[free-sklyarov] SSSCA = Digital Rectal Thermometer Security Act ? (fwd)

Jay Sulzberger jays at panix.com
Sun Sep 9 22:55:18 PDT 2001 

---------- Forwarded message ----------
Date: Mon, 10 Sep 2001 00:55:51 -0400
From: Ronald L. Rivest <rivest at mit.edu>
To: cryptography at wasabisystems.com, farber at cis.upenn.edu
Subject: SSSCA = Digital Rectal Thermometer Security Act ?

Hi all --

I just sat down and read the proposed text of the Holling's SSSCA bill.
         http://cryptome.org/sssca.htm
Boy is this bill breathtaking in its breadth! I have tried to understand
its language.  It says in Section 101:

     "It is unlawful to manufacture, import, offer to the public, provide
or otherwise traffic in any interactive digital device that does not
include and utilize certified security technologies that adhere to
the security systems standards adopted under section 104."

and says in Section 109:

         "The term "interactive digital device" means any machine, device,
product, software, or technology, whether or not included with or as
part of some other machine, device, product, software, or technology,
that is designed, marketed or used for the primary purpose of, and
that is capable of, storing, retrieving, processing, performing,
transmitting, receiving, or copying information in digital form."

Putting 2+2 together, we see that essentially all digital devices and
software will have to have "certified security technologies" in them.
Anything that works primarily with digital data is covered.

My feeble brain came up with the following list of things that would
have to be secured.  I'm sure you can think of lots more.
         -- All bar-code scanners
         -- All computer-controlled ignition systems
         -- All metro ticket readers
         -- All digital watches and calculators
         -- All ATM machines
         -- All digital cellular phones
         -- All digital answering machines
         -- All GPS receivers
         -- All sports scoreboards and the marquee signs in Times Square
         -- All electronic parking meters
         -- Almost all lab equipment (everything is digital these days)
         -- All software, for sure
         -- All digital cameras and digital movie cameras
         -- All PC's and game consoles
         -- All remote key-entry systems and most home security systems
         -- All stop-light controllers
Well, I should leave some of the fun to you. But of course
my favorite should be listed:
         -- All digital rectal thermometers

Presumably some staffers will try to rescue this
laughable (albeit a bit scary) lobbyist-written proposal.
Of course, just letting the bill die is probably best.  But if
they want to fix things, they should consider adding language
that makes it ILLEGAL to sell copy-protection technology
that doesn't permit at least

         -- fair use, including time-shifting and making a reasonable
           number of copies for personal or educational use, or
           for backups,

         -- free use of a copyrighted item once the copyright has
           expired

(This list should be expanded.)

But in any case, making any security technology *mandatory* on all
digital devices and computers is clearly a non-starter.  Why, we'd probably
have to close down all the country's computer science departments
(can't have these kids making unsecured devices, you know, even if
it is their homework assignment to build a computer...)

         Cheers,
         Ron Rivest














Ronald L. Rivest
Room 324, 200 Technology Square, Cambridge MA 02139
Tel 617-253-5880, Fax 617-258-9738, Email <rivest at mit.edu>




---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the Free-sklyarov mailing list