Stop the SSSCA!


In case you haven't heard of it already, the SSSCA (Security Systems Standards and Certification Act, A.K.A CBDTPA, A.K.A. $$$©A) is a proposed United States law that will prohibit any "digital device" that does not implement government-mandandated "security standards". You can read a draft of the bill here . For those who cannot read such rubbish without becoming physically ill, I will summarize the main points here:

This bill is worded so broadly that any pieces of digital technology, from PCs to PDAs, from maintrames to pocket calculators, from CPUs to operating systems, from printers to monitors, will fall under its provisions. Of course, for the sort of "digital rights management system" that this bill envisions to be successful, such overbroadness is necessary. The system would never work unless the protected media can be transmitted to and from any device, over any medium, with its security protections intact.

For example, a computer's digitial audio and video outputs would be required under this law to only send data to devices that maintain copyright protection. Otherwise, you could plug the unsecured outputs back into your computer's A/V inputs, and re-record the formerly protected files into new, unprotected files with no immediate loss of quality. Efforts are already under way to encrypt data between the operating system and the sound card (by Microsoft, of course), and between the video card and the monitor cable. This bill would make these efforts mandatory.

The Problem
(from a computer engineering standpoint)

Aside from the innumerable civil rights, free speech, and Orwellian problems that this bill poses, the impacts it will have on the open source software community are dire indeed. Take the example of encryption between the OS and the sound card: the idea is to keep the data scrambled from the time when it leaves the audio application, to the time when it reaches the sound card's output (or perhaps even longer, eg. secure speaker cables). The only way to do this is to either build the encryption code into the application, or to build it into the OS itself. In either case, the software that contains the encryption must not have source code available, or it would be quite trivial to disable the encryption, or to intercept the data before it gets encrypted and save it to a file.

In practice, the encryption would probably be implemented at the OS level to simply application programming, and the sound card would implement the decryption in hardware. This would not work in an open-source operating system such as Linux, since it would be easy (albeit illegal) for anyone with a little programming knowledge to defeat such a scheme completely. Therefore, it is likely that Linux will not be authorized under the "security standards" to have sound output support.

In fact, every system component that could potentially touch copyrighted material would have to be secured from tampering by technological and/or legal means. In other words, system software and hardware implementation would be left up to the manufacturers who can afford to license the protection and can keep its details secret. Linux would become either illegal or useless, depending on how much hardware it supports. Think DVD CSS encryption all over again ($1,000,000 per product license, BTW), but much stronger, and in nearly every part of every computer.

Yes, it's still illegal to use free (as in beer) software to play a DVD under Linux in the United States. I would proudly do so, and I will do everything I can do in good conscience to undermine this law, if it passes. Perhaps I be doing it from another nation, though.

What You Can Do

This bill cannot be allowed to pass. Regardless of whether you think the legislature or the courts will honor it, it must be stopped dead in its tracks NOW. Remember, many computer geeks laughed at the DMCA until it passed. Once it did, they dismissed it as unenforceable. Once it was enforced, they thought it would be declared unconstitutional. Now, they are crying.
  • Write your representatives:
    • Write to Sen. McCain and other Senate Commerce Committe members, in addition to your state's Senators/Reps.
    • Use FAX if you can, due to the recent anthrax scare. E-Mail is OK too, but not quite as effective.
    • See this recent EFF "Action Alert" for a good sample letter.
  • Sign this petition
  • Register to vote, and help to ensure that Sen. Fritz Hollings (D-S.C.) and Sen. Ted Stevens (R-Alaska) are never elected to office again
  • Support the EFF
  • Alert your friends (if you use email to do this, be sure to include prominent links to sites that will let people know if the bill is defeated; you don't want to start another unstoppable chain-email "hoax" , do you?)
  • Protest, commit civil disobedience, quit your job (if you work for a company that backs this bill)
  • Alert the media to this threat, and try to get respected people/companies on our side
  • Support congressional term limits and soft-money restrictions (bills like this exist because certain "good 'ol boys" in Congress had their palms sufficiently greased, by even greasier lobbyists)
  • If you don't live in the US, protest it anyway. Remember, for this bill to be effective, ALL computer components must be conformant. The U.S. will pressure YOUR country to adopt a similar law to prevent your native companies from providing "unsecure" devices to the U.S.
  • Let me know if you have any suggestions

Copyright © 2001, Mark McClelland. You may reproduce this document or any portion thereof, in any form, without restriction or attribution.