[IETF-IDRM] [IDRM] Fwd: Matt Blaze's declaration regarding the Felton DMCA case
Thomas Hardjono
thardjono@mediaone.net
Fri, 17 Aug 2001 10:01:18 -0400
http://www.crypto.com/papers/mab-feltendecl.txt
Grayson Barber (GB 0034)
Grayson Barber, L.L.C.
68 Locust Lane
Princeton, New Jersey 08540
(609) 921-0391
Frank L. Corrado (FLC 9895)
Rossi, Barry, Corrado & Grassi
2700 Pacific Avenue
Wildwood, NJ 08260
(609) 729-1333
Attorneys for Plaintiffs
IN THE UNITED STATES DISTRICT COURT
FOR THE DISTRICT OF NEW JERSEY
EDWARD W. FELTEN; BEDE LIU;
SCOTT A. CRAVER; MIN WU;
DAN S. WALLACH; BEN
SWARTZLANDER; ADAM
STUBBLEFIELD; RICHARD DREWS
DEAN; and USENIX ASSOCIATION, Hon. Garrett E. Brown, Jr.
a Delaware non-profit non-stock Case No. CV-01-2669 (GEB)
corporation, Civil Action
Plaintiffs
vs. DECLARATION OF
MATTHEW BLAZE
RECORDING INDUSTRY ASSOCIATION
OF AMERICA, INC.; SECURE DIGITAL
MUSIC INITIATIVE FOUNDATION;
VERANCE CORPORATION; JOHN
ASHCROFT, in his official capacity as
ATTORNEY GENERAL OF THE
UNITED STATES; DOES 1 through
4, inclusive,
Defendants.
__________________________________________________________________
I, MATTHEW BLAZE, of full age hereby declare:
1. I am a research scientist at AT&T Laboratories, where I
study the use of cryptography in computing and network security.
I am also an Adjunct Associate Professor of Computer and Information
Sciences at the University of Pennsylvania. This declaration is
made on my own behalf, however, and does not necessarily represent
the position of my employer or any other party.
2. My research focuses on the architecture, design, and analysis
of secure systems and on discovering new cryptologic techniques.
A significant part of this work centers around identifying weaknesses
in existing systems and designs.
3. I have discovered weaknesses in a number of published and
fielded security systems, including, in 1994, the protocol failure
in the U.S. Government's "Clipper" key escrow system that led to
its abandonment.
4. In 1995, I invented the field of "trust management," a
unified approach for specifying and controlling security policy in
complex distributed systems, and I lead the KeyNote project at AT&T
Laboratories, which focuses on new trust management languages and
applications.
5. My research has resulted in a number of new cryptological
and security concepts, including Remotely-Keyed Encryption, Atomic
Proxy Cryptography, and Master-Key Cryptography. Other research
I have done has been influential in network-layer encryption (for
example, I co-designed "swIPe," a predecessor of the current
encryption standard for protecting Internet traffic) and computer
file system encryption.
6. I have testified before Congress several times on encryption
and computer security policy and have led and participated in a
number of public-policy panels and reports. I hold a Ph.D. in
computer science from Princeton University.
7. I am active in the review and evaluation of current and
proposed research papers in the areas of computer security and
cryptology, having served on numerous conference program committees,
having reviewed many proposed papers, and having served as a
technical journal editor. For example, I am the program chair of
the 2002 Financial Cryptography conference, and from 1999-2000 I
was a member of the technical editorial board for the journal
Cryptologia.
8. The study of the design of secure computing and communication
systems is necessarily a broad one, encompassing a range of
mathematical, computer science, and engineering disciplines. This
is because security in any particular application might depend on
the soundness of many different components as well as the manner
in which these components interact with one another. Vulnerabilities
can, and frequently do, arise from weaknesses in cryptographic
algorithms and protocols, incorrect assumptions about the nature
of attack threats, poor overall design, programming errors, operating
system bugs, human factor and user interface problems, and installation
errors, to name but a few.
9. Unfortunately, although some advances have been made in
the use of rigorous mathematical techniques to prove and verify
the security of some aspects of a system's design, there is not
yet any systematic way to be sure that a proposed system or design
will be secure in practice. Exploitable vulnerabilities are often
discovered in proposed designs and in systems in actual use. Worse
still, security is often quite "fragile," in the sense that even
very small and seemingly innocuous changes to a secure design or
implementation can introduce critical and non-obvious new weaknesses
that can compromise an entire system.
10. A significant focus of ongoing research, therefore, is and
must be concerned with evaluating real-world security systems in
an effort to discover whether they are, in fact, as secure as their
designers wish them to be. Case studies of proposed and existing
systems and standards form the essential basis for this research.
11. It is only by a thorough understanding of how real systems
fail in practice that we are able to develop design principles for
more secure systems in the future. Because there are no systematic
techniques for ensuring the correctness of most aspects of secure
systems architecture, research toward discovering vulnerabilities
in systems as they are actually designed and implemented is absolutely
essential for the advancement of the field. Scientific progress
in this discipline necessarily depends upon the exploration of
computer system weaknesses and the publication of the knowledge
learned.
