Declaration of Matt Blaze
in Felten v. RIAA (Aug. 13, 2001)
Grayson Barber (GB 0034)
Frank L. Corrado (FLC 9895)
(Additional Counsel listed on signature page)
IN THE UNITED STATES DISTRICT COURT FOR THE DISTRICT OF NEW JERSEY
I, MATTHEW BLAZE, of full age hereby declare:
1. I am a research scientist at AT&T Laboratories, where I study the use of cryptography in computing and network security. I am also an Adjunct Associate Professor of Computer and Information Sciences at the University of Pennsylvania. This declaration is made on my own behalf, however, and does not necessarily represent the position of my employer or any other party.
2. My research focuses on the architecture, design, and analysis of secure systems and on discovering new cryptologic techniques. A significant part of this work centers around identifying weaknesses in existing systems and designs.
3. I have discovered weaknesses in a number of published and fielded security systems, including, in 1994, the protocol failure in the U.S. Government's "Clipper" key escrow system that led to its abandonment.
4. In 1995, I invented the field of "trust management," a unified approach for specifying and controlling security policy in complex distributed systems, and I lead the KeyNote project at AT&T Laboratories, which focuses on new trust management languages and applications.
5. My research has resulted in a number of new cryptological and security concepts, including Remotely-Keyed Encryption, Atomic Proxy Cryptography, and Master-Key Cryptography. Other research I have done has been influential in network-layer encryption (for example, I co-designed "swIPe," a predecessor of the current encryption standard for protecting Internet traffic) and computer file system encryption.
6. I have testified before Congress several times on encryption and computer security policy and have led and participated in a number of public-policy panels and reports. I hold a Ph.D. in computer science from Princeton University.
7. I am active in the review and evaluation of current and proposed research papers in the areas of computer security and cryptology, having served on numerous conference program committees, having reviewed many proposed papers, and having served as a technical journal editor. For example, I am the program chair of the 2002 Financial Cryptography conference, and from 1999-2000 I was a member of the technical editorial board for the journal Cryptologia.
8. The study of the design of secure computing and communication systems is necessarily a broad one, encompassing a range of mathematical, computer science, and engineering disciplines. This is because security in any particular application might depend on the soundness of many different components as well as the manner in which these components interact with one another. Vulnerabilities can, and frequently do, arise from weaknesses in cryptographic algorithms and protocols, incorrect assumptions about the nature of attack threats, poor overall design, programming errors, operating system bugs, human factor and user interface problems, and installation errors, to name but a few.
9. Unfortunately, although some advances have been made in the use of rigorous mathematical techniques to prove and verify the security of some aspects of a system's design, there is not yet any systematic way to be sure that a proposed system or design will be secure in practice. Exploitable vulnerabilities are often discovered in proposed designs and in systems in actual use. Worse still, security is often quite "fragile," in the sense that even very small and seemingly innocuous changes to a secure design or implementation can introduce critical and non-obvious new weaknesses that can compromise an entire system.
10. A significant focus of ongoing research, therefore, is and must be concerned with evaluating real-world security systems in an effort to discover whether they are, in fact, as secure as their designers wish them to be. Case studies of proposed and existing systems and standards form the essential basis for this research.
11. It is only by a thorough understanding of how real systems fail in practice that we are able to develop design principles for more secure systems in the future. Because there are no systematic techniques for ensuring the correctness of most aspects of secure systems architecture, research toward discovering vulnerabilities in systems as they are actually designed and implemented is absolutely essential for the advancement of the field. Scientific progress in this discipline necessarily depends upon the exploration of computer system weaknesses and the publication of the knowledge learned.
12. Research results on vulnerabilities in existing and proposed systems can often be generalized to apply to other designs. The impact can be far-reaching and can sometimes mean that broad classes of systems previously thought to be secure have to be abandoned or re-engineered. For example, around 1990, two Israeli scientists, Eli Biham and Adi Shamir, discovered a technique, called "differential cryptanalysis," that could be used, in theory, to more quickly "break" messages encrypted under the US Government's Data Encryption Standard. Their technique turned out to be applicable to most of the publicly known secret-key block cipher algorithms in existence at the time. The results of this research were dramatic: many algorithms previously thought to be secure had to be abandoned, but new algorithms were from then on designed specifically to resist the technique. Research leading to such results is not condemned or discouraged for its potential short-term disruptive effect by the scientific or academic communities. On the contrary, such work is universally admired and valued for its essential contribution to our knowledge of how to design good systems.
