Subject: Re: Coordinated effort re: SSSCA?
From: Bernard Lang <>
Date: Thu, 20 Sep 2001 01:52:38 +0200

On Wed, Sep 19, 2001 at 12:04:16PM -0600, John McDermott wrote:
> Does anyone plan or know of a coordinated effort for dealing with the
> SSSCA? Has anyone heard of plans to get it introduced and on the Senate
> calendar?

ACM is working on that very seriously ... they are extremely concerned.

On the lighter side:
Apparently it raises also serious problemes concerning body temperature,
identified by Ron Rivest


   --- Forwarded Message Begins ---

Date:    Sun, 16 Sep 2001 10:27:12 EDT
From:    Monty Solomon <>
Subject: SSSCA = Digital Rectal Thermometer Security Act ?
To:      undisclosed-recipients:;

Date: Mon, 10 Sep 2001 00:55:51 -0400
From: "Ronald L. Rivest" <>
Subject: SSSCA = Digital Rectal Thermometer Security Act ?

Hi all --

I just sat down and read the proposed text of the Holling's SSSCA bill.
Boy is this bill breathtaking in its breadth! I have tried to understand
its language.  It says in Section 101:

    "It is unlawful to manufacture, import, offer to the public, provide
or otherwise traffic in any interactive digital device that does not
include and utilize certified security technologies that adhere to
the security systems standards adopted under section 104."

and says in Section 109:

        "The term "interactive digital device" means any machine, device,
product, software, or technology, whether or not included with or as
part of some other machine, device, product, software, or technology,
that is designed, marketed or used for the primary purpose of, and
that is capable of, storing, retrieving, processing, performing,
transmitting, receiving, or copying information in digital form."

Putting 2+2 together, we see that essentially all digital devices and
software will have to have "certified security technologies" in them.
Anything that works primarily with digital data is covered.

My feeble brain came up with the following list of things that would
have to be secured.  I'm sure you can think of lots more.
        -- All bar-code scanners
        -- All computer-controlled ignition systems
        -- All metro ticket readers
        -- All digital watches and calculators
        -- All ATM machines
        -- All digital cellular phones
        -- All digital answering machines
        -- All GPS receivers
        -- All sports scoreboards and the marquee signs in Times Square
        -- All electronic parking meters
        -- Almost all lab equipment (everything is digital these days)
        -- All software, for sure
        -- All digital cameras and digital movie cameras
        -- All PC's and game consoles
        -- All remote key-entry systems and most home security systems
        -- All stop-light controllers
Well, I should leave some of the fun to you. But of course
my favorite should be listed:
        -- All digital rectal thermometers

Presumably some staffers will try to rescue this
laughable (albeit a bit scary) lobbyist-written proposal.
Of course, just letting the bill die is probably best.  But if
they want to fix things, they should consider adding language
that makes it ILLEGAL to sell copy-protection technology
that doesn't permit at least

        -- fair use, including time-shifting and making a reasonable
          number of copies for personal or educational use, or
          for backups,

        -- free use of a copyrighted item once the copyright has

(This list should be expanded.)

But in any case, making any security technology *mandatory* on all
digital devices and computers is clearly a non-starter.  Why, we'd probably
have to close down all the country's computer science departments
(can't have these kids making unsecured devices, you know, even if
it is their homework assignment to build a computer...)

        Ron Rivest

Ronald L. Rivest
Room 324, 200 Technology Square, Cambridge MA 02139
Tel 617-253-5880, Fax 617-258-9738, Email <>

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to

   --- Forwarded Message Ends ---

         Non aux Brevets Logiciels  -  No to Software Patents
           SIGNEZ    SIGN             ,_  /\o    \o/    Tel  +33 1 3963 5644  ^^^^^^^^^^^^^^^^^  Fax  +33 1 3963 5469
            INRIA / B.P. 105 / 78153 Le Chesnay CEDEX / France
         Je n'exprime que mon opinion - I express only my opinion