers under the DMCA.

When the Diebold email archive and memos were posted on the net by the Swarthmore students and others, Diebold sent DMCA take-down notices to shut down their speech. But there, the students were able to respond and repost the documents. They were able to claim fair use as a defense to the allegations that they infringed Diebold's copyrights in its internal memoranda and emails. With Trusted Computing and the DMCA, fair use is no defense. Under current law, circumvention of Trusted Computing and/or DRM is arguably a criminal and civil violation -- whether your purpose is to publish the Pentagon Papers or the Diebold Papers.

Comments (11) + TrackBacks (0) | Category: IP Abuse


1. cypherpunk on April 23, 2004 7:44 PM writes...

Trusted computing isn't the only technology that can be misused by bad guys to keep information secret that ought to be made public. You can say the same thing about encryption. Maybe we should oppose that, too?

And in this particular case, it was attorney-client privilege which was supposedly breached. Most people will agree that protecting attorney-client privilege is a legitimate social good. If trusted computing (or cryptography) helps with that, it's hardly an example of misuse.

Permalink to Comment

2. Wendy Seltzer on April 23, 2004 10:35 PM writes...

Attorney-client privilege is a privilege against use in litigation. It's not an absolute privilege against disclosure, if a third party happens upon material without fault.

For me the difference between trusted computing and encryption is the degree of publication. Mass distribution is public: you grant access to many and lose some control in exchange for greater reach. Encryption is private, but the further control is still based only on your trust of the recipients; they can copy the document once they've decrypted it. Trusted computing attempts to combine the two badly, giving its distributors access to a wide swath of public without giving that public access to quote in return.

Permalink to Comment

3. Pizza on April 23, 2004 10:36 PM writes...

Ah, but the newspaper isn't who violated the client-attorney priviledge. Either the lawyers or their clients did, by sending the reporters those documents.

Permalink to Comment

4. bryan seigneur on April 23, 2004 10:53 PM writes...

Trusted computing isn't the only technology that can be misused by bad guys to keep information secret that ought to be made public. You can say the same thing about encryption. Maybe we should oppose that, too?

I don't think anyone would oppose encryption. Many oppose the DMCA's effect of making decryption without explicit permission illegal. That is something new and dangerous and original to the DMCA.

Permalink to Comment

5. Anonymous-post on April 24, 2004 12:50 AM writes...

Even though a "criminal act" may have been involved in obtaining the material, based on a recent case, it would appear that a news organization would still be protected by the First Amendment.

See -

First Amendment Outweighs Wiretapping Law, Court Rules

But the ruling, in favor of a radio talk-show host who broadcast a tape of an intercepted cellular-telephone call, was a deliberately narrow one. The Court's majority emphasized that it was not issuing a broad ruling on the constitutionality of all restrictions on publishing or broadcasting truthful information.

"It seems to us that there are important interests to be considered on both sides of the constitutional calculus," Justice John Paul Stevens wrote for the majority. "In considering that balance, we acknowledge that some intrusions on privacy are more offensive than others, and that the disclosure of the contents of a private conversation can be an even greater intrusion on privacy than the interception itself."

"In this case," he went on, "privacy concerns give way when balanced against the interest in publishing matters of public importance . . . One of the costs associated with participation in public affairs is an attendant loss of privacy."

[Note: IANAL]

Permalink to Comment

6. Alsee on April 24, 2004 9:35 AM writes...

Trusted computing isn't the only technology that can be misused by bad guys to keep information secret that ought to be made public. You can say the same thing about encryption. Maybe we should oppose that, too?

It's not that things are kept "secret". The problem is that had Trusted Computing been involved then the Oakland Tribune reporter would have been IMPRISONED.

Trusted Computing is a fundamentally flawed concept. The "Trust" portion of the system rests entirely on the assumption that the owner of a computer does not happen to know his own computer key. That key is hidden inside a chip and the chip is designed not to tell it to its owner.

The problem is that you own your computer - it's your property. You have every right to rip your chip open and read out your key with a microscope. Or to pay someone to do that for you. Once you know your key then you regain total control over your computer - the entire Trust system falls apart.

Note that when you know your key the system is still perfectly secure for you, the owner. Simply knowing your key cannot possibly reduce your computer's ability to protect you.You'd still get the exact same protection against viruses and hackers and privacy, all of the advertized benefits of the system. You'd get all of the benefits and none of the abuses. Knowing your key simply means your computer is no longer secure against you, the owner. You should get a printed copy of your key when you buy your computer. They refuse to offer such a system because thepurpose is not to secure your computer for you, the purpose is to secure your computer against you.

Attestation and Trust completely fall apart when people know their key. It's impossible to prevent people from knowing their key, they can just read it out with a microscope. All they can do to "protect" the system is make it a crime to look at your own key.

The idea of Trusted Computing inherently requires revoking basic property rights. The right to look at your own property. Even when it is a crime to look at your property, the Trust system is still worthless. It's impossible to detect when someone else has read out their own key and defeated the Trust system. The moment you rely on the Trust and attestation system for anything more important than a video game then you get burned by anyone who looks at their own key anyway.

Permalink to Comment

7. Not a Lawyer on April 24, 2004 10:50 AM writes...

This brings up an interesting thought with the "office" variants of Trusted Computing and the desires of whistleblowers.

From the computer's (and perhaps the company's) perspective, a whistleblower is no different from someone engaged in industrial espionage.

