There is less than a week to the LOC's deadline for comments on DMCA exemptions. I submitted two last night. The second was on spyware. Condiser writting this one up and submitting it. OR
John Schulien <schulien@speakeasy.net> Sent by: owner-dvd-discuss@eon.law.harvard.edu
12/13/2002 11:29 AM
Please respond to dvd-discuss
To: dvd-discuss@eon.law.harvard.edu
cc:
Subject: [dvd-discuss] A DMCA protected identity-theft scam
I just posted some comments to slashdot in response to the article:
eBay Customers Targetted by Credit Card Scam
http://slashdot.org/article.pl?sid=02/12/13/0338219
that readers of this list might find interesting.
The topic is a "credit-card theft" scam, where victims
received a piece of email spam that masquarades as an
official eBay web page, and asks the victim to type in
a large amount of sensitive information (credit card
number, social security number, mother's maiden name,
etc), and click submit.
What's interesting is that the identity-theft program is
encrypted. If you do a "view page", all that you see is
a Javascript decryption program, and a string of
encrypted numbers.
The program, when executed by your web browser,
overlays itself with the decrypted identity-theft program,
then runs it. The purpose of this technological measure
is obviously to prevent potential victims from examining
the identity-theft program using the "view page" function
in their browser.
Therefore, this whole identity theft scam is fully
DMCA-protected! Under a strict reading of the law,
it would be a violation of 17 USC 1201(a) for me to a
alter the decryption program in such a way as to
display the identity-theft program (and learn what the
identity-theft program actually did), and it would be a
violation of 17 USC 1201(b) for anyone to reveal
how to do it.
My full posting (including the decryption program, but
not the extremely long encrypted data stream) is at: