HDCP Encryption Cracked, Details Unreleased Due To DMCA

Lord_Pall writes: "There's a very good article on SecurityFocus about a Dutch cryptographer. He apparently has cracked the HDCP video encryption standard, but won't release the research for fear of reprisals under the DMCA." Update: 08/15 06:10 PM by J : Meanwhile, see Keith Irwin's paper which has been released despite the DMCA. Update: 08/15 07:00 PM by J : And someone else points out this old thing. Everyone who hasn't written a paper on cracking HDCP raise your hand.

Re:Do not read this message...

[MonMotha]

Is it also possible that double ROT13 (presumably more secure than single ROT13, right?) will also be illegal under the DMCA? Just wait till someone tries to make the act of reading illegal.

For those of you who don't know, double ROT13 (AKA ROT26) will bring you right back to where you started, unencrypted.

--MonMotha

China != China

[yerricde]

China is our "most favored nation" ... they didn't do anything after Tienneman, why would they do something over something as trivial as copying discs

Because the RIAA and MPAA members are stuffing senators' pockets? This may be just the thing to get the United States to officially recognize Taiwan as not being part of the "People's Republic" of China.

Re:They are so stupid

[kcbrown]

...and yet all of these companies still think that the DMCA is good for them.

It is good for them.

Look, these guys aren't after The Ultimate Unbreakable Encryption Mechanism. They're after something that will prevent the average person from gaining "unauthorized access" to their content. And as you note yourself, they aren't after the guys generating bootleg copies. They want to prevent the average person from being able to make useful copies of their content.

Why?

Simple: their goal is pay-per-view/use. They want to be able to rent their content out to people, and prevent said people from ever having a permanent copy. Because a permanent copy obviously defeats their ability to rent that same content to whoever has that permanent copy.

The reason this will work is that most people (obviously) aren't technically inclined and aren't capable or even interested in cracking copy protection schemes, nor are they interested in going through the trouble of "going around" the problem (e.g., by recording to analog media). They just want to view the content.

The Big Corporations know this. They're counting on it. But they need something like the DMCA to pull it off. Why?

Because they know that it's fundamentally impossible to create a crackproof system. So instead of directing their energies towards that goal, they directed it towards creating the DMCA. If people are prevented by law from creating or distributing the means to crack content control systems, then companies can successfully force pay-per-view content down the throats of the people.

The corporations also know that eventually a content control cracking mechanism will become available to the general public anyway. So when it does, they know that it can't do anybody any good if the general public can't easily get its hands on it. Why do you think they're working so hard to shut down P2P distribution mechanisms? By doing so, they successfully remove the means for the average person to get their hands on content-control cracking mechanisms and the content that would result from the use of said mechanisms.

The corporations don't care about the rights of the people. They only care about their money. They will do everything in their power to get it. The only difference I see between them and the mafia is that the corporations use law enforcement itself as their strong arm.

Re:He is Dutch, DMCA doesn't apply

"What is it with people today, they all act like a fearful bunch of wussies. With folks like that we don't need any DMCA enforcement."

One day he may need to come to the USA for work, like Torvalds did, only to have the feds bust him.

Of course I'm not talking about reality, I'm talking about Swordfish.

Re:Anonymous is good

actuallly, I've been able to go through safeweb. might need to enable cookies during /that/ session though. (cookies remain on safeweb's side).

Re:He is Dutch, DMCA doesn't apply

[steve_bryan]

OK, what you need to do is come up with the crack yourself and publish it so we can all see how it's done. I think Phil Zimmerman did a great service for his country by standing up to the thugs (over PGP). But I don't expect anyone to willingly expose himself to litigation, imprisonment, and possible bankruptcy so some slackers can quietly cheer in the background. What I do hope is for people to speak up about truly despicable laws like DMCA and boycott companies like Adobe that invoke it.

That's about as useful to me as

[Glenda+Slagg]

the drunk on the bus who claimed to have solved the problem of Middle East peace, but vomited and passed out before he could tell me...

Niels Ferguson (who is probably as vain as the rest of us) chose the only option available to him:

Leak the crack anonymously and miss out on the fame.

Release the crack and suffer the consequences.

Anounce the fact that he had cracked it but not disclose it.

It's great to see the fear and lothing that the Sklyarov case has caused. Still, information will out. These paranoia inducements will untilately be us useless as the encryption systems they are protecting. Eventually we'll get a suicide cracker...

Re:That's about as useful to me as

[Russ+Nelson]

Silly Glenda! He's now told everybody "I know how to do it, but I'm not going to, but it's so easy that now that you know you can do it, somebody is going to figure out how." Okay, so the next step is for him to release is anonymously in a couple of weeks. We get the hack, he gets the fame (in two weeks he gets attention again by saying "See, I told you -- this is the EXACT same solution I came up with!" [surprise, surprise]), everybody safe, nobody hurt. Excepting, of course, anybody who thought the DMCA was going to accomplish anything.
-russ

Re:That's about as useful to me as

Or.. It could be that he sees this as a way to fight the DMCA, as his reasons are pretty solid from what I can see.

dont really see this as just a simple,
"I've cracked something!" , I see the article as a way of letting the public know whats going on with the US and its long reach of the law. Sure, it would be nice if he published it anyway, or did it anonymously, but when someone got in trouble for it, the powers that be would not be sueing just some 'hacker' that has cracked something, they will be sueing someone who sounds like he knows what is going on, and has lawyers already. I would even say his lawyers told him to do just what he did, as it almost like they are fishing to see what they will do.

I doubt that his sole purpose of publishing the article was just so he could see his name on some websites, maybe just a little bit, but I would imagine he is more intersted in helping to find the DMCA unconstitutional, just like the rest of us..

Re:The dominos start to fall (again?)

[sqlrob]

B) publish, just NEVER enter the US a gain

You mean like how Niels was arrested in his native country? So much for that idea.

A good hint? DeCSS redux

[jabber01]

Ok, so here's what I'm thinking...
Under the DMCA, it is against the law to circumvent content protection schemes? Or is it against the law to disseminate such information?

In either case, the HDCP crack isn't being released, but 'a pretty good hint' has been given. Now, how 'good' must a 'hint' be before it violates the DMCA?

Say the 64 bit backdoor key to some encryption scheme is found to be 83A2FA8F.. Is it a 'good hint' to tell the word that the key is probably somewhere between 83A2FA80 and 83A2FA90? How about 83A20000 and 83A2FFFF?

We've seen DeCSS implemented in so many ways, not only machine executable but transcribable, artistic, and as a frigging Haiku even...

What makes the publication of a crack into a 'hint'? Could I just rattle off the source code, prefixed with a 'something like' and followed by a 'maybe', and be safe from persecution? Could I draw a few easily understood diagrams? Invent my own words for 'array', 'pointer', etc..

What if, as a 'hint', I tell only part of the implementation to one person, and part to another, and part to another?

Remember high-school? Did your teachers ever give 'hints'? Isn't that cheating? What if an employee of a company issued and unofficial 'hint', when they depart the payroll?

Re:A good hint? DeCSS redux

[Tackhead]

> It isn't opinion whether the key is between "How about 83A20000 and 83A2FFFF?". Assuming you knew the key it would be fact, not speculation.

Very well. The key is somewhere between 00000000 and FFFFFFFF.

Now what do we do?

Re:A good hint? DeCSS redux

[topham]

It is the authors opinion that it would take 4PCs, and 50 devices and 2 weeks for an IT person to crack.

(Even if it only takes 4pcs, 50 devices and 2 weeks for a genius to hack; it is meer opinion that a professional could do it.

It isn't opinion whether the key is between "How about 83A20000 and 83A2FFFF?". Assuming you knew the key it would be fact, not speculation.

And definitly not opinion.

Keep it under wraps, for god's sake...

[Overzeetop]

If only HDCP would be allowed to run its course and find its way into the system in hardcode. CSS in DVD players was perfect - let it become commonplace, THEN crack it and distribute the solution. You can't change the encryption without obsoleting the huge installed base of players.

Then they'll be stuck with a cracked encryption until the next generation format comes out. Of course they'll have to make that generation much better (DVD vs VHS, for example or CD vs cassette, or HD-DVD vs DVD) or nobody will convert. It's ten-plus more years of freedom, IMHO.

Long live the cycle!

Re:They are so stupid

>companies can successfully force pay-per-view >content down the throats of the people. I'm not making this leap with you. Americans never seem to appreciate just how easy it is to do without mainstream media, pay-per-view movies or otherwise. What's this "force?" It's very easy, and a rather inexpensive option, not to even have a televison, not to subscribe to cable, not to order pay-per-view movies, not to listen to music with a label, not to buy dvd's. This whole "media companies forcing their content down our throat" argument makes no sense to me, as long as it's optional to buy entertainment, optional to buy cd's, players, tv's, and pretty much anything else. As far as I know it's never been compulsory to watch pay-per-view tv or listen to any particular music format. So this whole question of "force" is really without basis or merit. I'm no DMCA fan, and I curse Sony for SCMS (literally stopping me from copying music I write and record). Still I acknowledge that Sony didn't force me to buy DAT's, and that I opted not to spend the bucks on pro DAT. Americans bring it on themselves, by insisting that they be provided with mundane, standard content. We consume it with passion.

Re:One little problem...

It was last time I heard..

Re:Will the DMCA hurt encryption badly?

[Raleel]

I think a fairly straight forward explanation such as "Would you want to drive a car that hadn't been independently crash tested?" or something. The ability to test encryption schemes would be easier for the lay person to understand.

Encryption will always be Breakable...

[Quazion]

When will we see the light, that there is no point in inventing new Encryption techniques.

We are one race, we should share and care for each other, why try to hide everything anyways ?

We want to know and we will know in the end!

*endless rambeling*

Re:send the results to me

If you give him "full credit for the discovery", he'll end up in jail too. Of course, I agree that he should have just shut up and posted the info to freenet anonymously. What he did was very foolish. He already violated the DMCA. All he did was publicly confess to a crime. Maybe the US attorney general will believe him. I mean, what if he were dragged into US court from the airport and was forced (under oath) to confess to the crime again. He could go to prison for 5 years.

Yep, really smart.

All he has to do is announce to the world is that his research documents is securely kept on his NT server running IIS webservice

...and then nature will take its usual course :-)

Sue all the world

[drnomad]

The developments in the "sue all the world" process:

* DMCA law seems to be extende to other countries (now I'm gonna question politicians about this)
* Belgium has a law that anyone who commited a (Belgian law) crime, independent of *where* it was commited, you can start a legal process. Currently being sued: Arafat and Saddam
* The "The Hague Treaty", not yet signed by the European Union, kills any European democracy, perhaps me might become a fascist state like the US

Fortunately, the Skylarov case, AFAIK, is a legal test whether the DMCA actually *does* extend beyond US law.

If it is really true what Fuergisson says in his paper, then it might be a good thing the Euro takes its entrance in 2002, this could be the fundamental base of Europower and independency. My opinion is definately the US leaders need to be put back onto their feet.

Re:Sue all the world

[TWR]

* Belgium has a law that anyone who commited a (Belgian law) crime, independent of *where* it was commited, you can start a legal process. Currently being sued: Arafat and Saddam

As far as I know, Arafat and Saddam aren't being sued under Belgian law; however, the prime minister of Israel is being sued for an atrocity committed by Lebanese Christians. No one is charging any Lebanese, though.

The Belgians have already locked up a couple of Rwandans, because some people walking down the street identified them as being involved in the Rwandan genocide. Imagine, no forensic evidence, the crime occurs in another jurisdiction, and there are people in jail for life. Since Rwanda can't bomb the shit out of Belgium, there's no worries about doing this. But you better believe that if anyone tried to do this to a Russian (Chechnya) or Chinese (Tibet) official, Belgium would be a smoking crater.

I wish I could pass laws to lock up random people, too.

-jon

Re:Sue all the world

[szomb]

Is the U.S. expected to curb their own jurisdiction here? Why doesn't the Russian government stand up for one of their own fucking citizens?

Re:Sue all the world

"Fortunately, the Skylarov case, AFAIK, is a legal test whether the DMCA actually *does* extend beyond US law."

Unfortunately it isn't. Sklyarov "broke the DMCA" simply by giving a lecture at a conference in the USA. If I went to the USA and set fire to the Stars and Stripes, I'd be breaking the law. If I do it here in the UK I am not.

prime number please

hey, cold you please check if the code or whatever it is can be described as a prime number somehow ? (maybe with gzip ;) so long Fry

Re:Next DMCA test - prosecution for doing research

[IpalindromeI]

We're already getting there. Remember Felten's SDMI research?

Re:Ferguson's Mistake

[ArtDent]

Which is why it's a clever move, not a mistake.

Sure, let them sue him for saying that the technology is crackable. Then next time, they can sue for saying that the technology may have an exploitable weakness. After that, they can sue the guy who thought about potential weaknesses.

Eventually, some judge somewhere along the line and, perhaps more importantly, the public are going to realize how absurd this law is.

Re:Next DMCA test - prosecution for doing research

How about their joyful use of terms like 'digital crowbar' and 'digital lockpicks'? Last time I checked, it wasn't illegal to own a crowbar (nor, in more than a few locations, lockpicks). Why should this change because someone made it 'digital'? It's been said before, but I'll say it again - the DMCA legislates INTENT, not ACTION. You're not even guilty, having to prove your innocence - you're just guilty.

Re:Will the DMCA hurt encryption badly?

omigod, this is sooooooo original. did you just think of it? duuuuuuuuuuuuuuuude! yore awsum!

Re:He is Dutch, DMCA doesn't apply

Haven't you ever heard of WIPO? Most of the world is rushing to adopt the same laws. The EU, in particular, practically loves this stuff.

Alternative Release Methods...

What if he puts it on a t-shirt first?! Or what if he somehow uses the DMCA to protect himself (by making a violation of it the only means to view a release of the information)...

ROT-13?

[HRbnjR]

ROT-13???

Hell, publish it as an Adobe E-book :-)

devices or...

[Frodo]

but rather has made the trafficking in devices using that knowledge illegal.

Devices or technology. And any scientific paper describing an attack can be considered technology to perform it, ergo...

Re:Hello?