Further, by instituting an automatic purge on sensitive documents, there will be no troublesome records to be subpoena'd later. This will doubtless make a corporation's life a bit easier.

Trusted Computing is inevitable. The only "workaround" is to allow human factors into it. The best proposal that I've seen would require all Trusted Computing devices to allow any code to be considered Trusted (without additional logging), if the user is present and has activated a hardware device. This means that if you want to save something that the normal Trusted code won't let you, you can load your own in, WITH the override and do as you wish.

The reason for the override is that by doing so, you are taking on the responsibility for your own actions -- you don't escape the criminality, but it acknowledges that sometimes the law isn't as binary as the computer restrictions.

Permalink to Comment

8. cypherpunk on April 24, 2004 12:42 PM writes...

There are so many misconceptions here, it's difficult to reply to them all, but I'll try.

First, with regard to attorney-client privilege, all I know is that the judge has ordered the documents returned. The newspaper can use summaries but it can not publish the remaining memos verbatim. This sounds like the judge viewed the privilege as being socially and legally important. To the extent that TC protects a socially valuable form of confidentiality, that's a good use of the technology.

As far as TC giving distributors access to the public while depriving public of the right to quote in return, you're looking at things backward. It's not like society generously grants to content creators the privilege of being able to give us their work. Rather, we are all fortunate that our most creative members are willing to share the fruits of their labor with us. Nobody is forced to view this content - the viewers all desire it, and they are willing to pay for it. As part of that exchange, recipients may be asked to accept limitations on how they further share the content, in order to protect the ability of the creator to be rewarded for his efforts. In a free world, viewers are at liberty to accept or refuse the offer. TC helps to enforce limitations which the recipients have already freely agreed to as a condition for receiving valuable and entertaining information.

With regard to the DMCA, to the extent that defeating technological protections is illegal, it's because of that law, and is not because of trusted computing. I'm not defending the DMCA; it's bad legislation. But most properties of TC would still hold even without the DMCA, so to a large extent it is a red herring here.

But to clarify some points, the Oakland newspaper reporter is not the one who would be IMPRISONED. Presumably these documents were leaked by someone on the inside; the reporter didn't break into the building. So someone else would have violated the DMCA in that case, and would have been the one who would be in trouble. Even today, whoever leaked that data might face some legal sanctions for violating confidentiality. But chances are they will never be caught and so nothing will happen to them.

I'll also note that the DMCA could have been called into play if these documents were merely encrypted, or protected even more weakly using simple access control fields built into the document that said "don't print" or "don't copy". The threshold for invoking DMCA protection is extremely low, you don't have to go all the way to the power of TC. So again, legal liability could arise independently of the use of TC technology.

In a way, TC aims to make the DMCA obsolete. The DMCA forces us to act as though technologically based access controls really work, even when they don't and can be circumvented. TC tries to provide technology which will be strong enough to successfully put limits on at least some kinds of data. If TC works, they won't need the DMCA (which will make it that much easier to repeal it).

Whether TC can succeed technologically remains to be seen. It does rely on storing secret keys on a chip. But it's not that easy to pull keys out of chips, even with the first generation. You need an enormously expensive lab and very fancy equipment. And tamper resistant technologies exist which can wipe keys if an outer layer of the chip is breached. Intel already has a chip which integrates the TPM (which holds the keys) onto the CPU, making a single self-contained unit. Future generations will only be more secure.

With regard to owner override, the Unlimited Freedom blog at has some articles describing "good" uses of TC that depend on users being unable to override their attestations; for example, anonymous P2P networks or multiplayer games.

And finally, with the analogy to encryption, many people have in fact argued that encryption should be limited precisely because it helps bad guys. This was a legal battle throughout the 1990s. I was shocked to see this discredited line of argument resurrected here from people who support online freedom. The existence of bad uses is no justification for opposition to a technology, not for encryption and not for TC.

If you do believe in freedom, support the rights of people to choose what technologies they will use, even people whom you don't like. That includes the right of Diebold and its law firm to use encryption and/or TC to protect their confidential documents. We have no standing to step in and argue that they shouldn't use these or any other technologies of their choice to control and manage their data.

Permalink to Comment

9. Seth Finkelstein on April 25, 2004 8:33 PM writes...

One quick remark:

"If TC works, they won't need the DMCA (which will make it that much easier to repeal it)."

This argument, while so intellectually appealing, is unlikely to prove true in practice. What will happen according to history is that TC will be used as a further argument in favor of keeping the DMCA. Or worse.

That is, we will be told "You've accepted and supported this in technology - therefore that means it's good in policy, And law is just a way of recognizing that good policy, which you've already accepted".

We've been here before. Many times. The people who lobby for laws, the people who make laws, DO NOT HAVE THIS WEIRD NETHEAD IDEA that law and technology are opposites and antonyms. That's an ideological quirk of us geek types, who confuse it for a general truth.

Which makes it very dangerous to reply on it as an outcome.

Permalink to Comment

10. Hosen on September 19, 2004 7:43 AM writes...


Permalink to Comment

11. Junta Sabrine on September 20, 2004 5:47 AM writes...

I love your site. Good work.

Permalink to Comment


Email this entry to:

Your email address:

Message (optional):

Sherlock Holmes as Classical Fairytale
Trademark Law Includes False Endorsement
Kickstarter Math
IP Without Scarcity
Crash Patents
Why Create?
Facebook Admits it Might Have a Video Piracy Problem
A Natural Superfood, and Intellectual Property