Commercial Security on the National Information Infrastructure

PATENT AND TRADEMARK OFFICE 
DEPARTMENT OF COMMERCE 

PUBLIC HEARING

COMMERCIAL SECURITY ON 
THE NATIONAL INFORMATION INFRASTRUCTURE 
 
THURSDAY, OCTOBER 20, 1994 
Sunnyvale Community Center
550 East Remington Drive
Sunnyvale, California





The Hearing Panel

BRUCE A. LEHMAN, Chairman
Assistant Secretary of Commerce and Commissioner of Patents and 
Trademarks
Chair, Working Group on Intellectual Property, Information Infrastructure 
Task Force

BRUCE McCONNELL
Chief, Information Policy/Technology Branch 
Office of Management and Budget 

ESTHER DYSON
President 
EDventure Holdings, Inc. 
Co-Chairman Mega-Project III, NII Advisory Council 

FRANCES W. PRESTON, 
President and Chief Executive Officer 
Broadcast Music, Inc. 
Member, NII Advisory Council 

Staff Present:

JEFFREY P. KUSHAN, Esq., 
TERRI SOUTHWICK, Esq. and
MICHAEL O'NEIL 
Office of Legislation and International Affairs 
U. S. Department of Commerce 
Patent and Trademark Office 


Witnesses

WITNESS PANEL ONE: 
Intellectual Property Creators, Rights-Holders 
and Users

Roger Schell
Senior Development Manager 
Network Products Division 
Novell, Inc. 

Sandra Whisler
Assistant Director for Electronic Publishing 
University of California Press 

Pieter Bolman
President
Academic Press 

David Leibowitz
Executive Vice President and General Counsel 
Recording Industry Association of America 

Al McPherson
Director of Technical Services 
Warner Brothers Records 

Mark Bunzel
Chief Executive Officer 
AVTEX Interactive Solutions 

Barbara Simons
Chair, U. S. Public Policy Committee 
Association of Computing Machinery 



WITNESS PANEL TWO
Distributors and Technical Solution Providers 

Jeffrey Sinsheimer
Director of Regulatory Affairs 
California Cable Television Association 

Josh Groves
Director of Current Awareness Products 
Marketing Department 
Dialog Information Services 

Curt Schmucker
Manager, Tools and Environments 
Apple Computer 

William Ferguson
Vice President, Marketing and Sales 
Semaphore Communications Corporation 

William Sweet
Director of Marketing, 
iPower Strategic Business Unit 
National Semiconductor Corporation 

