Slashdot Mirror
Geo-Encryption: Global Copyright Defense?
An Anonymous Coward writes: "CIO Insight has a story on the copyright-protection scheme devised by Georgetown professor Dorothy Denning. Geo-encryption uses GPS technology to keep information scrambled until it reaches a precise location anywhere in the world. Denning has started a new company, GeoCodex, to capitalize on the technology." I can't wait for the Crypto-Gram article about this one..
Another important defect of this system is that in modern society most people live in cities, and as such the keys are not randomly distributed, but very much clustered. To find a movie key, for example, one just needs to try GPS locations of few big cities (SF, LA, NYC etc.) to hit the paydirt.
But likely, this key search won't be needed at all, because whoever posts the material on Usenet will put the necessary serialz ^W GPS code into the accompanying note. The only problem is to apply the key to get the raw contents, and that is not too difficult because all the strength of the crypto is in the key, not in the algorithm.
Do a google search for 'Denning GPS'.
First hit that comes up is a 1996 paper Location-based Authentication: Grounding cyberspace for better security, by Dorothy E. Denning and Peter F. MacDoran. Reading the paper, the idea looks to be that by knowing the location of a computer user one can define whether they are authorised to perform a particular action.
This makes marginal sense (if somebody who isn't in a bank office is playing with computer codes then they're probably not really permitted to play with them). However, to me this article reads like, 'Hey, if I mention copyright protection, I'll get funding'. And the whole idea reads like that - after all, for the person in the above example to perform an unauthorised action on bank accounts, they must already have broken through the protection placed around the system. Simply adding another authentication isn't going to magically fix that problem (hey, you want me to tell the system I'm in the White House? OK. It's no different to telling the system that I'm Bob, financial manager).
As for the use of said technology to control music distribution... what?!. If this woman is 'America's Cyberwarrior' then... be afraid. Very afraid. I'm sorry to say it, but whilst there are some very valid uses for GPS technology (something like HP's Cooltown project, mobile computing in general, augmented reality, etc), I don't think this is it.
On the one side, it's valid to argue that including un-spoofable - if that's a word - location data in all internet communication would help in some cases (finding malicious hackers, absolving the innocent) but given that it also destroys the whole concept of anonymity, it's plain not worth it. Location information has to be optional. This is just another step in the 'media programs phoning home'/WinXP DRM direction, and it's not a good one.
If I sound irritated, it's because I am; I have no idea what Denning's politics are or whether the spin on this story is merely unfortunate, but the article linked to in this story (somewhat unlike the paper) sounds like something the EFF will eventually find themselves fighting.
I particularly like the part of that paper marked 'privacy considerations', where they note "The use of location signatures has the potential of being used to track
the physical locations of individuals."
Their solution?
"Access to [this information] should be strictly limited." And, um, "Privacy can also be protected by using and retaining only that information which is needed for a particular application." Or you can "opt-out" of giving your information, although of course "some actions may be prohibited if location is not supplied".
You mean the MPAA/RIAA are only going to retain as much information on me as they need for marketing purposes, and I can opt out if I don't mind never listening to another RIAA-produced CD? Thank you, Denning and MacDoran.