[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [dvd-discuss] Re: [DMCA_discuss] Linux kernel security fixes censored by the DMCA
- To: dvd-discuss(at)cyber.law.harvard.edu
- Subject: Re: [dvd-discuss] Re: [DMCA_discuss] Linux kernel security fixes censored by the DMCA
- From: jsimmons(at)langc.tohoku.ac.jp
- Date: Tue, 30 Oct 2001 10:53:01 +0900
- References: <20011022141551.E61071@networkcommand.com> <3BD74495.D06B6A94@ia.nsc.com>
- Reply-To: dvd-discuss(at)cyber.law.harvard.edu
- Sender: owner-dvd-discuss(at)cyber.law.harvard.edu
- User-Agent: Mozilla/5.0 (X11; U; Linux 2.2.16-22 i686; en-US; m18) Gecko/20010131 Netscape6/6.01
Not using Windoze, could someone enlighten me.
In my lab there is a version of the bloat which requires a user account
and password in order to use it. (Everyone just presses the ESC key, but
the function is there). So does John's logic apply here too?
Jeremy Simmons
John Zulauf wrote:
> I was walking through the "why would linux security patches constitute a
> DMCA risk" logic and this was I came up with.
>
> Under the Berne convention, all creative works by an author, from my
> ..cshrc to my latest white paper are automatically considered the
> copyrighted works of the author, whether published or not, registered
> for copyright or not.
>
> On a multi-user system, the rights of a user to control access and
> copying of his or her files is emodied in the "su" user id control,
> along with the file user id and group id, and finally the permissions on
> the files and directories.
>
> Each of these, and particularly the ability to "su", constitute a
> technical protective measure (TPM) that controls access to a work -- the
> very language of the DMCA.
>
> In order to access the copyrighted works of an author (their files) one
> needs either the users file permissions, their password, or the root
> password.
>
> Any crack that would allow access to these files which bypasses
> circumvents the permissions or passwords thus circumvents a TPM
> controlling access to a work.
>
> Information regarding these cracks (include demonstration programs)
> could be considered "a technology... or component thereof" of a
> circumvention device. The recent court case treated software as a
> "device" under the law. Certainly the threats to Prof. Felton et. al.
> (if you publish you may be liable for criminal prosecution) seems to
> imply a very broad stroke regarding "a component thereof".
>
> So there we have it:
>
> (a) a TPM that controls access to a work with the authorization of the
> copyright holder (the DMCA
> (b) information about a crack which circumvents this TPM (typically
> gaining root access)
> (c) dissemination of that "device... or component thereof" -- i.e. any
> demo code or documentation sufficient to reproduce that crack
>
> QED -- the next time Alan visits the US, the FBI could visit him if he
> does (c).
>
> I wish I could find hole in that simple minded logic (though it is drawn
> from the style of the FBI complaint against Sklyarov). What bothers me
> is that this logic could be extended to a "rescue" floppy that boots a
> system and grants instant root access to all present hard disks --
> though the counter logic would be that anyone with physical access to a
> multi-user server better have authority to be there. However, under the
> logic of the DMCA (and the DeCSS and Sklyarov cases) the legitimate uses
> of a technology are irrelevant if what the "device" does is "circumvent"
> and a rescue floppy certainly does that. Other problems would be "key
> recovery" or "passwd crack" software -- both are useful tools of "white
> hat" cracking. However, once one releases that all user files are
> copyrighted works -- then all tools that do passwd bypass (or recovery)
> through any encryption or other system are "circumvention devices".
>
> This of course brings me back to my initial worry.... just how are we
> supposed to get our jobs done without legal liability and risk of felony
> charges.