13. It should not be surprising, as paradoxical as it may seem at first blush, that researchers and other scientists who study security and privacy customarily embrace and value openness and wide publication even of results that expose vulnerabilities. Such publication represents the natural advance of knowledge in a relatively new field of scientific study.
14. Security researchers are drawn from many different disciplines, come from a wide range of backgrounds, and enjoy a variety of employment situations. Some are mathematicians, others are computer scientists, while others come from other engineering and science fields or from different areas entirely. Many hold advanced degrees, and a significant number are employed in a traditional academic environment. Many work in commercial and government research laboratories, while some hold employment outside the traditional research environment. It is not uncommon for students and non-academics to make significant contributions to the field. The set of individuals with a legitimate need to test systems for vulnerabilities and publish their results is not at all limited to those holding academic credentials or advanced educational or professional status.
15. Security researchers, like all scientific and engineering researchers, necessarily rely on open publication of the knowledge learned as the means for communicating with one another and for measuring progress in the field. Publication customarily occurs across a variety of venues and forums, including refereed journals, peer-reviewed conferences, workshops, public lectures, "work in progress" talks, issuance of technical reports, and over the Internet and email discussion groups. Researchers are judged, and advance professionally, largely based on their publication records. Other scientists depend upon having access to other researchers' results to evaluate and build upon the existing base of knowledge. Many scientists have come to depend upon the Internet as a primary mode of distribution because of its speed, low cost, and global reach.
16. Research papers on security vulnerabilities often reveal details as to how weaknesses might be exploited. This is because such papers, like all scientific publications, are expected (by reviewers, editors, and readers) to contain enough information to allow other scientists to duplicate, verify, and improve upon the results presented. The demand for rigorous and repeatable detail is hardly specific to the security research community; indeed, this is an essential part of the scientific method and is what allows progress to be made and errors to be detected. Withholding details sufficient to allow all claims to be reproduced independently would generally render any paper unsuitable for scientific publication, no matter how laudable the reasons for the omission.
17. Any prohibition of open discussion and publication of security vulnerabilities therefore greatly harms the ability of researchers in several areas of science and technology to function, and indeed has a chilling effect not only on publication, but on whether certain very important research is even done in the first place, greatly stifling scientific advancement.
18. Publication restrictions only encourage vulnerability research to go overseas and underground. Discouraging aboveboard, open research in legitimate institutions leads to a situation where the people who enjoy the most complete knowledge of the subject are those working unlawfully in the underground. Criminal organizations already have obvious incentives to learn how to defeat security measures. The question is whether the open scientific community and the public will be permitted to study, learn from, and fix the same vulnerabilities that are visible to criminals.
19. Provisions of the DMCA are particularly troubling here. Despite what the drafters of the DMCA might have intended, the practical and negative effects of the DMCA on security and cryptology research can be far broader than one might first expect, reaching far beyond copy protection.
20. There are strong interrelationships among problem domains in security, and results from across the spectrum of security research can potentially be applied to copy protection systems. Conversely, it is entirely possible that a study of vulnerabilities in some copy protection system could lead to a more general result that applies broadly to other areas of security research and that would advance the field significantly.
21. Because of the DMCA, I am reluctant to continue engaging in the study of vulnerabilities in existing and proposed security systems, despite my having previously enjoyed a number of successes with my research in this area. I fear that I would be unable to publish my work in a timely and relevant manner, should any results I discover happen to be applicable to copy protection systems. Professor Felten's case provides a stark and worrisome example of the chilling effect that I face since the enactment of the DMCA.
I declare under penalty of perjury that the foregoing is true and correct and was executed at _________________on this the ___ day of ________, 2001.
______________________________ Matthew Blaze
Attorneys for Plaintiffs
Please send any questions or comments to firstname.lastname@example.org.