William Krepick
Senior Vice President 
MacroVision Corporation 

Robert M. Rast
Vice President, HDTV Development 
General Instrument Corporation 


\P R O C E E D I N G S\
(9:10 a.m.)
MR. LEHMAN:  We are going to begin the 
hearing.  Our sound system is not set up yet.  
Can everybody hear us in the back?  We are 
going to start, even though the sound system is 
not set up. We are under quite a tight time 
deadline, so we are going to go ahead without 
it.  It's a fairly small room and I assume it will 
be operative shortly.  Our court reporter can 
hear us well enough to transcribe the 
proceedings.
Good morning, everybody, and welcome here to 
Sunnyvale.
Let me begin, on behalf of everybody involved in 
this panel, in the actual Information 
Infrastructure Task Force, by thanking the city 
of Sunnyvale for providing us with this facility 
today. I must say, Sunnyvale has always been 
more than happy to help us in the Clinton 
Administration on any of our needs to come out 
here and communicate with the high-tech 
community and Silicon Valley.  We really 
appreciate that.
Before I explain what our hearing today is 
intending to cover, I should first explain, to 
anybody who doesn't know in the audience, who 
we are and how we came to be here.
First, my name is Bruce Lehman.  I am the 
Assistant Secretary of Commerce and 
Commissioner of Patents and Trademarks.  I 
also serve as chairman of the Working Group on 
Intellectual Property of the Information 
Infrastructure Task Force, which is set up by 
President Clinton, as part of the Information 
Infrastructure Task Force and chaired by the 
Secretary of Commerce, Ron Brown.  The 
Working Group on Intellectual Property is 
studying the challenges the information 
superhighway will present for our intellectual 
property systems in the United States, and, 
really, in the world.       
The Working Group on Intellectual Property 
Rights is a part of a larger working group 
Intellectual Infrastructure Security Issues 
Forum, which is chaired by Sally Katzen, who is 
Deputy Director of the OMB.  Actually, she 
asked me if I would come out here and chair 
this hearing today, really, not just on behalf of 
the working group, but on behalf of the larger 
Information Policy Committee of the entire 
Information Infrastructure Task Force.
With us today is Bruce McConnell, who is 
Deputy to Sally Katzen at the OMB.  We also 
will be joined shortly, I hope, by John Cooke, 
who is a member of the Advisory Council on the 
National Information Infrastructure Task Force. 
 We also have Esther Dyson, from the 
Information Infrastructure Task Force, and 
Frances Preston, also with us.
This Forum is studying security issues that 
bridge the particular topics that are being dealt 
within all of the various working groups of the 
NII, particularly the Information and Security 
Working Group.  We also have a parallel 
committee in the NII Advisory Council, 
Mega-Project III that Ms. Dyson and Mr. Cooke 
and Ms. Preston sit on.  So, today, we are 
combining, really, the Working Groups of the 
NII Task Force, government officials with our 
private sector advisors here in this single 
hearing. What brings us together is our common 
interest in ensuring that intellectual property 
will be protected on the information 
superhighway.  Without clear and effective 
protection at both legal and functional levels, 
the NII simply will not become commercially 
viable.        
There are really two aspects to the issue of 
protecting intellectual property.  One concerns 
the legal systems we have that create exclusive 
rights in intellectual property.  The second is a 
more functional concern; and that is:  the types 
of systems and technologies available to protect 
the physical embodiments of intellectual 
property, and they work hand in hand, the law 
and the techniques for physically securing the 
work.  Today's hearing is designed to educate 
us as to the second of  these perspectives.  
What we are seeking  are perspectives on how 
products and services based on intellectual 
property will be protected on the NII.
Now, our hearing notice contains four aspects to 
this issues that we are particularly interested 
in gaining a perspective  on.  They are:
First:  What kind of products and services will 
be made available via the National Information 
Infrastructure?
Second:  What capacity will users of the NII be 
given to view, hear, retrieve, reproduce, modify 
or further distribute products and services?
Also, What commercial threats exist and must 
be addressed to provide products and services 
via the NII, particularly to unauthorized access 
to or theft of products or services; and integrity 
or confidentiality of information delivered or 
retrieved via the NII?
Finally, we want to look at what kinds of 
technical solutions currently exist or should be 
developed to address these security concerns?
Now, we have been lucky in gaining the 
cooperation of the two panels of witnesses today 
who will provide us with insight from various 
industry and user perspectives.  I want to 
thank the individuals, all who are at the other 
table here, for agreeing to participate, 
particularly in view of the short notice we gave 
them.
Before we turn to my colleagues here, for 
whatever statement they would like to make, I 
would like to summarize how today's hearings 
will be conducted.
First, we will convene the two panels of 
witnesses.  The first panel is going to represent 
perspectives of intellectual property rights 
holders and users.  Then, the second panel is 
going to provide the input from distributors and 
technical solution providers -- what I will call 
technical solutions providers.  Each of the 
individuals, who will be working with us, has 
been asked to review the questions that were 
outlines in our Federal Register notice.  They 
will be given an opportunity to comment on any 
or all of these questions.
Once all of these individuals have presented 
their opening remarks, I will invite members of 
the hearing board and the witness panels to 
ask questions.  Hopefully, this will stimulate a 
discussion on this particular topic.  Members of 
the audience who wish to ask questions or 
present remarks can do so, also, once the 
panels we've asked to come forward have 
finished their questioning of the witnesses.
Now, Michael O'Neil is sitting right here. Will 
you stand up, please, Michael?  If you want to 
ask anything, right here in the front corner of 
the room, anybody who wants to ask questions, 
I'd appreciate it if you would touch bases with 
him because he will do it in an orderly manner.
I would also like to thank Jeff Kushan of our 
staff, who worked on these hearings.
I just learned that John Cooke had to go back 
to Los Angeles.  Undoubtedly Disney is buying 
either MCA or CBS, or somebody,  so he won't 
be here today.
First, I'd like to, before we ask our first panel, 
when they do speak, I hope the panel, since we 
have a limited period of time, I would like to 
conclude by noon, if we could -- since a number 
of people have to get planes back to the East 
Coast from San Francisco Airport --  if we could 
get into the meat of the questions as soon as 
possible.
But, first, I certainly want to give my colleagues 
here the opportunity to make any introductory 
remarks that they would like to make. Ms. 
Preston, would you like to say something?
MS. PRESTON:  Yes, thank you.  I'm Frances 
Preston, and I'm president and CEO of 
Broadcast Music, Incorporated, better known as 
BMI.
It's a pleasure for me to be here today in 
Sunnyvale, and also to be a part of this 
morning's hearings.  And of course, I've been 
reading about Silicon Valley for a long time, so 
it's been a pleasure for me to be here because 
not only can we hear the West Coast 
perspective on the NII, but a perspective from 
those whose technological advances are going to 
make the NII a reality.
I look forward to hearing of your plans for 
commercial and non-commercial uses on the NII 
and the GII and what type of intellectual 
property you anticipate traveling on the 
information superhighway. And since we've not 
finalized our security and privacy principles, it's 
important to hear what you believe will be 
required to protect your content.  And, of course, 
I'm always honored to be here with the 
Honorable Bruce Lehman because his efforts 
and his dedication to this project have really 
been untiring and we're all very appreciative of 
that.
MR. LEHMAN:  Thank you very much, Ms. 
Preston.
MS. DYSON:  I'm delighted to be here.  I just 
want to second everything that Frances said 
and hear what you have to say.  Thank you very 
much.
MR. LEHMAN:  All right.  Finally, Bruce 
McConnell, Chief, Information Policy/Technology 
Branch of the Office of Management and 
Budget.  And by the way, I want to say to 
everybody, the Office of Management and 
Budget might not mean very much to you, but 
they run Washington, D.C.  They run the 
budget, they tell all the rest of us what to do, so 
I don't know if Bruce McConnell  needs any 
more introduction than that.
MR. McCONNELL:  Well, actually, the 
Congress also thinks they run Washington.  But 
I just want to make two points briefly.
We really look forward -- this is the beginning of 
a series of hearings that we're going to conduct 
on the questions of security in the National 
Information Infrastructure, and we're hoping to 
learn as much concrete and specific information 
as we can about what the requirements are and 
also how those requirements might be met.
We're interested in all aspects of security, 
whether it be confidentiality, the integrity of the 
information or the reliability of the networks 
and systems.  So we're going to be looking at 
that in all aspects, and in particular, today 
we're looking at what kinds of protections are 
needed for information that is intellectual 
property information.  Later in the year, we're 
going to look at health information, for example.
The other point I'd like to make is that the 
whole point of this exercise is to learn as much 
as possible what the industry and the public 
believe is important.  And in particular, as we 
have learned in the Administrative about the 
ongoing debate on the question of cryptography 
and the clipper ship, there needs to be more -- 
you know, we need to listen more to the public 
and the industry about what is needed and 
what the solutions are.
So I hope today we can hear some of that, and 
it's also my hope that we won't spend all day 
discussing cryptography policy because that 
certainly is something that's been debated and 
continues to be debated.  But we want to hear 
about all the different kinds of solutions and 
techniques that are available and learn about 
the whole variety of things.  So I look forward to 
the discussion.
MR. LEHMAN:  Thanks very much, Bruce.  Now 
I'll turn to the panel and remind them that we 
have set up for questions in our public notice 
and I mentioned some of them in my open 
statement, and maybe we should just introduce 
everybody in the panel first.
We have Roger Schell, Senior Development 
Manager, Network Products Division of Novell, 
Incorporated; Sandra Whisler, Assistant 
Director for Electronic Publishing at the 
University of California Press; Pieter Bolman, 
President of Academic Press; David Leibowitz, 
Executive Vice President and General Counsel 
of the Recording Industry Association of 
America; Al McPherson, Director of Technical 
Services for Warner Brothers Records; Mark 
Bunzel, Chief Executive Officer of AVTEX 
Interactive Solutions; and finally, Barbara 
Simons, Chair, U.S. Public Policy Committee of 
the Association of Computing Machinery.
So, with that, why don't we start with Mr. 
Schell and we'll go right down the line here.  
And you can sort of help us with answering 
these questions that we have put in the Federal 
Register notice.
WITNESS PANEL ONE
INTELLECTUAL PROPERTY CREATORS, 
RIGHTS HOLDERS AND USERS
STATEMENT OF ROGER SCHELL
SENIOR DEVELOPMENT MANAGER
NETWORK PRODUCTS DIVISION
NOVELL, INC.
MR. SCHELL:  Mr. Assistant Secretary, my 
name is Roger Schell.  I'm Senior Development 
Manager for Information Security of the 
Network Products Division of Novell, 
Incorporated.  Today I'm pleased to present this 
statement on behalf of the Business Software 
Alliance, BSA.  BSA represents the leading U.S. 
software publishers, including Novell, Apple, 
Autodesk, Intergraph, Lotus, Microsoft and the 
Santa Cruz Operation.
Let me get right to the substance of this 
hearing:  how to ensure that commercial 
products and services will be made available on 
the NII and the computer users will entrust 
storing and sending their personal and 
confidential information in electronic form.
As Assistant Secretary Lehman recognized in 
the draft report, intellectual property rights are 
critical to the success of the NII.  Therefore, 
without successful protection of intellectual 
property and sensitive content, the NII simply 
will not succeed.
The ease of making perfect copies and the 
ability to distribute innumerable copies quickly 
over the network necessitate technological 
means of protecting intellectual property.  In 
other words, the legal framework of intellectual 
property rights will work hand in glove with 
technology.  Let me give two examples from  a 
supplier and a user perspective.
First, if you think of the hardware as the 
muscle of the NII, it is the software that will 
serve as the brains.  Software helps the user 
navigate the ocean of digital information.  It is 
the software that actually pulls the information 
through the computer's switches and wires.  
This advancement of technology allows us, as 
software providers, to provide our products in a 
more efficient, effective manner.
We anticipate that software publishers will be 
able to offer products for sale over the network.  
However, to offer products in such a manner, 
they must be protected from deliberate efforts 
by both users and malicious software to obtain 
unauthorized copies.
Encryption and trusted computer systems are 
two technical solutions that work and are key to 
providing the protection so that only the buyers 
who have received the keys will be able to 
unscramble the products that we provide and 
that they have purchased.  Intellectual property 
laws and technology work together to provide 
security.
Encryption, the technology, allows quick, secure 
delivery while intellectual property laws protect 
the owners from misappropriation of the 
product by the purchaser.
Next let me mention a second point of view, 
that of our customers.  As you move to networks 
connecting offices around the world, new 
challenges arise to successfully distinguish and 
protect the various classes of key information.  
For this worldwide network to grow and 
prosper, users must know that, one, 
information is not subject to theft or sabotage, 
and two, they can verify who the information is 
coming from and going to and what class of 
access they are authorized.
Today, businesses around the world are 
demanding such information protection and 
verification capability.  Stronger security 
methods continue to be needed against hostile 
users and malicious software that will 
inevitably be present in this sort of worldwide 
network.
Unfortunately, today's U.S. government policies 
do not allow us as U.S. software publishers to 
offer strong encryption capabilities and 
high-assurance trusted computer systems 
worldwide. Without the trusted ability to 
provide strong encryption, intellectual property 
will be at risk on the NII and businesses simply 
will not use the infrastructure for transmitting 
and receiving the various distinct classes of 
sensitive information.
The draft report recognizes the need for security 
through technology when it explores possible 
amendments to define criminal and civil 
offenses for technical devices or computer 
programs to circumvent the security of the NII.
The software industry is further encouraged by 
Vice President Gore's July letter which outlined 
the basis for a key escrow encryption system 
which would be exportable.  We've begun 
discussions with the Administrative regarding 
development of such a system, and BSA 
believes these discussions could be pivotal to 
addressing security of the NII and protection of 
intellectual property worldwide.
In closing, BSA members agree that 
trustworthy, strong security technologies are 
necessary to a flourishing NII.  Strong 
encryption with trusted computer control is a 
proven technology.  The ability to sell and use 
this technology on an international basis is 
necessary to the success of the NII.
Thank you for the opportunity to testify. I'll be 
happy to respond to any questions that you 
have.
MR. LEHMAN:  Thanks.  Maybe we can move 
right on into Ms. Whisler. (Asides.)
MR. LEHMAN:  Well, I think it would be better 
for everybody to get their views out on the table, 
don't you think, and then we'll have the 
dialogue.
STATEMENT OF SANDRA WHISLER     
ASSISTANT DIRECTOR FOR ELECTRONIC 
PUBLISHING
UNIVERSITY OF CALIFORNIA PRESS
MS. WHISLER:  I'm Sandra Whisler.  I'm the 
Assistant Director of the University of California 
Press for Electronic Publishing.  We, like most 
university presses, and I think like scientific 
and technical publishers in general, are working 
on a wide range of pilot projects and really 
recognize electronic publishing over the Internet 
or over the NII as an essential part of our 
future.
We are looking forward to offering a full range of 
scholarly publishing over the NII.  That's 
journals, monographs, books with wider 
interest, and we want these things to be 
available both in their wholes or in their parts, 
that someone might take a particular chapter or 
part of a chapter.  This may include print, 
illustrations, audio, video.  We really want to be 
able to take full advantage of what the 
technology has to offer.
In the short term, we'll be offering these projects 
by site license to libraries, although ultimately 
we want to be offer access directly to 
individuals.  And it's important to remember 
that these individuals are for the most part 
humanities and social science scholars, and so 
they have a different sort of level of technological 
sophistication and equipment availability than 
physicists or chemists.  And we struggle with 
that all the time.
We're looking for a full set of capacities to be 
available to these users.  They need to be able 
to view, hear, retrieve, down load, save, print 
all of the things that they are going to bring to 
this as a set of expectations.
In addition, for libraries, they also need to be 
able to archive locally, to mount and distribute 
within their own communities, and possibly to 
fulfill Internet library loan requests over the 
NII, although there are still -- that makes me 
anxious every time I think about that, but 
that's a separate problem.
Individuals are going to want to be able to find 
things, to down load them, to make course 
packs.  They're going to want to be able to 
combine partial pieces of the work from a 
variety of publishers into a single offering for 
their classrooms.  And the implication of that 
really is that we need a copyright observance 
and metering software that will really make 
that possible.  It isn't going to be feasible to do 
that if you've got to somehow get permission 
from every publisher separately.  You know, 
you're just not going to do it any more than they 
do it Xeroxing now.
In terms of the commercial threats to access or 
theft, we really do need to be able to secure our 
sites so that we can limit access to approved 
customers who pay.  We may be a non-profit 
publisher, but we must survive financially the 
same as people who get traded on the stock 
exchange.  And in this time of decreasing 
subsidies in university budgets, that becomes 
even more important.
And so we can't do this -- I mean, even though 
our ultimate goal is to disseminate information, 
we can't do this if there isn't enough cost 
recovery coming back to make it feasible.  And 
to do cost recovery, you've got to sell, and to sell, 
you've got to be able to restrict access.
And so we're struggling with being able to 
restrict the access and at the same time be able 
to provide the information to customers who 
have a very wide range of software and 
hardware availabilities. And so a lot of the 
potential technical solutions we have, you know, 
they work just great on Spark stations but they 
don't do so well on, you know, Mac II's, and we 
really can't exclude our audience by the 
fanciness of our technical solutions.
Having said that, I'm not really worried about 
fire walls and serious encryption and some of 
those kinds of things.  Anyone who wants to 
hack their way into the electronic version of 
19th century literature is more or less welcome 
to do so. I think there aren't going to be a lot of 
those people.  But nevertheless, we've got to be 
able to make it secure enough that it isn't just 
there for anyone for free.
I should say that that's, you know, I suspect 
that's sort of a humanities and social science 
