The notion that the onus is on the government and industry to protect secrets, and that journalists and hackers should not be prosecuted for trying to independently discover the core technologies behind such secrets, is not a popular one.
Why is this week's flap over the Advanced Access Content System Licensing Administrator (AACS-LA) like the U.S. government's Atomic Energy Act or Intelligence Identities Protection Act? For the simple reason that corporations implementing digital rights management (DRM) are also trying to protect secrets. Keepers of both industry and government secrets forget that the onus is on developers of a method for keeping information secret to protect the family jewels. Forcing journalists or coders to ignore a leaky sieve is venturing into constitutionally murky waters.
Thomas Claburn of sister publication InformationWeek makes a legitimate comparison between the current state of the AACS-LA, who's technology is used in both Blu-Ray and HD DVD, with the DeCSS used in DVD encryption. Whether the methodology is bulk encryption or rootkit creation, content protection involving DRM must be kept secret by the companies involved. Hacking efforts should be anticipated since cease-and-desist orders issued to offending Internet service providers and individuals are like red flags waved in front of bulls.
Unfortunately, neither the drafters of the Digital Millenium Copyright Act nor those lawmakers involved in crafting earlier government secrecy laws seem to appreciate the fact that journalists and researchers have a right to independently attempt to piece together jigsaw puzzles. If we attach any legitimacy to the "born secret" implications of many such laws, we essentially say that the power of inductive reasoning is itself illegal.
When The Progressive magazine was restrained by the Justice Department in 1979 over its H-bomb article, the Energy Department declared that author Howard Morland had no right to determine and publish how soft X-rays and lithium deuteride might be combined to create a working H-bomb. No one ever claimed that Morland used classified documents; instead, they said he had no right to figure out how a fusion bomb worked and to publish his findings.
The Progressive case was dropped when another independent researcher published his findings widely, thereby avoiding a First Amendment showdown.
In the 28 years since the H-bomb case, journalists have been much more reticent to test the limits of secrecy laws like the Cryptography Act and Intelligence Identities Protection Act. If someone wants to publish frequency tables of known intelligence interceptors, there might be a case for secrecy. But when the government tries to halt the dissemination of general information on NSA crypto chips or the infrastructure of programs like Project Echelon, something is wrong.
Conversely, there is undue provocation if a media outlet wants to publish lists of undercover CIA agents. But when U.S. newspapers avoid publishing the names of the managers of the CIA rendition program in Italy, identity protection is stifling honest inquiry.
So how do these rules apply to DRM? DRM rankles the proponents of Internet libertarianism and is bound to be the subject of hacker contests. The NSA has learned to accept and live with the constant battle between code-creation and breaking. Content protectors in private industry need to do the same.
The notion that the onus is on the government and industry to protect legitimate secrets, and that journalists and hackers should not be prosecuted for trying to independently discover the core technologies behind such secrets, is not a popular one. Far too many U.S. citizens would prefer to say, "If government or big companies say that this area is walled off from independent discovery, so be it."
But if we grant legitimacy to this point of view, our Bill of Rights is guttedperhaps irrevocably.