ftp.rfc-editor.org/in-notes/rfc3751.txt
Because it can be quite difficult to establish a person's intent lawmakers have, in some cases, reduced the requirement for prosecutors to establish intent and mere possession is now proof enough of intent. This memo proposes a set of requirements for a new protocol to be used by prosecutors to determine a person's intent, thus reducing the need to dilute the historical legal requirement to show intent and by groups such as the MPAA and RIAA to be sure they are dealing with lawbreakers and not 60 year old non computer users. OP Clients would register with all OP Servers that pertain to the legal jurisdiction in which the client is located each time the computer is started. OP Servers would then, on whatever schedule they have been configured to use, send OP Queries to OP Clients to find out if the computer operator has engaged in an illegal act of interest to the operator of the OP Server. Future versions of the OP might operate using a peer-to-peer model if the copyright enforcement people can ever get over their visceral disgust at the very concept of peer-to- peer networks. For the purpose of this memo, I will use copyright infringement as an example of an illegal act that the OP protocol could be used to expose. The OP has numerous possible applications beyond ferreting out copyright infringement. For example, the OP would be of great assistance to instructors trying to determine if their students are producing original work or engaging in plagiarism. The same function would be invaluable to newspaper editors checking up on reporter's dispatches.
RFC 3751 Omniscience Protocol Requirements 1 April 2004 Also for the purpose of this memo, I assume that an evil-doer (also referred to as a miscreant) is in full control of a computer and that OP Servers will generally be operated by "Good guys." In the context of this memo, "good guys" refers to individuals or groups of individuals who have a legally recognized right to prevent certain acts that computer users may attempt to do with their computers. The use of this term is not meant to convey any value judgment of the morality, forward thinking nature, public spiritedness, or the monetary worth relative to most of humanity of such individuals or groups of individuals. Discussion: The OP client would be installed by legal mandate in all new computers, but since there are hundreds of millions of existing computers, the OP client must be able to install itself in all of these existing computers in order to afford universal coverage of all possible miscreants. This installation must be accomplished even if the user, many of whom have full administrative control over their computers, tries to prevent it. OR2: True OP clients must not be findable by the computer user by any means, including commercial virus detectors, but all hackers' programs that mimic OP clients must be easily findable by commercial virus detectors. Discussion: Since anyone whose intent was to violate the law would not want the OP client to be watching their action, they would try to disable the OP client. Thus the OP Client, once installed, should be invisible to all methods a user might employ to discover it. Users must be able to find and remove any virus or worm that tries to masquerade as an OP client to escape detection.
OR4: Neither the operation of the OP client or the OP server must be able to be spoofed. Discussion: The user must not be able to create their own version of an OP client that can fool the OP server. Nor can it be possible for someone to create their own OP server that can be used to query OP clients. Discussion: Because of the potential for a user to hide their illicit activities by mimicking the operation of the OP client on their machine, it must not be possible to do so. In the same vein, because of the potential for violating the user's privacy, it must not be possible for a non-authorized OP server to be seen as authorized by OP clients. Since there will be an arbitrary, and changing, number of OP servers, at least one for each type of protected material, OP authentication and authorization must be able to be accomplished with no prior knowledge of a particular OP server by the OP client. OR5: The OP client must be able to be installed on any portable device that can be used to play protected material or execute protected software. Discussion: Since small, portable devices, such as MP3 players, are becoming the preferred method of playing back prerecorded music and videos, they must all include OP clients. OP clients must be able to be automatically installed on all such existing devices.
RFC 3751 Omniscience Protocol Requirements 1 April 2004 22 Functional Requirements FR1: The OP client must be able to determine the user's intent. Discussion: Just knowing that the user has a copy of a protected work on their system does not, by itself, mean that the copy is illegal. The OP must be able to tell if a copy is an illegal copy with complete reliability. The OP must be able to differentiate between an original, and legal, copy and a bit-for-bit illegal reproduction. The OP client must be able to differentiate between copies that were created for the purpose of backup, and are thus generally legal, and those copies created for the purpose of illegal distribution. In the case of some types of software, the OP client must be able to determine the intent of the user for the software. An example of this need is related to the US Digital Millennium Copyright Act (DMCA) and similar laws around the world. These laws outlaw the possession of circumvention technology, such as crypto analysis software, in most cases. Some exemption is made for legitimate researchers, but without an OP it is quite hard to determine if the circumvention technology is to be used for research or to break copyright protections for the purpose of making illegal copies of protected material. With the OP, the DMCA, and laws like it, can be rewritten so that circumvention technology is legal and developers can find out if their security protocols are any good, something which may be illegal under current law. FR2: The OP client must be able to remotely differentiate between illegal material and other material with the same file name. Discussion: A user might create a file that has the same filename as that of a protected work. The OP must not be fooled into thinking that the user's file is a protected one. FR3: The OP client must be able to find illegal copies, even if the filename has been changed. Discussion: The user must not be able to disguise a protected work by just changing its name. FR4: The OP client must be able to find illegal copies, even if the user has modified the work in some way. Discussion: The user must not be able to disguise a protected work by modifying the work, for example, by prepending, appending, or inserting extra material, or by changing some of the protected work.
RFC 3751 Omniscience Protocol Requirements 1 April 2004 determination that a modified work is no longer legally the same as the original if the amount and type of modification exceed a subjective threshold. FR5: The OP client must not be able to be run by a hacker, and the OP interface into a user's computer must not be able to be exploited by a hacker. Discussion: OP clients will be attractive targets for hackers since they will have full access within a user's computer. The interface between the OP client and server must be secure against all possible hacking attacks. FR6: The OP client must be able to discern the motives of the operator of the OP server and not run if those motives are not pure. Discussion: Since it cannot be assumed that the operators of the OP server will always have the best motives, the OP client must be able to reject requests from the OP server if the operator of the server has an evil (or illegal) intent. For example, the OP client must block any operation that might stem from a vendetta that the OP server operator might have against the user. FR7: The OP client must not be able to be used to extract information from a user's computer that is unrelated to illegal copies. In order to minimize the threat to the privacy...
|
http://csua.com/feed/