publisher view and that if you talk to my 
colleagues in scientific and technical publishing, 
you know, their product is worth a lot more.  It's 
a lot more competitive.  You know, that would 
make some difference, I suspect.
All of these problems have got to be faced in a 
way that allows us to control copyright and to 
receive some reimbursement for those partial 
uses. You know, if we can't have some way of 
getting some remuneration for people using 
single chapters, the whole economic basis of 
scholarly publishing, which is really shaky right 
now anyway, will, I fear, go down the tubes.
We're also really concerned about being able to 
validate our information and assure our users 
that what they receive is the authentic, correct, 
not messed-up version of the text.  I think that 
in the long run, one of the things that's going to 
encourage people to buy scholarly information 
from scholarly publishers rather than taking it 
off the preprint servers or getting it from their 
friend down the hall or whatever is this 
guarantee that the information that they get is 
uncorrupted.You know, one assumes that a couple of times 
of standing up in front of their peers and 
quoting a text which is no longer a valid text 
will encourage people to do that, but that only 
works if we can in fact provide them with really 
valid information that we're sure has not been 
messed up.
The most important thing we need, though, is 
some way to get paid, and so we're very 
interested in the efforts being made to make it 
possible to give credit card numbers or to 
exchange cash in some way over the net.  If that 
doesn't happen and if it doesn't happen in a 
way that's easy for the end user to use and easy 
for us to use, you know, as easy as credit cards, 
we're not going to be able to succeed in this.
And so there isn't anything we can do about 
that.  We can't sort of go in the business 
software development ourselves, but it's really 
essential that that happen.  And I really hope it 
happens in three years, but we'll see.  So that's 
something that really isn't directly related to 
publishing.  It's not a publishing concern, and 
yet if that commercial financial aspect of trading 
over the NII is not solved, you know, we can't 
move forward.
So we're really looking for a way to restrict 
access to paying customers, an easy way for the 
customers to pay, a way for them to pay for 
parts of the whole, some kind of metering 
software, and a way to guarantee the 
authenticity of the information we provide.
The other thing that I might add as just an 
aside is that we're really hoping for an open 
pipeline environment.  We don't want the 
distributors to be, you know, deciding what 
information is appropriate both because we 
have First Amendment concerns and because, 
as the providers of content, it seems more 
appropriate to us that we should be in the 
content business as opposed to the pipeline 
providers.
MR. LEHMAN:  All right.  Thanks very much. 
Next, Mr. Bolman.
STATEMENT OF
PIETER BOLMAN PRESIDENT
ACADEMIC PRESS
MR. BOLMAN:  Thank you.  My name is Pieter 
Bolman.  I am the president of Academic Press, 
which, like Sandra's, is a not-for-profit 
organization.  We are publishing scientific, 
technical and medical material both in terms of 
books, dictionaries, and especially journals.
First of all, I would like to say that I would like 
to see the NII within the context of an 
international information structure.  Science 
and technology and medical information is truly 
international.  Our export, shall we say, outside 
the United States, is more than 50 percent.  
And if the NII is part of an international net, 
shall we say, then obviously we deal with the 
world rather than just the United States.  And I 
think we need to emphasize that because that 
has obviously also a number of, amongst other 
things, security issues.
As I said, we want to make all our products 
that we do, that we currently publish available 
on the NII in some shape or form.  I'd like to 
emphasize that especially for journal 
publishing, we are a bit of a funny breed in the 
sense that in journal publishing we are really 
what we could the minute keepers of science.
Scientists, the product of their labor, so to 
speak, is new information.  If they do not get 
new information, if they don't produce new 
information, they are not very good scientists.  
And as a result, there is a sort of saying which 
is a bit perhaps unfriendly but it is certainly 
true in academic circles:  publish or perish.  If 
they do not publish, then they are not successful 
in their careers.
That means that we, in our behavior, very much 
dance along the author's cues.  We want to 
make sure that we on the one hand make 
available their material as widely as possible, 
and in that sense authors have actually very 
little interest in restricting that access.  At the 
same time, what we provide as publishers is a 
peer review system.  We do not peer review 
ourselves, of course, because that's the 
scientist's peer, so to speak, but we make 
available that system for them.  And from that, 
they get recognition.  So the higher prestige a 
certain journal is, the more recognition that 
scientist gets from his peers and the more likely 
he is to advance in his career.
Now, that kind of system must be preserved.  
So whatever technology changes there are going 
to be, if that does not mean -- if that does not 
make it possible that that scientific information 
system is preserved, it won't work.
In a way, we can say, therefore, that we do 
publish in our journals sworn statements of the 
scientist.  They produce a lot of information 
beforehand, they talk to their colleagues, they 
send out preprints, and all of that is chatter, so 
to speak.  Once they are accepted in a journal, 
that is the actual official statement that has 
been added to the archives.
That means that if we are going to be on the 
NII, then we need to be able to at all times offer 
our readers these sworn statements. Therefore, 
it should not be changed.  It's the only article 
that is the true one, is the one that has been 
published officially in one of our or anybody 
else's journals, for that matter.  So 
authentication of the information on the 
network is extremely important.  The reader 
needs to know what the official contribution of 
the scientist is.
The scientist himself also is very worried about 
this because if his name or her name does not 
appear together with the title of the journal, 
i.e., the company he kept, then he will not get 
credit for the information he produced.
We wish, therefore, to be able to permit our 
different users, also scientists but now readers, 
very different kinds of use.  They need to be 
able to browse.  They need to be able to print. 
They need to be able to down load, et cetera, 
while always preserving the authenticity, shall 
we say, of the article.
We want to be able to charge different prices to 
different users, and for different users there's a 
lot of ways that scientists take or use their 
information and hardly ever does, for instance, 
a scientist read an article in full, especially not 
if there is a lot of complicated physics or biology 
or mathematics involved.  There's no way that a 
person can read it off the screen or just in one 
go.
The threats we see, therefore, is first of all the 
international one, as I said earlier.  We, as all 
publishers, have the piracy threats of the 
moment in the old technology.  That kind of 
thing becomes, of course, very much easier, 
especially in countries where the copyright laws 
are not so strict as they are in the U.S. and in 
Europe
.
We want to be able to -- so we are afraid that 
that  kind of thing can happen unless there is a 
sufficient safeguard.  We also are afraid of on 
the one hand lack of privacy.  Although Sandra 
talked about metering software, which we think 
is important, we have to remember also that, 
especially sometimes in the pharmaceutical 
companies for whom we publish a lot of 
material, they do not want anybody else to 
know what kind of articles they read or study.
So on the one hand, yes, we would like to know 
what indeed our users are using.  On the other 
hand, there should be a safeguard that certain 
classes of users certainly will not be making in 
known what indeed they are using.
I think that is actually most of it, but the most 
important thing that I need to say that 
distinguishes, I guess, our kind of publishing 
from other publishing that is, you know, the 
publishing of books and encyclopedias, which is 
very similar to any other publishing.
MR. LEHMAN:  Thank you very much.  Mr. 
Leibowitz.
STATEMENT OF
DAVID LEIBOWITZ     
EXECUTIVE VICE PRESIDENT AND 
GENERAL COUNSEL      
RECORDING INDUSTRY ASSOCIATION OF 
AMERICA
MR. LEIBOWITZ:  Thank you very much.  My 
name is David Leibowitz.  I'm Executive Vice 
President and General Counsel for the 
Recording Industry Association today, and I 
thank Commissioner Lehman and the members 
of the hearing board for the opportunity for me 
to appear here today along with my colleague, 
Al McPherson, to discuss the recording 
industry's perspective to the issues of privacy 
and security.The Recording Industry Association of America 
represents America's record companies.  Our 
members create, manufacture or distribute over 
90 percent of all legitimate sound recordings in 
the U.S.  We have both large and small 
members and our industry sees both 
opportunities and challenges posed by the 
National Information Infrastructure.
Let me first discuss some of the opportunities 
that we see emerging from it, and in fact some 
of them are already in an experimental stage 
today.
First, the NII provides a new means for our 
companies to reach out to their current 
customers, to provide them the sound recordings 
and with other information relating to them.  It 
also is a means to attract new customers, those 
that don't like to go shop in stores or perhaps 
don't like to even dial an 800 number when you 
see those ads on television for particular works.
It also could provide additional information to 
the interactive capability about the artists, 
perhaps even dialogue with them.  And as I 
said, there already have been experiments 
under way. Al will be referring to those relating 
to Warner, but one that you might be aware of 
is an experiment that Geffen Records and the 
group Aerosmith have had with CompuServ 
where they allowed the down loading of one of 
their songs, in fact one that was not previously 
released for sale, to interested CompuServ 
subscribers.  And for a while they had waived 
their royalty charges on it, although I don't 
believe CompuServ had waived their charges.
At the same time with these opportunities that 
it does create both for the consumers and for our 
industry, there are many challenges that we 
see. I will not delve into the intellectual 
property issues that are being considered by the 
Advisory Council other than to commend 
Commissioner Lehman and the Intellectual 
Property Task Force for their work on that area, 
and we will have to see how continue progress 
can be made.
But the fact of the matter is that there has to 
be a seamless web of protection for sound 
recordings and all other works of intellectual 
property to make sure that the NII environment 
works both for the creators and for the users.
We have seen already in our industry various 
instances where bulletin boards, both 
commercial and non-commercial, might have 
either entire sound recordings or snippets of 
sound recordings as well as the cover art and 
other graphics associated with those recordings 
on their bulletin boards and available for others 
to retrieve without the authorization or 
permission of the copyright owners or the other 
creators involved in those products.
We've even seen instances where one of the 
commercial bulletin board services has actually 
encouraged that activity by giving credits of time 
charges for the amount of up loading into the 
system by individuals of particular works.  That 
is something that obviously troubles us a great 
deal. We have a very active anti-piracy unit that 
has so far just dealt with physical product 
distribution, but we are actively looking at this 
area.  And it troubles us and we hope to seek 
solutions both for the legal environment as well 
as the technical means.
Further to the technical means, I want to 
identify a number of the features that we feel 
are going to be essential for the NII to operate 
with respect to commercial transactions.
First, there is going to be a need to have 
identification of each work as well as the 
copyright status of that work.  That will be 
useful both for the copyright owners as well as 
for the bulletin board services and other on-line 
services so they could identify that a work is 
protected by copyright and perhaps should not 
be allowing the unfettered dissemination of 
that.
We have in our industry developed the 
International Standard Recording Code, which 
is a unique code for each and every track of each 
and every sound recording, at least with respect 
to those that are being -- will be released in the 
future, to basically serve as a license plate for 
that recording on the information superhighway.
As some of you know, there is also a system 
called the Serial Copy Management System that 
was a byproduct of the Audio Home Recording 
Act, which under that system requires the 
sound recording copyright owner to put into 
their work both the copyright status as well as 
the generation status of that work.  And we 
think that will be very useful as part of this 
copyright management system.
I would like to add in that regard, however, 
that because of the ubiquitous nature of the 
information superhighway and the equipment 
used on that, it may well be appropriate to 
have the equipment react differently to that 
SCMS information than, for example, digital 
audio recording devices used today.
We also need to have technical limits set and 
with the flexibility that a copyright owner and 
the creator determine those technical limits to 
either allow performance or display of the work 
and only performance or display, or to allow 
copying, and if copying, whether it's a single 
copy or to allow multiple copying of that work, 
as well as to determine whether or not that 
work, once copied, once deciphered if it was 
encrypted, can be further transmitted.
And that information that I've talked about for 
both the limits on the types of uses and the 
copyright information and the identification 
information must be sufficiently robust that it 
can be retained and transmitted and retained 
with the work even through various data 
compressions systems that may be in use.
We also have to ensure that there are means to 
protect against the manipulation of the work 
and to indicate the authenticity, which has 
certainly already been talked about and 
perhaps authenticity is even more important 
with scientific and medical materials than 
entertainment work, which is what our industry 
produces.  But nevertheless, I think the 
customers want to know that they are receiving 
the genuine product and authenticity, I think, 
will be still desirable in that area, as well as 
having means to track the usage and providing 
pricing information and means for payments of 
the various types of uses that can occur on the 
information superhighway.
And in that regard, I think it's not just the 
ability of the copyright owner to identify and 
include that information, but the computers and 
other equipment must be configured to react to 
both those information elements as well as the 
technical restrictions that are built into it.
And I'll be happy to, and in fact look forward to 
a pertinent discussion of these issues in a few 
moments.  Thank you.
MR. LEHMAN:  Great.  Should we move on to 
Mr. McPherson, then.
STATEMENT OF
AL McPHERSON
DIRECTOR OF TECHNICAL SERVICES
WARNER BROTHERS RECORDS
MR. McPHERSON:  Thank you.  My name is Al 
McPherson, Director of Technical Services, 
Warner Brothers Records. We are utilizing some 
aspects of what would be the NII, the Internet, 
AOL, CompuServ and a few other formats.  And 
things that we're currently doing are supplying 
audio and video samples that people can use for 
promotional purposes and things like that.  
These are things that are currently happening 
today, and we plan to expand those in the 
future because we see this as a very strong 
adjunct to her current marketing strategies.
Some of the things that we see in the future are 
catalogues of our products and other 
merchandise relative to the types of materials 
that we sell.  And ordering is obviously 
something that is very important to us so that 
we don't miss that side of it.
We also are currently, as are a few other 
companies, developing systems where people 
can get on line and talk to the artists on a daily 
or weekly show, so that they can actually 
interact with some of these artists and get 
information that they may not be able to get at 
this point in time.
The modification to intellectual property from 
our standpoint is very critical to us.  The artists 
do not want their product modified in any way 
normally, and the area that that gets into play 
is normally in the educational environment 
where somebody is learning to play an 
instrument or do something, write music.  They 
need the right to control what they're changing.
However, as a content provider, we want the 
ability to control when they have the right to 
make modifications.  So if there is a product 
that is intended for modifications, that can be 
done, and if it's not, it gets transmitted in its 
entirety and is not modifiable.  But you can 
view it and do what you want with it.
Some of the commercial threats that we're very 
worried about is the unauthorized access to our 
products.  And something that becomes a fairly 
integral part of this is somebody down loads a 
piece of software from us and makes a 
legitimate copy of it.  They can then pass that 
copy on to a friend. And maybe that friend is in 
Columbus, Ohio.  He may be in Sweden.  But 
that can be done.  We're very concerned that 
after we've made a legitimate copy, that it's not 
propagated around the network in a way that 
we have no control over.
As far as technical solutions, there are a few 
things that we have currently running.  David 
alluded to one thing called SCMS.  That 
information, which includes the ISRC 
information which defines the owners, is very 
important to us that all that integrity be 
maintained with each track that would be sent 
out.  And that could be expanded to video, 
which all of us are now involved in.
There are also other methods that have been 
developed which essentially apply a signature 
to the body of the work, both in the audio area 
and in the video area.  And it's important that 
that information be traveled along with the 
product so that it doesn't get separated.  So it's 
very important that we maintain the integrity of 
the data that we are sending.
And I think I'll let that go at that and maybe 
address some of these more specifically later. 
Thank you very much.
MR. LEHMAN:  Thank you.  Mr. Bunzel.
STATEMENT OF
MARK BUNZEL
CHIEF EXECUTIVE OFFICER
AVTEX INTERACTIVE SOLUTIONS
MR. BUNZEL:  Good morning.  My name is Mark Bunzel.  I'm the CEO and Creative 
Director of AVTEX Interactive Media, a 
15-person multi-media production company 
located here in Silicon Valley.
We produce multi-media CD-ROM products for 
the children's education and entertainment 
markets, sports instruction and improvement 
and multi-media adventure games market, so 
we have a great deal of interest in this 
particular subject.  But today, I'm here 
participating in this hearing as a member of the 
Board of Directors of the Interactive 
Multi-Media Association and as co-chairman of 
the IMA's Intellectual Property Committee.
As background, the IMA is a trade organization 
headquartered in Washington.  Our 
membership of over 300 companies represents 
the capture, development, transmission and 
distribution and the display of multi-media 
information.  We represent a very interesting 
cross-section of interests that are critical to 
building a robust multi-media industry, 
including many of the companies that are 
represented here today.
Even though the business interests of all the 
IMA members are often varied, and I can 
assure you, sometimes very conflicting, all of us 
share a vital interest in the protection of the 
multi-media information which is the economic 
lifeblood of all of us participating in the 
products and services that are expected to be 
part of the information infrastructure.
We want to point out today that there are 
differences in the shape and structure of 
multi-media products and services between the 
consumer and business markets that will be 
very large, and some of them have been 
illustrated with the other panelists.  We also 
want to point out that there will be significant 
differences between on-line or connected 
services, the information highway, and 
