Most crypto supporters lick their chops in anticipation of progress in the drive to loosen export restrictions on data-scrambling technology. But Congress may unwittingly hobble the very technology it is supposedly set out to free.
The wolf at the crypto door is a provision included in the WIPO Treaties Implementation Act, now scheduled for mark-up in the House Commerce Committee.
"As currently written, [the bill] would dramatically alter the time-honored balance between content owners and the user community," read an immediate action alert sent Saturday by the Electronic Frontier Foundation's Stanton McCandlish. "The legislation will also seriously erode the leadership that the United States currently enjoys in research and development of encryption algorithms, cryptographic products, and computer-security technology. And the bill seriously threatens privacy online."
Drafted to protect intellectual property, the WIPO bill also makes it illegal to reverse-engineer, analyze, break, and publish security systems, which, in the eyes of the EFF and Bruce Schneier, president of Counterpane Systems, a security consulting firm, puts a deathly chill on encryption research.
"It is essential for cryptographers to be able to advance the science by attempting to find vulnerabilities in encryption as that encryption is actually applied in a product or system," Schneier wrote in a letter to Representative Thomas Bliley, the House committee's chairman.
"You can't break mathematical systems in isolation," Schneier explained in a letter to Wired News. "You have to break systems as they are used in the field. A strong lock could be installed badly in a door, and the house ends up being insecure. No amount of research on the lock will tell you anything about the security of the house."
The bill has also been criticized by the Home Recording Rights Coalition, which says it would outlaw the current common practice of taping copyrighted material for home use. The group also claims that the bill would ban personal computers because they have the ability to download and copy material from the Internet. The group has run several print ads claiming that the legislation will outlaw VCRs and PCs.
"We believe that is exactly what this legislation will do," Consumer Electronics Manufacturing Association spokesman Jonathon Thompson told Variety in April.
Some version of the WIPO bill must be passed in order for the United States to ratify the World Intellectual Property Organization treaty establishing global protections for copyrighted material on the Internet. Entertainment, publishing, and software industries have long been clamoring for its passage. A companion bill, the Digital Millennium Copyright Act, passed the Senate 99-0 in May.
In its current incarnation, however, the EFF's McCandlish says, the WIPO bill would wipe out the gains the encryption community has made over the past two years. It "makes the use, manufacture, or sale of ANY technology that can be used to circumvent copyright protections illegal," he wrote in his EFF advisory. "A host of vital technologies, equipment, and processes 'can' be, but are not intended, for such abuse, and Congress should not outlaw them, any more than they may outlaw the making or sale of crowbars or baseball bats because they 'can' be used for vandalism."
Moreover, as currently penned, the WIPO bill will seriously compromise online privacy. One section in particular, says McCandlish, will "prevent computer users from protecting their privacy online by removing cookies from their computer. Additionally, if cookies are used as a copyright-protection system it would be unlawful to manufacture a device that removes the cookie from the system."
Just as bad, another section would allow for the collection of personally identifiable information. By giving content owners the right to collect such information about users who access their copyrighted works, McCandlish wrote, "This will eliminate anonymous reading and allow content owners to track not only which online magazines you buy but also which articles you read and which pictures you look at."
And not only does the bill give content owners the right to track a person's idiosyncratic surfing habits, McCandlish charges that it "encourages system operators to violate the privacy and protected speech rights of their users."
As McCandlish explains it, service providers will be exempted from liability if they remove or disable access to material they deem an infringement, regardless of whether any court has determined if there has been an actual copyright infringement. "This encourages them to remove potentially protected speech without any real proof of infringement," McCandlish argues. "It also allows [service providers] to violate users' privacy by sifting through customers' electronic files, documents, and email looking for potential infringements."
A spokesman for the House Commerce Committee, which is scheduled to release a revised draft of the bill on Friday, says the bill is still in its nascent stages.
As the bill stands now, the ramifications for crypto could be severe. Certainly, Schneier thinks so. "I feel like I've done so much work on export control and key escrow, and it is being destroyed from out of left field."
