As I posted a while back, a method was found for extracting the encryption codes for HD-DVDs and Blu-Ray discs, allowing unauthorized decryption. Basically the problem is that in order to let legitimate users play their movies, you have to give them both the locked version and the key. It’s just a matter of time before someone takes that key and unlocks something else. In the case of HD-DVDs, it’s even worse because the encryption scheme depends on a single master key.
Next came some twists that speak volumes about the current state of “intellectual property” and its radical opposition to free speech. Yesterday the story went around social bookmarking and discussion site Digg that the key had been found. Because the master key was so short, the original poster included it in the title of their post.
Digg received a DMCA takedown notice and decided to comply. Users went nuts. They flooded the site with posts containing the key code and lobbying Digg’s management to fight back. Finally, at the end of the day, founder Kevin Rose posted his decision.
First, this case highlights the fact that even if you have a good method of securing information, there is no reasonable level of lockdown that will prevent this type of “leak”. This is a tangent, but I think an enlightening one: the same thing applies to security from terrorism.
There is no such thing as a tradeoff of freedom for security, because security is an illusion. Inmates in maximum-security prisons still manage to murder each other. Unless you’re willing to impose restrictions on the public greater than those on prisoners, you can’t make violence impossible. If violence is possible, you can’t be secure — only more or less likely to be attacked, more or less likely to live through it.
Any amount of freedom in a society, which I hope we can agree is a good thing, brings with it “security holes”. The fact that we are not constantly at war with each other is a social construct based on alternative effective methods of conflict resolution. We are free to be violent, but mostly choose not to.
Back to freedom of information. Freedom of speech does not exist in a vacuum. Any amount of freedom of expression in a society depends upon the public’s ability to use and repurpose the expressions of others. No reasonable amount of restriction of free expression will achieve full control over access to information. And the crucial point is that with the internet, one lapse in access control leads to full publicity. Therefore the idea of trading freedom of expression for information security, in the public context, is an illusion.
Second, Digg’s reaction is a miniature version of the process that society as a whole is going through to readjust its beliefs and policies to internet technology. Because of the internet, that encryption key is now a piece of public information. And the public is getting tired of corporate interests manipulating the legal system, trying to put the cat back in the bag.
Digg recognizes that its value is dependent upon its social nature. Placing restrictions on users will dry up that well of participation and cause Digg to fail. It’s precisely the many-to-many nature of the internet that makes explicit the radical dependence of content and service providers on the good will of their users.
Without waiting for the market to sort out the problem, Digg listened directly to its users and made the right decision. In a sense, actually, the users made the decision. That’s a fundamental shift in the way things work, which is making its way through every institution — though mostly at a slower pace than Digg’s one-day turnaround.