This situation is more like a victory to DMCA than a proof of DMCA free speech violations... The more researchers announce they fear it, the more strong and widespread the DMCA shall become... The more people break the DMCA law ANONYMOUSLY the more the government will see that the people do not agree with this STUPID law and, since it doesnt produce any results, they will probably switch it with something worst... Thats the reality, they certainly would never pass a numerous amount of laws IF they suffered their consequences... And anyways, we need REVISED LAWS, not new laws...

Hey! Come back here with my 2 cents!

How to circumvent the DMCA

[Kallahar]

Well, he could just publish it on paper and mail it to anyone who wants it... My understanding is that the DMCA only applies to the _electronic_ distribution of crypto stuff. Once he puts it in meatspace it isn't regulated by the DMCA.

Perhaps whoever types it back into the computer would be at risk, but then again that person didn't crack anything - he just typed in something from a book.

Travis

Re:How to circumvent the DMCA

[maniac/dev/null]

negative, ghostrider. from what ive heard, big media is trying to sue copyleft for selling t-shirts with the DeCSS code printed on them. i know a guy who has one and i really wish i had bought one now... i wonder if they are still for sale.

--mDn

Re:Meritocracy vs Freedom

[weld]

What use is doing anything once you take away honor and adventure? They are part of the whole.

Re:Ferguson's Mistake

[TrollingKarmaWhore]

And you'd better believe that the MPAA has substantially more resources (i.e. killer-lawyer hiring ability) than Ron Goldman

That would not be difficult since he was one of the people that O.J. murdered.

But the basic principle that US juries may contain complete imbeciles and return a crackpot verdict is clearly valid.

Intel and the RIAA can certainly afford Johnnie Cochran, F Lee Bailey and co.

I'll Release It

Just give me the details and I'll release it. Hell, I'll even take the credit too if he wants me to.

What sorry person would like to go to the USA anyway?

Re:the essential sentence

[iamblades]

I have noticed this as well. People pick a party pretty much arbitrarily, or because of their religious beliefs, ie. pro-lifers, etc... I refuse to vote for any of the republicrats or democracans... err, they're all the same anyway, the only difference is who's bankroll their on.

Also, people tend to only pay attention to who is president at the time, while almost completely ignoring the other 2 branches of the government. It disgusts me, and I would have voted Browne last year, but alas, I'm only 17 2/3 now. When I turn 18 I plan on voting heavily and becoming a registered libertarian most likely, although the constitutionalist party seems ok too, and not as extremist. I think a little bit of extremism is definately called for at the moment though.

Re:can you really blame him?

[Decimal]

I think the whole "scene" will start reverting back to being 'underground' again for fear of reprisal

Yes. Freenet is the key.

Re:Crap.

How about making your link clickable, eh?

http://www.macfergus.com/niels/dmca/index.html

There ya go. Sheesh.

Re:DMCA-like legislation coming ot a country near

Yes, this thought is dangerous to individual freedom everywhere, but in the end all the laws that don't work. Ancient Chinese laws forbade peasents from owning weapons. So what did the peasents do? Develop their body and farming implements into weapons, and those techniques out lasted the laws, and even used today in a society where weapons are a legal right.

Re:Ferguson's Mistake

[GMFTatsujin]

Fine. Let's fix this right now.

*Ahem*

I declare that the encryption is breakable, but I won't tell you how. I'm sure somebody will think of it eventually and release it to the world.

Happy? Now I'm an accomplice. Come get me, you DMCA club-wielding, slope-browed thugs!

I swear, you freakin' Chicken Littles are giving me gas.
Tatsujin

Re:The Complete Document

[Rick+the+Red]

The Complete Document can be found here:

http://www.macfergus.com/niels/dmca/index.h tml

Very good stuff. Too bad they didn't link it in the story.

Yes, this is informative. But this is helpful.

Very good stuff. Too bad you didn't link it in your post.

Re:Do not read this message...

Guvf zrffntr vf rapelcgrq jvgu gur Ratyvfu(gz) rapelcgvba nytbevguz. Nal nggrzcg gb qrsrng guvf frphevgl jvyy or cebfrphgrq haqre gur QZPN.

"Thoughtcrime does not entail death: thoughtcrime is death." --George Orwell

Re:Next DMCA test - prosecution for doing research

[twitter]

to pharphrase Orwel, the party can not tolerate science because science requires free thought. This is why a large portion of Soviet design was done in prison cells, and a large portion of their design budgets was for spying.

Putting people in jail for research is nighmarishly un American.

Re:Good!

*Snicker*

The HDCP consortium has been put on notice that their copy protection scheme is broken. But, thanks to the DCMA, they don't know how! So they'll have to go to the expense of duplicating his research themselves.

Re:Ferguson's Mistake

Reminds me of an old SF story by, IIRC, Asimov: The "government" sets up an elaborate laboratory and a fake video to convince some scientists that a now dead, lone researcher had developed an antigravity machine. "Knowing" it had been done, said scientists then went on to develop self same device. Could Ferguson have read that story also?

a scary trend

[Pofy]

One central issue here seems to be the "if he travells to USA". Appearantly, although the law of course only apply to USA, apperantly, if you publish something on the internet, it would (by USA, or states there or whatever) be considered to have been done in USA (as well as in every country in the world I presume), and thus, when you get there, you get cought.

Now, this of course means that if more countries adopt similar laws and applies the laws in similar ways, soon, anything you do on the net will make you a criminal in a bunch of countries even if it is perfectly legal in your own country, and each time, you get more and more restricted in how you can travell in the world. I would't be surprised if it would be extended to non copyrigth issues in the future.

But why stop there? What would happen if you publish it in some newspaper or magazine? Perhaps one that happens to be sold in news stands all over the world? Even though legal in the country of origin, you suddenly can't go to other countries where it would be illegal. Soon one wouldn't be able to do anything of fear that one day you may want to travell to a country where that specific action is illegal, and due to various curcumstances, what you presented (or perhaps even told, people may retell it in that country, yeah stretching it here, but you get the idea) coule be reached, seen, heared or whatever in that country.

Imagine the example someone metioned in anpther thread, about porn being illeal in Soudi Arabia, imagine you releasing some magazine with porn, it happens that it is sold arround the world, and some copies end up in Saudi Arabie, next time you go there for whatever reason, whack, arresetd as you arrive and punished (whatever the punishment may be, I have no idea, but I bet it is probably not nice).

Soon people would be unable to travell anywhere. I certainly hope we never get there but the trend is obvious and scary.

Re:prosecution for claiming vulnerability

[szomb]

This has the nice side-effect that all Unix vendors can be arrested because they ship with /usr/bin/tr, which CAN be used to circumvent ROT-13 protection technology:

tr N-ZA-Mn-za-m A-Za-z

Short story

[Sangui5]

I don't know about that particular story, but a good one along the same lines was written by Robert Heinlein: "Let There Be Light", published along with others in "The Man Who Sold the Moon".

In "Let There Be Light", a scientist discovers a method for building nearly 100% efficient solar panels. At first keeps it secret, and manufactures them himself. However, the oil companies file frivolous lawsuits against him, hire thugs to burn down his factory, torch his demonstration solar car, and threaten violence against his person. So finally he patents it, goes to the big papers, and gives them a big juicy story, on the condition that they also publish all of the technical details. Oh, and openly licenses it for pennies a square yard.

It is a shame that we may have to take the same route, but getting technical details published in a big publication like the New York Times, the Washingon Post, or the Chicago Tribune would be a good way to go. Especially the New York Times. What judge would censor the "Grey Lady"? She's nearly as sacrosant as the Statue of Liberty. Joe Sixpack might not care if some IEEE or ACM publication is censored, but the New York Times is one of the most respected papers in the nation, if not worldwide.

There's no need to hide your publication, but just make it painfully obvious that censoring the publication of these ideas is a direct affront to First Amendment rights.

Re:He is Dutch, DMCA doesn't apply

In that case he hasn't committed a crime - the person who brought the info back to the US did. It should be safe for him to share the information outside of the US in a non-public way, as long as he takes reasonable steps to avoid making it available to people in the US. Posting it on the internet (or any other form of publication) will almost cerainly violate the DMCA. But if he provides the details to other people under an NDA that restrict others from making the info available in the US, he should be OK.

Re:Alias and Freenet

[EllisDees]

He ould distribute it within freenet itself. It is currently possible to send secure messages to the owners of freesites without revealing your identity. Once it got around, anyone coul post a message to slashdot saying that it is in there...

Re:He is Dutch, DMCA doesn't apply

[Chelloveck]

I know this guy, though I haven't talked with him for about six months. He does come to the USA periodically. His girlfriend is American and while they're both living in the Netherlands now, they do come over here once in a while. After the Sklyarov thing I'm not terribly surprised about his reluctance to come forth.

Last I knew, he was working with Bruce Schneier and Counterpane. It's possible that his connection to a US corporation also enters into the decision.

Do not read this message...

[TedCheshireAcad]

This message is encrypted with the English(tm) encryption algorithm. Any attempt to defeat this security will be prosecuted under the DMCA.

Me too, and here's where you can get it:

[Russ+Nelson]

Me too, and here's where you can get it:
http://russnelson.com/pads/pad-md5-10bd774315b84 f1 6ad2ec7296a7a9fb3.dat

It's encrypted. It's also copyrighted. If you decrypt it, you bring down the wrath of the DMCA on yourself. So don't decrypt it.
-russ

Re:Me too, and here's where you can get it:

I have broken ROT-13 but I cannot release the details for I fear that the FBI will come beating down my door!!

Re:the essential sentence

[farmhick]

You're blaming Bush for stupid legislation enacted while "No tort reform" Clinton and "I didn't know taking foreign contributions was illegal" Gore were in power? Why not blame him for the Hindenburg and Titanic too? Too many people here think the Republicans are the only corrupt party in America. There are just as many racists, crooks, idiots, and bought politicians in the Democrat party, but noone wants to admit it. Did you vote for Brown last year?

Re:who gets hurt?

I have encrypted the following text so that it is uncopyable by any means:

asdifoulkjfasyuyasdsdfljkasdyyriuyerwkjajsfdbva
a sdfasduiyiuyerwqeroiuvuiyerlkhfydioasdyrlkweay

Hmmm...

[CUT]
[PASTE]

asdifoulkjfasyuyasdsdfljkasdyyriuyerwkjajsfdbva
a sdfasduiyiuyerwqeroiuvuiyerlkhfydioasdyrlkweay

Dangit!

I guess that you can copy stuff without knowing a thing about the encryption.

Long arm of the law

[camusflage]

Charming. Now foreign nationals who visit the US are afraid to release details of weaknesses.

Good, I say. Serves 'em right. Once something people want to steal is released with the format, then the details will come out, and people will steal it. By not quashing discussion, they might have been able to fix it while still in R&D, but by taking the I'm-putting-my-head-in-the-sand approach, they're shooting themselves in the foot.

Re:Long arm of the law

Now see the DMCA is now actually a threat to national security since no one can revers engineer any encryption we will never (1) No if a method of encryption we are not exporting is good against foriegn nations or terrorists attempts to crack it, as no more benign persons have been able to try. (2) Since no one has been alowed to publish how the encryption was broken there is no hope of improving the encryption and ever making it more secure.

Re:Long arm of the law

[camusflage]

Naah. DMCA (as it pertains to encryption) only applies to controls to secure copyright holders' rights. PGP and its brethern, along with the algorithms behind them, are out of the reach of DMCA.

Regarding making it more secure, tough. It's not our job to make sure Intel's security is good. We were the ones doing them the favor by showing it's not secure before they throw it out to the world.

Re:He is Dutch, DMCA doesn't apply

[Tim+C]

Tell that to Sklyarov.

However, even by claiming to have broken the encryption, he's placing himself at risk of being investigated, and possibly detained and questioned should he ever visit the US. (If I were to publicly announce that I had commited a crime, I would expect the authorities to take interest in me.)

Cheers,

Tim

Re:DMCA trumps the 1st amendment?

[KeithIrwin]

Section 8 of article I (not to be confused with the first amendment) of the constitution which outlines the powers of Congress includes "To promote the Progress of Science and useful Arts, by securing for limited Times to Authors and Inventors the exclusive Right to their
respective Writings and Discoveries;"

Copyright by its very nature is an exception to the free speech clause of the first amendment. It says that rather than being free to write anything that I want, I mustn't right something that someone else has already written recently. The power to decide the specifics of copyright is in the hands of Congress. However, that does not mean that they cannot go too far. In this case, I firmly believe that they have far exceeded the purpose and intent of the powers granted them and that the DMCA crosses the line into unconstitutionality. We'll see whether or not the Supreme Court agrees.

Keith

Alias or Coffee Shop?

[WillSeattle]

Or, he could just go on vacation in France, and pop into an internet coffee shop, and read the news. While reading the news, he could randomly type a post with an alias. Amazingly, like a trained monkey gens Shakespeare, it would happen to be the hack method.

Oops.

Of course, he would also randomly type in all the email addresses of world newspapers and magazines while he was at it.

Oops.

Bye, bye ...

DMCA trumps the 1st amendment?

[Cinematique]

Maybe I'm missing something here... but I was under the impression that the United States Constitution had to be directly amended before a law revoking a right or behavior defined within it's text, could be set into place.

Example:
*Amendment XVIII - Prohibition of the sale of alcohol.
*Amendment XXI - Repeal of Amendment XVIII

Where in the DMCA does it state that Amendment I, my right to freedom of speech, has been repealed?

• Article I.
  Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances.

I thought the Constitution trumped congressional bills, executive orders, and court precedents...

Re:Crap.

Because people don't trust clickable links around here anymore.

Re:What about The Press?

Mainstream news sources wouldn't publish it, and I don't think the courts would protect online news sources because they would not be considered to have the same legal protections, would lack precedents, and would not have the same kind of money or influence as the big guys. Either way, this guy would go to prison. Remember he already broke the (US) law. Publishing it is just proof that he really did it.

Re:He is Dutch, DMCA doesn't apply

[Rick+the+Red]

Of course, it is only a matter of time until someone does publish, probably anonymously, and [HDCP] dies the death it so richly deserves.

HDCP won't last one year if nobody buys it. Remember Digital Video Express (DIVX)? That's the death they richly deserve. The more money they lose on stupid ideas that nobody will buy, the less likely they'll try it again.

