SCN: SSSCA
Steve
steve at advocate.net
Wed Nov 28 09:29:49 PST 2001
x-no-archive: yes
===================
(Ed Foster, InfoWorld)---During the past few months, a number of
readers have importuned me to write about something called the
Security Systems Standards and Certification Act (SSSCA). The
proposed law, they said, would further extend the powers of
copyright holders already bloated by the Digital Millennium
Copyright Act (DMCA) by requiring all future interactive digital
devices to ship with built-in anti-piracy technology.
"You have got to write about the SSSCA law," wrote one reader.
"In essence, it provides that all electronic devices sold in the
United States must contain copyright protection software. Can you
imagine what will happen if this gets passed? Linux would literally
be illegal. In fact, doing anything on one's computer that doesn't
benefit huge media conglomerates would be prohibited."
Judging by the posted drafts of the SSSCA, the fears of such
readers certainly seem justified. The law's sweeping requirements
for standardized "certified security technologies" in all manner of
devices would stifle the development of innovative products,
eliminate the fair-use rights of consumers, criminalize open-source
software, restrict research in improved computer security, add
significant costs to many types of products, and in general wound
American competitiveness in world markets. All this for the sake of
preventing infringement of the rights of a few movie studios and
music publishers. Or, should I say, for the sake of trying to prevent
infringement, because it's always a safe bet with anti-piracy
technology that the real pirates will quickly defeat it.
In fact, the SSSCA is such an unrelieved nightmare that I've had
trouble taking it seriously. Surely after all the publicity generated
by the Dmitry Sklyarov affair (the Russian programmer whose
activities offended Adobe) and other abuses of the DMCA,
Congress won't actually consider this hard-wired version. The
public backers seem limited to Disney and a few other media
giants. Even groups representing the high-tech industry have
criticized the SSSCA concept. As we all know, the Microsofts and
Intels and other giants don't like being told what to put in their
products by the government.
There is also the fact that the SSSCA still doesn't really exist.
Although purported author Sen. Fritz Hollings, D-S.C., was said to
be scheduling hearings for it last month in the Senate Commerce
Committee he chairs, the hearings have yet to materialize. As of
press time the SSSCA has still not been formally introduced as a
bill, and observers say it is highly unlikely now that Congress will
take action this year.
Is the SSSCA much ado about nothing? My original theory was
that it's little more than a red herring introduced by the media
moguls to distract DMCA opponents away from attempts to reform
that law. But some of the voices raised against the SSSCA have
persuaded me otherwise.
Among organizations that have taken SSSCA seriously enough to
express their concerns to Hollings are the Association of
Computing Machinery and the Electronic Frontier Foundation
(EFF). "I think that this represents a desire to control new
technology and restrict open platforms," says Fred von Lohmann,
intellectual property attorney with the EFF. "They may not even
need SSSCA. If you look at the litigation track, it's interesting that
no one is suing the end-users (who are doing the infringing), just
technology companies like Napster or MusicCity. It already seems
you're not allowed to release new technology if it might be used to
infringe copyright."
The SSSCA has recently been condemned by several industry
officials not for what it would do but because of who would create
the standard. Their argument is that the SSSCA shows Congress
wants security standards, and the industry had better set those
standards itself or the government will. Of course what the
government means by "security" in the wake of Sept. 11 and what
copyright holders mean when asking for anti-piracy standards are
really two very different things. And its very name suggests that the
SSSCA is an attempt to take advantage of that semantic
confusion.
In other words, high-tech companies can point to the threat of
government intervention in the form of the SSSCA as a reason to
put their own digital rights management technology in their
products. Naturally, they'll use that technology to protect their own
digital rights first. If that sounds familiar, perhaps it's because
there's no difference between this concept and the remote
disabling mechanisms endorsed by the Uniform Computer
Information Transactions Act (UCITA).
Evidence that at least one high-tech company may be thinking this
way came to light a few weeks ago. While pondering the SSSCA,
columnist Dan Gillmor at The Mercury News, in San Jose, Calif.,
noted a very interesting passage in the license agreement for the
latest version of Microsoft's Media Player. The license reads in
part: "You agree that in order to protect the integrity of content and
software protected by digital rights management ('Secure
Content'), Microsoft may provide security-related updates to the
OS Components that will be automatically downloaded onto your
computer."
Pretty scary. Here we're wondering if the SSSCA is ever going to
really exist, whereas Microsoft seems to have entered the SSSCA
era already. No congressional action required, thank you very
much.
What is the SSSCA? Not quite a red herring, I think. It's more of a
stalking horse. And like any good stalking horse, you're not
supposed to know who or what is coming behind it until it's too
late. Perhaps it already is.
Copyright 2001 InfoWorld Media Group, Inc.
* * * * * * * * * * * * * * From the Listowner * * * * * * * * * * * *
. To unsubscribe from this list, send a message to:
majordomo at scn.org In the body of the message, type:
unsubscribe scn
==== Messages posted on this list are also available on the web at: ====
* * * * * * * http://www.scn.org/volunteers/scn-l/ * * * * * * *
More information about the scn
mailing list