SSSCA = Digital Rectal Thermometer Security Act ?

David_Biggins@usermgmt.com David_Biggins at usermgmt.com
Tue, 11 Sep 2001 11:32:43 +0100 

Presumably it also means that all web-sites MUST be entirely SSL or
equivalent?

## dave ##

> -----Original Message-----
> From: Nexus [mailto:nexus@patrol.i-way.co.uk]
> Sent: Tuesday, September 11, 2001 11:03
> To: ukcrypto@chiark.greenend.org.uk
> Subject: SSSCA = Digital Rectal Thermometer Security Act ?
> 
> 
> Ron Rivest has some interesting comments on this :
> 
> ----- Original Message -----
> From: "InfoSec News" <isn@c4i.org>
> To: <isn@attrition.org>
> Sent: Tuesday, September 11, 2001 7:08 AM
> Subject: [ISN] SSSCA = Digital Rectal Thermometer Security Act ?
> 
> 
> > ---------- Forwarded message ----------
> > Date: Mon, 10 Sep 2001 00:55:51 -0400
> > From: Ronald L. Rivest <rivest@mit.edu>
> > To: cryptography@wasabisystems.com, farber@cis.upenn.edu
> > Subject: SSSCA = Digital Rectal Thermometer Security Act ?
> >
> > Hi all --
> >
> > I just sat down and read the proposed text of the Holling's 
> SSSCA bill.
> >          http://cryptome.org/sssca.htm
> > Boy is this bill breathtaking in its breadth! I have tried 
> to understand
> > its language.  It says in Section 101:
> >
> >      "It is unlawful to manufacture, import, offer to the 
> public, provide
> > or otherwise traffic in any interactive digital device that does not
> > include and utilize certified security technologies that adhere to
> > the security systems standards adopted under section 104."
> >
> > and says in Section 109:
> >
> >          "The term "interactive digital device" means any 
> machine, device,
> > product, software, or technology, whether or not included with or as
> > part of some other machine, device, product, software, or 
> technology,
> > that is designed, marketed or used for the primary purpose of, and
> > that is capable of, storing, retrieving, processing, performing,
> > transmitting, receiving, or copying information in digital form."
> >
> > Putting 2+2 together, we see that essentially all digital 
> devices and
> > software will have to have "certified security 
> technologies" in them.
> > Anything that works primarily with digital data is covered.
> >
> > My feeble brain came up with the following list of things that would
> > have to be secured.  I'm sure you can think of lots more.
> >          -- All bar-code scanners
> >          -- All computer-controlled ignition systems
> >          -- All metro ticket readers
> >          -- All digital watches and calculators
> >          -- All ATM machines
> >          -- All digital cellular phones
> >          -- All digital answering machines
> >          -- All GPS receivers
> >          -- All sports scoreboards and the marquee signs in 
> Times Square
> >          -- All electronic parking meters
> >          -- Almost all lab equipment (everything is digital 
> these days)
> >          -- All software, for sure
> >          -- All digital cameras and digital movie cameras
> >          -- All PC's and game consoles
> >          -- All remote key-entry systems and most home 
> security systems
> >          -- All stop-light controllers
> > Well, I should leave some of the fun to you. But of course
> > my favorite should be listed:
> >          -- All digital rectal thermometers
> >
> > Presumably some staffers will try to rescue this
> > laughable (albeit a bit scary) lobbyist-written proposal.
> > Of course, just letting the bill die is probably best.  But if
> > they want to fix things, they should consider adding language
> > that makes it ILLEGAL to sell copy-protection technology
> > that doesn't permit at least
> >
> >          -- fair use, including time-shifting and making a 
> reasonable
> >            number of copies for personal or educational use, or
> >            for backups,
> >
> >          -- free use of a copyrighted item once the copyright has
> >            expired
> >
> > (This list should be expanded.)
> >
> > But in any case, making any security technology *mandatory* on all
> > digital devices and computers is clearly a non-starter.  Why, we'd
> probably
> > have to close down all the country's computer science departments
> > (can't have these kids making unsecured devices, you know, even if
> > it is their homework assignment to build a computer...)
> >
> >          Cheers,
> >          Ron Rivest
> >
> >
> >
> > Ronald L. Rivest
> > Room 324, 200 Technology Square, Cambridge MA 02139
> > Tel 617-253-5880, Fax 617-258-9738, Email <rivest@mit.edu>
> >
> >
> >
> >
> > 
> ---------------------------------------------------------------------
> > The Cryptography Mailing List
> > Unsubscribe by sending "unsubscribe cryptography" to
> majordomo@wasabisystems.com
> >
> >
> >
> > -
> > ISN is currently hosted by Attrition.org
> >
> > To unsubscribe email majordomo@attrition.org with 
> 'unsubscribe isn' in the
> BODY
> > of the mail.
> >
> 
> 
>