Re:He is Dutch, DMCA doesn't apply

[WhiteWolf666]

Next thing you know, we (The U.S.) are going to be launching cruise missiles at him.

I can just see an FBI spokseman now:

"He threatened to to remember the information, and besides, we already got approval from a panel of judge. He's not on U.S. soil, we can do whatever the hell we want with him."

The dominos start to fall (again?)

[gmkeegan]

We start to see some of the indirect effects of the DMCA. The choices for secur ity experts and developers will be to A) not publish their works, leaving them f or a more malicious hacker to discover, or B) publish, just NEVER enter the US a gain. Either way research and development as well as security and technical con ferences will start to leave US locations, favoring those countries that won't a rrest their participants.

Other countries will leap ahead in encryption abilities, while the US rests on i ts DMCA laurels. Brings back memories of the smaller, more efficient, more reli able cars from Japan and Europe in the 60's and 70's that caught Detroit by surp rise. Took them 10 or 15 years to catch up.

Unfortunately, as long as there is money to be had from lobbyists, there will al ways be legislative sand for our politicians to stick their heads in.

"Those who forget history are doomed to repeat it."

Re:Ferguson's Mistake

[shokk]

The world is a cold, demon-haunted place nowadays. It sickens me to be a citizen of this country that so hypocritically prides itself on being free.

Yet it would sicken you more to be a citizen of a country that did not even attempt to claim free speech and jailed you for discussing the very things you are talking about. It would sicken you to the point of not being able to eat their jail food or deal with the goons from the cell next door that beat the crap out of you every day. You are freer here than anywhere else; this is just a minor setback that will correct over time.

His mistake was using his real name at this time, but no one should ever be afraid of using their real name in the face of these companies. They may yet be his masters, but in the long run they will not succeed so long as people like Ferguson and Skylarov cnotinue their efforts no matter what the consequences. So much for the huddled masses, though. That this one thing could for a moment make people think that coming to the US from another country is a frightening thing ranks right up there with Prohibition and the Red Scares.

Re:Cause...

SHHHHHH!!!! Don't give them any ideas. The current administration needs just such an excuse to stamp out sin and smut in this country (which they'd gladly do instead of just blocking stuff)

They are so stupid

[rknop]

Intel spokesperson Daven Oswalt says the company has received several reports from people claiming that they have broken HDCP. But he says none have held up, and the company remains confident in the strength of the system.

...and yet all of these companies still think that the DMCA is good for them.

It's amazing how on how many levels the DMCA is a bad idea. It's squelching freedom of speech, and it's preventing the companies from producing technical systems that can effectively produce total control over their customers. Of course, the free-speech-squelching part is serving the total control purpose, and since it's the executive and legal divisions of the companies that decide what the companies "want," they probably are happier that way. And that is the real tragedy-- that and the fact that they can US legislation.

(To be fair, given the description of the attack, Intel is probably right that it still does prevent "casual copying." On the other hand, it angers me that they're trying to prevent casual (including fair use) copying, but don't mind that somebody willing to invest some money in hardware and a couple of weeks can start producing bootleg devices. Who's their real enemy here? Customers trying to exert fair use rights (and, yeah, maybe occasionally illegally copying content)? Or overseas customers producing and selling wholesale bootleg copies?)

-Rob

Re:They are so stupid

[kcbrown]

What's this "force?" It's very easy, and a rather inexpensive option, not to even have a televison, not to subscribe to cable, not to order pay-per-view movies, not to listen to music with a label, not to buy dvd's.

Perhaps that's so. But remember that we're talking about the average person here. The average person isn't going to "do without" just to satisfy someone else's ideology, or even their own. As an example, how many people here run Windows on their systems even though they have strong leanings towards Free Software?

As has been shown repeatedly, people will buy something if it's convenient and cheap in the short term, even if it's expensive in the long term. If you don't believe me, then look at how many people lease their car instead of buying it. Leasing is less expensive per month compared to the monthly loan payment on the same car, but the difference is that at the end you don't own the car. You're basically renting it, just like you rent an apartment. But in any case, the point is that people will do what is cheaper in the short term, even if it's more expensive in the long term.

Now, given that you have a large audience of people who will pay for your content, the only question is how to get them to do so on a pay-per-view basis. And that's a question of controlling the format that the content comes in.

Remember: the copyright holder can choose whichever distribution mechanisms he wants to use, and can change them at any time (subject to any contracts that have been signed). As such they can, and will, slowly change the format of the content towards one which will make pay-per-view possible.

The DIVX experience showed that people aren't willing to pay more for pay-per-view equipment than for DVD equipment. It showed that people aren't going to give up a capability that they already have. But if you can get them to buy something new, you can take advantage of it.

So here's what I predict will happen: people will eventually move to digital TV, once it provides the same capability as VCRs currently give people. No, not the ability to record shows, but rather the ability to view previously-shown content on-demand. Once that ability is there and the equipment is cheap, people will no longer have any reason to not switch, and will have some incentive (better quality) to switch.

And once they've switched, then the content providers can stop providing content via permanent media such as DVD and get away with it. Instead, it'll be offered through the digital TV network. On a pay-per-view basis. And you won't be able to get it any other way.

So what about other forms of media, such as books? Well, obviously book publishers are highly interested in the idea of e-books, but the current implementation just isn't there yet.

But it's only a matter of time before that changes. Part of the problem is that everyone is used to standard books, and those are what e-books are up against. E-books have limitations that are significant right now, but it's only a matter of technology to fix most of those limitations.

But probably the biggest hurdle is psychological. People are used to having access to books and reading books in printed form. So the first step will be to get people used to e-books. That'll happen in schools and universities: publishers will start making certain titles available only in e-book form and, since such books are required for classes, students will have no choice but to pay. This will provide a way for publishers to test the waters and for the manufacturers of e-book readers to refine the readers. They'll figure out what features are required and which ones aren't.

Eventually, people will get used to e-books. Resistance to them will drop over time, as it does with any new technology. Eventually enough people will be used to them that publishers will be able to start publishing new books only as e-books. People at that point will still be used to being able to lend books, so e-book publishers will make that possible. And eventually, publishers will stop providing books in printed form. Once that happens, they'll start removing the ability of people to lend books. They'll start to tie e-books to readers, so if you lose the reader you'll have to buy all your e-books all over again. Because they're a monopoly on the content (thanks to essentially limitless copyright), they won't care. They won't have to. People will have no choice but to deal.

Yeah, there are a lot of technological and psychological issues with these things. They'll be worked through. Time and acclimation, if nothing else, ensure that. People are highly adaptable. They'll adapt to a corporate police state just as they've adapted to every other form of government that has been foisted on them.

And we, who see this coming, won't be able to do a damned thing to stop it, because we can't compete against the government's firepower, even if we outnumbered the government military forces by 10000:1 (which we don't).

Re:They are so stupid

[ClarkEvans]

They could always contact Ferguson and pay for the research, no? It's not like Ferguson is not well known... and they could make payment contingent upon an actual "master key".

Re:They are so stupid

[mrogers]

To be fair, given the description of the attack, Intel is probably right that it still does prevent "casual copying." On the other hand, it angers me that they're trying to prevent casual (including fair use) copying, but don't mind that somebody willing to invest some money in hardware and a couple of weeks can start producing bootleg devices.

Only one person needs to retrieve the master key. The master key could be used to mass-produce HDCP descramblers. After that, casual copying would be possible without buying 4 PCs and 50 displays.

Re:Next DMCA test - prosecution for doing research

[rthardy]

"It's not the size of the lock, it's the fact that it's locked."

One problem I have with this is that, generally, you won't be charged with breaking and entering if it's your own lock and your own property. That's what DMCA turns on its head.

That appears to be the reason the Norwegian kid was never charged in the original DeCSS hack. You can see a description of the state of Norwegian law at http://www.eff.org/IP/Video/DVDCCA_case/20000118_b ing_norway_law_decl.html

You made a number of points that can be used effectively, but you never mentioned fair use. My own concern is that as a reader and a book owner, I will no longer be able to effectively purchase new books. There will be a license. I could well be reading on a pay per view basis.

http://www.eff.org/IP/DMCA/MPAA_DVD_cases/200101 26 _ny_lib_amicus.eps describes what the DMCA does to fair use.

We should combine technologies...

Apparently owning a circumvention device and using it for fair-use rights is legal, but distributing it is illegal. So stuff like this (if it really exists and its not another hacker just bragging) and DeCSS is OK to use but not distribute.

er, so, do it anonymously, never tell a soul, attach it to the outlook-virus-of-the-week or IIS-worm-of-the-week and distribute it as a gift to the world's computers with notes on how it works.

Who are they going to sue? Widespread distribution and no one to sue but alas, since it magically appeared on my hard drive without my requesting it, I can apparently legally use it!

Re:He didn't break it :)

[hearingaid]

if he does that, he's still liable for prosecution. he's broken the encryption. he's proven that he's done it. he's manufactured a device for breaking the encryption. this device could be used to circumvent copy protection.

game over.

odds are, that a criminal prosecution against him would still fail. however, it could be launched, and he might find himself unable to leave the United States on his next visit, at least until the trial.

If you can't beat them, offer them a job

[stx23]

It just seems stupid to persecute people for demonstrating insecurities/flaws/idiocy in DMCA products. Why aren't they being offered jobs to strengthen the product, rather than persecution for proving bad implementations?

Re:If you can't beat them, offer them a job

If you think about it, THEY ARE the breakers and the sole purpose of strong encryption... If they never release their researchs, then the code will never be breaked (in theory of course, because people always find a way to break the laws that they dont see fit to exist)...

Re:Ferguson's Mistake

More free than the few worst is definitely not the same as "freer here than anywhere else".

but we are freer here in the US than anywhere else, so we don't have to worry about your incredibly insightful tangential comment.

Why not post anonymously?

[Quixote]

If I were this Dutch "hacker", I would have posted anonymously the technique to Slashdot, along with a digital signature that would have, at a later date, identified it as being mine if I wanted to reveal myself.
Information yearns to be free.

Re:Why not post anonymously?

Anonymous to Slashdot ? Ha, you are one bright lad. Slashdot caved to CoS, expect Slashdot to cave to every legal threat.

Re:Duplication

[ttyRazor]

There's also a clause in there about allowing for research, but that didn't help Felton much, did it? The clause about non-infringing uses certainly isn't helping DeCSS. The only way that the licensors have to make sure that an implementation conforms to their restrictions is to license it. In fact, they probably have it arranged so the only way to know what all of the restrictions actually are is to get a license. Anything else would be branded a circumvention device, since non-exact compliance to a set of restrictions an unlicensed manufacturer wouldn't even know would be considered circumvention. I don't agree with any of that but that's certainly the pattern of logic-twisting that they've demonstrated in other areas.

What about nations not signed to WIPO. e.g. Taiwan

Taiwan is not signed to either the Berne nor WIPO treaties. So copyright does not apply. No law is universal. And where it does not apply is where information will flow freely.

Re:The Complete Document

[oasisbob]

"Very good stuff"

Very good stuff, indeed. With the permission of the author, a copy of this will be printed and sent to my local members of Congress. It explains very clearly the blatent problems of the DCMA without being too technical or philisophical. A good read for anybody.

Re:What about The Press?

Forget for the moment that the DMCA is "bad", it is a reality and Dmitri S. is in prison because of it.

So anyone who develops e method for breaking an encryption system has to think carefully about their motivations.

Telling the world you've cracked it and then defintively stating that you will not release the results seems to show that this guy wants the reputation and would like to work in the industry.

The most interesting alternative to the route he chose, publishing the results anonymously and as rapidly as possible, shows a different motivation.

Both motivations can be respectable.

AC

Anonymous is good

[chill]

One more reason the right to post anonymously is a good thing.

Re:Anonymous is good

[wafath]

The courts are only protecting your right to post anonymously when you don't post anything illegal. A few courts have decided that they will not be a tool for the corporations to stifle criticism. The courts will subpoena your ISP, your chat room, and your ass if you post something that the prosecution or plaintiff can clearly show is illegal speech. (Hint: How to break HDCP encryption is currently potentially illegal speech.)

W

Re:Anonymous is good

[Guppy06]

It wouldn't be very helpful I don't think. If they can't get the individual, they'll go after the medium. Recall what the Scientologists did to Slashdot after someone made an anonymous post they didn't like.

Re:Anonymous is good

[stilwebm]

Exactly what I was thinking. He needs to post this anonymously in as many places as possible ("possible" meaning places that will protect your identity).

Re:Anonymous is good

[redcliffe]

Post it to Freenet. Nobody will ever track it there. Except he shouldn't have said that he was the guy who first broke it. He will be blaimed anyway.

Re:Anonymous is good

Slashdot does not offer anonymous posting. In fact, they don't even allow you to post through an anonymizing proxy server. The only way to post anonymously through slashdot is through an internet cafe or by buying your own server at Havenco.

Will the DMCA hurt encryption badly?

[baptiste]

I just can't help but think that as more and more people discover flaws in encryption standards that we the users lose in the end. If crackers won't release details of how they cracked an encryption standard, where's the motivation for that standard to be improved? You can say the bad press is enough, but heck - if nobody releases details, how are we to believe its true?

There was a time when encryption was done to ensure it couldn't be broken. Now it seems like organziations are using the DMCA as a way to prop up bogus standrads that are dangerous due to their flaws (*cough*ebook*cough*)

Its hard enough trying to explain why Dimitry should be freed. But how can you convince a legislator or govt official that the DMCA is bad for encryption without risking prosecution? Its a scary catch 22.

Even though the Dimitry case is getting some press (Time Mag had a 2 page article - well written), I still only see proposals to slightly change the law. Not enough to allow full reverse engineering for research and the ability to expose flaws in products. Seriously - an encryption standard used to say encrypt some copyrighted work gets hacked, the victims sue showing why its such a bad encryption std and the lawyers for teh company using the bad encryption get it disqualified because its illegal to bypass encryption or copyright schemes.

Far fetched, maybe, but I really fear we will continue to see substandard encryption schemes passed off as workable because folks are less likely to publicize flaws in them if they are tied to teh DMCA.

Sure this may help open encryption standards, but we all know where the commerical money goes, so goes the world. Bad encryption standards used for IP materials and protected by the DMCA would soon be sold to businesses for privacy and such - exposing those businesses to serious exposure since the encryption std is probably less secure due to less folks trying to find flaws for fear of prosecution.