shrink-wrap retail products.  Yet we want to 
point out that they transmit similar types and, 
in theory, very often the very same multi-media 
content.
The IMA is concerned that while the protection 
of multi-media content to owners is critically 
important to the growth and success of the new 
information markets, great care must be taken 
to examine the differences as well as the 
common elements of each component of the 
information highway.  I think the other 
speakers have brought this up.
We believe that perhaps crafting approaches 
that are narrowly suitable to specific industry 
participants may be -- as they are not 
unrealistically burdensome to others.  One 
example of this that we are tracking very, very 
carefully is the release of the next generation of 
CD-ROM players.  Probably next year, users 
will be able to purchase -- and we've seen this 
coming in from off-shore companies -- economical 
CD-ROM players at today's prices that you can 
buy, capable of recording data, which means 
that you can now, the same as the videotape 
industry faced, on a low-cost, probably about 
$15, write-once-only CD-ROM, looking very 
much like this (indicating).  This disk will be 
able to hold a tremendous amount of data 
because it will have eight times the capacity.  
And to put that into perspective, that will be 
five Gigabytes or enough to hold several hours of 
very high-quality video, hundreds of thousands 
of color pictures, and millions of pages of text.
Over the next two years, this technology will 
also be recordable so that a user can erase and 
re-record over their disks.  This wonderful 
technological advancement offers terrific 
economic possibilities, but it's also going to 
represent a new level of complexity of protecting 
the rights of the rightful intellectual property 
holders in all media:  traditional, such as 
books, as we've talked; new media, and even 
information delivered electronically which can be 
down loaded once and stored onto a disk like 
this rather than just viewed and then erased 
from the system's memory.
We don't believe that control is the ultimate 
answer.  Some classes and types of multi-media 
can benefit from limited distribution to 
responsible users who want to communicate, for 
example, in a limited capacity in a corporate 
presentation or to illustrate an educational 
concept in our schools, but yet still provide a 
reasonable economic benefit to the appropriate 
rights holder.
For example, when the recording industry faced 
similar issues and concerns with the emergence 
of DAT, the Digital Audio recording Tape 
technology, the entertainment and consumer 
electronics industries crafted legislation for the 
digital audio recording technology, or the DART 
legislation, that would provide the mechanism 
for an economic benefit for the musical artists 
and rights holders from the sale of blank DAT 
recording audio tapes.
The computer industry at that time worked very 
hard to make sure this legislation did not 
extend to the computer software and hardware 
industries.  Basically, we don't have the benefit 
of clearinghouses such as BMI and ASCAP.  The 
DART legislation may have worked well and 
may be working well for an inclusive body of 
music in the audio industry.  We do not believe 
it will work well for a compilation of several 
media program or offered together into a 
multi-media program delivered either 
electronically or through high-capacity CD-ROM.
In essence, we're pointing out that we believe 
that the information infrastructure is not just 
the electronic highway but high-capacity media 
such as that and others.
In summary, the IMA believes the protection of 
multi-media information is vitally important to 
the growth and development of this industry.  
We caution that there is no one-size-fits-all 
approach to this industry.  The IMA is now 
actively involved with the analysis of the 
various segments of its membership, seeking to 
understand the requirements, limitations and 
realities of the various distribution systems 
that are likely to become a part of the fabric of 
the NII.  And sessions like this are very helpful 
in providing information into our group to assist 
us in understanding the industry's needs.
Specifically, we are distinguishing between 
stand-alone media and connected or wired 
services, and within the on-line community, we 
are clarifying the various service types.  The 
IMA intends to eliminate the technical, 
economic and political issues surrounding 
copyright protection of new media-based 
services.  We view this as a critical step to 
forming the right solutions and look forward to 
sharing this information with you as it 
develops.  Thank you.
MR. LEHMAN:  Thank you very much. Finally, 
Ms. Simons.
STATEMENT OF BARBARA SIMONS
CHAIR, U.S. PUBLIC POLICY COMMITTEE
ASSOCIATION OF COMPUTING 
MACHINERY
MS. SIMONS:  Thank you for the opportunity to 
speak with you today.  As a representative of 
the computing profession, I particularly welcome 
the opportunity to discuss the development of 
the NII with the Advisory Committee.
I am here today on behalf of U.S. ACM, the 
Association for Computing Machinery's 
Committee on U.S. Public Policy.  ACM is 
non-profit educational and scientific society 
dedicated to the development and use of 
information technology and to addressing the 
impact information technology has on the word's 
major social challenges.  The 85,000 members 
of ACM are an outstanding resource of 
information, and we will be very pleased to 
assist in any way that we can.
The ACM committee that I chair is particularly 
interested in policy and social issues involving 
network policy, including encryption, privacy, 
access issues and computers in education. I 
have brought with me several documents and I 
have left copies of most of them on the table in 
the back that are related to this issues, 
including an article I wrote listing questions 
about the NII and ACM and U.S. ACM's 
statements on privacy, access and the escrow 
encryption standard.
I have also brought a copy of our in-depth study 
of encryption policy in the U.S. entitled "Codes, 
Keys and Conflicts:  Issues in U.S. Crypto 
Policy."  Incidentally, ACM is distributing this 
study free of charge on the net.  I would like to 
say that it's a best-seller, but because copies 
are available on several sites on the net, I really 
have no idea of how many people have down 
loaded copies.
I started using the net in the late '70s while I 
was still a graduate student at U.C. Berkeley, 
and I could not function without it.  I had used 
the net for such dissimilar activities as writing 
papers and running the U.S. ACM.  As an 
aside, even I have not met all the members of 
my committee.  Nonetheless, we function very 
effectively using the Internet as our source of 
communication.
While I'm not quite an old-timer in the field, I've 
been around long enough to witness the 
extraordinary computer-based revolution that 
has changed how we store and manipulate 
information. This revolution has made it 
possible for me to accomplish a great deal more 
than I could have without this wonderful 
technology.
But at the same time, the revolution has 
created significant problems for industry, and 
we've been hearing about some of those 
problems this morning.  A digitally stored 
document or program can be disseminated for 
very little or no cost either by shipping it over 
the net or by down loading it onto a floppy or 
maybe one of these CD-ROM's and giving it to a 
friend or sending it off in the mail.
Consequently, we are faced with a series of 
questions.  Two in particular are:  One, can we 
protect digitally stored intellectual property 
using technology, financial disincentives, new 
approaches and the law?  And two, what are 
the trade-offs to using these different 
approaches?
It is not possible in the small amount of time 
that I have available to me to discuss any of 
these questions in detail, so I shall state my 
views very briefly.
There are a variety of technical approaches for 
protecting intellectual property that one can 
contemplate, and we've heard them touched on 
briefly today.  While it's impossible to develop a 
technology that is absolutely fool-proof, I mean, 
you just can't do it, still there are people 
working on technologies using, for example, 
encryption that are likely to discourage the vast 
majority of people from stealing intellectual 
property.
An analogy can be made to the book publishing 
industry.  Photocopy machines can be used to 
copy books, but most people don't borrow a 
book and stand by the copy machine and copy 
the whole thing.  And similarly, you can have 
technologies which will discourage people from 
doing that same sort of thing with software or 
other forms of intellectual property.
The second point is financial disincentives.  The 
idea behind financial disincentives is that the 
cost of obtaining information should not make it 
worth one's while to copy and distribute 
protected information.  An efficient and 
inexpensive automatic billing mechanism which 
has already been referred to this morning on the 
net could be used to process transactions that 
cost only a few cents or even a few dollars.  If 
the costs are sufficiently low to obtain a copy 
legitimately, I'm unlikely to distribute my copy 
to my friends.
There's, of course, material for this approach 
that would not be suitable, namely, things that 
are very, very expensive, but cheap access could 
be at least a partial solution that could be used 
in conjunction with other technologies.
There's also the idea of new approaches. An 
interesting example of this is something that 
happened in India to the satellite cable 
company called STAR.  People started buying 
satellite dishes for receiving STAR and illegally 
selling the transmission to apartment house 
complexes.  STAR's reaction was not to go after 
all of these illegal small entrepreneurs, but 
rather to make everything free and then to turn 
around to the business community and say, 
"Look at all the people we have receiving our 
transmission.  How would you like to buy 
advertising time?"  And that's what they've 
done.  It's all free now.  The small 
entrepreneurs still sell the transmission to the 
apartment buildings and the cable company 
carries advertising.
I'm not an expert on legal issues and I do not 
intend to speak directly about them or about 
the recently issued report on intellectual 
property rights.  However, I am concerned that 
the law might be used as a blunt tool out of 
frustration for the lack of guarantees that we 
have with other methods. We need to be very 
careful that we don't make laws that are 
routinely violated both because of the selective 
enforcement aspects of such laws and because 
of the contempt for the law that is engendered 
by laws that are by and large unenforcible.
I have mentioned trade-offs to various 
approaches.  We have to keep in mind that 
there are other important goals in addition to 
that of protecting intellectual property.  In 
particular, there is the larger goal of promoting 
public access and use of the Internet and other 
forms of communication like that.  By copyright 
generally, this goal also raises questions about 
crafting incentives that serve public interest.
Much of the development on the Internet has 
taken place without commercial incentive.  This 
is not to suggest that commercial incentive 
should be discouraged.  Rather, it is to remind 
the Advisory Committee that there are other 
important incentives for Internet users that 
should be preserved.
For example, there is within the user 
community a strong belief in sharing 
information and ideas as much as possible, 
except of course where there are specific 
business restrictions.  Many of the standards on 
the Internet evolved in an open, non-proprietary 
way.  Even the popular program Mosaic has 
spread around the network without cost to 
users.
The computer science community favors sharing 
because it promotes innovation, cooperation and 
the development of good ideas.  This is a spirit 
that you should be careful to preserve as the 
development of a national network moves 
forward.
Commercial applications of the Internet should 
be welcomed and encouraged, but so too should 
the continued growth of open and accessible 
networks that reach corners of our community 
that might otherwise be ignored.  Clearly, 
access to the Internet alone will not solve many 
problems in our country.  However, if we erect 
barriers between communities, we will move 
further away from the goal of a technically 
literate, well-trained work force.
The Constitution speaks of copyright in the 
context of promoting, quote, "the progress of 
science and useful arts," unquote.  The 
computer science profession has already made 
many contributions to this spirit.  We hope that 
the IITF Advisory Committee will continue to 
encourage such efforts.  Thank you.
MR. LEHMAN:  Thank you very much, Ms. 
Simons. At this point, we're going to start 
having a dialogue with members on our side 
here and even among members of the panel 
themselves.  So I'd like to first defer to my 
colleagues here if you have some specific 
questions of any of the panelists.
Bruce, do you want to start?
MR. McCONNELL:  Sure.  Thank you very 
much, Bruce.  I would like to.  I have a number 
of questions which came up as a result of this.
Just kind of going down the list here, starting 
with you, Roger.  You mentioned the idea that 
one way of handling the distribution of 
unauthorized copies would be to encrypt the 
product and then sell the keys to individual 
users.
Is that something that's contemplated now with 
existing software products, and how successful 
do you think that would be in promoting the -- 
sort of if you could explain a little bit of exactly 
how that would work and whether it would do 
anything for the subsequent redistribution and 
how it sort of fits in with the marketing strategy 
of software vendors today.
MR. SCHELL:  I think that there's some 
similarities with our current paradigm for 
licensing products.  Several manufacturers 
distribute as common a product as a CD-ROM, 
for example, that has the ability to offer a 
license to maybe five users or 40 users at a very 
different price.  And what is actually sold is the 
license that enables them to use this very same 
body of software but use it for a given number of 
users or other sort of authorized use.
I think the encryption is just an extension of 
that same licensing notion which allows us to 
provide the material using the technology and 
yet get the financial remuneration of selling it 
based on how it's actually used.  And encryption 
just provides some protection against the kind 
of malicious software, which I think is the 
problem more than the hackers trying to hack 
into it on an individual basis.  That does not 
protect against sort of the lone individual 
hacker, as has been noted.
But it does provide probably effective protection 
today against the entrepreneur who would take 
on a mass basis the software and resell it.
MR. McCONNELL:  Okay.
MS. DYSON:  Just to follow up, talk a little bit 
about the notion, and then you have a trusted 
computer system afterwards, so that I assume 
that means that you're controlling the use or 
monitoring the use and doing some kind of 
potentially either metering or at least 
controlling through the copies?
MR. SCHELL:  The role of the computer system 
in the encryption I think has sometimes been 
overlooked.  Consider the problem that you 
want to have an authorization for a credit card 
use and you have some encryption technology 
that you see on your screen, something that 
says I'm going to authorize a $100 purchase.  
But what actually gets sent out on the wire may 
be an authorization for a $1,000 purchase.
Now, the question is, if you don't have a trusted 
computer system, you have no way of knowing 
what actually went out.  And furthermore, you 
can rather easily deny at a later point in time 
that you ever actually authorized that because 
you said, well, I don't know all the software 
that was here. Our products today typically 
have literally millions of instructions that are 
there.  We don't know what's in them.  We have 
no hope in terms of the technology of being able 
to identify or find malicious software.
What we can do is, with the trusted systems, 
we can establish a perimeter where we can 
limit how much it is we have to trust.  And we 
can have a path directly to the user so that we 
can hold the user accountable for his decisions 
of, say, authorizing $100 or $1,000 kind of 
purchase.
Those are some of the things that I was 
referring to that have to have both the trusted 
systems and the cryptography together.  You 
can't take either one and address this need.
MR. McCONNELL:  On the trusted systems, 
you mentioned that in addition to the export 
controls on cryptography, there are also export 
controls that limit the ability of exported 
trusted systems.  What specifically is the 
limitation there?
MR. SCHELL:  One of the means of judging the 
trustworthiness of a system is the evaluation 
that is done by the National Computer Security 
Center.  They provide essentially six different 
levels, and towards the middle of that level is a 
category they call Class B-II.
The regulations today prohibit the direct 
commodity sale of systems that are above Class 
B-II, yet it is exactly those systems which can 
provide the kind of effective protection that 
we're talking about.  And that's a specific 
prohibition in the regulations today.
MR. McCONNELL:  Is that regulated on a 
munitions list or --
MR. SCHELL:  Yes, it is.
MR. McCONNELL:  Has there been any study 
of foreign availability of this class of computer 
above B-II?
MR. SCHELL:  I don't know of any systematic 
study.  I believe that in this area, we're 
beginning to see an emerging demand, and so I 
wouldn't expect today a large availability.  But 
the existence of those kind of restrictive policies 
tend to discourage U.S. manufacturers from 
producing those.  And there's no doubt that the 
U.S. is a technology leader, and if we're 
discouraged, others will not likely go and meet 
that need either.
MR. LEHMAN:  Ms. Preston, do you --
MS. PRESTON:  Not of Mr. Schell.
MR. LEHMAN:  In the FCC, we have a -- just to 
follow up on this point -- for years has certified 
receiving equipment, that someone is meeting 
certain standards and so on and so forth.
MR. SCHELL:  Yes.
MR. LEHMAN:  Do you think that either they or 
some other entity ought to have that kind of 
regulatory authority to deal with these issues?
MR. SCHELL:  I think, as an industry, we do 
not look so much to regulatory authority but as 
a service that can be provided, the ability to 
rate a system such as the National Computer 
Security Center does, and to distinguish a Class 
C from a Class B-III system, for example, is a 
valuable service to a customer.
I think that it should be left to the industry to 
decide how to use those ratings.  Once there's 
an objective rating, if I'm going to accept an 
electronic credit card from somebody for a 
purchase, I might choose to essentially have a 
grade on the data -- on the digital signature.  
And I'd say, well, you have to have a grade B-II 
signature before I will accept a purchase of more 
than $1,000, for example.  And that does not 
require any sort of regulation but does benefit 
very much from the existence of an objective 
evaluation which the government can uniquely 
do.
I think another unique role the government can 
serve in that evaluation is uncoupling the 
liability aspects, which is very important.
MR. LEHMAN:  Could you elaborate on that.
MR. SCHELL:  If a given vendor asserts that 
their product provides a certain level of 
protection and they do that on their own behalf, 
they are then potentially liable for a mistake 
which they may have made in a non-malicious 
way.
On the other hand, if the government has 
provided an evaluation and has published a 
rating just as in some sense we do with things 
like Underwriter Labs and other things in 
terms of the FCC Class A, Class B that I think 
you were referring to in terms of emanations, 
the individual supplier is not really responsible 
for the evaluation that is rendered.  He's 
responsible for providing the information so that 
the judgment can be made, and the government 
can, without really liability, say this is rated at 
this level in our belief based on this evidence, 
and they hopefully publish the basis for arriving 
at that.
This then allows the customers to have the 
benefit of knowing how good it is, whether it's a 
cryptographic algorithm or whether it's a 
trusted system, without the vendor having to be 
liable for having made those claims, which 
might discourage him from actually giving the 
information that the customers need.
MS. DYSON:  This is sort of pushing towards 
policy, but are there any studies of how 
consumers react to their use of software being 
monitored to -- you know, if they're notified 
you're now being charged $2 a minute to do 