12. Research results on vulnerabilities in existing and proposed
systems can often be generalized to apply to other designs. The
impact can be far-reaching and can sometimes mean that broad classes
of systems previously thought to be secure have to be abandoned or
re-engineered. For example, around 1990, two Israeli scientists,
Eli Biham and Adi Shamir, discovered a technique, called "differential
cryptanalysis," that could be used, in theory, to more quickly
"break" messages encrypted under the US Government's Data Encryption
Standard. Their technique turned out to be applicable to most of
the publicly known secret-key block cipher algorithms in existence
at the time. The results of this research were dramatic: many
algorithms previously thought to be secure had to be abandoned,
but new algorithms were from then on designed specifically to resist
the technique. Research leading to such results is not condemned
or discouraged for its potential short-term disruptive effect by
the scientific or academic communities. On the contrary, such work
is universally admired and valued for its essential contribution
to our knowledge of how to design good systems.
13. It should not be surprising, as paradoxical as it may seem
at first blush, that researchers and other scientists who study
security and privacy customarily embrace and value openness and
wide publication even of results that expose vulnerabilities. Such
publication represents the natural advance of knowledge in a
relatively new field of scientific study.
14. Security researchers are drawn from many different disciplines,
come from a wide range of backgrounds, and enjoy a variety of
employment situations. Some are mathematicians, others are computer
scientists, while others come from other engineering and science
fields or from different areas entirely. Many hold advanced degrees,
and a significant number are employed in a traditional academic
environment. Many work in commercial and government research
laboratories, while some hold employment outside the traditional
research environment. It is not uncommon for students and
non-academics to make significant contributions to the field. The
set of individuals with a legitimate need to test systems for
vulnerabilities and publish their results is not at all limited to
those holding academic credentials or advanced educational or
professional status.
15. Security researchers, like all scientific and engineering
researchers, necessarily rely on open publication of the knowledge
learned as the means for communicating with one another and for
measuring progress in the field. Publication customarily occurs
across a variety of venues and forums, including refereed journals,
peer-reviewed conferences, workshops, public lectures, "work in
progress" talks, issuance of technical reports, and over the Internet
and email discussion groups. Researchers are judged, and advance
professionally, largely based on their publication records. Other
scientists depend upon having access to other researchers' results
to evaluate and build upon the existing base of knowledge. Many
scientists have come to depend upon the Internet as a primary mode
of distribution because of its speed, low cost, and global reach.
16. Research papers on security vulnerabilities often reveal
details as to how weaknesses might be exploited. This is because
such papers, like all scientific publications, are expected (by
reviewers, editors, and readers) to contain enough information to
allow other scientists to duplicate, verify, and improve upon the
results presented. The demand for rigorous and repeatable detail
is hardly specific to the security research community; indeed, this
is an essential part of the scientific method and is what allows
progress to be made and errors to be detected. Withholding details
sufficient to allow all claims to be reproduced independently would
generally render any paper unsuitable for scientific publication,
no matter how laudable the reasons for the omission.
17. Any prohibition of open discussion and publication of
security vulnerabilities therefore greatly harms the ability of
researchers in several areas of science and technology to function,
and indeed has a chilling effect not only on publication, but on
whether certain very important research is even done in the first
place, greatly stifling scientific advancement.
18. Publication restrictions only encourage vulnerability
research to go overseas and underground. Discouraging aboveboard,
open research in legitimate institutions leads to a situation where
the people who enjoy the most complete knowledge of the subject
are those working unlawfully in the underground. Criminal
organizations already have obvious incentives to learn how to defeat
security measures. The question is whether the open scientific
community and the public will be permitted to study, learn from,
and fix the same vulnerabilities that are visible to criminals.
19. Provisions of the DMCA are particularly troubling here.
Despite what the drafters of the DMCA might have intended, the
practical and negative effects of the DMCA on security and cryptology
research can be far broader than one might first expect, reaching
far beyond copy protection.
20. There are strong interrelationships among problem domains
in security, and results from across the spectrum of security
research can potentially be applied to copy protection systems.
Conversely, it is entirely possible that a study of vulnerabilities
in some copy protection system could lead to a more general result
that applies broadly to other areas of security research and that
would advance the field significantly.
21. Because of the DMCA, I am reluctant to continue engaging
in the study of vulnerabilities in existing and proposed security
systems, despite my having previously enjoyed a number of successes
with my research in this area. I fear that I would be unable to
publish my work in a timely and relevant manner, should any results
I discover happen to be applicable to copy protection systems.
Professor Felten's case provides a stark and worrisome example of
the chilling effect that I face since the enactment of the DMCA.
I declare under penalty of perjury that the foregoing is true and
correct and was executed at _________________on this the ___ day
of ________, 2001.
______________________________
Matthew Blaze