Maybe we need a contest - free tshirt to the person who manages to come up with the Chicken Little 'the sky is falling' explanation for why the DMCA is bad that'll get Joe six-pack up in arms :)

Re:Will the DMCA hurt encryption badly?

[iamblades]

He can't really be sued for releasing trade secrets because he figured them out himself, which means it isn't a secret anymore.

Re:Will the DMCA hurt encryption badly?

First thought, we've just seen how someone can claim to have broken an encryption standard and undermine confidence in consumers, investors, etc. Now this can be done fictitiously with no way to seperate the wheat from the chaff for fear of legal repercussions.

Second, show how DMCA hinders everyone. Get your hand on your favorite decryption source code. Post it as follows:
--
Copywrighted notes on DeCSS protected by encryption.

(ROT-13'd decryption code)
--

Now it is illegal for anyone to read the code that breaks the DeCSS (or whatever) encryption, but anyone with desire to can easily have access to it. Charges could not be brought against the poster because plaintiffs would have to violate the DMCA.

Re:Will the DMCA hurt encryption badly?

[Erasmus+Darwin]

"I just can't help but think that as more and more people discover flaws in encryption standards that we the users lose in the end. If crackers won't release details of how they cracked an encryption standard, where's the motivation for that standard to be improved?"

I don't know about you, but I'm hardly losing sleep knowing that anyone who breaks into my house at night can subvert the encryption on my DVDs and watch "Ferris Bueller's Day Off" even if they aren't in region 1.

This whole DMCA nonesense affects copyright protection schemes, not all encryption. The people who lose are the content producers, not the everyday users. These same content producers are the ones who (arguably) benefit from the encryption cracks from being widespread -- remember that these encryption systems are all about trying to maximize profitability, rather than trying to maintain 100% protection at all costs.

Re:Will the DMCA hurt encryption badly?

And you've implemented it how? Suggested pros and cons to it? Oh wait, just bitched about people willing to do something with no valuable input... ah, slashdot!

Re:Will the DMCA hurt encryption badly?

[MonMotha]

Thanks for pointing me at the article. It was well written, pointing out both the (many) flaws in the DMCA as well as it's original intent. It wasn't the average "DMCA bashing" article, nor was it the average media's "hackers bad, IP good" article.

I'd encourage anyone interested in this sort of thing to read the article and rate it appropriately.

--MonMotha

Re:Will the DMCA hurt encryption badly?

[iabervon]

Skylarov was arrested because Adobe was pissed off at him. Since he still hasn't actually been charged with anything, we don't know what he did that actually caused him to be arrested.

Re:Will the DMCA hurt encryption badly?

[soboroff]

This is why encryption algorithms and standards need to be developed out in the open. Everyone who's taken a crypto class has thought up the Next Best Encryption Scheme, only to quickly find the many flaws.

If someone hands you a closed crypto algorithm and says "trust me", you have to do just that. In contrast, we might place the same trust in someone like Phil Zimmerman, but we're also trusting that thousands of qualified folks have looked at the code, fixes have been made, and no exploits have been found in a while.

If this spate of standards and resulting hack contests spells the end of the closed, proprietary, DMCA-protected encryption algorithm, it can only be good for the users.

Re:Will the DMCA hurt encryption badly?

[mpe]

I just can't help but think that as more and more people discover flaws in encryption standards that we the users lose in the end. If crackers won't release details of how they cracked an encryption standard, where's the motivation for that standard to be improved?

The problem is that encryption simply cannot work as copy protection for mass market media. It dosn't matter how good the actual encryption is the system requires you to hand over decryption tools to everyone.

There was a time when encryption was done to ensure it couldn't be broken.

There is no such thing as unbreakable encryption. All it does is make it difficult to extract information. For protecting commercial or military secrets it works quite well. e.g. if you are going to attack a target in 2 days time and it would take the enemy 3 weeks to break whatever encryption you use then attempting to break the encryption is pointless.
When it comes to protecting copyrighted works the information is valuable for nearly a century.

Re:Will the DMCA hurt encryption badly?

[modemboy]

I can't help but think the DMCA has a clever side effect, probably dreamed up by the NSA, in that it propogates bad encryption. Then they don't have to work as hard to crack it themselves. ;)

Re:Will the DMCA hurt encryption badly?

[PingXao]

Umm, the highest rating is a 7.

But the poster has identified a way we can help raise the level of awareness on this issue. It's a good read, not too long, and no registration is required! What more could you ask for?

Please mod the parent UP!

Re:Will the DMCA hurt encryption badly?

[ncc74656]

Read the article and give it a "10" at the bottom so that it might show up under the MSNBC Viewer's Top 10 list and people will find out about this.

Looks like it has some tough competition today, but it's currently at #9.

Re:Will the DMCA hurt encryption badly?

[Hierarch]

The only way I see that the DMCA will get any seriously bad press and pressure for modification is if a big-money corp gets hurt. Until then, the DMCA is a wonderful way to get their own way.

However.... What will happen when, someday down the line, BigCorp, Inc. relies on an inferior encryption product that hasn't been properly tested by industry experts? And puts important, damaging, confidential information under it's protection? Then Joe Cracker - an admitted criminal - comes along and violates them every which way from sunday. Suddenly BigCorp cares a lot. They may even sue the company that made the product - IANAL, but I'm sure there has to be something in product liability laws to cover this. We do, after all, live in a country where you can sue McDonald's after spilling coffee in your lap.

The problem I see is that I don't know if BigCorp will see the causal relationship between the DMCA's chilling effect on research and the fact that they got burned. Maybe we'll get a new law requiring new encryption products to pass through a panel of experts before they can be legally sold. Another day, another law. Welcome to the United States of America, the land of the free and the home of the brave!

Re:Will the DMCA hurt encryption badly?

[chriscrowley]

Sorry, I meant "7".

Re:Will the DMCA hurt encryption badly?

[chriscrowley]

Newsweek has also has a very anti-DMCA article on their now hosted MSNBC website.

http://www.msnbc.com/news/612847.asp

Read the article and give it a "10" at the bottom so that it might show up under the MSNBC Viewer's Top 10 list and people will find out about this.

Re:Will the DMCA hurt encryption badly?

[JebOfTheForest]

One could argue that the productivity gains over the last two decades that enabled the longest period of economic expansion in US history were due in a large part to the proliferation of inexpensive computer hardware, which was only possible because of Compaq's success (and victory in court) in reverse-engineering the IBM PC BIOS. If that were to happen today, Compaq would lose, cheap, competitive clones would not have appeared, the desire to connect them wouldn't have followed, and we'd have no giant public computer network, with record corporate tax returns providing lawmakers with a surplus to woo their constituents with.

jeb.

Re:Will the DMCA hurt encryption badly?

[MidoriKid]

By the time "Joe Six-pack" realizes that he has no rights, it'll be too late. The laws will be cemented in place and people won't think twice when another "hacker" goes to jail for cracking an encryption scheme. The media controls the masses, and we all know how they portray things like this.

Re:Will the DMCA hurt encryption badly?

[RevRigel]

Actually, this kind of thing could be good. Part of the reason all these stupid 'copyright protection' and 'digital rights management' schemes are being presented, and stupid laws passed, is that technical people produce a workaround usable by anyone in the voting populace in fairly short order.

If they all hold back for fear of the DMCA, then people might actually notice what total crooks their representatives in Congress are, and vote them out. Believe me, when all the people who've gotten accustomed to unhindered downloading of mp3s, TV episodes, movies, pr0n, warez, etc. are no longer able to, they will still feel entitled to it. Whether you think they should be able to do that sort of thing or not, it's better that they do that than the government/corporations try to write laws that make it impossible (insane!).

The current crop of users who are used to this will all be voting in another 5-6 years. Then we'll have our army.

Re:Will the DMCA hurt encryption badly?

[mach-5]

Maybe we need a contest - free tshirt to the person who manages to come up with the Chicken Little 'the sky is falling' explanation for why the DMCA is bad that'll get Joe six-pack up in arms :)

The DMCA has already nullified the first amendment. Why was Skylarov arrested? For giving a speech.

I believe that Adobe should be able to sue Skylarov for leaking "industry secrets," but he should not be criminally prosecuted for giving a speech.

Re:Will the DMCA hurt encryption badly?

[cur3]

i give it a 7 and give 1 to the first article in the top ten list :D now it stand in 1st place! fun

So I like music video, so sue me

[WillSeattle]

HDCP is used to encrypt video.

The only stuff I stream is videos of music concerts and raves. So sue me if I think most other video is a total waste of time.

The future may be televised, but I'll be out making news, not watching it. Except for public access, that is.

Let's modify the Sircam virus, and send it to him!

[tswinzig]

Hi! How are you?

I send you this file in order to "steal" your HDCP crack.

See you later. Thanks

Re:Stop spreading lies, coward.

[Frodo]

Can you bring one link with evidence telling Sklyarov personally sold Elcomsoft products on the conference? Which titles? Anyone who saw anyone buying it?

Also, as you stated by yourself, Adobe and FBI could not know before the conference that Sklyarov is going or not going to sell anything, so obviously they were planning to arrest them for something other. The "other", as you generously quoted, is "imported and offered to the public" (via bringing in and reading his conference speach) "technology ... designed or produced for the purpose of circumvention a technological measure". Note here that almost any cryptoanalyst work is such "technology", and as such bringing it in the US and publicising is now illegal. Q.E.D. - DMCA outlaws cryptographics research.

Re:Ferguson's Mistake

[Doomdark]

That this one thing could for a moment make people think that coming to the US from another country is a frightening thing ranks right up there with Prohibition and the Red Scares.

First of all, you'd probably need to change "people" to "certain people", like computer security experts and researchers. That this doesn't matter to majority of all people isn't quite as relevant as how big portion of Slashdot readers this potentially might affect. And that's significantly higher percentage than for normal population.

In some ways it may sound overblown, but think about it for a moment. Many chinese dissidents living outside China (in USA for example) are afraid to visit China for pretty similar reasons as researchers after Skylarov. Criticizing companies (by showing the problems with their systems) vs. critizing the ruling party/government (by showing the problem with their system).

Many people avoid going to Colombia or South Africa (not to mention countries that have full-blown civil war) because of the potential risks. Right now probability of being abducted by US govt (based on flaky DMCA-based claims) is still reasonably small, but the trend is what is alarming. It may become standard procedure in future for FBI to keep a list of 'known DMCA-violators'. I don't want to sound like another overly paranoid geek, but really, the road ahead looks bit too slippery...

Re:Next DMCA test - prosecution for doing research

The "eBook cracker" is a tool which can only be used by people who already own the eBook in question. You are legally entitled to "fair use", and that is all the eBook "cracker" provides.

This means that reverse engineering in the form that Compaq used to create an IBM compatible BIOS is legal, while reverse engineering to create something like DeCSS is not legal.

What exactly do you think the difference is? I want to use IBM's BIOS in a non IBM machine; I want to play DVD's on by non Windows machine.

I don't believe that anybody would consider a straightforward attack against a known encryption technique for the purposes of key discovery to be "good faith" research.

What Felten did was a straightforward attack against a known encryption technique, but you said it was legal. Would you risk having a judge determine how straightforward your technique is?

Just because he's dutch...

[SupremeOverlord]

...doesn't mean he's totally immume to prosecution. It remains possible that either the World Intellectual Property Organization Copyright Treaty or the WIPO Performances and Phonograms Treaty could possibly be used to prosecute him, despite the fact that he is not a US citizen. The recent arrest of Skylarov has cast a lot of FUD in this area when a Russian citizen was arrested under US law.

What probably would have been the best way to handle this was to have anonymously written a detailed description of the encryption and then posted it to FreeNet, or any number of semi-anonymous bulletin boards, and not sign it. He couldn't take credit for it, but that's not what this is about, is it?

Ostriches anyone?

[StikyPad]

Intel spokesperson Daven Oswalt says the company has received several reports from people claiming that they have broken HDCP. But he says none have held up, and the company remains confident in the strength of the system.

Oswalt went on to say, "If anyone DOES substantiate their claims, we'll sue the pants off 'em."

In other news, Intel will be holding a decryption contest. The winner will be presented with a fine of up to $150,000!

Re:the essential sentence

how can you blame gwb when this was passed during the clinton administration?

Re:In related news

[fobbman]

Off-topic? You're just pissy because you were conceived to that song.

Re:Ferguson's Mistake

"You mention prison conditions - the US has some of the worst of industrialized democracies..."

Yes, including officials who condone the rape and sexual assault of prisoners by prisoners.

Re:In related news

[Amazing+Quantum+Man]

I have found a truly remarkable crack of HDCP encryption, but unfortunately it is too large to fit in this post (margin of this post?)

Essay by Ferguson

[Apotsy]

Here is where Ferguson explains his position.

This is a very good essay. It does an excellent job of explaining the problem with the DMCA succinctly, and in a manner than anyone can understand. I'm going to keep this link and use it whenever I want to explain the problem with the DMCA to someone non-technical.

Re:Essay by Ferguson

Choice quotation:
"You learn from your mistakes, but there are too many mistakes to make them all yourself"
I love it!

Re:Essay by Ferguson

[philovivero]

Oh, lordy, this is pathetic.

I just read Ferguson's position paper you linked. This guy knows more about the U.S. constitution and what makes DMCA unconstitutional than anyone in my extended family (all U.S. citizens).

U.S. education is highly broken.

You can't legislate physics.

[dave-fu]

But apparently, you can legislate human emotions. Fear comes to mind here.

Re:You can't legislate physics.

[FreeUser]

I recall a story about a state legislature (Illinois, I believe) that passed a law (unanimously) that declared pi to be equal to 3.2

It was Indiana, and the value was 3.0 (even). IIRC the govorner refused to sign the bill into law however.

Re:You can't legislate physics.

[saider]

I recall a story about a state legislature (Illinois, I believe) that passed a law (unanimously) that declared pi to be equal to 3.2. So you can legislate physics, but you'll probably have to include a conversion constant.

Re:Next DMCA test - prosecution for doing research

[Frodo]

If somebody had cracked CSS and made a non-licensed Linux DVD player available without providing source code or algorithms of the DeCSS part, it would have been legal under the reverse engineering clause of the DMCA.

