Home > Security > Cryptography Doesn't Save Napster, and The War Over Parodies

Cryptography Doesn't Save Napster, and The War Over Parodies

February 12, 2001 Leave a comment Go to comments

From: “Dan Kaminsky” <dankamin@cisco.com>

To: “Jon Winters” <winters@obscurasite.com>; “Whitney Broussard” <Whitney@smmmusiclaw.com>

Cc: <pho@onehouse.com>; <hardware@obscurasite.com>

Subject: Pho: Cryptography Doesn’t Save Napster, and The War Over Parodies

Date: Monday, February 12, 2001 6:55 PM

> If the IP is _music_ and the encrypted file is _noise_ then you’re in the
> clear.

A couple people have been talking about how cryptography is a magic salve
for Napster.

It’s not even close.

The entire concept of Napster is that anyone can play the music, with
absolutely no difficulty. Transfers are anonymous; there’s no way to know
that the person you’re giving the data to isn’t an enforcement agent. If a
peer can play it, so can the warden. If a peer can decrypt it, so can the
warden.

And if the warden *can’t* decrypt it…don’t look for the peer to. Now, if
peers aren’t anonymous, you actually have something–the Aimster model
actually does something, because you can differentiate the warden from your
peers. But Napster has no ability to differentiate.

What’s funny is, if it did have the ability to differentiate, through a
distributed cryptographic reputation engine…suddenly you’d have a hell of
a way to convict someone–look at all those nice digital signatures signing
somebody’s guilt 🙂

Look. Link oriented crypto is very useful for circumventing link based
censorship(port/content blocking). It does nothing when one of the
endpoints is possibly untrusted. File oriented crypto is similarly
unsuitable, and both are ultimately defeated by the fact that the indexes
that make the system useful are the ultimate point of failure. Either
entries are trusted, and thus are centrally destructable, or are untrusted,
and thus are globally spoofable.

Now, what’s going to be really, really interesting to watch is what
happens to PARODIES on Napster. Think about it for a moment–what if the
only way to listen to Britney is to hear “her” blast her own record company.
Media companies for years have been trying to figure out how to shut down
criticism; the ever-ignored software IP lawyers have even bug trying to
include anti-criticism clauses into their EULA’s. With Napster on the
ropes, and song parodies an effectively viral source of criticism…I’m
quite curious to see exactly what would become of a major-label free
Napster.

Talk about a reversal of fortune: If people are looking for your material,
would you rather they find it, or something even worse?

Yours Truly,

Dan Kaminsky, CISSP

Categories: Security
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

%d bloggers like this: