[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [dvd-discuss] Re: [DMCA_discuss] Linux kernel securityfixescensored by the DMCA

To: dvd-discuss(at)cyber.law.harvard.edu
Subject: Re: [dvd-discuss] Re: [DMCA_discuss] Linux kernel securityfixescensored by the DMCA
From: "John Zulauf" <johnzu(at)ia.nsc.com>
Date: Thu, 25 Oct 2001 10:35:44 -0600
References: <3bd834f4.2962.0@panix.com>
Reply-To: dvd-discuss(at)cyber.law.harvard.edu
Sender: owner-dvd-discuss(at)cyber.law.harvard.edu

Roy Murphy wrote:
> 
> >QED -- the next time Alan visits the US, the FBI could visit him if he
> >does (c).
> 
> This was nothing more than a publicity stunt by Alan Cox.

Not according to Alan.

> 
> He censored a kernel changelog.  The changelog is a description of the purpose
> of the patches that he accepted an incorporated.  A *description* of the existing
> security hole which was patched *is*not* a device.  No reasonable person could
> confuse it with a device.  I won't even go into 1201(a)(2) A/B/C analysis.

software is not a device either, but that didn't stop the lower court in
Universal v. Corely from declaring it one.

also quoting from the SDMI threat letter to Prof. Felton et. al.

<blockquote>
In addition, any disclosure of information gained form participating in
the Public Challenge would be outside of the scope of the activities
permitted by the Agreement and could subject you and you research team
to actions under the Digital Millennium Copyright Act ("DMCA"). 
</blockquote>

> 
> For your reference:
> (2) No person shall manufacture, import, offer to the public, provide, or otherwise
> traffic in any technology, product, service, device, component, or part thereof,
> that -

since the patches to Linux the linux kernel allow one to reverse the
effect of the patch (anyone remember the patch flag for that?) The
patches themselves, along with suitable direction could be considered a
"device".  Also "technology" above is very vague.  What is a
"technology?" Is it a device... no, that is seperately listed, same for
component, and part.  So technology is some no physical, non-device,
non-component, non-part -- sounds like an inkblot into which "other"
including documentation could be lumped.  For example if I post a simple
set of "push this button, then that button" sequence that unlocks a
cable box to display all channels (I have no idea if this is possible)
-- that could be considered a technology (ology == writing or study)
that would circumvent.

> (A) is primarily designed or produced for the purpose of circumventing a technological
> measure that effectively controls access to a work protected under this title;

primarily designed ia standard about what it does not how you use it. 
Thus "key recovery" or  "/etc/passwd cracking" software is primarily
designed to remove the requirement of a passwd to access a work or set
of works.

> (B) has only limited commercially significant purpose or use other than to circumvent
> a technological measure that effectively controls access to a work protected
> under this title; or

again as no qualification as to the purpose of the use.  If it cracks a
TPM and that's all it can do (again key recovery, a setuser
bufferoverflow hack or passwd crack) -- then it has no other
commercially significant purpose.  In Universal v. Corely, the ability
to enable an open source DVD player was considered irrelevant based on
the simple minded logic -- does DeCSS remove the requirement for CSS and
"legitimate access" to the CSS keys.  Also "fair use" -- as it is
non-commericial by definition, could not save DeCSS according to the
simplistic logic of the lower court.

> (3) As used in this subsection -
> (A) to ''circumvent a technological measure'' means to descramble a scrambled
> work, to decrypt an encrypted work, or otherwise to avoid, bypass, remove, deactivate,
> or impair a technological measure, without the authority of the copyright owner;
> and

again according to the MPA and the lower court, encryption is
irrelevant.  The words "otherwise" like "technology" above appears to be
other inkblot allowing protection of *any* scheme which, extant or
yet-to-be-invented, protects a work.  The user file access controls
certainly act in an "otherwise" role, and id spoofing, cracking into
root certainly "bypass, remove, deactivate, or impair" the ability of
the user id to control access to a users works.

> (B) a technological measure ''effectively controls access to a work'' if the
> measure, in the ordinary course of its operation, requires the application of
> information, or a process or a treatment, with the authority of the copyright
> owner, to gain access to the work.

The Unix login and user identification is a process that requires a
password ("the application of information" "to gain access to the work"
which has been chmod'd st. (0008 | mode) == 0.  The world is not free to
access the work.  Defeating this, removing the requirement for
"infomration" (the passwd) and does "impair" the function of the TPM.

A boot floppy or a uid crack does this equally well.

.002 (even paranoids have enemies)

References:
- [dvd-discuss] Re: [DMCA_discuss] Linux kernel security fixes censored by the DMCA
  - From: "Roy Murphy" <murphy@panix.com>

Prev by Date: [dvd-discuss] Fwd: Net Archive Turns Back 10 Billion Pages of Time
Next by Date: Re: [dvd-discuss] WinXP won't play Snow White -- can someone testLiViD, Xine, or Videolan?
Previous by thread: Re: [dvd-discuss] Re: [DMCA_discuss] Linux kernel security fixes censored by the DMCA
Next by thread: Re: [dvd-discuss] Re: [DMCA_discuss] Linux kernel security fixes censored by the DMCA
Index(es):
- Date
- Thread