If only they had time out of the courts to even start working on such a player, you know... In fact, as we see, one has pretty good chances to get jailed very fast after The Man knows about your research, not allowing you to produce evidence of "good faith". And, as you stated by yourself, nobody is going to believe a cryptoanalyst punk of yours that you can do this for something good.
On the other hand, one could work on such a software on the prison library computer. If one doesn't get Mitnick-like "not to come within a mile radius of any computer" judgement from his DMCA trial, of course. Then you probably could have you sentence cut or your fine to get lower, maybe?

can you really blame him?

[xtermz]

seriously? I think the whole "scene" will start reverting back to being 'underground' again for fear of reprisal. I am a majorly anti-'security through obscurity', but now it seems like only a select few will be able to secure their stuff now. it's sad that ingenuity is being hampered. This sort of stuff really makes me wonder why i didn't go into landscaping or something......

Re:can you really blame him?

[spamfodder]

This sort of stuff really makes me wonder why i didn't go into landscaping or something......

Trust me. It's not all rosy in that industry either. Here's the latest blow to agriculture:

• "As a result of joint research, the USDA and D&PL are co- owners of three patents on the controversial technology that genetically modifies plants to produce sterile seeds, preventing farmers from re-using harvested seed."

• http://groups.google.com/groups?th=8f5b391bd90b727 b,1

Coupled with the recent trend in plant patents and trademarked names, the horticulture industry is becoming a legal morass too.

Re:Copyright, then ROT-13 the paper

[Kwikymart]

But your honour, I didnt decrypt it. I encrypted it again!

Re:Essay by Ferguson - how to 'publish'

[mikewhittaker]

I remember reading a science-fiction short story about an engineer who invented basically a 'free energy' device. (No doubt someone will supply the details.)

However, fearing retribution/elimination from Big Oil/Energy Corporations and Governments With Vested Interests, he did not attempt to publish or patent his discovery, although it would be for the common good of humanity.

Instead, he incorporated obfuscated and watered-down versions of the technology into consumer products where they would result in some respectable but unobtrusive energy savings.

He then worked to ensure that, over the years, these products became commodity items throughout the world, knowing that, with time, they would be reverse-engineered by various people, and eventually improved on until the original mechanism emerged into common knowledge and the public domain, throughout the developed and developing countries.

Do researchers need to resort to such tactics of stealth and obfuscation in order to indirectly "publish" their results - hide bits and pieces of the solution in various unconnected publications, until someone is able to piece the fragments together ?!

Re:Just because he's dutch... might change a bit.

[Sentry23]

Being dutch, knowing a bit about recent cases involving computer crime in holland, and the attitude towards research, it is extremely unlikely that he would be prosecuted under dutch law.
The only things that he fears is to be arrested when he travels to the US, which he does frequently, as it said in the article.

Sentry23

and the land of the freeeee
play ball!

Re:Next DMCA test - prosecution for doing research

[Mekanix]

What makes this "fun" and very scary is, that this is propably exactly how the majority of people think.

I mean, if you start what is happening you'll loose credibility really fast. You'd sound just like a cheap copy of Fox Mulder. The tale you'd be telling would sound just *too* Orwellian too unbeliviable.

And you wonder why the mainstream press isn't (or hardly is) picking up on these stories?

Re: He is Dutch, DMCA doesn't apply

It's legal for him to break it since the act did not take place in the US. But if he distributes it to anybody in the US, then it falls under the DMCA. Remember that Sklyarov was NOT arrested for creating the eBook cracker - he was arrested for selling it to the US and in the US.

Re:Duplication

You've hit the nail on the head for the other really bad thing about the DMCA. In order to participate, a hardware manufacturer has to license the technology, and can be held to make sure their device behaves exactly as specified through that license. If a third party implementation existed, there's nothing to stop it from allowing copying or region-free nonsense. So now instead of keeping other manufacturers in check with patent licensing, they can control them with the back up of a new type of "secret" intellectual property made possible bythe DMCA, like a trade secret only without the allowance for clean room reverse engineering.

Take the piss

[t_allardyce]

If you want to get rid of the DMCA, just break it. Wire your CD-Player up to your tape deck and then go to your local police station saying you've broken SafeAudio. Or claim that it was you who was responsible for ebook, not demitry. If everyone gets together wearing decss or 'how to crack rot-13' t-shirts you can demand that the fbi arrests you and gives you the minimum 5 years.

-tfga

Re:Next DMCA test - prosecution for doing research

1. Then why weren't the Elcomsoft SALES personnel at that conference arrested as well?

To my knowledge, Dmitry was the only Elcomsoft employee there. Do you have a source indicating otherwise?

The charge may have been distribution, but actually he WAS arrested for writing it.

If the charge was distribution (trafficking), then that's what he was arrested for, right? The official complaint filed in court when he was arraigned specifically excluded the "manufacture" wording referring to the act of writing it. Even the EFF will tell you that he wasn't arrested for writing it.

Threatening legal action you don't intend to follow through on is illegal. That's part of the Felten/EFF countersuit against the RIAA.

I believe they can get away with baseless threats unless you can show that some damages resulted from them.

I was only trying to point out that just because the RIAA threatened to sue him doesn't mean that he did anything remotely wrong under the DMCA.

However, these exceptions do not prevent the media conglomerates from threatening anyone with extremely expensive legal action.

Agreed. Of course, this problem is a lot bigger than just the DMCA. Until there is some reform of the tort system, these strong arm tactics will continue regardless of laws like the DMCA.

Even if the defendant is able to prove that the product was reverse-engineered, or that the research was conducted in "good faith" (and the burden of proof would be on the defendant)

It depends on whether you are being sued (a civil action) or being prosecuted (a criminal action). If the latter, the burden of proof falls on the prosecution.

the legal costs of fighting the action would be prohibitive. This means that the DMCA has the effect of preventing even research and reverse engineering that is legal under it.

Unfortunately, this is true. It's already happening. For instance, Macrovision free DVD players (which should be legal under the DMCA) were pulled off the market this year. I'm afraid this will continue until the bounds of the DMCA have been thoroughly tested in court.

All I'm saying is that a lot of people's impressions of the DMCA have been shaped by FUD. The actual wording of the law is not nearly as bad as the average slashdotter makes it out to be. The people who wrote it tried to protect legitimate activities like reverse engineering, research, journalism, and fair use copying while putting some teeth into efforts to prevent piracy. They were trying to achieve a reasonable balance, but of course the movie, music, and software industries are jockeying around trying to influence early precedents as much in their favor as possible.

Re:He is Dutch, DMCA doesn't apply

[Guppy06]

Replace "Dutch" with "Russian," and the same could be said for Sklyarov. But he's in jail just the same.

Re:DMCA makes encryption a dubious concept

[dcavanaugh]

I can think of several ways for the "underground internet" to evolve...

• Non-conforming countries & territories: Sealand, China, Iraq, North Korea, Denmark. This is possibly the path of least resistance, at least initially.
• Gateways to PPTP or 802.X linked networks. This would be OK for a while, until the ISPs start blocking these "hacker" protocols.
• New, "stealthy" replacements for PPTP, perhaps something that builds upon the P2P protocols -- this would be difficult to trace or firewall.
• The Freenet project (http://www.freenetproject.org) The fact that people are working on a project like this means the "underground internet" concept is closer than you think.
• I think it's only a matter of time before one of the biggie ISPs decides to resurrect the "on-line service model", similar to pre-Internet CompuServe or Prodigy. They would create an "alternate internet universe", absent any rules whatsoever, loaded with disclaimers. Anonymity & encryption by design, using proprietary protocols that essentially shield the ISP from knowing whery anything is going -- therefore no real responsibility. "Have your modem dial this number, and whatever happens is your problem." Even before the Internet, online service providers have continuously searched for services where the customers would pay non-commodity prices for something that was "added value". If privacy is going to be in short supply, then we will surely have people trying to sell privacy as a product!

IMHO: The limitation of law is that it depends on voluntary compliance from the majority. A law that is widely disregarded is not useful, and probably unenforceable. Hardly anyone disagrees with the fundamental concept of privacy, so I think laws that limit privacy will be met with technical countermeasures, not voluntary compliance.

Re:Hello?

You're 100% correct! Go back to the Jack Valenti deposition transcripts. Did he know of a single verifiable instance where DeCSS was used to 'break' the copy protection on a DVD? Nope. Did Adobe ever present a single instance where protected ebook content was compromised and redistributed? Nope (the copies they themselves purchased don't count since it could not be proven that they didn't simply manufacture that evidence, much like Microsoft's video presentation in court). Yet on the other side of the coin, there are at a minimum three well documented instances where the DMCA has DIRECTLY been used to violate either someone's First Amendment or (maybe)Berne Convention rights (Felten, Sklyarov, and now Ferguson). AARRGGH! This is infuriating!

The point is the Felten case

[TrollingKarmaWhore]

I think you guys are all missing the main plot. The EFF just filed their brief in the Felten case in which they claim that the DMCA is chilling speech. The point of the press release is almost certainly to support the freedom of speech case by showing yet another example of DMCA censorship.

If Ferguson says that he has broken a protocol you can be sure he has done so. The expected outcome of the DMCA case is for the censorship provisions of the act to be struck down. So Ferguson has to expect to be able to publish soon.

The DMCA does have some interesting side effects however. Nobody can ever be sure the DRM technology they buy works, the lack of peer review and discussion means that there is a level playing field between the many peddlers of snake oil and the legit players.

Another effect is that anybody can mount a reputation attack against any scheme.

Re:who gets hurt?

[MonMotha]

The sad thing is that all of the DMCA publicity recently actually got me to bring up my "circumvention device" (aka "rot13") to try to "decrypt" your post.

That's really scaring me...
--MonMotha

Huh

[Frodo]

He was arrested for selling it to customers in the US over the internet and for selling in person while in the US at the conference.

That's bull. Sklyarov didn't sell anything. Elcomsoft (which Sklyarov neither owns nor manages) sells the program. Sklyarov was arrested because his copyright was on the program (i.e., for writing the program). Also, this is the first time I hear Sklyarov sold anything on the DEFCON. Did he go and sell diskettes? Or did he have Visa card device in his pockets? How exactly did he sell this program?
Also, how do you imagine some company in Russia be liable for what their clients did - importing the DMCA-prohibited wares into the USA? Elcomsoft itself is in Russia, and whatever it sells in Russia to US citizen is under Russian law, not under US law.
Also, if Some Big US Company has problem with Some Another Big US Company does, do we see employees of either company arrested by the FBI agents and rotting behind the bars? No, we see their lawyers talking. Somehow, the civilized way of settling (i.e., bringing the suit against Elcomsoft, winning it and prohibiting Elcomsoft to sell the wares) was seen unfit by Adobe and US State. They chose just to jail the first person they could lay their hands on. Very, very stupid. And very, very disgusting.

The fact that the RIAA threatened a lawsuit against Felten doesn't mean he did anything wrong.

If I threaten to kill somebody, is it wrong? Even if I do not actually do it? A lawsuit from RIAA would basically kill Felten as a researcher and maybe would also kill him economically, depending on how much money can he shell out to protect himself from frivolous lawsuits of RIAA. And you definitely know that, that being engaged in the lawsuit is a gross problem even if you win. So why you pretend like it's nothing?

I don't believe that anybody would consider a straightforward attack against a known encryption technique for the purposes of key discovery to be "good faith" research.

So what is "good faith"? Writing positive reviews in Byte? One doesn't need cryptoanalysts for this, trained monkey is enough. Cryptoanalysts work is to break the codes. Claiming otherwise would be like holding QA people liable for "breaking" the code when they find bugs. I guess if programmers were on the same dumbness and greed and power level as the RIAA, finding bugs in products or telling anyone about how some program crashed for you would be as illegal as telling someone how some encryption algorithm sucks is now.

To my knowledge, Dmitry was the only Elcomsoft employee there.

Oh. "We cannot arrest the right person, so we better arrest the innocent - at least thus we get something to report to big boys up there".

Re:He wasn't first?

Apparently a number of people have already figured out how to do this and have published the details.

See my other post that has some links to the details...
(#192)

In related news

[alexjohns]

I've uncovered the secret ingredients in the Colonel's spices and McDonald's Special Sauce. I figured out where Amelia Earhart has been all these years. I know whether or not the moon landings were faked, who shot Kennedy, and how many stones there are in the Washington Monument.

I have decrypted the secret code in the Bible, correlated it with the secret codes of the Baghavad Ghita, Talmud and Qur'an and now now the inner thoughts of all gods. I have unified field theory and quantum theory and will soon have a device that will bend all matter to my will.

I know the secrets of teleportation, telekinesis, telepathy, and how to get women to want me. I know the secrets of every three-letter agency in government, the Psychic Friends network, and the US Postal Service.

Unfortunately, due to the nature of the DMCA, I am unable to share my findings with others. I suppose I'll have to get on my FTL spaceship and find a more genial planet. Ta-ta!

Re:In related news

[alexjohns]

Actually, I don't know where Jimmy Hoffa is buried. I could find out, having mastered the power of telepathy. I just have to find the right person's mind to read. And, of course, I've only mastered the theory. Actual application has, so far, eluded me.

It's not very high on my list of priorities. First is unbuttoning the top blouse button on the well-endowed cutie sitting across from me with telekinesis. Second, is the next button. Third would be the button below that. But fourth, well that's all dependendent on whether it's a front-snap or back-snap bra. Fifth? Haven't got that far yet. Depending on how successful the first four are, it might have something to do with manual - uh, I mean mental - stimulation of my umm, privates, under my desk, with my hands in plain sight.

Might be hard to explain the stain, though. I'll put Hoffa down as a tentative sixth.

Re:In related news

[chrisserwin]

I don't buy it. No way in hell you've figured out how to get women to want you. No guy knows that.

Re:In related news

Mabey the poster is a women, ever thought of that?

Re:In related news

[number+one+duck]

If you came up with that line, its absolute genius, I love it. Mind if I repeat it elsewhere? ( I didn't see any encryption, therefore I *assume* that its public domain, thats the natural corollary to the DMCA, right?)

Re:In related news

[vbrtrmn]

I found a crack in my ass, thankfully I can't release it due to the DCMA.

Re:In related news

[Muad'Dave]

You forgot to mention that you know where Jimmy Hoffa is buried...

Re:In related news

[fobbman]

Not bad, but let us not forget that it is Barry Manilow that writes the songs that make the whole world sing. And that, my friends, should be prosecuted to the fullest extent of the law.

Re:In related news

[wgmari]

I have a most ingenious crack to this algorithm, but there is not enough space in this margin to write it down.
:)

A method for this was posted a few weeks back

A guy named Keith Irwin published a high level process for attacking HDCP a few weeks back and it sounds much the same (i.e. number of required devices, etc.)

See the links below for his whitepaper as well as a previous discussion regarding this on a popular HDTV forum...

http://www.angelfire.com/realm/keithirwin/HDCPAtta cks.html
http://www.avsforum.com/ubb/Forum11/HTML/015261.ht ml

Re:He is Dutch, DMCA doesn't apply

[sdo1]

>I don't see the problem

When it's YOU the FBI may be targeting, come back and tell us if you still think it's not a problem.

-S

Re:Ferguson's Mistake

[JoeShmoe]

I don't think so. The matter at hand is "reasonable doubt" and I think it would be easy to produce reasonable doubt that Ferguson was the source of the master keys, especially if the protection is trivial.

We here in the US have a stupid law that says if I flip the bits in my content then it is "encrypted" and it is illegal for you to distribute a decryption device (a bit flipper).

However, if I find a "decrypted" copy of my content floating around the internet, all you have to do is say "look, it's just bit flipping, anyone with a basic knowledge of math could have decrypted it" and then at that point it is up to me to find something that conclusively pins it to you...like a copy of "BiTFLiPPER 1.2 by rkn0p" floating around.

- JoeShmoe

Cause...

[egg+troll]

Because we're the United States, the 800lb gorilla of the world. We can do whatever we want and the rest of the world can't do a thing about it. I mean, we could invade pretty much any country we wanted to and who's going to stop us? Canada? Hahaha! Canada can't even keep its own country together. Russia? Please, they're like our drunken brother-in-law. We just put up with them to keep their filthy drunken fingers off the button. China? Go make me some fried rice!

Re:Cause...

Because we're the United States, the 800lb gorilla of the world. We can do whatever we want and the rest of the world can't do a thing about it.

I dunno. What if arab nations said "no more oil until you block porn sites". The US wil roll over to the almighty black goo.

Next DMCA test - prosecution for doing research

[hillct]

It will be interesting to see if once it does get out, if companies will seek to hold him responsible, even if e doesn't release it himself. I winder if the DMCA covers the eventuality of having done research which facilitates bypassing encryption. It really isn't that far to go from doing research (and finding the solution) to writing the software that actually performs the operation. Will it become a crime to do research?

--CTH

sigh

[xsteinberger]

sigh... things like this should be allowed to be published... people will always find bugs in software, crack encryption algorithms, and exploits in security of nearly everything. when documented properly, published, the developers are identified of the problem after which they can make the necessary ammendments. also, properly documented bug reports notify users and system admins of the problems, outlining the need to upgrade or patch as instructed by the software vendor (taken as an example). no doubt sooner or later another tech savvy 'user' will accomplish the same as the first. a bug may become relatively well known, and allow exploits by malicious 'users', while it has not been called to the software vendor's attention. occasionally, the 'user' who discovers a bug, workaround, or cracks an encryption algorithm, may not be of the right ethical nature to bring it forward, contact the relevant parties to have it resolved, or make it public domain--and instead may be of a malicious nature, as per Code Red. no doubt it was a new undocumented exploit--had some user found it 2 months ago and documented it properly, well, this could have been prevented, somewhat. had some user found it 2 months ago and left it silent, well, just look at what has happened.

Re:Duplication

There's also a clause in there about allowing for research, but that didn't help Felton much, did it?

I'd say it DID help him. Was Felten ever charged with violating the DMCA? No. Did the RIAA ever carry through with their threat to sue? No.

The clause about non-infringing uses certainly isn't helping DeCSS.

Think about the situation. The only non-infringing use they offered was to provide DVD playback on operating systems where no player was offered. Unfortunately, there was a licensed player available for Linux, and at the time there were no players available using DeCSS. Meanwhile, lots of people were using DeCSS to rip DVDs to DiVX/MPEG-4 format for trading over the net. So it was pretty safe to say that (at the time) the only people using DeCSS were using it for infringing purposes.

The only way that the licensors have to make sure that an implementation conforms to their restrictions is to license it. In fact, they probably have it arranged so the only way to know what all of the restrictions actually are is to get a license. Anything else would be branded a circumvention device, since non-exact compliance to a set of restrictions an unlicense manufacturer wouldn't even know would be considered circumvention.

I can't argue with conspiracy theories. All I can tell you is that the writers of the DMCA explicitly intended to allow circumvention as part of the standard reverse engineering methods used to design devices & programs that are compatible with a competitor's proprietary interface.

It ought to be fairly obvious whether the result of this reverse engineering is legal or not. If it provides a way for people to access a protected work without having been granted the right to do so by the copyright holder - it's illegal. If it's merely used to make one product compatible with another without providing any additional mechanism for unauthorized access - it's legal.

Re:Fermat's Last Theorem, revised.

[zer0vector]

Yeah he finished the proof in '93 or '94 can't remember offhand. Andrew Wiles was his name I think. For a good book about Fermat's Last Theorem, try Fermat's Enigma, by Simon Singh.

Re:He is Dutch, DMCA doesn't apply

Got threatened for != illegal

The DMCA is part of the criminal code, yet nobody in law enforcement threatened Felten. Want to know why? Because what he did was not illegal. The fact that somebody threatened him with a lawsuit doesn't mean anything.

Leak it anonymously , have a spine !

on top of that, yankee law should not apply to dutchmen

Re:Duplication

You are absolutely wrong. The DMCA does permit circumvention for the purpose of clean room reverse engineering. Just read the text, it's there plain as day. As long as the reverse engineering is for the purpose of making a compatible product and not for making a device that permits unauthorized access, it is totally legal.

Re:Ferguson's Mistake

Yeah, who cares if you can be thrown in jail for talking about doing your job? That's not important. Jeez.

Re:DMCA is International?

[scott1853]

Hint: Its called "reading the article before posting".

What for? Nobody else does unless there's cool pictures or video.

Re:He is Dutch, DMCA doesn't apply

[Kjella]

Actually he can do whatever he wants in Holland without fearing the DMCA, but he can *not* even talk about it in the USA. Sklyarov isn't charged with breaking the encryption while in Russia, but standing on US soil telling people what he had discovered. Unless his work to break the encryption has partly been done in the USA, I don't see the problem.

Kjella

Re:He didn't break it :)

[(void*)]

How asinine. He could make a video stream encoded with the master key for example. And we could all verify it with the public key.

That's the great about assymetric key encryption.

They are so fucked.

[szomb]

That's great, though.

X months from now when this scheme is in wide use, and all of a sudden come hundreds of anonymous Usenet or maillist postings screaming "Hey, the master key ix XYZZY" ... these companies are all fucked.

And then Niels will be able to say "Well, see? If it weren't for your stupid DMCA, I would have told y'all this BEFORE you released it."

I'm getting that feeling in my stomach. I've got plenty of processing power at home...anyone have those screens? :D

Re:DMCA makes encryption a dubious concept

[dcavanaugh]

Yes, and if they had the Cheyenne mountain complex, they would not care about a feeble defense like DMCA.

It shows how little faith the copyright community has in the ability of commercial software developers to create hacker-proof encryption standards. Surely, the bright people at NSA & CIA have all kinds of encryption that [I hope] works. By comparison, the developers of Adobe e-books and CSS must be some really dim bulbs.

I know the NSA/CIA guys are spending lots of time & money on testing the security of their algorithms. I wonder just how much effort the copyright gods put into testing CSS or e-books before the hackers defeated the encryption.

As we have seen with Sklyarov and countless others, the people who do encryption research are not deterred by US law. They might be annoyed and inconvenienced, but nothing more. The real threat comes from quiet people who are not going to tell anyone about what they do. If you depend on encryption, you have to assume that people are going to attack it on a 24/7 basis. Making it technically difficult is not the best defense, it is the ONLY defense!

Re: entrapment

[maddogsparky]

No.

Entrapment only applies to law enforcement personel. Last I checked, we're not messed up enough in the US to the point where private companies have legal jurisdiction (with the exception of a few areas like San Fransisco, where law enforcement is contracted out by the city to security companies). But who knows what the future holds? It's a well established legal principle in the US that politicians can be bought.

Re:Alias and Freenet

[Grit]

How would he then tell people how to look up the information on Freenet? If he already has an anonymous communication channel with which to distribute a Freenet key, then he could use that directly to distribute the information. If no such channel is available, then posting the key in a traceable manner will still expose him.

Someone could just try guessing random related names, of course, but I (or Intel) could just as easily guess what people would try and preemptively put information under those names as well...

Nope. It was broken 3 months ago.

Yes, it was broken 4 *days* after being released. See: http://cryptome.org/hdcp-weakness.htm

With the origional spec leaked at: http://cryptome.org/hdcp-v1.htm

The attack has been rediscovered many times since. If anyone is aware of a earlier publicly available paper on the flaws, please give a reference.

So, I'd say that Niels Ferguson and Keith Irwin rediscovered that attack.

It's spooky to read a document while someone ...

[Russ+Nelson]

It's spooky to read a document while someone is editing it. I loaded a copy of Nils's position paper. Got halfway down and found an unterminated URL. Rather than reporting it to Nils, I reloaded the document. Yup. Between the time I started reading it, and the time I got halfway through it, he'd already fixed the problem. Imagine reading a book and seeing a typo but by the time you re-read the sentence to get the real meaning, the author had found and fixed it.
-russ

Poetic justice.

[Black+Parrot]

Lots of us said that for the SDMI contest we should say "yeah, I can crack that" but not release any details (even if we really could crack it). Let them sweat it out.

Now the industry is starting to get this treatment because of its own heavy-handedness. If some FUDster claims he can crack $ANTIPIRACYTECHNOLOGY but won't prove it, no one will will be able to call his bluff effectively.

Meanwhile, full-quality bootlegs continue to pour out of Taiwan. Society has nothing but reduced rights and privileges to show for all this.

Re: He is Dutch, DMCA doesn't apply

[kiriuja]

So you think he'll not get arrested for just breaking it without releasing it? We'll see...

Re:Good!

I know you are trying to be funny. But you have a point there.

Someone ELSE could emerge, under a pseudonym, and demostrate that he too has cracked the scheme. Then he could encode the something with the master key for everyone else to verify that this claim is true. Next he will use the master key to encode something symmetrically. Ferguson could decrypt this message and show it to all using the same master key and show that he too has the same damn key.

We thus have public proof that the scheme has been cracked. Ferguson could argue that he has made no device for decryptioni, has not published his results, so how is he liable in any way under the DMCA? All he did was to verify that that anonymous cracker was is not bullshitting. He can continue his great campaign. Meanwhile the anonymous guy can go into hiding and nobvody would be the wiser for it.

The DMCA just make the whole situation a good deal more complicated than it needs to be. IT IS BAD LAW.

DMCA: Best FUD tool ever created!

You people are overlooking the upside of all this.

Now we can FUD any copy restriction technology top death by claiming that we broke it, and refusing to give any details due to the threat of prosecution under DMCA!

The question is, would this be effective enough to get the media companies to stop using it?

Re:He is Dutch, DMCA doesn't apply

In the event he even discusses it in his home country and someone, anyone brings that information back into the U.S. he could be sued under the DMCA. While it may not stand up in court, he can't afford to deal with it. He's right.

As he said, he travels to the U.S. a lot.

Re:DMCA makes encryption a dubious concept

[NumberSyx]

Thanks to DMCA and rabid lawyers, we're creating an "underground internet" that generally ignores the law.

This may not be completely true now, but I can see it coming. Look how easily the loose network of home based BBS systems sprouted up in the 80's. At its hieght I think there were 30,000 BBS operating in the US alone. Today of course a network of single line, modem based BBS's sounds silly, but what about the wireless networks people are setting up in some of the larger cities and giving free access to anyone passing by. Is it possible using 802.* to relay from network to network ? If it is possible I can see an underground internet developing, free from government control and commercial exploitation.

You ARE stupid.

[Axe]

I do not know why I am argueing with a stupid coward, but however you spin it - pointing out a flaw in a product is NOT advertizing infair use. Grow up, jerk.

And BTW - biggest US client of ElcomSoft is FBI. Did not you know that? Or, it does not fit into your PR compain.. Well, sucks to your logic then..

Re:Next DMCA test - prosecution for doing research

[Hallow]

Yes, but most of the time the courts don't rule against the person who wrote the manual on how to pick the lock, created the skeleton key, or sold the lockpicks to the crook.

It's the act of breaking the lock, not information, tools or ability that allow one to bypass the lock, that should be, and already was illegal.

Re:Next DMCA test - prosecution for doing research

So please, people, stop arguing the one point that continues to turn people AWAY from the validity of the arguments against the DMCA. It's a lock, effective or not, it's a lock. If it can be broken "accidentally" it's not a lock, but so far, I haven't seen one that can be broken accidentally.

The argument addresses the use of the term "effective" in the language of the DMCA. You might consider reading it sometime, fuckfist.

Re:Next DMCA test - prosecution for doing research

Shill.

Or as Bill Hicks said, "Every word that comes out of your mouth is like a turd falling into my drink."

Don't you have a band waiting for you to screw them on their record contract?

Re:Me Too ... Me Too ...

[jeffy124]

that reminds me of an old math joke tha tgoes something like this:

A mathmatician announces a lecture about the solving of some age old problem (I forget the exact theorm). He gets a large crowd for the lecture. But he discusses something completely different. Afterwards, a friend asks him why he didn't talk about solving the problem like he said he did. "Did you find something wrong in your proof?" was one question that was asked. The scientist answers, "That's my backup in case I die during my tripto the lecture. This way I'll go down in history as solving the problem and taking it to my grave."

a lame joke yes, but applicable to this Dutch scientist

Chilling effect on research and free speech!

[Deven]

Can you say "chilling effect", boys and girls? I knew you could...