this?  What's the reaction to emotional notion of 
renting the use in reality as opposed to 
purchasing the software even if you're only 
purchasing a license?
MR. SCHELL:  I think that that area has not 
matured completely, and I don't know of any 
systematic studies.  However, within the 
industry, there are active efforts today to 
provide the licensing means on a group basis so 
that you might have a network, for example, 
which might have hundreds of users but which 
you could license some smaller number of, say, 
ten copies at a time that would be accessible.
And those kind of licensing capabilities and 
license servers, as they're sometimes called, are 
being actively worked on.  And the belief is that 
that's an acceptable means to users for paying 
for the services that are provided.
MR. LEHMAN:  Ms. Preston, you had a 
question of another member of the panel?
MS. PRESTON:  Yes, for Sandra.  I was glad to 
hear that you recognize the right to compensate 
creators and copyright owners.  But I would like 
to ask you about a related matter, and that is 
control.
Do you believe that the creator or the owner has 
the right not to grant access to his work? And if 
so, how do you see that we might technologically 
prevent access?
MS. WHISLER:  Well, I think we have to think 
of that in the context of the way things work in 
the print work.  In scholarly publishing, we 
basically almost always take the copyright and 
we administer the copyright as the publisher, 
and we do not by and large pay the scholars.  
It's just the whole -- the whole enterprise of 
scholarly publishing is based on a huge amount 
of sort of free volunteer contribution to the 
greater good at the level of the creators and 
even at the level of the editors.
So I'm not convinced that there's enough money 
in the system to change that in the electronic 
world, unless it turns out that there is just 
bezillions of more uses because of ease of 
access. And it's certainly too early to say that.
At the same time, I think we're already coming 
up against this problem in the licensing 
arrangements we're signing with secondary 
publishers like, you know, Magazine Index and 
University Microfilms and people who are 
providing compilations of material now.  And 
it's really a problem because there are articles 
that we do not have the rights on, and there 
isn't right now a systematic way of being able to 
flag those.
And it would be great in this metering software 
that I'm still wishing for, and so I can put all 
sorts of functions in it since I'm just wishing for 
it, that there certainly needs to be some way 
there to sort of say these articles are not 
available, you know, you can't do that.  Right 
now, it works very imperfectly.
MS. PRESTON:  You mentioned a partial use of 
an author's work to be copied and made part of 
a larger work.  Should an author have this right 
that he does not want any of his work to be 
separated from the whole and to be made a 
part of another work, and how do you prevent it 
with the technology that we have today?
MS. WHISLER:  I think that -- does the author 
have that right?  Boy, I don't know.  Again, 
that's not a right we recognize now in the print 
world.  If someone contacts us directly to use a 
single chapter from a book in a course pack, or 
indeed we license to the Copyright Clearance 
Center and we don't even find out about it until, 
you know, a year later when they pay us, that 
happens now.
What I think happens now also is that there is 
a lot of use of individual chapters that is 
essentially invisible.  If someone goes to the 
library and reads a single out of a book, nobody 
ever knows about that.  And so, you know, this 
technology offers us a chance to start making 
that kind of use visible.
You know, I think you have to remember that 
scholarly publishing is in incredibly dire 
financial circumstances because of the collapse 
of the library budget, that, you know, a book 
that sold 1,500 copies 15 years ago now sells 
500 copies.  And the number is going down, 
down, down, down.  And so those things are 
already -- you know, a commercial publisher 
would not be publishing those things now. 
We're already losing money on those books.
And so having some tiny avenue of bringing 
some money back in from partial uses, it's not 
as if we're getting rich.  We're just sort of hoping 
to be able to continue providing access.
MR. LEHMAN:  Do you think that the existing 
technology of photocopying has affected that, 
that the capacity of photocopying the scholarly 
articles has resulted in the -- obviously, all 
publications are --
MS. WHISLER:  I think that's certainly been --
MR. LEHMAN:  -- money pressure, but then 
they have another outlet.  They can sell, well, 
we don't have to buy the book.  We'll spend it 
on a new room or something in the library 
instead because we can -- you know, we don't 
need as many books because we can photocopy.
MS. WHISLER:  That's certainly a factor. And I 
think it gets to be more a factor as scholarship 
becomes more interdisciplinary.  You end up 
with more works which have only parts of them 
that are of interest to particular people.  So the 
books are getting more expensive, there's less in 
the book that a particular scholar wants, and 
it's easy to Xerox.  And all of those things come 
together in a nasty way.
MR. LEHMAN:  Well, this gets back a little bit 
to the point that Ms. Simons made earlier that 
actually the capacity of the technology to provide 
for economic transactions in the use of the work 
does not necessarily imply less access, it seems 
to me, because what you have is a market at 
work.  In theory, the market can result in wider 
use but at lower per cost uses.
MS. WHISLER:  That's right.
MR. LEHMAN:  And therefore, you know, more 
people have it available, but at the same time 
there's a mechanism for small monetary 
transactions that will support a group like 
yours, academic publishers.
MS. WHISLER:  That's right, we hope.
MS. PRESTON:  You talked about user friendly 
a while ago.  Collective licensing may act as a 
clearinghouse.  Do you believe that such a 
methodology would be user friendly?
MS. WHISLER:  Well, it all depends on, you 
know, how ubiquitous it is and how easy it is.  I 
mean, if you ended up with something like BMI, 
that would be terrific.  I mean, the office would 
like that, we'd like that, everyone would be 
happy.  I think that's a formidable task, to 
create that now as opposed to having created it 
back when.
And I also feel there's a lot more authors than 
there are recorded musicians in the world, I 
think, and keeping track of all of those people 
and being able to manage that in a centralized 
thing, I mean, it's one of those things that's 
theoretically possible but I would be really 
surprised if it happened.  I don't see where the 
organizational will in the society is going to 
come from to mount that massive --
MR. LEHMAN:  Well, you already have the 
CCC.  You have the Copyright Clearance Center.
MS. WHISLER:  If it doesn't work any better 
than CCC, it won't work.
MR. LEHMAN:  Well, that is, in effect, a 
collective licensing society --
MS. WHISLER:  Yes, right.
MR. LEHMAN:  -- already.
MS. WHISLER:  But that's not going to 
creators.  That's going to publishers.  And to 
make that next step so that you're actually 
recompensating the actual creators through that 
centralized task is a big task.
MR. LEHMAN:  I just want to put a footnote in 
here just to make it clear about this issue of 
authors' rights vis-a-vis a publisher.  Obviously, 
when your publisher comes to you -- when your 
author comes to you, you have standard 
agreements that are signed which in your case 
would provide, generally speaking, for the 
ceding of most of the rights to the publisher.  So 
obviously as you move into these new 
technologies, the authors' rights and your rights 
are obviously going to initially be determined by 
these agreements which probably ought to be 
revisited in view of this potential new 
technology.
MS. WHISLER:  That's right.
MR. LEHMAN:  And obviously, the nature of 
those licensing agreements right now, the kind 
of deal that you sign with an author, is 
considerably different than what Simon and 
Schuster signs when they pay somebody, you 
know, a $500,000 advance and do a major 
trade book deal.
MS. WHISLER:  That's right.  This is a field 
that's really in a lot of flux right now because 
the library community and the university 
administration community are both pushing to 
get the faculty to insist on maintaining their 
rights as a solution to -- they think a solution to 
the hegemony of the European scientific 
publishers' control over scientific information.
And so we're in a sense in a situation where the 
sort of usual way of doing things is really up for 
grabs in our world.  And so even though that's 
the way it works, I don't know if that's the way 
it's going to keep working.
MS. DYSON:  But I guess the fundamental 
point is right now that the authors actually -- 
and this is especially, as Mr. Bolman said as 
well -- the authors are looking more for prestige 
recognition, a rise in salary rather than direct 
compensation for the property they produce.
MS. WHISLER:  That's right.
MR. LEHMAN:  But those are -- I think it's 
important to understand those are academic 
authors that you're referring to largely, or 
scientific and technical.  The two of you 
basically represent scientific and technical 
publishing and basically these are people that 
look to their university salary or maybe their 
consulting deal with, you know, a local Silicon 
Valley company or whatever for their primary 
needs of compensation.
MS. WHISLER:  That's right.
MR. LEHMAN:  As opposed to the people that 
ms. Preston represents, for example, who look 
to the royalty check that they receive the 
exploitation of a copyright as their primary 
means of compensation.
MS. WHISLER:  That's right.
MR. McCONNELL:  Continuing on your point 
about the copyright observance and metering 
software, have you or have the presses or are 
you aware of any systematic attempt to at least 
list what all the features are that -- as you say, 
it's easy since it doesn't exist as a commercial 
product at the moment, but is there a list of 
what the requirements are for all those things 
in any detail that you're aware of?
MS. WHISLER:  Not that I know of that's 
coming from the publishers.  We're watching 
very carefully the Netville experiment at 
Carnegie Mellon, which is I think going to -- you 
know, it's 90 percent of the way to actually 
being a usable thing.  It's a little too library 
based right now. It's assuming that the effective 
owners of the right and the people who will be 
recompensed are the libraries and that doesn't 
quite work.
But it's really easy to imagine that model 
pushing to the next step.  That would be an 
interesting task to take before AAP and to ask 
them to work on that.
MR. McCONNELL:  We would encourage you to 
do that, then.
MS. DYSON:  I'd actually like to say something 
sort of as a witness in the sense that I publish 
a newsletter and I am now -- it's now available 
on line through Information Access Company.  
And the way we're compensated is, I believe, we 
get a check based on -- they get total sales for 
the disk or for electronic access, and then they 
look at what percentage of the total number of 
bytes my newsletter is.  And so they assume 
that everything on that service is accessed at 
the same rate and they give me a teeny-weeny 
percentage of it.
Since I don't really take this all really seriously 
yet anyway, I'm not terribly exorcised about it.  
But I could imagine in the future feeling very 
strongly that I would like to know, you know, 
whether my newsletter is looked at more often 
than other stuff.  And so I'm still dealing with 
whether I believe in this concept at all, but if I 
do, I would certainly like much better metering 
procedures in order to know how much my stuff 
is seen as opposed to somebody else's.
And that certainly doesn't cover the copies that 
are made of it once it gets down loaded the first 
time.
MS. WHISLER:  You know, I think that price 
model comes out of the CD-ROM world and for 
lack of any better model, that's sort of what 
they're using now.  But I don't think it works 
once you get real metering software.
MR. LEHMAN:  This gets to the issue of the 
differences between different uses and different 
industries that are reflected here.  I mean, the 
record industry is vastly different from academic 
publishing, newsletter publishing and so on.  
And even within something like newsletter 
publishing, there are different kinds of angles 
and different kinds of newsletters and ways 
that people market and receive their 
compensation and so on.
So one of the questions I would like to sort of 
ask anybody on the panel that wants to 
respond is:  Is there a common base line of 
features that we see, or are we going to see 
ultimately considerably different mechanisms in 
different industries?  For example, maybe 
blanket licensing for some things, on the other 
hand high levels of encryption for others and 
strict metering?  And is there, as a matter of 
policy, any role for anything other than the 
marketplace, for the government in creating 
those different standards?
Yes, Ms. Simons?
MS. SIMONS:  Well, actually, I have a comment 
I'd like to make about this metering discussion. 
 Of course, it's something I was advocating in 
my statement, but I also want to point out that 
there are policy issues related to that, namely, 
who owns the information about who is getting 
-- who is subscribing to what.  And as our life 
moves more and more onto the net, as it 
becomes more and more electronic, I think the 
issues of privacy protection become increasingly 
important.
I personally would like to see some kind of legal 
protection whereby people or whoever has 
access to the information is not allowed to 
disemminate it without the specific permission 
of the user, of the person who ordered it.
MR. McCONNELL:  We are looking exactly at 
those kinds of issues with the Advisory Council 
in connection with our work on privacy, and that 
question of consent, informed consent for the 
release of information about yourself, about 
personal information.  It's related in a way to 
the comment that Mr. Bolman made about the 
pharmaceutical companies not wanting their 
activities known as to what journals or what 
articles they're reading.  So there's a commercial 
privacy aspect, as well, and I think that's 
important.
MS. SIMONS:  And I think it's important that it 
apply not only to the government, because there 
already are laws restricting what the 
government can do, but that it also applies to 
private industry.
MR. LEHMAN:  Well, you know, there are 
interesting copyright implications here because 
we had -- you know, a couple of years ago, we 
had a big fight where book publishers, for 
example, wanted a more -- basically wanted a 
fair use right to publish from unpublished 
works.  You know, in other words, if I wanted to 
look at -- yeah, exactly, if I wanted to look at 
Truman's private memoirs that had never been 
published, I could use that.
So we see a conflict there, even on the part of a 
group that's normally very pro-proprietary and 
pro-copyright, saying, well, I want less copyright 
protection so I can get somebody else's private 
stuff.  So there's a really interesting -- the 
electronic environment is going to expand those 
kinds of questions tremendously, and you'll find 
different people taking different positions, I 
suspect, from where they happen to -- you know, 
what they want at that given moment.
We have the other panel, and I'm trying to, even 
though I realize we originally said 12:30, I 
realize a number of people have to get to the 
airport, which is quite a ways away.  So what I 
was hoping we could do is shorten the break, 
continue until about 20 minutes to 10:00 and 
then maybe take about a five-minute break and 
then come back for the next panel.
And, you know, we can talk all day.  It's really 
such a shame, but this is the beginning of a 
dialogue and maybe we can all correspond with 
one another on the Internet about it.
(Asides.)
MR. LEHMAN:  Oh, there's somebody from the 
audience that wants to ask something, too, but 
why don't we --
MS. DYSON:  I just want to offer, I will stick 
around later and I'll help pass on any further 
comments people might have to my esteemed, 
honorable colleagues.
MR. LEHMAN:  Well, also, everything here is 
being transcribed, of course, too.
MR. McCONNELL:  Well, if it would be 
possible, Mr. Chairman, if we could, obviously I 
certainly won't have time to ask all the 
questions that I have.  If it would be all right 
with the panel, if I could submit questions to 
some of you for the record, if those could be 
incorporated in the record, that would be very 
helpful.
MR. LEHMAN:  I'm sure everybody would be 
happy to do that.
MR. McCONNELL:  That would be great.  I just 
had one question for Mr. Leibowitz, which is the 
International Standard Recording Code which 
you mentioned, does that provide all the kinds 
of information about copyright status, 
generation status, terms and conditions at this 
point?  Is that a robust thing for all manner of 
intellectual property?
MR. LEIBOWITZ:  Well, there are a 
combination of codes.  The International 
Standard Recording Code is really an identifier 
of the particular sound recording track which 
will identify the owner of it and, with the 
numbers, identify the particular recording.
The other information about the copyright 
status and the generation status are part of the 
Serial Copy Management System information.  The pricing information and the other elements 
that I discussed are not part of that, and that 
would have to, you know, be built upon.
Let me respond, since nobody did get a chance 
to respond to the question you had a moment 
ago about the issue of whether we should have 
some single means of standards.  I think on the 
one hand it's very important that there be 
flexibility to allow the individual content 
providers to determine their own types of 
systems and approaches.  But at the same 
time, to the extent that we want -- and certainly 
our industry wants the equipment to be able to 
react to those, I think there is a valid role for 
the government or standard setting body to play 
in trying to develop that sort of feature so that 
it doesn't increase the costs unnecessarily of the 
equipment or the transmission services 
themselves.
MS. PRESTON:  I have a question I would like 
to ask of David Leibowitz.  When you have the 
performance right in sound recording, what type 
of --
MR. LEIBOWITZ:  -- lips to God's ears.
MS. PRESTON:  What type of security do you 
envision that will enable you to determine that 
an album has been performed?  For example, 
Mary Sue has the new Madonna album and she 
decides that she wants to play that album over 
the NII for her friends to listen.  She calls up 
everybody in the neighborhood and says, "Have 
you heard this?  Take a listen." How will you 
know that that has been performed?
MR. LEIBOWITZ:  Well, there are very 
frightening aspects of the Internet system today 
which doesn't allow us to make those 
determinations. I think the part of issues -- and 
first of all, for clarity, to the extent that the 
copyright law is expanded to give sound 
recording owners the same right of public 
performance that all other content providers 
enjoy, it's limited to public performances.  And 
the question then becomes whether that's 
public or not.
Other characteristics that you would have to 
look at is whether or not it's being transmitted 
in a way that is audible in real time or is it 
transmitted to be down loaded in faster than 
real time?
MS. PRESTON:  Now, we're talking about just 
listening.
MR. LEIBOWITZ:  Well, if it's just being 
transmitted for listening, those are going to be 
performances.  Whether or not -- certainly today, 
we don't have the capability to address that, 
which is why we need the additional 
information and allowing the equipment to also 
react to that information.
MR. LEHMAN:  Well, we would ask the same 
question of you, Ms. Preston, that --
MS. PRESTON:  I was asking for that same 
reason.
MR. LEHMAN:  I mean, that's a performance 
that's being listened to.
MS. PRESTON:  We have the same problem.
MR. LEHMAN:  Though I think it is important 
to realize that certainly the copyright law has 
never captured every single use of work.  I 
mean, you just have to recognize that there are 
going to be unauthorized uses.  Right now, 
there's just a vast wealth of information out 
there on the Internet by and large which are 
communications or which are public domain 
material which people put on there, and they 
basically don't -- they may be technically 
copyrighted works but there's no attempt to 
enforce the copyright.
I mean, just because you have a copyright right 
doesn't mean that you have to run around 
enforcing it or anything like that.
Yes, Ms. Simons.
MS. SIMONS:  Well, I just wanted to express a 
