CS338 Computer Security
Friday, 13 May 2022

+ Questions

+ Readings: copyright & digital content
- What was the DMCA trying to do?
    - Protect rights-holders for digital content
        (authors, film-makers, etc.)
    - Protect platforms from their users' copyright infringement
- TPM (technical protection measure)
    - password-protected access to TV shows
    - tractors: you're not allowed to fix your tractor
        authorized technician uses a password
    - iPhones: can't install non-approved software without
        "jailbreaking"
    - DVD encryption
- What abuses have resulted?
    - Corporations intimidating individuals w/ lawsuits
    - Violations of fair use protections
        Youtuber creates a video, includes 10s from
        another video, take-down notices
    - Over-zealous takedown notices
    - Failed automation: people's own works being taken down
        because the automation is too aggressive
    ...

- Why is this stuff relevant to computer security?
    - Security bug-hunting
    - Generally: digital content is what the stuff we're studying
        is intended to protect, but the legal context is
        a crazy mess
    - These laws are important to know about when talking
        about privacy
    - ...


- Digital copies are very easy to make





- How are digital artifacts (e.g. songs, books, movies, photos,...)
    different from their physical analogues?
- Do you own that book you just bought?
    - If it's paper?
    - If it's an ebook?
    - If it's an audiobook?
- Relevance of copyright exceptions
    - fair use
    - criticism
    - parody
    - ...
- Relevance of business models
- Relevance of copyright term (roughly: life of author + 70 years)

- Fair use
- Buy a Kindle book on amazon.com
    - Can you back it up?
    - Can you view it in a different e-reader?
    - Could you use a program that converts its
        format to .txt or .pdf or...
    - Do I own the book? In what sense?
- Take-down notices
- Jailbreaking your iOS device
    tools for jailbreaking



+ Certificates in practice
- What's in one, really?
- How can you take a look? (Browser, openssl)
    openssl x509 -inform der -in mycertificate.cer -text
- How does the practice of making a certificate for a website work?
    - Let's Encrypt
    - Multiple websites on a single IP address
        web-server-specific details
        Host: HTTP header
    - How does Let's Encrypt