Re: He is Dutch, DMCA doesn't apply

[ttyRazor]

It was a lame excuse to stretch the limits of juristiction then, and they'll come up with an even lamer excuse for this. They would do everything they can to harras this guy, even if the can't make anything stick, including have Jack Valenti call him a child molestor or some other far more vile name for copyright infringer like they did with "pirate".

A bit of Paranoia Here

[droyad]

I don't think I've seen it mentioned here, but

It seems that the FBI and other crime fighting organizations are opposed to encription as a rule (as long as they can use it). They encourage the use of weak encryption by members of the public (which they can crack in a reasonable time.

What if.. What if.. The legislators put up the DMCA to make people feel they can use dodgy encryption and nobody could break them.

Is the FBI covered by DMCA??

--

I write this from the saftey of australia.. I'll throw a few Koala BEARS at them if they come and get me

Re:Duplication

The DMCA is crystal clear about this. What you just described is 100% LEGAL under the DMCA as long as the specs, algorithms, and source code are not made publicly available. The reverse engineering clause was designed specifically to permit this sort of thing. And as long as the reverse engineering is done "clean room" style, it can even take place within the US without worrying about trade secret protection.

But as you mentioned, the device could not provide access to the raw unencrypted data stream. But in addition to that, publishing the specs, source code, or other information that would help other people circumvent the encryption would also be illegal.

It appears to me that if somebody produced a closed source, binary only DVD player for Linux that doesn't use an official CSS key, there would be no DMCA violation. But that wouldn't make DeCSS legal.

One little problem...

[DAldredge]

It is NOT illegal to but the Stars and Stripes in the US!

Re:He is Dutch, DMCA doesn't apply

Learn the difference between a "law" and an "organization".

He wasn't first?

[amorsen]

Scott A. Crosby wrote this short paper over on cryptome.org, which seems to cover an attack that is very much like the one in the post. Especially the number of devices required in the post (50) matches the number of keysets required by the attack described on cryptome.org (40-50). Coincidence?

Re:It's spooky to read a document while someone ..

[EMH_Mark3]

Or reading a document that's being cencored as you read it. Ack! The Sky is Falling!!

Re:Fermat's Last Theorem, revised.

[Kilmir]

Wasn't that cracked by some british mathematician a few years back?

Rijndael

[modemboy]

In his address at HAL, Ferguson reviewed a well-known published attack on a reduced-round version of the Rijndael algorithm, which was discovered before Rijndael became the final AES. The cryptographer also presented an algebraic formula that describes the structure of Rijndael. If the formula is solved, Ferguson believes that the Rijndael block cipher could be broken.


This right here was kinda stuck in the middle of the article in an odd place, but seems worthy of more depth. Anyone in the know care to comment?

Re:DMCA is International?

[camusflage]

I don't know about you, but if it's my ass going to prison, I'm going to err on the side of caution. Sure, they might not go after you as long as you don't disseminate information in the US, but because of the fact Elcomsoft used a US server as part of the buying process, even though at no point did that server house any code, that was deemed sufficient to invoke jurisdiction.

I too have cracked HDCP

But the solution is too big to fit in the margins of /.

Re:He is Dutch, DMCA doesn't apply

The age of consent in the Netherlands is 12. It is not uncommon to see singles ads by men looking for women with 12 year old children.

What does that say about this guy now?

Hello?

[ErikZ]

Guys! This is GREAT news.

When the DCMA eventually is challenged in court, the good guys will need all the ammo they can get.

If you say the DCMA squelches free speech, you're going to need examples, proof, like this situation. I hope many more researchers announce that they fear to publish because of the DCMA.

Re:Umm...what's all the hubbub?

Who modded this up?
The link is about RFC 2131 (DHCP),
while this article is about HDCP.

Hehe. Two can play this game!

[Gorimek]

This is so much fun. Thanx to the DMCA you can FUD any encryption scheme by just saying that you've broken it but doesn't dare to reveal the details. Now nobody will trust HDCP, and they have no way of defending it. It's a fun way of getting back at "the man".

Another thing: Once some other expert claims that he also has cracked HDCP, but of course can't divulge the details, Ferguson or the other guy can leak the information to the net, and "they" will have no way of knowing which of the guys who leaked it.

Re:Hehe. Two can play this game!

[WhiteWolf666]

They might be able to sue for libel. I don't know...but it seems likely.

Re:Hehe. Two can play this game!

[SnapShot]

There is a big difference between "noted researcher X who is known to have been involved in technology Y" claiming to have broken an encyrption scheme and "noted slashdot poster SnapShot who is known to have wasted time at work reading slashdot" claiming to have broken the same scheme...

Mod this up

[jonr]

I have been thinking this exact thought each time some new 'copy(right)-protection' scheme is announced. Joe User will be annoyed and frustrated, but Joe Pirate will always have resources to crack/circumwent the protection. This is what happens when you let laywers run amok.
J.

A Smart move... Really.

[IPFreely]

That was a smart move. It doesn't mean he's giving in. It means he knows how to release the information in a way that the DMCA can't hurt him.

He saw what happened to DeCSS. What he needs to do is create a whole product/application that has real legal uses (along with possibly some infrenging uses). Then release that. The legal uses should make the application valid under DMCA, while the information can "leak" through code or specifications.

Not to say the powers that bee won't try to stop it anyway, but a valid application goes a long way towards sidesteping the DMCA.

Imagine if Livid had been released before DeCSS. Same code, real usefull application. It can't be labeled a pirate tool, but it still releases the information.

Old news

[Insount]

Politics aside:

A description of a fatal weakness in HDCP's was published by Scott A. Crosby a few days after the specs was published, and was independently discovered by many others. Crosby's attack appears to have the capabilities claimed by Ferguson and has negligible computational cost (inversion of a 40x40 matrix). It requires the built-in keys of any 40 HDCP devices, but this is presumably easy to achieve in the presence of software-based HDCP implementations).

Thus the new feature of Ferguson's attack is probably a way to extract the keys without actually hacking any device, but rather by talking to intact devices via the normal protocol. While this is interesting, HDCP should already be considered broken in light of known attacks.

Re:The problem isn't HDCP

[KeithIrwin]

HDCP is used to encrypt video.

Keith

Re:Good!

[chancycat]

Truely a bad law.

Question - how much noise and pain until we feel the shift away from this awful law? Each time I read articles like the above I just feel worse about our country (USA). Sure I give my money to the EFF, but it takes SO DAMN long to fix something that was wrong to begin with!

Grumpy and mad

Re:Duplication

[stx23]

Consider this Tivo story.
Hacker A cracks the code, tells the world he won't release it, 6 months later Hacker B releases it. I see history repeating.

Re:Duplication

[Apotsy]

I doubt that sort of thing would fly. A lawyer could probably argue that including an unauthorized copy of the key in any product would make it a "circumvention device", and thus illegal -- even if it didn't actually let users get at the data.

On the other hand, someone could make a device that included everything you needed except the key. By itself, it would not be a circumvention device, but if the user input the master key -- boom! Free access to everything. All the manufacturer would have to do is include a disclaimer that said, "You must have an authorized copy of the master key to use it with our device. We do not support unauthorized use of the master key." Of course, the device would probably also need to serve some useful function without the key. Kind of like DVD players that the manufacturer purposely makes easily-moddable to be region free. That might actually work. All that's needed is for someone to leak the master key, which is bound to happen sooner or later (as Ferguson points out).

Re:Alias and Freenet

Obviously Freenet was designed for just this sort of thing. But because it's an issue of scientific research (cryptanalysis), Publius was also created expressly for this purpose. However, I get the impression that Publius intended to be protecting the speech of foreign citizens from their oppressive governments, not from our own. If he did publish his results anonymously to Freenet, say, 6 months to a year from now, it would be a good test for the anonymous nature of Freenet. If I were him I would not use Freenet until it has been tested by some other high profile case. Instead I would just go to some internet cafe and anonymously post (through multiple anonymizing proxies) the solution by hand typing it. No one could prove anything. It would be traced back to the internet cafe after getting multiple Anonymizing services to cough up their IP logs (assuming he uses ones that keep them at all). I wonder if the internet cafe (Starbucks perhaps?) could be sued for allowing anonymous internet use. Eventually I think true anonymous internet use will come down to only those few countries that continue to allow internet cafes without requiring that detailed logs be kept of every user's picture ID.

Consumer Protection

it is my opinion that the real problem here is consumer protection. until the music industry can redefine the value of music, an encryption scheme is needed to protect the livelyhood of media creators. the problem that the DMCA creates in it's present form is that an potential investor in a new encryption technology (ie a record label interested using HDCP to protect it's work) cannot hire a professional to deeply evaluate emerging schemes. if an independat expert performs a "Consumer Reports" style analisys of new software and discovers major flaws, he is in violation !! i realize i am preaching to the converted here, but i am truly alarmed that this point of view is not frequently expressed.

Re:He is Dutch, DMCA doesn't apply

[el_nino]

.. even the DMCA hasn't made it illegal to figure out how to decrypt encrypted copyright material, but rather has made the trafficking in devices using that knowledge illegal.

I refer you to US Code Title 17 section 1201, AKA the Digital Millennium Copyright Act:

(2) No person shall manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof, that -

(A) is primarily designed or produced for the purpose of circumventing a technological measure that effectively controls access to a work protected under this title;

Note the word manufacture. If he cracked the encryption, as opposed to just figuring out that it was possible, it's a crime under the DMCA even if he didn't distribute anything.

Peer review to strengthen encryption

[Dr_Cheeks]

Indeed. I'll bet those Germans who invented Enigma are kicking themselves (posthumously, natch) that they didn't legislate against the Allies cracking it : )

Thank you DMCA

...for outlawing peer review in cryptography, and allowing all sorts of consumer electronics to be built with pathetically weak encryption. So long as this pattern stands, our fair use rights can still be exercised (albeit without that "rights" aspect).

It's not just vanity

[rhincewind]

I was actually there (at HAL) when he expressed his anger about these procedings. When asked whether 'the paper was in his tent at the moment' (talking about anonymous posting ;-) he replied being serious about not publishing.

Imho his goal is not getting his paper published, but getting people to think about the consequences of these laws. Unfortunately, this the only way we foreigners can protect our rights abroad.

Linked to this, in Europe a 'law' is being prepared (due Sept 3rd I believe) which forces a country to assist another country to eavesdrop (snif Internet traffic) on a user if he (she) did an illegal act in that OTHER country. To link this with a previous link (thanks for the thought), if China were to be part of such agreement, every couple with 2 or more kids could forget its privacy...

Joost

Me Too ... Me Too ...

[ReidMaynard]

I too have broken Intel Corp.'s HDCP ... and like Niels Ferguson, I must remain silent.

Good!

[JoeShmoe]

This is a Good Thing(tm)! If the details aren't released, then it's just rumor, speculation and slander against the HDCP standard!

That means the HDCP consortium can continue on their merry way to rolling out their video solution...and then after we have all this great content available...THEN we can have someone release the information (I see Lawrence Lessig waving his hand there in the back).

Think about it. If the Crack SDMI has come back with nothing but failure...then maybe we would all have GB of juicy full-quality (minus watermarks, ahem) songs sitting on our harddrive awaiting a simple watermark snipper.

Thank you DMCA! Chilling research only delays the inevitable! It doesn't stop it!

- JoeShmoe

Re:Good!

[szomb]

Your country? This country belongs to its IAA's and the government they've purchased.

Eventually, those of us that give a fuck will be forced take it back.

The time is drawing near, I'm afraid...

Re:Good!

[SuperLiquidSex]

I've always wanted to see an average slashdotter try and take back a goverment, could be funny.

Its not a copyright or patent issue

It remains possible that they will send out ninja's to kill him, but its bloody unlikely.

He is Dutch, DMCA doesn't apply

What is it with people today, they all act like a fearful bunch of wussies. With folks like that we don't need any DMCA enforcement.

Re:He is Dutch, DMCA doesn't apply

Had you actually bothered to read the article before trying for a FP, you would have noticed that he "visits the US regularly for personal and professional reasons."

Re:He is Dutch, DMCA doesn't apply

If you read the article, you'd know that he visits the US on a regular basis.

Re:He is Dutch, DMCA doesn't apply

If he "manufactured" the crack outside of the US, it's not a crime. US law has no jurisdiction until it's distributed or made available in the US. Presumably, posting the details on the internet would count.

Re:He is Dutch, DMCA doesn't apply

[Drone-X]

He is Dutch, DMCA doesn't apply

Maybe he doesn't want to lose the ability to travel to the USA, if he puts it up for download he'd be violating American law (at least in California they seem to think the Internet means you're *everywhere*).

Re:He is Dutch, DMCA doesn't apply

[radja]

I was at HAL2001, where he said he didnt publish because of personal and professional reasons. //rdj

Re: He is Dutch, DMCA doesn't apply

What was the lame excuse in the Sklyarov case? He sold copies of his program at the conference while in the US. At least for the internet sales, he could claim it was the company committing the crime. But when he sold copies in person on US soil there isn't any jurisdictional ambiguity.

Re:He is Dutch, DMCA doesn't apply

[ttyRazor]

I think its a safe bet that a research paper in plain english would be considered "technology", and here we get to the point where the DMCA and the First Amendment do not coexist. Remember, publishing and presenting was all that Dr. Feldon was about to do, and got threatened for. Don't think that because the law doesn't explicitly say it doesn't apply that it wouldn't, it will take a long and costly court battle to determine that.

Re:He is Dutch, DMCA doesn't apply

[FreeUser]

However, even by claiming to have broken the encryption, he's placing himself at risk of being investigated, and possibly detained and questioned should he ever visit the US.

You are probably right, as the DMCA is clearly intended to be used as a club to squelch information and discussion under the (woefully thin) guise of protecting copyright holders.

However ...

(If I were to publicly announce that I had commited a crime, I would expect the authorities to take interest in me.)

... even the DMCA hasn't made it illegal to figure out how to decrypt encrypted copyright material, but rather has made the trafficking in devices using that knowledge illegal. By announcing he's done it, but not sharing the methodology, he cannot in any way be said to have "trafficked" in a circumvention device. To do so he would have to publish, and this he has not done. Not that that will stop Intel or someone else affiliated with the Copyright Cartels from swearing out a false afidavit and falsely imprisoning this individual (and, interestingly, while the Sklyrov case goes forward I do not see anyone from Adobe being arrested for Perjury, which swearing out a false affidavit is ... hence the term "swear").