little concern about the scenario you just 
described.  In order to be able to capture that 
kind of information, it might imply the ability to 
capture all kinds of other information, such as 
political dialogues.  And I just think it's a very 
risky business.
It's true that the Internet doesn't now have the 
capability to find out is she's sending this record 
around, but we also have to keep in mind what 
the trade-offs are to introducing new 
mechanisms and how they might be used in 
ways we don't intend them to be used.
MR. LEHMAN:  This is such an exciting 
discussion with this panel that we could 
probably go on.  We should have arranged for a 
full day of hearings, and maybe two, but we 
learn as we go along.  But we did promise the 
audience a chance, and we do have a person 
from the audience, so maybe we should move on 
to that.
Could you come forward, please, and identify 
yourself.
MS. NYCOM:  My clients represent both sides of 
the Internet, if you will, or the NII.  And they're 
traveling together, but they have differing 
interests.
Some of them are people who are providing 
intellectual property, and they, like Sandra, 
would like to find a way to make sure they're 
paid for it. Others on the other hand are the 
distributors, and they neither want nor are they 
interested in knowing anything about the 
content or let alone being held responsible for it.
So I have two questions, one for the testifying 
panel, and then if I might, one for your panel.
For the testifying panel, the question really is:  
Are you speaking with each other?  For 
example, David, your group, and Mark, your 
group, are you keeping each other informed so 
that you don't solve yesterday's problems as the 
technology advances?  And I see this is a great 
opportunity to work together so that the true 
protection can be had without the distributor 
somehow being liable.
Now, for this panel, the question is: Have you 
looked at, as a National Academy of Science 
panel did a couple years ago, the notion of 
providing possibly the status of a common 
carrier for some of the distribution channels, 
and of course with the aspects that that brings 
up along with it?
Thank you very much.
MR. LEHMAN:  Well, let me answer, just to 
move things along, the second question first 
because I think I know both what the working 
group has done and what the Advisory 
Committee has done, and the short answer is 
no, we haven't looked at any common carriers 
yet.
MR. BUNZEL:  In terms of the first answer of 
coordinating with other organizations, we have 
just redefined our strategic plan for an 
Intellectual Property Committee, and I can tell 
you that a key part of that plan is, on all 
issues, is identifying other interested parties as 
well as, as we begin to develop a position, the 
positions of other parties that may have impact 
on policy or legislation that will be developed.
We are already developing lines of 
communication on the ratings situation with the 
SPA and the other organizations.  So, yes, it's a 
very key part of going forward.
MR. LEIBOWITZ:  And I would just like to add 
that although Bruce and I haven't met, I believe 
I do serve on some advisory panels for the IMA 
and I do receive literature from them.  And I 
suspect we will be working more closely 
together, as we just alluded to, the CD-ROM 
recorders and there was an article in this 
week's Information World about Sony 
introducing the CD-ROM recorder for $1,500 
retail that can go right into a slot into your 
computer. So those are very troubling elements.
As far as the notion of on-line services being 
common carriers, while we can talk about that 
for a long time, my reaction is that that's an 
outrageous concept.
MR. LEHMAN:  We really have to move along, 
and one other person wants to ask a question of 
the panel.  So hopefully, we can take that 
question and then --
(Asides.)
MR. LEHMAN:  Why don't you just go to the 
microphone here, and if it doesn't come through 
on the transcript, it doesn't come through and 
I'll try to repeat the question.
(Question from audience, not on audio tape.)
MR. LEHMAN:  In the interest of -- that was 
sort of more of a statement, I think, which was 
more that the AAP, the Association of American 
Publishers, is working on this problem.  They 
are particularly interested in and concerned 
about equipment that enables unauthorized 
use and is anybody looking at that problem.
I would just say that the working group's screen 
paper does indeed address that problem to 
some degree.  But maybe if somebody has a 
very quick response or if somebody, you know, is 
about to publishing something or put a new 
Intellectual Property Coproduct on the market that relates to this, you 
might let us know on the panel.
Finally, I want to -- Ms. Dyson has one more 
question.
MS. DYSON:  Yeah, this is just kind of a sense 
of the panel.  I'm assuming that you all feel 
that what you're trying to do is have deterrence 
to copying, that you have no notion that there's 
going to be 100 percent protection.  Is that 
correct? Okay.
MR. LEHMAN:  The answer is no.  I mean, just 
for the record, we're getting an answer that, no, 
people don't have an expectation of 100 percent 
security against unauthorized copying.
MR. LEIBOWITZ:  99 percent would be good.
MS. WHISLER:  I'd settle for 70.
MR. LEHMAN:  You know, maybe what we 
could do is, if people would just indulge us a 
little bit, the members, is bring up the new 
panel and we can start right away, you know, 
as soon as they get in place.  And if anybody 
here has to leave the dais for a moment, they 
can come right back.  That way, we'll move right 
along and save ourselves 15 minutes.
MR. McCONNELL:  How will we get the 
additional questions from the panelists?
MR. LEHMAN:  We have their name and 
address we will provide that to all of us, and 
you will be able to write to them or Internet.  I 
think we may even have Internet addresses for 
some of them.  But we need that for our records.
(Asides.)
MR. LEHMAN:  Yeah, if you want to do it 
formally through the record, you can send it to 
Michael O'Neil here in our office and he will see 
that they get forwarded.  Then we'll have it in 
the official record.
I assume what we're going to do in these 
hearings is the same thing as we've done with 
others in our working group, and that is that 
the transcripts are available for public 
consumption and they will be available in about 
two weeks time as part of the process here so 
that we'll stimulate discussion for other people.
(Whereupon, a brief recess was taken.)
MR. LEHMAN:  I hate to be rude, but 
unfortunately time is limited this morning, so 
we really do need to get on with our business.
So I'd like to welcome our second panel. I want 
to thank our first panel.  We could have gone on 
for a solid day and more, I'm sure, following up 
on that.  But it does indicate, since the 
questions were very timely, that we're on the 
right track.
Our next panel consists of distributors and 
technical solution providers.  Maybe I would 
just ask the people in the back of the room if 
they could have their conversations out in the 
hall or what have you.  It would help us.
The panel consists of Jeffrey Sinsheimer, 
Director of Regulatory Affairs in the California 
Cable Television Association; Josh Groves, 
Director of Current Awareness Products, 
Marketing Department of Dialog Information 
Services; Curt Schmucker, Manager, Tools and 
Environments of Apple Computer; William 
Ferguson, Vice President of Marketing and 
Sales of Semaphore Communications 
Corporation; William Sweet, Director of 
Marketing of iPower Strategic Business Unit of 
National Semiconductor Corporation; William 
Krepick, Senior Vice President of MacroVision 
Corporation; and Robert Rast, Vice President, 
HDTV Development of General Instrument 
Corporation.
This panel will show us why it's important for 
us to be right here in Sunnyvale in the heart of 
Silicon Valley where most of these people.
You've had the benefit of seeing the earlier 
format, so why don't we start out with Mr. 
Sinsheiner.  And to the extent that we can 
obviously leave as much time for the dialogue, 
the better, so we'd like to welcome you, Mr. 
Sinsheimer.
WITNESS PANEL TWO    
DISTRIBUTORS AND TECHNICAL 
SOLUTION PROVIDERS
STATEMENT OF JEFFREY SINSHEIMER
DIRECTOR OF REGULATORY AFFAIRS       
CALIFORNIA CABLE TELEVISION 
ASSOCIATION
MR. SINSHEIMER:  Thank you.  Assistant 
Secretary Lehman, Mr. McConnell, Ms. Dyson, 
Ms. Preston and members of the public, thank 
you for the opportunity to make a presentation 
before this hearing board on the issues of 
commercial security and intellectual property on 
the National Information Infrastructure.
My name is Jeffrey Sinsheimer.  I am Director of 
Regulatory Affairs for the California Cable 
Television Association.  CCTA is a trade 
association in the state of California 
representing cable television operators servicing 
over six million California residents, cable 
television programmers and equipment 
suppliers.  As Director of Regulatory Affairs, my 
responsibilities include advising members on 
signal security issues including legislation and 
its enforcement.
My role here today is to put into context the two 
questions posed by this panel from the point of 
view of the cable television industry.  First, 
what are the system security needs of 
intellectual property providers?  And, second, 
what are the technical solutions and system 
designs currently being studied or developed by 
the private sector to deliver products and 
services via the NII?
Specifically, my comments today will relate to 
the third question posed in the notice. In 
considering these questions, CCTA's comments 
revolve around three basic themes.  First, 
security of intellectual property rights is 
currently endangered by illegal theft of cable 
television service which is over $4.7 billion -- 
that's billion with a "b" -- dollars annually 
nationwide and growing.
Second, public policy makers and law 
enforcement officials must act to stop the 
current theft crisis.
And third, government solutions that protect 
intellectual property interests should encourage 
investment in upgrading the NII and use of 
these new and improved networks by 
consumers.
Theft of cable television service is a major 
problem in this country.  While many in the 
public may view theft of cable television service 
as a technical challenge, it is in fact a crime.  It 
is a felony both under federal and state law, 
but also it deprives creators of their intellectual 
property rights to be compensated for the use of 
their works.
Section 633 of the Communications Act on the 
federal level gives power to U.S. attorneys to 
prosecute in this area.  The CCTA sponsored 
passage of Penal Code Section 593(d), which 
provides criminal penalties and civil damages 
and remedies for theft of cable television service, 
and will sponsor amendments to increase these 
crimes from misdemeanors to felonies, with 
strong support from the motion picture studios, 
broadcasters and others who distribute their 
works on cable television systems.
The Office of Cable Signal Theft at the National 
Cable Television Association estimates that 
people tapping illegally into cable television 
lines or descrambling encoded signals steal 
approximately $4.7 billion dollars annually 
from revenues that would otherwise go to 
intellectual property creators and cable 
television operators.
This figure is somewhat understated, given the 
fact that it does not include theft of signals for 
pay-per-view and other more transactional 
services that cable television operators have 
begun to provide only in the last few years.
Cable theft deprives revenues not only to cable 
television operators who are distributing 
signals, but also a wide variety of people and 
institutions which would otherwise be entitled 
to a portion of that amount.
Outside the intellectual property area, since 
cable television operators are required to pay 
local franchise fees, the loss of these revenues 
deprives local government of nearly $250 million 
dollars annually in franchise fees for the use of 
public rights-of-way.  It also forces legal 
subscribers to pay for theft and degrades signal 
quality in cable television systems.
In the realm of intellectual property theft, the 
$4.7 billion dollars includes copyright royalties 
which would otherwise be distributed to the 
producers of broadcast programming through 
mandatory copyright payments that cable 
television operators make.  It also represents 
diminution of the amounts of revenues to which 
basic cable television programmers and 
premium programmers, such as HBO, 
Showtime and the Disney Channel, would 
otherwise be entitled.
Cable television operators construct their 
systems in an encrypted manner to protect 
revenue streams, to enhance signal quality and 
to ensure the integrity of their contracts with 
program suppliers. This guarantees that 
creators receive compensation for their works for 
which they are entitled when their creations are 
distributed.
However, the marketers of computer chips to 
defeat those encrypted systems and boxes 
which contain illegal chips have had some 
success in convincing some elected officials that 
their behavior is benign.  Local law enforcement 
officials, who for the most part are strapped 
financially, have had limited success shutting 
down these types of operations.
Ironically, the thirst for illegal descrambling 
devices has made its way from advertisements 
in popular electronic magazines to 
advertisements in magazines of more general 
circulation, such as Parade Magazine, which is 
included in tens of millions of homes across 
America each Sunday.  Now we travel fast 
forward through Cyberspace and onto the 
Internet, where participants in certain forums 
advertise how to construct your own cable 
descrambler and how to defeat encryption 
systems, and how to program a chip to provide 
free access to otherwise scrambled signals.
As an example of this type of information being 
distributed on the Internet, one of the four 
major suppliers of set-top adjustable boxes has 
had its microcode disassembled and distributed 
on one of the Internet forums.  This makes it 
possible for theft of all forms of intellectual 
property transmitted on systems having those 
boxes.
This distribution of information is to literally 
hundreds of thousands of people on the 
Internet, who tend to be the most technically 
literate people.  Internet distribution of 
microcode and the publication of the availability 
of chips and methods to defeat encryption 
systems is easily comprehended by this 
audience.  This creates the potential for a 
dramatic new increase in theft of intellectual 
property.
This situation leads also to the deployment of 
equipment that runs afoul of FCC standards 
and of boxes which have lost their U.L. 
certification.
The FCC has been considering these questions 
as part of its docket on equipment compatibility 
pursuant to the 1992 Cable Act.  Under the 
auspices of the FCC, the Electronics Industry 
Association and the National Cable Television 
Association are participating in the Consumer 
Cable Compatibility Advisory Group, which is 
working on different types of systems that will 
meet the industry's different needs and deal 
with the issues of theft of intellectual property 
and theft of cable television service.
Finally, while many of these solutions may be 
technical in form, two important factors must be 
taken into account.
First, computer and video thieves have 
demonstrated their ability and propensity to 
decipher encrypted code to gain illegal access to 
intellectual property of others, and the market 
for these mechanisms will never disappear.
And, second, technology brings with it a cost 
which one hopes will not discourage deployment 
of the NII.  The upgrade of cable television 
systems to full service networks that can offer 
protection to intellectual property will force 
cable television operators into new relationships 
with the people who create video and interactive 
products.  Creators of intellectual property 
expect revenue for the distribution of their 
product.  The distribution cycle must provide 
some sort of revenue incentive for network 
builders so that they will upgrade their 
networks to enhance security.
This is not an inexpensive proposition, and the 
marketplace may provide some solutions. 
Creators may have to think about the 
distribution cycle in a new way, providing for 
earlier day and date release of video offerings, 
particularly on transactional and pay-per-view 
systems, in order to create incentives for secure 
networks to be built.
Thank you very much for your time, and if you 
have any questions, I will be happy to answer 
them.
MR. LEHMAN:  We will proceed right on to Mr. 
Groves and then we can all have a dialogue 
together.
STATEMENT OF JOSH GROVES        
DIRECTOR OF CURRENT AWARENESS 
PRODUCTS
MARKETING DEPARTMENT
DIALOG INFORMATION SERVICES
MR. GROVES:  Thank you.  My name is Josh 
Groves, and I'm with Dialog Information 
Services.
First, I'd like to say that Dialog is very grateful 
for the opportunity to be invited to this panel.  
Dialog is the largest provider of commercial 
on-line data bases to the business, scientific, 
research and academic communities.  We have 
more sources than any other service.  We have 
over six karabytes of data covering over 450 
files.
As the leading provider of high-quality electronic 
data that is relied upon by businesses 
throughout the world, both large and small, we 
feel that it's critical that the NII does not 
compromise the integrity and security of our 
data both at our site and once it's distributed to 
our customers throughout the world.
We believe that the security of electronic 
intellectual property is critical to the commercial 
success of the National Information 
Infrastructure. We believe that private industry 
will produce and select the most effective 
safeguards, both hardware and software, to 
ensure this security.
We also believe that the government can play a 
significant enabling role by providing technology 
test beds, by promoting technology exchanges 
and by helping define the current, sometimes 
murky legal areas of the electronic copyright 
protection.
And finally, we believe that the government can 
help define the requirements of what it means 
to contract electronically through on-line means.
We would also be happy to answer any 
questions when time allows.
MR. LEHMAN:  Thanks very much.
Next, Mr. Schmucker.
STATEMENT OF CURT SCHMUCKER
MANAGER, TOOLS AND ENVIRONMENTS
APPLE COMPUTER
MR. SCHMUCKER:  Good morning.  My name 
is Curt Schmucker, and I am in Apple's 
Advanced Technology Group, Department 
Manager.
Apple is a company that produces mass market 
personal computer hardware and software and 
distributes these desk top, notebook and 
personal digital assistant devices worldwide.
I am delighted to be here today to speak on 
behalf of Apple.  What I'd like to do is sort of 
make one major point, and that is to talk about 
the interaction between the technical means for 
achieving privacy controls and the business 
reality of worldwide marketing.
There exists several cryptographic means of 
enciphering data that are usable on personal 
computers.  In addition to being trusted and 
efficient and usable to non-specialists, these 
means have to be cost-effective.  And to be 
cost-effective, they have to be easily exportable.
By easily exportable, I don't mean that it's 
possible to obtain an individual validated 
license after months of negotiation with 
commerce, state and defense.  Months of 
negotiation might be reasonable if what you are 
trying to export is a multi million dollar 
computer system.  It's not so reasonable if what 
you're trying to export is a $500 Newton that 
fits in your pocket and sells as a commodity 
device.
I'd like to tell you of one sort of anecdote that 
sort of brought this home to me, of the 
difficulties worldwide companies currently face. 
A company here in Silicon Valley needed to 
protect its business communication data 
between its headquarters here and its 
worldwide subsidiaries. And so they tried to 
obtain a license to export to their subsidiaries 
some U.S. crypto gear, and they were unable to 
do so.
So having this dilemma in their business 
situation, what they ended up doing was 
purchasing Russian crypto gear because there's 
no law on the import of such equipment, and 
they use that now for their worldwide business 
communications.
I'd like very much for this sort of thing to remain 
an isolated incident as opposed to becoming a 
common practice.  And to do so, we need to 
make changes in the export controls for mass 
market devices as the NII becomes more and 
more of a reality.
Thank you very much.
MR. LEHMAN:  Thank you.
personal computeNext, Mr. William Ferguson.
STATEMENT OF WILLIAM FERGUSON 
VICE PRESIDENT, MARKETING AND SALES 
SEMAPHORE COMMUNICATIONS 
CORPORATION
MR. FERGUSON:  Thank you, Mr. Chairman.
My name is Bill Ferguson.  I'm the Vice 
President of Marketing for Semaphore 
