Encryption as confidentiality marker

Ben Laurie ben at algroup.co.uk
Wed, 30 Jun 1999 18:53:12 +0100 

David Swarbrick wrote:
> 
> In Mars UK Ltd v Teknowledge Ltd, recently reported in the Times, (23
> June 1999) encryption gets an interesting if limited mention.
> 
> Mars use vending machines which apply software to stored data to analyse
> and identify coins inserted in their machines. Encryption is used to
> protect that software/data as a valuable commercial product.
> 
> Teknowledge appear to have been able to work past the encryption in the
> course of reverse engineering and reproducing the mechanisms.
> 
> In the course of the action Mars (among many other assertions), claimed
> that the use of encryption was enough to fix Teknowledge with an
> awareness of the confidentiality of the protected information, and this
> also with a duty of confidence.
> 
> J Jacobs rejected the argument. The report I have is very limited, and
> says almost nothing more, but however brief, it does perhaps challenge
> some of the assumptions made about the use of encryption.
> 
> It is sad that Mars should use encryption which is beatable in this way.

No it isn't. It's an inherently insoluble problem (well, short of
tamper-proof hardware, in which case the encryption is unnecessary).

> It is sad also that encrypting text is not a sufficient 'hands off'
> notice. I acknowledge that the law of confidence requires additional
> elements beyond the fact of something being kept private, but the case
> does muddy the waters perhaps.

Hmm. Encrypting text is different from encrypting executable code. The
problem is that clearly mere encryption can't equate to "hands off", or
the recipient couldn't read it, either. In the case of executable code,
you have the recipient (the processor) in your hands, so there's an
implied agreement that something in your possession should be able to
read it. So, it is exactly the same (IMO) as reading the firmware of a
device I own. Which I contend I _should_ be allowed to do, in the same
way that I should be allowed to maintain my own car engine.

Cheers,

Ben.

--
http://www.apache-ssl.org/ben.html

"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."
     - Indira Gandhi