October 19, 2001

SSSCA gets a hearing Oct. 25 -- can it be stopped?

Author: JT Smith

- by Tina Gasperson -
Senator Fritz Hollings will testify about his proposed SSSCA legislation before the
Senate Commerce Committee on October 25. While the Open Source community is
acquainted with the potential effects of this bill on freedom from government
intrusion on our private activities, many businesses that use Open Source
software, government agencies who sponsor Open Source projects, and lawyers who
specialize in technology issues either have not heard of the bill, or do not
understand its implications.Eben Moglen, chief counsel for the Free Software
Foundation
, is succinct: "SSSCA is a deliberate attempt to destroy free
software."

Moglen believes that the industries behind the drafting of the SSSCA want to
control information from the beginning to the end of every event chain. "The
content industries want to make a leakproof pipe that leads from their
production facility directly to the eyeball and eardrum of the consumer."

That pipeline must not be broken apart by any technology that is under the
user's control, he says. "If the computer closest to your eyeball and eardrum
has a free software operating system, the whole rest of the pipe doesn't
matter: sound on its way to the sound card, or video on its way to the screen,
can be copied or sent anywhere by the OS kernel.

"So the content industries cannot -- so long as they adhere to their present
obsolete business models -- tolerate the existence of any user-modifiable
operating system for computers. Period."

And that's what's behind Disney's and other corporations' campaign
contributions to Hollings and their subsequent "urging" that Hollings, the chairman of
the Senate Commerce Committee, draft the Security Systems
Standards and Certification bill
, which states in part that "it is unlawful to manufacture, import, offer to the public, provide or otherwise traffic in any interactive digital device that does not include and utilize certified security technologies." And while Disney interests may
be completely aware of the subtleties behind the SSSCA, Hollings may be
unaware of the chain of effects this could set off. "Although I cannot comment
on the technical acuity of Senator Hollings," says Pat Stakem, a NASA
consultant who works with FlightLinux,
a version of Linux that's running on unmanned space flights, "there have been
problems in the past with oversight and unintended consequences when a highly
technical issue is legislated."

This isn't the first time that Hollings has sponsored highly technical
legislation and tried to rush it through Congress. It is ironic that it came
at a time when Hollings appeared to be on the other side of big business,
fighting for stricter Internet privacy laws. Back in July, Hollings was
testifying
at another Congressional hearing in favor of more privacy
legislation, as opposed to the self-regulation that the Information Technology
Industry Council (ITIC) favors. ITIC is populated by big tech companies that
normally are at odds with each other, like IBM, Microsoft, AOL, Amazon.com,
Compaq, and Dell. At that hearing, Hollings said, "Where did self-regulation
get us?" as he urged Congress to take swift action on new laws for privacy.
Now that draft bill has disappeared, and Hollings seems to have switched
sides, getting into bed with the anti-privacy, anti-freedom corporate
interests.

Hollings and company have turned deaf ears on requests for more information
from NewsForge
and from at least one lawyer we spoke to. A representative from
the office of Scott Draughon, an attorney who specializes in technology law and
policy, contacted Hollings office to request a draft of the bill and was
rebuffed by one of his staff, who told her, "attend the hearing."

But according to a report at WebNoize,
that hearing may not be completely open. "Non-profit public interest groups
haven't been invited to the hearing, which has motivated them to take action,"
the report written by Mark Lewis states. The Electronic Freedom Foundation issued an
alert
and is conducting a letter writing campaign to try to stop the
progress of the draft bill, calling it DMCA2, in a comparison to the
restrictive digital copyright legislation that landed Dmitry Sklyarov behind
bars earlier this year when he gave a presentation on e-Book unencryption techniques
at DefCon.

The Association for Computing Machinery's (ACM) Public Policy Committee is
also trying to persuade Hollings and company of the dangers of the bill. "We
urge you to recognize that there are many legitimate uses of technology that
would be impaired by additional copyright-protection measures," states a letter addressed to
Hollings
from Barbara Simons and Eugene Spafford of ACM. "Already, we have
seen an unintended chilling effect on computer security research by the DMCA.
Any law along the lines of the SSSCA might well have more far-reaching and
damaging effects, particularly as our nation attempts to enhance the security
of our infrastructure and prevent acts of terrorism."

Simons and Spafford list some of their objections to the legislation:

  • Colleges, universities and trade schools throughout the United States would no
    longer be able to teach advanced computer science and computer engineering.

  • The acts of writing basic operating system software or assembling simple
    computer systems in classes or as assignments would be against the proposed
    law.

