Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Encryption Security

Who Does the DMCA Really Protect? 5

Posted by Cliff from the whatever-happened-to-consumer-protection? dept.
Kirch asks: " Company XYZ Encryption Technologies creates an encryption package (read anti-piracy) that will encrypt your data (read IP) for you and can only be read through licenced decrypted produced by XYZ. Now, the encryption used is very, very weak. It 'encrypts' by offsetting every bit by one and then 'decrypts' by offsetting every bit again by one. Or yet even better 'encrypts' everything by the Pig Latin method. Now the encryption is kept secret by XYZ. Users use this assuming they are protected by the encryption technology touted by XYZ. A semi smart user looks at the encrypted data and says 'Oh Look it's Pig Latin!' The user posts this on forums, makes a Web page exposing XYZ for using Pig Latin and writes a DePigLatin program. Who is liable here? The company, for producing a product with weak encryption, or the user for posting the DePigLatin program?" Sound familiar? It should, but not necessarily for the reason you expect.

ESRI makes a product called ArcView. Arcview has a feature that allows developers to customize it with Avenue. Developers can also encrypt their scripts so they can sell them to users. Dr. William Huber found out a way to decrypt the "encrypted" scripts using the Avenue scripting language. You'll find his findings here. It seems that he stumbled upon this a year ago. Again, who's at fault? ESRI or Dr. Huber? You'll notice he hasn't actually given out the code but does give out a few hints to those who know Avenue.

My limited understanding of the DMCA is that it is a crime to circumvent anti-piracy measures built into most commercial software. This would make the user a criminal for circumventing an anti-piracy measure. There is no provision saying, well if it's weak, then it's OK. So, according to the DMCA, was circumventing the XYZ Pig Latin Encryption technology a crime?"

The similarities to DeCSS should probably come as no surprise to you all at this point. What is a consumer to do when the very laws that are designed to ultimately protect us (as the software publishers keep saying) can be used as a bludgeon to silence the act of discovering what can and should be considered design flaws? Sure the DMCA protects someone, but the answer most assuredly isn't 'us' in any way shape or form.Of course, that last bit shouldn't come as any surprise to you, either.

Update: 07/13 12:43 AM by C :Some information for those of you who are still looking for ammunition against the DMCA: here's a lengthy paper from Pamela Samuelson, a professor at UC Berkeley, and another article from Openlaw . Finally, this bit from Michael Sims: "Sachems, grandmothers, and hackers of all ages have obtained a New York City Official Media Event Permit to peacefully assemble for the redress of wrongs: 

Monday 17 July 2000
10:30 am to 5:00 pm
Court Yard of the Federal Court
500 Pearl Street"
(Manhattan, New York City, obviously)
Also, Martin Garbus (the famous lawyer who's representing the DVD defense) will be speaking at H2K, the hacker's conference this weekend. More precisely, he's speaking this Friday at 3PM at the Hotel Pennsylvania (you can go to Hope.Net for more info)."
This discussion has been archived. No new comments can be posted.

Who Does the DMCA Really Protect? More

Who Does the DMCA Really Protect?

Comments Filter:
  • That's why they make patents. :-)
  • This sort of behavior can only stifle innovation. If we allow it, then valuable companies like Microsoft will stop inventing useful technology, and America will fall behind countries with sensible prohibitions on reverse engineering.

    I'll take the bait.

    What kind of innovation? Microsoft has done a reasonable job at _implementing_ technology (with a little help by stealing or if you prefer buying it from others) and a great job at delivering their goods to the market.

    When I think of innovation I think of the guys who originally wrote ICQ, or Napster. And for example, bringing us back on topic: Jabber [jabber.org].

    For reasons unknown to me, there are at least two major instant messaging systems owned by AOL: ICQ and AIM. Microsoft has something like that as well IIRC. Instead of those technologies working together, they try to make sure they don't.

    Jabber allows people to install *one* IM client and communicate with users of all these other systems, making instant messaging a useful product again. Now that's innovation. And it does require reverse engineering the AIM/ICQ protocols.

    Besides, suppose a company is actually good at innovation. Anyone reverse engineering a product will _always_ lag behind.

    Of course the answer to the original question would be that the company should be held liable for delivering sloppy work. The Pig Lating example is a bit over the top but illustrates nicely. Any encryption method that doesn't scale with DES,MD5 and the likes should not be allowed to walk around freely in software that is being advertise as secure.

    If the DMCA changes that then very soon I will send an e-mail encrypted into 1's and 0's and sue the reader (or maker of his/her mail client or OS) for everse engineering.

  • Read through the DMCA. Apply the rules to a digital satelite decoder. It seems to make some degree of sense. To protect copyright, these rely on reasonable security.

    It obviously seemed logical to make the scope sufficiently broad to cover anything that was copyrighted, even at the expense of fair use. Nobody actually thought at the time that someone might want to make a free DVD player. It was only expected to cover devices that are designed specifically for piracy. Unfortunately it was badly written. Lawyers are adept at working to the letter of the law rather than the spirit of the law.

  • For reasons unknown to me, there are at least two major instant messaging systems owned by AOL: ICQ and AIM. Microsoft has something like that as well IIRC. Instead of those technologies working together, they try to make sure they don't.
    Actually in fairness to Microsoft they did try to make them all compatible but AOL wouldn't let them.


    Conscience is the inner voice which warns us that someone may be looking.

  • And it does require reverse engineering the AIM/ICQ protocols.

    There are two AIM protocols: TOC and OSCAR. TOC is openly documented by AOL. OSCAR has more features (such as file transfer) and is not documented. If Jabber uses TOC, no reverse engineering was necessary. OSCAR, however, would certainly have to be reverse engineered.

Slashdot Top Deals

"It may be that our role on this planet is not to worship God but to create him." -Arthur C. Clarke

Close