Communications Corporation.  We're a young 
company located in Santa Clara that develops 
secure digital transmission systems and 
software for global markets.
I have prepared notes that you can get on the 
outside, and rather than read from them 
straight, I will kind of paraphrase as I go 
through. Sometimes it's useful after hearing 
other speakers, to add some comments that 
reflect on the reality of the situation.
Our products are used to secure 
communications across all aspects of the Global 
Information Infrastructure.  And every time I 
see something that reflects on the National 
Information Infrastructure, somebody's got to 
give somebody a sharp poke in the eye and let 
them know that it's growing a hell of a lot faster 
outside the United States than it's growing 
inside the United States. And when I have to 
come to panels like this and meet with people 
who haven't even had new stamps in their 
passport in the last six months for doing 
business, it's really frustrating to try and get 
people to understand the scope of the business 
that's going on outside of this country with 
relationship to secure communications.
It is a booming business outside of this country, 
and it's going to stay a booming business. And 
it's going to be driven by foreign companies, not 
United States based companies, unless 
something can be done to affect the laws that 
allow U.S. companies to compete fairly and 
openly for global business.
Our products use standard, globally-accepted 
technology such as DES and RSA. We can't get 
either one of those out of the country without an 
export license for each device and each single 
destination.  My global competitors can ship 
this stuff around, just like my friend from Apple 
suggested, without any provisions for licensing 
whatsoever.  And to make it even more absurd, 
it takes me anywhere from three weeks to three 
months to get an export license and then once 
I've gotten the export license, even with the new 
federal provisions for getting the export licenses 
in three days, as I pointed out to people from 
the Department of State, they do the courtesy of 
mailing it back to me by third class mail so it 
takes two weeks to get it back to my office.
So there's kind of a sense of urgency for reacting 
to this kind of requirement on a -- more urgency 
than we see the federal government moving 
right now.  I've attended these panels for 18 
months and we're discussing the very same 
things and nothing is moving.
I see a mark in the sand being drawn at one 
meeting.  I see the mark being erased at the 
next meeting and a new line being drawn in the 
sand closer to the goal line, your goal line, than 
the 50 yard line so that we can have a level 
playing field for dealing with these issues on a 
global basis.
The products that we make are transparent to 
the content providers.  They are transparent 
such that they will secure any material reaching 
the superhighway.  And they will keep any 
unauthorized access or any compromise of the 
data on the network.
I have a lot of sympathy for the cable industry, 
but every time we try to approach the cable 
industry with solutions, they go back to their 
preferred suppliers.  Their preferred suppliers 
are developing proprietary solutions which are 
for the cable industry only, so we've got a 
diversion of the application of technology that's 
going on right now. And the further we get away 
from each other, the less the user is going to be 
able to have a transparent device available to 
him in his home or at his office or in his home 
and his office that will be able to be used across 
all services.
The issue of globalization is really important.  
At a forum in Baltimore only about two and a 
half weeks ago, one of the speakers was making 
comments to the effect that they had catalogued 
400 companies around the globe that were 
involved in security related product 
development.  Somebody in the audience from 
Sweden jumped up and said, "Sorry, we know of 
1,200."  So the 125 companies that are in this 
business in the United States are small by 
comparison, and it's clear that having been a 
leader in this market only five years ago, United 
States companies are being severely hampered 
in the globalization issue, as my friend from 
Apple pointed out, simply because of laws 
where we have our head in the sand.
A number of us in the audience and some of us 
on the panel were at a conference in 
Washington in June when, in the middle of the 
afternoon, we asked one of the speakers about 
internationalization issues.  We asked the 
panelists and people from the National Security 
Agency if they had made any attempts to try 
and get foreign governments to accept Clipper 
technology in their environments for use in their 
countries.  You're all familiar with Clipper?
People from the National Security Agency stood 
up and said even though it's been since April of 
1993 that they announced Clipper, that they 
had made no direct initiatives to foreign 
governments with regard to the acceptability of 
Clipper technology being imported into their 
countries.
That is a terrible, terrible dilemma for an 
industry that is under control of federal agencies 
and the federal agencies are hampering our 
ability to be involved in international commerce.
Clearly, these issues cross all borders. The 
industry acknowledges the need for the law 
enforcement and national security communities 
to have their requirements served, and industry 
has stood up to the line right there with them 
and said,"Okay, let's resolve some issues.  Let's 
get on with it.  What do you want us to do.  
How can we do it?"  Okay?  It's 18 months later, 
folks, and nobody is doing anything.
Here in the United States, you have a group of 
innovators.  They are young companies and 
some very mature companies, such as National 
Semiconductor, that are developing products 
which could put the United States' industry in a 
leadership position globally to provide for secure 
communications.  We hope that the government 
will narrow its focus so that we can address 
these issues, you know, a single time, not 
repeat times before different fragmented groups 
looking at these issues.  And we look forward to 
that, and we as a market and technology 
innovator, want to stay involved at every step.  
It puts a strain on us to do it, but we've made a 
commitment to do it.
Our global partners are eager for 
accommodation on these standards, as well, 
because, as I pointed out, it is a global issue.  
It's not just a domestic issue only.
As a young company with only 25 employees, I 
can tell you that I have partnerships already 
established with British Telecom, with the 
Swiss PTT, with Cable and Wireless Dutch, 
Swedish PTT's, and I have invitations from the 
French and Japanese to participate in 
co-development projects with them, only to have 
those rejected by the United States government. 
 So we're kind of in a dilemma.  We're confused 
between do we stay here or do we move our 
operations off-shore, like to Russia, 
Switzerland, Sweden, Finland, Norway, Japan, 
India, Israel, I mean, places that would 
welcome a technologically innovative company.
We hope that industry can see a cooperative 
spirit expand and have this government lead 
the global partnerships and the global 
expansion of this business.  Thank you very 
much.
MR. LEHMAN:  Thank you, Mr. Ferguson.  You 
referred to National Semiconductor, and now we 
have William Sweet from National 
Semiconductor Corporation here.
Mr. Sweet, do you want to proceed.
STATEMENT OF WILLIAM SWEET
DIRECTOR OF MARKETING
POWER STRATEGIC BUSINESS UNIT
NATIONAL SEMICONDUCTOR 
CORPORATION
MR. SWEET:  My name is Bill Sweet.  I am the 
Director of Marketing for the unit within 
National called the iPower, little "i" for 
"information."  We're a business unit that has 
come up with a new thing -- I'm not quite sure 
what to call it; the crypto folks call it a token -- 
designed to facilitate security in moving digital 
files from point A to point B over any network, 
secured or unsecured, through any mail system, 
secured or unsecured.
We're currently building two flavors of these.  
One is a flavor built upon RSA data security, 
which is not escrow.  There's another one we're 
building for the U.S. government, which is now 
called the FortizzaCard.  It used to be called 
the PersonaCard, which is the escrowed system.
And for those of you in the audience who aren't 
sure what a token is, I assure you that you 
carry them around with you pretty much most of 
the time.  I have here one of mine, except it isn't 
mine; it turns out to be my wife's.  It's her ATM 
card.  And this is a two-factor security token.  
To make it work, you need two things:  
something you have, the token, and something 
you know, the PIN number.
Two-factor security devices are much more 
secure than single-factor security devices like a 
regular credit card where all you need to know 
is the credit card number and away you go.
These are relative new tokens.  Here is one.  It's 
built on a PCMCAA card format.  It has a little 
computer, crypto engines, and some memory in 
it.  We have designed these things to be 
impenetrable, or another word people like to 
use is tamper-proof, meaning the secret data 
that's inside the chip here that we manufacture 
cannot be extracted.  In particular, the thing 
we're protecting is the private key in the 
public/private key fair that's used in key 
exchange and digital signature.
What this little gadget gives you is the ability to 
authenticate over a 3,000-mile wire who you are 
via digital certificates, the ability to sign things 
-- I'm talking digital signatures -- which means 
if you change one bit in that thing you signed, 
the signature catches it, it's invalid.  The ability 
to make messages private through block 
encryption of your choice, presumably DES 
although BEST or IDEA or something else is 
fine with us. It's up to the user.  The ability to 
verify the message through cacheting 
algorithms, message digests, and a place to 
store transactions data.
Now, this is a card that you can use to send 
secret messages and attach digital file.  And 
that digital file that you attach can be anything 
from a two-line memo to a two-hour movie.
We also anticipate these cards being used for 
electronic commerce.  If you want to buy a 
program or any piece of intellectual property 
over several thousand miles of wire, this is the 
thing you plug, it proves who you are.  You can 
have your credit card accounts built right into 
the thing.  If someone at the other end has one 
-- and by the way, these are like modems, you 
need two, one on either end.  If someone on the 
other end has it, you can conduct electronic 
commerce.  I can buy, you can sell, and vice 
versa, all in relatively bullet-proof security, 
which brings me to Bill's point.
Since this is strong encryption technology, we 
can't export it but we can sell it and it can be 
utilized around the country.  I am assured by 
my government associates that we can export 
the FortizzaCard, which is fair since the 
government will have its fees.
Our position at this point is we're going to build 
both kinds of cards and it will be up to the 
customers as to which one they want to use.
Primarily, the market we're chasing in the near 
term is what we call data security and 
electronic commerce.  There's another one that 
we'll be chasing in another year, which we refer 
to as metering.  And that's the concept of being 
able to enable people to ship encrypted files out 
in mass media forms such as CD-ROM or, for 
that matter, down the information 
superhighway and to be able to exchange keys 
in a secure environment so people can purchase 
things like movies on demand, for example.
The difference between basic data security and 
metering is simply that the metering has much 
more sophisticated transaction processing 
capability that sits on top of the basic security.
But my role in coming here today was to let you 
know that this stuff is coming.  The 
FortizzaCards are shipping today.  The 
PersonaCard, which is the RSA compatible 
version, we'll start shipping in January.  And I 
hope all of you that are concerned about security 
will buy at least a dozen of them over the next 
ten years.
MR. LEHMAN:  That's very helpful.  I'm sure 
we'll have a lot of questions.  Thank you very 
much.
Mr. Krepick.
STATEMENT OF WILLIAM A. KREPICK
SENIOR VICE PRESIDENT
MACROVISION CORPORATION
MR. KREPICK:  Thank you, Mr. Chairman. 
Thanks for the opportunity to be here.
Macrovision Corporation is a private company.  
We're a small company.  We're engaged in the 
business of providing intellectual property 
protection to a broad range of copyright 
proprietors, namely the Hollywood studios, 
small, independent video producers, digital 
set-top decoder manufacturers, semiconductor 
companies, even some government agencies.
We sell hardware.  We sell video encryption 
systems and some pay TV scrambling type 
products.  But mostly we license our technology 
and we license video cassette anti-copy systems 
as well as theatrical video security systems and 
pay-per-view copy protection systems.
We're not directly involved with any delivery of 
Internet type services today, but we do have a 
kind of unique technology oriented solution for 
the companies that distribute video programs 
and movies, whether it's in a pre-recorded 
manner or whether it's over electronically 
transmitted media, for example, cable or 
telephone company or direct broadcast satellite 
media.
We think that our primary contribution to 
copyright security in the NII environment will 
actually be in the are of protecting digital video 
programs from being copied onto analog 
equipment, which are the existing 400 plus 
million VCR's that are in the world today.
You may not think that this is important, but if 
you talk with the studios in Hollywood and you 
talk with independent video producers, what 
they are really concerned about is not only 
digital-to-digital copying, which certainly is 
important because everyone knows you can get 
a perfect master of a video program if you go 
digital-to-digital, but they are also concerned 
over the fact that if you have a digital VCR or a 
digital video disk player, most of that 
equipment is going to have not only a digital 
output cord on it, but it's also going to have an 
analog output cord on it.
So what that means is that two or three years 
from now, people will be able to take their 
digital VCR's and they will be able to capture a 
digitally transmitted program or they can take 
a digital cassette or a digital disk and they'll be 
able to put out onto any old analog VCR a 
perfect production quality copy of a movie.
Now, that scares to death anybody who is 
producing video programs because, again, the 
threat is not just digital to digital.
The other fact that people understand is that 
those 400 million analog VCR's that are in the 
marketplace today throughout the world, they 
are going to continue to grow.  They will not be 
thrown out overnight, so there will always be an 
analog kind of hardware for at least the next 
ten years in which to capture this video 
information.  There will be analog TV sets for 
the next ten years which will display the video 
information.
We think that the copyright holders will not be 
satisfied if their intellectual property is only 
protected in the digital domain.  We also, as a 
company, we believe that consumers, however, 
do have the right to time shift free broadcast TV 
or to copy non-copyrighted material.  So we 
think that that provision needs to exist in the 
NII.  I think that most people who are in the 
video industry are aware of the 1984 Supreme 
Court decision which allowed consumers the 
right to time shift free broadcast TV. It was the 
so-called Sony Betamax case.
However, as we go forward into this new digital 
world, we believe that the copyright holders 
have the right to copy protect electronically any 
transmitted pay-per-view type programs or 
events, or any pre-recorded material.  We 
believe that that's absolutely the right of the 
copyright proprietor.
In answer to two questions that were posed in 
the NII paper, what are the video security 
needs of our customers -- and again, our 
customers are the intellectual property 
proprietors -- I think we can categorize seven 
kind of distinct needs.
First of all, they require that copyright 
protection be available for digital-to-digital, 
digital-to-analog and even analog-to-digital 
situations which may arise over the NII.  And 
that's, again, whether it's pre-recorded or 
whether it's in transmitted form.
We believe that they want to prevent in the 
United States the 200 plus million analog 
VCR's from making production quality copies of 
NII digital that comes from NII connected 
digital hardware that has analog output ports.  
If you take this on a worldwide basis, again, 
that's 400 million VCR's.
The third thing that we think that the copyright 
owners want is an economic and an accessible 
means of invoking copyright protection 
technology and that they, the copyright 
proprietors, should have the right to decide 
whether they want the material copy protected 
or not.
The fourth thing that we think is important is 
that there should not be copyright protection 
implemented which involves taxes or levies on 
the hardware or on the blank media.  This 
actually has been instituted in other countries.  
It was part of the Audio Home Recording Act of 
1992 in this country.  And we believe that that 
presents an undue burden on the consumer, on 
the hardware manufacturer and on the software 
provider.
What you are looking at are taxes that range 
anywhere between two percent and six percent 
of the value of the equipment or the media, and 
then that gets divvied out somehow amongst 
the copyright proprietors, amongst the authors 
and the creative people.  That is a tax plain 
and simple that we think the consumer 
shouldn't have to bear, and we know of 
technical solutions that would reduce that tax 
from the two to six percent range down to about 
one quarter of one percent.
So we think that copyright protection is a 
matter of economics as well as technology.
We think also that the copyright owner wants 
to be able to implement a system which is 
compatible with today's technology as well as 
future technology.  And one very important thing 
that is required -- and this where I think it's a 
combination of technology and government 
intervention -- and that is that any copyright 
protection circumvention should be made by law 
illegal.  And this gets a little bit into the 
situation with cable set-top converters, that 
people who make these devices, I mean, that 
should not be under the copyright law.  That 
should be under the federal law which makes it 
a crime, a federal crime to do that.
And the last thing that obviously is important 
for the copyright owner is that any of this 
technology be implemented and it does not 
interfere with the quality of the picture that's 
delivered to the individual's TV set.
So what is our solution for copyright security on 
the NII?  Five points.
First, we believe that on an economic basis that 
we can deploy proprietary analog copy 
protection system generators, tiny generators 
that are chips inside of digital hardware.  These 
little generators would add copy protection that 
would protect the rights owner's property in the 
analog environment.
Secondly, we believe that this proprietary 
technology should be made available on an 
affordable basis to all involved communities, 
both the hardware and the software 
communities.  We're prepared to do that, and 
again, I think if one looks at the alternatives of 
the costs of this, that our solution is probably 
an order of magnitude less expensive than any 
other legislative solution.
We will allow through our technology that the 
copyright owner can make the decision on when 
and if to apply copy protection technology.  The 
network operator or the digital hardware itself 
will respond according to the wishes of the 
copyright owner and activate the appropriate 
copy protection technology.
Fourth, we will limit our technology to only 
pay-per-view programs.  It will not be licensed 
to be used in broadcast or subscription pay TV. 
 So there, the consumer, we believe, has the 
right to do time shifting and copying.
And the last thing is that we are in the process 
right now of working with hardware companies, 
leading hardware companies, major software 
companies, trying to develop a comprehensive 
technical solution.  And we're also investigating 
what kind of legal policy, legal doctrine could be 
wrapped around that, and possibly doing 
something which is a take-off of the Audio Home 
Recording Act of 1992.
So, we believe that there is a role for 
government in this.  We believe that there is a 
role for technology.  We believe that industry 
participants need to work together to make this 
happen.  Thank you.
MR. LEHMAN:  Thank you.  Maybe we can 
move right on.  Mr. Rast is our last presenter.