  • Research in computer security and protection would be further curtailed,
    as any such research would be required to be done on (and not interfere with)
    whatever technology is imposed by this law. However, malicious actors do not
    need to be so concerned. This has significant national security implications.

  • Researchers and hobbyists seeking new uses for innovative technology might
    well find their experimentation and prototypes to be criminal under this law.

  • Devices as disparate as electronic cameras, wrist watches, electric
    pianos, televisions, ATM machines, cell phones, home security systems, and
    medical equipment (among many examples) all process and display information
    electronically. Under the proposed legislation, all would be required to
    support anti-copying protocols. In most such cases, this is absurd and will
    raise costs unnecessarily.

  • Inclusion of anti-copying technology in general purpose equipment --
    including real-time computing devices used in traffic control, air flight
    control, medical equipment, and manufacturing -- adds to their complexity and
    potential for failure. Unexpected interactions with other code, and accidental
    activation of protection protocols cannot be ruled out in every case, and in
    many venues the potential for damage is extreme.

  • Photocopy machines, telephones and VCRs are now digital in form and can
    copy information. Forcing adoption of anti-copying protocols on those machines
    will change accepted modes of use, at best, and may render them unusable for
    their intended purposes.

  • Other countries will not have similar requirements in their laws and may
    actively fear the imposition of anti-copy technologies; this will put U.S.
    products at a competitive disadvantage with other products manufactured
    elsewhere in the world. At a time when electronics manufacturers in other
    countries are seeking an advantage over U.S. firms, this could be catastrophic
    for the U.S. electronics industry.

  • In addition, the draft version of SSSCA would have significant negative
    impacts on foreign technology imports, such as the Linux operating system, in
    direct violation of our obligations as a participating member of the World
    Trade Organization.

Spafford
testified
before the House Committee on October 10 at the Full Committee
Hearing on Cyber Security, saying, "Legislation that is scheduled to be
introduced into the Senate, the Security Systems Standards and
Certification Act (SSSCA), may further restrict what research is conducted in
information security. Legislation against technology instead of against
infringing behavior can only hurt our progress in securing the
infrastructure."

Though Spafford, Simon, and FSF lawyer Moglen are well aware of the dangers of
SSSCA, other key elements may only now be waking up to the potential
consequences of such broad legislation. Draughon, who specializes in D.C.
doings in technology, was unaware of the draft and requested a copy from me
when I contacted his office. Government agencies that use Linux and other Open
Source software are also largely ignorant of SSSCA, including the Army, Navy,
and the NSA, and have not been prepared to discuss the issue with NewsForge.

FlightLinux's Stakem was willing to take a look at the draft and share his
initial impressions. "If the legislation, which appears to be driven and
influenced by big content-providers, does affect Open Source distribution,
then we need to take a long hard look." But Stakem is not overly concerned
about potential danger to Open Source. "We have to make it [the source code]
freely available, but [the GPL] doesn't say it can't be encrypted.

"There is a need to reform intellectual property laws to bring them more into
sync with new, unforeseen realities. Unfortunately, those who can affect those
changes don't necessarily understand the issues."

The Navy is preparing to experiment with Open Source software, "particularly
Linux," and has signed a Cooperative Research and Development agreement with
the Open Source Software Institute (OSSI). But are they aware of the dark
clouds gathering around that scenario? John Weathersby, the director of the
OSSI says, "SSSCA is typical of a reactionary bill proposal. It is stimulated
from one side of the spectrum. But it represents a work in progress."

Weathersby believes that the Open Source community has to take the saying
"eternal vigilance is the price of freedom" to heart. "I see issues like SSSCA
as growing pains that we must wrestle with as we outgrow our protective shell
and realize that we are part of a larger more complex economic picture.

"I don't see how it can be adequately enforced. It's like trying to hold back
the tide; you can do it for a while, but then the open market, like Open
Source software, will find its equilibrium."

Stakem thinks that perhaps the SSSCA will exempt government usage from its
restrictions, but Moglen says there is no such exemption in the current text
of the bill. "But it's not only about specific applications government might
write. If SSSCA prohibits the Linux kernel, prohibits the Hurd kernel,
prohibits any system with enough openness to permit users to modify its basic
behavior, the ability of one federal agency to publish one applications
program more or less wouldn't make the slightest difference.

"The software monopolist and the entertainment oligopolist are discovering
that this can be the beginning of a beautiful, but socially obnoxious and
oppressive friendship."

Click Here!