STATEMENT OF ROBERT M. RAST
VICE PRESIDENT, HDTV DEVELOPMENT
GENERAL INSTRUMENT CORPORATION
MR. RAST:  I'm Bob Rast.  I'm with General 
Instrument Corporation.  We're a leading 
supplier in the broad band communications 
industry.  We're a leading supplier in cable, and 
we relate to Mr. Sinsheimer's remarks.  And 
we're also a leading supplier of technology in the 
satellite industry that scrambles video signals 
for delivery to cable systems as well as direct to 
home.  And those experiences give us the basis 
for the remarks we want to make.
In addition, we're a leader in HDTV and digital 
video, so digital television as it's emerging is of 
great interest to us, and that's going to be very 
important to the NII.  And in fact, at a 
conference sponsored in part by the IITF, on a 
workshop on digital video in May, there were 
two findings.
One is -- two of the findings were that digital 
video is likely to set the maximum bit rate 
requirement for the NII, and it agreed to a goal 
that video should be carried on the NII as easily 
as the telephone network now carries voice.
So from these experience and our interests, we'd 
like to say that, first, no matter how strong a 
security system is, it's going to be compromised 
if it is protecting material of high value.  And 
certainly, the value relates to the size of the 
audience.
The security must be renewable.  And just by 
virtue of being renewable, that helps to inhibit 
attempts at signal theft.
Government policy must not hamper the 
development of numerous sponsors to signal 
theft, and the goal is to respond quickly to 
signal theft and the deployment of new forms 
and methods of security.
We believe that a single, uniform national 
security standard is dangerous.  It weakens 
securities because it aggregates the properties 
in one place and gives attackers a single target. 
 We also think it stifles innovation that is 
needed to stay ahead of the attackers.
We believe that published open security 
systems tend to weaken  security, and any 
unbundling or open interface requirements 
should be limited to functions that pose no 
threat to the intellectual property of the 
programmers and information providers.
We want to say that we believe the decisions on 
security technology are best made by the people 
with the most incentive to protect the 
intellectual property, and those are the rights 
owners rather than government agencies.  While 
software based security may be adequate for 
some applications, hardware based security 
may be needed for others.
Our experiences in the satellite industry were 
somewhat humbling to us.  There was a point 
in time in which perhaps as much as 70 percent 
of the home satellite dish systems had been 
modified to steal programming, and it took us 
years to overcome that problem by switching out 
the security and going to what is now a 
renewable system and it cost us tens of millions 
of dollars.  So we really urge everybody to be 
very cautious about your assumptions.
There's been discussions about other areas in 
which pirating is rampant.  There's no question 
that's a problem.  We make an observation that 
the international nature of all this helps to 
contribute to the problem partly because of U.S. 
export control laws, but also in the area of 
programming, recognizing that rights are sold 
on a country-by-country basis.  And so when you 
beam satellite signals down to U.S. households, 
those beams spill over into adjacent countries.  
And if the rights aren't available, the only way 
those people can get those signals is to steal 
them, and there's a tremendous economic 
incentive on their part to break your system.  
We've got to learn about that.
So we're concerned about the significant profits 
that can be made from illegal interception of 
intellectual property, and we know from 
experience there's some very sophisticated 
attackers out there.
We want to caution you all that security is not a 
one-size-fits-all product.  Different techniques 
are needed for different types of products.
We're a little bit concerned that in the NII, 
some people will think bits are bits and that 
one solution is adequate.  We don't believe that 
at all.  We think that the solutions have to 
relate to the type of product and the size of the 
audience.
I will point out to you that broadcasting of 
entertainment videos is fundamentally different 
than point-to-point transfer of data files.  The 
mass audience creates a very high incentive for 
piracy and justifies a higher level of security.
Further observe that the communication 
systems are built in layers and we need to 
think about security at different layers and it's 
not necessarily a single security system on a 
single layer.  It provides for the whole system.
And along the lines of concern about government 
intervention, we would just observe that we 
have some experience with the FCC, that we 
feel that those concerns are valid.  The FCC is 
talking now, for example, about prohibiting 
scrambling of something called a basic tiering 
cable.  While that may seem to be in the 
consumer's interest, if you're an intellectual 
property holder and if that leads to an increase 
in piracy, was that a good idea or would that be 
a good idea?  And is that the kind of thing that 
the government really ought to be trying to do? 
Should it get involved in how the security of 
intellectual property flows like that by 
restricting the ability to provide that security?
Some of that intervention seems to almost get 
trivial to us because we're involved in a 
situation where there's a discussion of providing 
limits on remote controls, but in fact a remote 
control itself only costs $20.  I mean, we're not 
talking about something that's really expensive 
for consumers, but perhaps that's getting into 
too much detail.
So with that, I'd like to summarize just by 
making the points that we believe that security 
is critically important in the NII if intellectual 
property owners are going to be induced to offer 
their products.  And that's the key.  Will they 
offer their products and will the security justify 
it?
The security is going to have to be able to be 
improved over time.  It's going to have to be 
renewed, and it will be under attack.  Any 
standardization of security testing weakens it, 
so we should be careful about that.  And we're 
concerned about the unintended consequences, 
unintended negative consequences of 
government intervention.
Thank you.
MR. LEHMAN:  Thank you very much.
Now we can open it up to questions, and why 
don't we start this time with Ms. Preston.
MS. PRESTON:  Thank you.  We've talked 
about tracking usage along the network.  Will 
we be able to in the future track content?
MR. FERGUSON:  From what perspective?
MS. PRESTON:  Suppose that you have a book 
out there and it's really compiled by several 
authors.  And you know that someone is down 
loading that book, but do you know what part 
of it that they're down loading, the content that 
they would be down loading?
MR. SWEET:  That's possible if you encrypt the 
book in separate segments and put a number 
on each segment.  Then you can sell access to 
those segments, or the decryption keys, if you 
will, segment by segment.  It depends on how 
you parse your product.
MR. FERGUSON:  You've got to be able to 
identify it at the level of granularity that you 
want to identify it.  And once you set up that 
level, you can control distribution of content 
down to a single word.  I mean, they do it now 
with credit card PIN numbers.  It can be as big 
or small as you want to, as long as you can 
define, put a boundary around what it is you 
want them to be able to have access to.
MS. PRESTON:  One of you spoke about 
tracking video signals.  Can that same be 
applied to audio?
MR. FERGUSON:  It's going to be digital. By 
the time all this stuff works, it's all going to be 
digital signals and it will all be the same.  And 
you can track it and you can license it in those 
same parcel segments.  We don't care whether 
it's video or data or voice.  Once they're digital 
signals, they're digital signals and you can treat 
them with similar technology.
MS. PRESTON:  I would also like to say that I 
was very much concerned with Mr. Ferguson's 
comments and I hope that they're being 
forwarded to the proper authorities, because --
MR. FERGUSON:  Oh, we talk to them an 
awful lot.
MS. PRESTON:  Maybe Mr. Lehman can put 
some power behind it.
MR. LEHMAN:  Well, let me say, you know, the 
Department of Commerce has historically, even 
in previous administrations, been a very strong 
proponent to reduce export controls, and we are 
also in this administration also.  And we're 
fighting that battle.  Unfortunately, the 
permanent National Security establishment in 
the United States seems to think they know 
what's best for all of us.
MR. FERGUSON:  We got the Cantwell 
Amendment to the Export Administration Act 
through the subcommittee, okay, only to have it 
go to the House Intelligence Committee where 
the House Intelligence Committee stripped it off 
after they had a closed-door hearing with the 
National Security Agency, only to have the 
people who attended the House Intelligence 
Committee come back to us and say that, "We 
were told that you guys in industry were lying." 
 Okay?
MR. LEHMAN:  Well, we don't -- this is an 
issue, it's interesting.  I think the twist here in 
this hearing is that it even has an relationship 
to intellectual property.  So we certainly can 
take -- I think we can all follow up on that and 
see what we can't do to look at it in this 
context.  It's just another element.
Do you have something you wanted to say?
MS.  PRESTON:  No, nothing further.
MR. LEHMAN:  Ms. Dyson.
MS. DYSON:  Yeah, I just want to follow up on 
this one bit more, although it's probably not our 
major focus, which is those of you who are 
developing encryption technologies, are you 
actually starting up operations overseas in 
order to do the development there and will you 
then license it back to the U.S.?
Bill, you mentioned that, sort of, in National 
Semi and so forth.
MR. SWEET:  At this stage of the game, all of 
our development is domestic.  And frankly, 
we're not -- we don't know how, having once 
invented it here, we can legally export the 
technology.  It's not only prohibited to export the 
product, but you can't export the technology 
either.
MS. DYSON:  But couldn't you start new 
development overseas?
MR. SWEET:  Certainly, we could, although 
there is a presumption of -- I'm not sure what 
the right word is, but I'm told that if we develop 
-- let's say we had a subsidiary in Scotland or 
some other place.  If they were to develop the 
technology --
MS. DYSON:  Too similar.
MR. SWEET:  -- that were controlled and were 
similar, there's a presumption of leakage, which 
means that we're not too motivated to do that 
because we may end up right back in the same 
problem we're in now.
MS. DYSON:  So is this like Russia where 
somebody would not be allowed to emigrate 
because he might be carrying not state secrets 
but munitions secrets?MR. SWEET:  Well, it's worse than that in one 
sense, and that is that there are no prohibitions 
to importing this stuff.  There are only 
prohibitions on exporting it.  And only if it 
works.
MR. FERGUSON:  And you never know until 
you have undertaken the effort and you have 
made the investment because until it's there for 
them to take act on, okay, their list isn't 
complete enough with Customs and 
Immigration to know that Bill Ferguson is 
leaving the country and he may be leaving with 
secrets.  Once they start to see development 
going on over there, they will say, "Oh, Bill 
Ferguson is developing secrets.  Let's go get Bill 
Ferguson and throw him in prison and fine him 
so that he can't develop secrets anymore."
Okay?  So it's post facto, no pre facto that the 
implications come down on you.
MR. LEHMAN:  If I could just define how that 
issue relates to this.  I think what we're saying 
is that the marketplace -- we're hearing 
testimony that the marketplace is likely to 
produce a situation in which encryption devices 
now presently prohibited from export under 
export control regulation will be increasingly 
demanded by content providers in this country, 
and that to the extent that those export controls 
remain, that, one, either content providers will 
not have the encryption that they need to fully 
maximize the use of the information 
superhighway, or two, they will contract to 
foreign providers for that technology.
Is that a fair characterization?
MR. FERGUSON:  That's correct.  The other 
thing that we're doing, Bruce, is we're 
developing the technology that can recognize 
what the receiver has for capability, and we will 
then take and bring it down to the lowest 
common denominator and allow that to happen 
so that we aren't violating export laws and he 
can have something that he acquired in a 
foreign location.  And therefore, we haven't 
broken the laws in either country, okay, but 
we've given him access to the technology that's 
available in each of those countries.
We have to do that in order to simply survive in 
our business.
MR. SWEET:  Bruce, I'd like to add a comment, 
and that is the encryption technology that we're 
building, RSA and DES, aren't exactly secret. 
They're published, they're in textbooks, they're 
known around the world.  So we're not -- as far 
as I can see, we're not really protecting anything 
by these export laws.
MR. RAST:  Yeah, I just think you have to 
expand that a little bit and also add that to the 
extent that the failure to be able to export the 
technology inhibits intellectual property 
providers from making that property available 
because of inadequate security in other 
countries, that encourages piracy because they 
then want to attack the system you have in the 
U.S.  And it makes the security not last as long, 
and so it actually comes back around and hurts.
MR. FERGUSON:  What you're finding is some 
of the major computer and communication 
companies sourcing the technology outside of the 
United States right now and integrating it into 
their products because they can invent and use 
it over there and invent and use it over here and 
it's the same technology.  And they don't have to 
worry about it crossing borders, hence no export 
issue.
MR. LEHMAN:  Did you have something?
MR. McCONNELL:  I'd like to get some 
discussion going on the point Mr. Rast made 
about how that published, open security 
systems lower security because one of the 
problems, obviously, that's arisen with respect 
to the algorithms used by the government 
proposed security is that those are secret 
algorithms.  So there's no way for anyone to 
validate other than some mathematicians who 
looked at it but then couldn't tell you anything 
about what they saw, how solid the security 
was.
So how do you reconcile this ability of -- if you 
have secret or proprietary security mechanisms, 
how do you convince the customer that it's 
strong security?  And, Mr. Rast, if you have 
other comments, I'd be interested in hearing 
them.
MR. RAST:  Sure.  First, I just would comment 
that it's one of a number of factors and you have 
to weigh all the factors when you make your 
decision.  So it certainly may be appropriate in 
some cases that one make it open, but that 
weakens it by doing it.
Now, the issue of how you convince your 
customers relates somewhat to your reputation 
and your ability to demonstrate the security.  
But the question is, do you hand the blueprints 
to people when you invite them to attack your 
system?  And our answer is you don't hand the 
blueprints to people because you just made your 
situation more difficult.
MR. McCONNELL:  Do you take liability 
responsibility for the security that you develop 
so that people are protected in that way?  Do 
you give them more confidence in doing that?
MR. RAST:  Well, that's one of the big issues, 
and clearly we do take liability in the case of 
the satellite industry.  We took the liability of 
replacing all the hardware.
You know, you can get into the issue of what is 
the liability for the lost revenue on the property, 
on the content, and I don't know that that's 
ever been resolved.
But the whole issue of who should be liable, you 
know, if the government sets their standard, 
what is government's liability then for breakage 
of that standard?  We think that's an issue that 
ought to be addressed.
You know, certainly we have to address the 
issue with our customers.
MR. SWEET:  I'd like to comment on that issue, 
too.  There is currently a raging debate within 
the industry on the question of published 
security algorithms versus secret ones, and I 
would characterize the schism as the cable folks 
like the unpublished algorithms and the 
computer folks like standardized algorithms.
So I would disagree with Mr. Rast on that. I can 
understand that it may be more secure from the 
point of view of the guy who invented it to not 
let anybody know how it works, but if we're 
going to have an information superhighway and 
electronic commerce as a way of life for millions 
of people, it seems to me there's going to have to 
be a standard. And if there's a standard, it's 
going to have to be a standard that thousands 
of companies understand and use.  And I don't 
know how you can do that and have it be a 
secret at the same time.
So I think the computer industry is going to 
push for standard published algorithm, and I 
can't speak for the cable industry, but I 
understand where they're coming from.
MR. FERGUSON:  Let me give you, if I could -- 
Bill Ferguson again -- let me give you a sense of 
proportion.
When they invented the data encryption 
standard, that which is now accepted by bank 
and financial institutions around the world, 
what their computations showed them was that 
if you could do a million calculations a second, 
that you could break a DES key in 222 years.  
Okay?
Now, there have been developed numbers of 
ways to attack it since that time, but there has 
been no repeatable mathematical formulation 
that will always give you -- so now with super 
computers and multiple processors and things 
like that, they can break them pretty fast, 
three, three and a half weeks.  So the quality of 
your -- or the information that you're trying to 
keep private is pretty important.
And if you take and extend the key length -- 
we're limited, that's with a 56-bit key.  If you 
extend the key length, you can take and you can 
exponentially increase the length of time that it 
would take to break that key.
Now, the skipjack algorithm that was 
supposedly 16 million times stronger than DES, 
that was only the difference between a 56-bit 
key and an 80-bit key.  So all this issue by the 
government saying, "Hey, we just invented 
something that's 16 million times stronger than 
DES," is just that much BS, because when DES 
was originally created it had a double-length 
key, or 112 key.  But the government, the 
National Security Agency only allow it to build 
products using a 56-bit key.
And DES is published -- I mean, I'll give you an 
example.  We build products that use standard 
off-the-shelf DES chips from VLSI.  We have just built our own that's five times faster than 
that chip, okay?  So the technology is there and 
it's ready to use.
There is software published on the Internet 
from all over the world that is available and you 
can put into products and ship it if you can get 
approved.  But one of our business partners 
went to the National Security Agency with one 
that they had pulled down off the Internet that 
was from Russia, and the National Security 
Agency refused to let them take that version of 
DES done in software and implement it in a 
hardware product because of the methodology it 
used to do the DES processing.
So, I mean, you've got these widely diverging 
points of view in the government intervening, 
okay, on the same technology, and it seems to 
be without a lot of discipline.
MR. LEHMAN:  I'd like to ask a question 
directly going to intellectual property and its 
interface with encryption technology.  And that 
is that we've heard the discussion about what I 
would call electronic enveloping, that is, 
encrypting the work so that it can only be 
opened with the kind of key that we heard Mr. 
Sweet describe.
We've heard discussions of what I would call 
metering of the uses of works.  But one of the 
big concerns to intellectual property rights 
owners is the concern that really is reflected in 
the digital audiotape legislation.  And that is 
that there is sometimes a need -- and it was 
also reflected to some degree in Ms. Preston's 
discussion.  That is, once an authorized copy of 
a work has been delivered to a given user, and 
let's say that they have one of Mr. Sweet's keys 
and they have opened the envelope and then 
they continue to use it.
What is the capacity or is there any 
technological capacity at that point to then 
somehow or another limit the right of that 
person to get right back on the Internet with 
that work and then distribute it to their 2,000 
closest friends?  Or at the moment that the key 
is used, does then the work become available to 
anybody?  Is it possible to monitor its use?  Are 
you completely in the public domain area at 
that point?
MR. SWEET:  Well, I think we have a partial 
solution.  We can't prevent people from 
republishing -- I'm not sure what the right word 
is, but --
MR. LEHMAN:  That's a good enough word.
MR. SWEET:  Okay.  In order for them to 
consume it, they're going to have to have it in a 
form that's usable.  So we can't -- I don't know 
how we're going to be able to keep them from 
republishing it.
But remember, digital files all have headers.  
And in that header information there's a lot of 
data about this file that comes right behind the 
header, including whose it is.  And there have 
been a number of folks who have suggested that 
we can put fingerprints in the headers such that 
maybe at best we'll get an audit trail, so that if 
it gets republished, unless the republisher is 
technically very swift and knows how to strip all 
of that out, if it's a casual republisher, Mr. 
Average Consumer, we ought to be able to have 
an audit trail to find out where that thing 
started out.
And if we build the metering software schemes 
properly, we could add -- at each step of the 
transaction, we could add the identity of each of 
the members of the distribution chain.  In other 
words, the wholesaler, the retailer, et cetera.
But that infrastructure has yet to be built.  It is 
technically possible to build it, however.
MR. FERGUSON:  We do something called 
authentication, and it's possible in the 
proprietary part of the authentication message 
gram, whether it could be retransmitted or not. 
 And then to have the technology that's 
interpreting it to flow back on the network to 
see that this is not retransmittable and hence 
drop it on the floor and not let them push it out 
the door.  That is very possible to do.
MR. KREPICK:  Bruce, I think the point is, 
though, on that, I think it does require what's 
probably called a bilateral technical solution 
where the hardware itself has to meet a certain 
standard and so, you know, there is some sort 
of check and balance between the hardware and 
software.
And I think that's -- that's the problem that's 
always been wrestled with, at least in our 
narrow portion of the business on video 
cassettes, that, you know, the hardware 
manufacturers in the video industry have never, 
at least up until now, been willing to cooperate 
to that extent.
We have a very interesting position in the 
industry because, you know, our customers are 
the intellectual property providers, but our 
technology has to work with the hardware.  And 
in many cases in the past, it's benefited by 
certain design standards that the hardware 
people have implemented.
But what we're seeing is that there is at least 
now a growing recognition on the part of the 
hardware manufacturers that they have to play 
this game.  And I mean, this is where the 
government, I think, as much as many of us 
may have reservations about what the 
government can accomplish, that if there are 
standards that are set for the hardware to 
accommodate some of these software designs, I 
think that then there may be a solution.
But I don't think you can do it just with 
software alone.  I think you're going to have to 
have those standards implemented in the 
hardware side.
MR. LEHMAN:  We have a couple of people in 
the audience who would like to ask questions, 
and maybe it would be a good to take a little 
break and ask them to come forward at this 
point.  Not a break in the proceedings, but why 
don't you come forward.
(Asides.)
MR. LEHMAN:  Oh, I think we have two people 
that have -- and we're going to have to -- what 
I'd like to do is to conclude the hearing about 
12:15 because I know at least two other people 
besides myself have to get to the airport.  I'll 
risk missing the plane, but I can't ask my 
colleagues to do that.
I guess the two people don't have questions, or 
they do?
MS. CAPELL:  I'm Joyce Capell, and I'm a 
network security engineer for Lockheed Missiles 
& Space Company here in Sunnyvale.  And we're users of the NII.  Not only that, but we're 
looking at high-speed networking and the kinds 
of applications that we, as a provider, are going 
to be using.
I am the project leader of an ATM trial under 
the CALRAN project through Pac Bell.  We're 
going to be showing applications at ATM 
networks.
We're very concerned about protection of data as 
it traverses these high-speed networks. Part of 
the CALRAN project is dealing with imaging for 
medical, and everybody knows that that's an 
area in aerospace but it's also an area -- we're 
doing distributed interactive simulation over an 
ATM network.
We're actually going to be testing two prototype 
encryptors as part of that.  And one is 
proprietary data and the other one is an MSA 
prototype for ATM encryption.
Encryption is really a concern of ours, but we 
look at the proprietary areas as being the big 
question mark because of the issues raised 
today.  And we want to know if there's going to 
be some standards that industry can follow.  
We want to know if the type of encryption 
technology that we'll be encrypting high-speed 
networks is going to be something that we can 
count on in the future.
Should we produce it?  If we produce it, what 
kind of standards can we adhere to?  This 
seems to be a whole area of questions.
And we also want to know how this kind of 
technology will be integrated into firewalls. 
Currently, we protect our networks with 
firewalls. We don't see any integration of 
encryption technology, intrusion detection and 
other systems being incorporated into 
something that gives a unified approach to 
network security.
MR. LEHMAN:  Do some of the panelists -- 
that's quite a heavy-duty list of questions.
MR. FERGUSON:  We certainly are empathetic 
to your need and your testing an ATM.  What 
capacity ATM lines are you planning to use?
(Speaker away from microphone.)
MR. FERGUSON:  I'm sorry?  155 megabyte. 
Yeah, one of the problems you have is that 
encryption technology right now has a difficulty 
running that fast, and except for our main 
competitor, the National Security Agency, okay, 
having product available, and we certainly 
compliment them on their inventiveness.
Companies like --
(Speaker away from microphone.)
MR. FERGUSON:  Yeah, we've noticed that, 
okay.  But one of the issues we run into is this 
capacity issue.
And some of the other points that you've made 
is, yes, the vendors are working very diligently 
in the communications equipment business. We 
have all heard all of those messages.  Our 
development cycles are about 18 months long 
and we've got problems beyond the 
standardization on encryption technology.  
We've got problems with standardizing on the 
electronics which allows us to interconnect to 
those devices because most of that stuff is 
individual right now.  Company A's products are 
only used by a very small group, but Company 
B's by another small group.
And somehow we've got to have standard chip 
sets available for interconnecting this stuff. 
Otherwise, what we do could be limited to only 
being used with this test thing and then when 
it gets out into the marketplace, we'd have to go 
back and reengineer it.
So, that is kind of a problem we're facing right 
now.  And with the band widths going up as 
rapidly as they're going up, we've got a lot of 
work in the silicon area that will get devices 
that will work that fast, because we have to 
have a lot of intelligence in our devices so that 
means we need very fast processors available in 
addition to just being able to process the 
encryption very quickly.
MS. CAPELL:  Yeah, but there's an additional 
problem, and that is that if you're talking about 
encryption over traditional networks, you know, 
in a packet switch environment, that's one 
thing.  When you go to switch virtual circuits on 
ATM networks and you want to have key agile 
devices that can actually take, you know, a 
switch virtual circuit and encrypt it at a 
different level, you know, I mean, these are 
some of the issues.
So I think that --MR. FERGUSON:  What you should do is give 
me your card, okay, and we'll be happy to talk 
to you about how we're approaching those kind 
of subjects, because our customers and our 
partners are some of the biggest carriers in the 
world and they have all asked us to address 
those issues.
And it's going to be a serial process of getting 
there on these high-speed networks, but we are 
starting to address them on low-speed 
networks.
MR. LEHMAN:  Perhaps we can take the next 
question now because we're losing more than 
one person on our panel.  But this is a sort of 
forum where we can exchange our business 
cards and we can communicate and Internet 
addresses, if necessary.
MR. TUCKER:  My name's Rich Tucker, and I 
have concerns sort of the opposite.  If there's a 
great focus on being able to track everything, is 
there also a recognition there's lots of stuff 
which we should not be capable of tracking?
To me, that's critical because if someone 
publishes, say, an article or posts an article 
that's, say, critical of the Gulf War, can I go 
back and track everyone who searches or reads 
that and put them on a public enemy list, or 
potential public enemy, and go back and find 
out how many articles that person or that group 
of people have been checking out so that if we 
have another problem like the Vietnam War, 
that I can have the government go through and 
guarantee that we can track down every one of 
these individuals.
I mean, an aspect of why the anti-war process 
in the Vietnam War was successful is that 
many people in that didn't even have driver's 
licenses and the government did not know who 
they were.  And this technology will put a 
complete end to that.
MR. LEHMAN:  The issue is the relationship of 
privacy to this technology, but I'd just try to 
characterize this as an intellectual property 
connection as well because presumably at the 
outset, when a person has -- the author of any 
work has the -- you know, whether it's an article 
that you wrote or anything else, starts out 
writing it themselves, presumably in their own 
handwriting or on their own PC or what have 
you, then they would presumably be able to 
select the electronic pathway that it would take, 
which could be a pathway that would permit 
tracking or not.
That would be my impression as to what is 
going on here, and perhaps the panelists can 
answer that.  One pathway might be a fiber 
pathway; another pathway might be a different 
kind of a pathway.
MR. SWEET:  I don't think there's anything in 
the technology that will compel people to 
identify themselves.  And there ought to always 
be, in any of these mechanisms, an anonymous, 
to-whom-it-may-concern addressing capability.
It seems to me this is more of a political 
problem than a technical one because in order 
to force people to identify themselves, we're now 
out of technical and into something else.
MR. TUCKER:  The point I'd like to make is 
that if there is a focus and a concentration on 
the needs of people to have complete tracking, 
they don't realize that the law of unintended 
consequences says that, for all intents and 
purposes, you have destroyed right of private 
personal association and innumerable things 
like that.
MR. FERGUSON:  Well, free speech, I mean, 
it's a First Amendment issue, clearly.
MS. DYSON:  I just want to comment.  On the 
full council, we're looking at this very carefully 
and we're well-aware of this unintended -- or 
intended consequence.  And I'd be happy to talk 
to you later.
MR. LEHMAN:  Since we -- are there any other 
questions that we have?  I really want to thank 
the panel.  This is a really good panel.  I think 
that we've got some experts we can come back 
to and discuss things as we move along, and I 
really appreciate it.
I want to again thank the City of Sunnyvale for 
providing us with this facility.  And I think the 
excellence of this panel shows how much brain 
power we have right here in this Silicon Valley 
to deal with these important issues that we're 
struggling with.  Thanks a lot.
(Whereupon, the public hearing was concluded 
at 12:15 o'clock p.m.)  
 

Last Modified: February 1995