Of course, it is only a matter of time until someone does publish, probably anonymously, and DHCP dies the death it so richly deserves.

The software world, which relies on restricted copy priveleges (copyright) far more heavilly than even the Media Moguls of Hollywood and New York, learned over a decade ago just how futil copy protection schemes were. Instead, they chose to go another route, making serial-numbered copies traceable rather than uncopiable (something which has been shown mathematically to be myth in any event). Interestingly enough, having people's names attached to serialized copies of software had a chilling effect on copyright violation that no amount of copy-protection schemes and hardware dongles was able to achieve. It didn't eliminate it, but it sure cut down on the number of people willing to share their copies of software with anyone other than, at most, their closest friends.

The Copyright Cartels and Media Conglomerates refused to learn this obvious lesson, prefering instead to believe they have purchased protection through the DMCA sufficient to allow even the most flawed "copy protection" to stand through artificial threat with a government gun in contradiction to both information theory and basic physics in the physical world.

Of course, when "casual copying" has been mostly eliminated and fair use is dead, the industrial copyright violators will still be producing illegale wares in quantity, until they in turn are shut down using methods and laws which have been around for decades. Which underscores the real motivation and target behind MPAA and RIAA purchased legislation such as the DMCA: the individual consumer, not the commercial copyright violator.

Re:He is Dutch, DMCA doesn't apply

[cbass377]

So hard work is a crime. How far will we go. Soon, using a software for a purpose other than the intended use will be a crime. When does it end?

Re:He is Dutch, DMCA doesn't apply

and DHCP dies the death it so richly deserves"

Right on. Death to all dynamic IPs. The internet was meant to be static.

Uh, that was meant to be funny. I know the guy just typo'd.

Re:He is Dutch, DMCA doesn't apply

[bmongar]

Maybe he plans to visit the US sometime and doesn't want to get arrested like Dimitri,

Re:He is Dutch, DMCA doesn't apply

[garbuck]

Sklyarov isn't charged with breaking the encryption while in Russia, but standing on US soil telling people what he had discovered.

Technically not true. In their complaint the feds cite a "sale" of the circumventing software in the United States by reason of the fact that the Intel person in Santa Clara who bought it from ElcomSoft paid for it through an agency in Seattle (a common third party arrangement). From this they conclude the sale took place on US soil. They then attempt to pin the blame on Dmitri for the sale on the ground that his name is on the software copyright and he works for the company that published it. They do not base their complaint on his talk in Reno. They only mention his attendance at the conference in passing in their account of how he came within their grasp.

IANAL, but it escapes me how their complaint could stick. Even if the Intel person had ordered plutonium from ElcomSoft, it would still be ElcomSoft doing the deed, not Dmitri.

Re:He is Dutch, DMCA doesn't apply

[erroneus]

He's Russian! The DMCA doesn't apply!

What is it with people today, they all act like a fearful bunch of wussies. With folks like that we don't need any DMCA enforcement.

Re:He is Dutch, DMCA doesn't apply

What is it with people today, they all act like a fearful bunch of wussies. With folks like that we don't need any DMCA enforcement.

I would like to see if YOU would like to leave your family and go to jail for some years just because of the DMCA... If I was to break DMCA I would certainly not publicly say it and would release it on the Underground, silently and swiftly... Hell, that was why old-school hackers did illegal stuff and were so paranoid, for freedom of speech...

Honestly, I dont see a bright future for us geeks... At least not a bright legal future...

Re:He is Dutch, DMCA doesn't apply

[bsc7080]

I am as proud as the next U.S. citizen to be in the United States, but this DMCA is becoming more of a Gestapo organization with the goal of stomping out anything they believe to be a threat. The quality of the internet was founded on people building a tighter system due to flaws that were discovered. Why should the industry be forced to stick their heads in the sand and ignore the problem. Fix your source coding or encryption scheme, and move on. In the future..do better testing.

Re:He is Dutch, DMCA doesn't apply

[ByTor-2112]

As long as he is reluctant to come forward, the DMCA is not only doing its job in America but the international community is letting it do its job across the globe. If the international community does not stand up against things like this, they will be forever bound by it.

Re:But...

[Cratylus]

Yes, but if he ever gives a presentation in the United States, he could suffer the fate of Dimitri.

Re:Ferguson's Mistake

[Whyzzi]

Jesus Christ. Aren't there more important crimes that deserve to be prosecuted?

So that's what he cracked!

[Jacco+de+Leeuw]

I mentioned it in a comment on last Monday's Dmitri story.

I was packing up after his talk when he mentioned he had cracked something so I missed what he had cracked...

Unclean hands doctrine

[leperjuice]

This type of suggestion comes up often: if we want to piss off the jerks who use the DMCA to harass scientists and programmers, we should use the DMCA against them.

Step 1) Violate the DMCA in some way to hurt the DMCA abusers

Step 2) Publish the violation in a manner such that retrieval of the information would require violation of the DMCA

AFAIK (IANAL), this appears to be a case of "in pari delicto" (see http://www.fifthdistrictcourt.com/dictionary/dict- p.htm) which basically says if both parties are committing a crime (i.e. we're both violating the DMCA), the judge may decide not to grant a remedy to either of us. The catch is that this sort of behaviour runs squarely up against the "Unclean Hands Doctrine". In a nutshell, Unclean Hands protects the courst from assisting you in the commission of a crime. In other words, you cannot turn to the court and say "Well, I'm violating the DMCA, but if you'll agree that they're violating it to discover my violation then we can throw out their results".

BUT this then puts the onus on you to prove that Intel actually violated the DMCA, whereas there is a whole raft of ways that they can prove that you did. Intel can claim a third party provided them the document which means that they did not break the DMCA and thus you are screwed royally. As a civil suit, the evidence is admissible, even though the methods used to obtain the evidence may be in a legal grey area. Of course, you could go after the third party but at this point, you're over a barrel big time.

Of course, this takes lawyers (of which I am not one) and thus if you're even going to get into a situation where you attempt to raise this defense, you'd better have some deep pockets to hire lawyers go up against Intel. Even if you win, you're broke (a phyrric victory if I ever heard one).

Any real lawyers have a comment on this?

Re:He didn't break it :)

[rhadamanthus]

but isn't it circumvention, not method that is prohibited?

Say I blow a lot of coin and build the DES cracker explained in the EFF's little book. Am I not liable for circumventing the copyright regardless of the fact that I did not design the machine? Even more importantly, the necessary mechanism to prosecute him is already available... See post #21 on the same topic, titled "ferguson's mistake". I have a nasty feeling that he is more then likely screwed once the code is publicly cracked regardless of his statements here...

point: I would never release a "demonstration" either. It is too risky. how sad.

-----rhad

Umm...what's all the hubbub?

[dillon_rinker]

How to do this is already public knowledge and it's being implemented on a wide scale. Even Windows can do it (though no one knows when it will be able to do it correctlye. Look here.

Re:He didn't break it :)

[Insount]

HDCP is not a public-key cryptosystem. Read the specs. Had the scheme been secure, you would not have been able to verify his knowledge of the master key unless YOU have access to an HDCP device.

Anyway, to run his attack he needs 50 different HDCP devices (to get sufficient data for analysis). He probably doesn't have these, so why do you expect him to have the master key?

Look up my other post to this article for hints about the structure of the attack.

Good Faith

[dachshund]

effectively convincing judges and law enforcement officials that Ferguson should be liable>

If the prosecution could prove that Ferguson was directly involved in the "illegal" attack, thats true. Otherwise, he would probably be protected by the DMCA protections for people performing "encryption research". Even if their success does encourage similar "illegal" attacks, the researcher is (presumably) protected. There are several requirements for the research protection, one being that the researcher notifies the company, another being that they act in good faith. It's reasonable to say that Ferguson has done these things at this point.

PS Here's a pointer to the DMCA text (although a search on Findlaw will probably get you there as well. For those who haven't read it, it's quite a trip. Remember that this document might well be copyrighted as well!)

Re:Stop spreading lies, coward.

[Axe]

You can stand whereever you want, dumb anonymous, but if you find me where the heck it states that he sold program in person on the conference, as you, obviously a paid-for industry insider, stated - I will send you $5. It does state that they were able to buy it through a third aprty website from his employer. So, please, shut the fuck up - you did not do your homework.

Re:Meritocracy vs Freedom

[CaptIronfist]

Yeah sure! What use do you have in writting this if you don't get any honor and adventure? This person is right and you can't even face it.

Arrogance and Pride is most probably the one thing that currently prevents the Open Source movement from ravaging corporate bullies like wild fire. Someday you people will have to accept the fact that innovation ISN'T AND NEVER WAS ABOUT CREDITS!

Ignorance and arrogance are the core of human hatred...

US expects compliance... unless foreign law on us.

Porn is illegal in Saudia Arabia and most other Islamic nations. Yet we continue to be a "porn haven" and not blocking web traffic from these IPs.

The propagation of Nazi philosophy and artifacts is illegal in France, Austria, Germany, Italy, etc. Yet the US continues to make such materials available to these nations.

If the USA doesn't give a shit about other nations laws, why should they be expected to comply with ours?

Re:Stop spreading lies, coward.

I got that from several places:

1. It was in some of the early newspaper stories.

2. First hand reports from attendees at Def Con posted to the free Sklyarov mailing list said he did it.

3. It was on the EFF pages for a while.

4. About a hundred other posts on the various Slashdot articles said the same thing.

There is a simple reason why it doesn't appear in the DOJ filing and/or FBI agent's affait. The charges were filed on 7 July - BEFORE the conference even took place. That doesn't mean that the DOJ hasn't gathered evidence of it, and it doesn't mean that it isn't going to come up in his trial.

You would probably look a lot more intelligent and less juvenile if you actually started reading some primary sources instead of just screaming "liar" at anybody who posts something you aren't aware of. May I suggest you start by reading the text of the DMCA itself and then read the US vs. Sklyarov FAQ.

Also, unless you want to grow up like Noam Chomsky, you can't simply dismiss anybody who disagrees with you as being bought and paid for by industry.

Stronger encryption, not stronger laws.

[KFury]

If companies would invest one fourth of their legal budget in developing stronger encryption, we wouldn't need such strong laws to protect them.

As it is, companies are being taught that 'pretty strong encryption' and 'pretty strong laws' combine for a secure solution based on a mix of technical difficulty and fear of persecution. Maybe they should take a look at the AES and realize there are better, more community-oriented ways of creating secure solutions instead of creating half-assed systems and persecuting those who prove just how half-assed they are.

Also, isn't it interesting that when it's their encryption it's 'anti-piracy' and when it's your encryption it's 'privacy'?

DMCA

[JumboMessiah]

Dumb Mega-Corporation Accomplishment?

Stop spreading lies, coward.

[Axe]

1. For the 100th time, Sklyarov was NOT arrested for giving his talk, nor was he arrested for creating the eBook cracker when he was in Russia. He was arrested for selling it to customers in the US over the internet and for selling in person while in the US at the conference.

For the 101th time: lie and bullshit. Read offical DOJ complaint.

Stupid anonymous moron.

Re:Stop spreading lies, coward.

Have you even read it?

Note that the summary of the affait states "... has willfully and for financial gain imported, offered to the public, provided, and otherwise trafficked in a technology, product, service, and device that is primarily designed or produced for the purpose of circumvention a technological measure..."

Note that the word "manufacture" (from the beginning of the sentence in the DMCA text), which refers to the act of creating the program, was deliberately left out of both the affait and the criminal charge.

Also note that the legality of Sklyarov's presentation is not even discussed in the complaint, and the section of the DMCA relevant to that is not mentioned.

So, I stand by my statement that Sklyarov was NOT arrested for the act of creating the program or for giving the Def Con speech.

Re:Fake Sircam Infection

[Dexx]

Coud something like SirCam or another virus/worm be used as a distribuition method for information like this? How practically?

Just wind it up and let it go..

Re:Next DMCA test - prosecution for doing research

The problem is that the crooks, in this case, are the general public. There are just too many of them to effectively prosecute. The corporations are mad, and the corporations own the politicians; they want someone to pay, so they go after the only people they can really effectively prosecute.

How to overturn the DMCA...

[bani]

Just find a clever way for a politician or huge corporation to be found liable under the DMCA.

Or better yet, find a federal judge who is violating the DMCA in some way. Any miniscule technical violation of the DMCA will do.

The DMCA is fucking twisted and evil, there are enough contradictions and loopholes in the DMCA that something has to be applicable to someone high up.

We need to use DMCA as a weapon against those individuals who brought this abomination into existence.

You can bet the femtosecond a politician, corporate thug, or judge is indicted under the DMCA, the DMCA will be overturned.

WHEW!!!

[Restil]

Boy, am I GLAD he didn't release it. Think of the harm that he could have done to the movie industry. The DMCA DOES work people, see? Now, because of the DMCA, he won't release the specs on breaking the encryption and therefore nobody will be able to produce a product that uses this encryption standard, and the movie industry will be saved.

Of course, this won't stop people from pirating the movies. This will go on as normal, as people who are outright willing to break the law will do so anyways, and if he was able to break the encryption, so will others. But the good news is, it will be ILLEGAL according to the DMCA, so these pirates are officially BAD PEOPLE and therefore will have no effect on the Movie Industry, because they don't count. Only people who can compete count, because they actually have the opportunity of creating products legally without paying licensing fees. The world is a better place with the DMCA indeed.

-Restil
(This is sarcasm. moderate appropriately)

The Complete Document

The Complete Document can be found here:

http://www.macfergus.com/niels/dmca/index.html

Very good stuff. Too bad they didn't link it in the story.

DMCA is International?

[scott1853]

I didn't think that anybody in another country could be prosecuted under the DMCA unless the came to America and tried to publish the information. Wasn't that the whole issue with Dmitri? Or are they referring to this guy's nationality and he already lives in America?

Re:DMCA is International?

[BeanThere]

Hint: Its called "reading the article before posting".

The guy travels to the USA "regularly for both personal and professional reasons".

Ferguson's Mistake

[rknop]

"You can be sure that somehow, somewhere, someone will duplicate my results especially because I am telling them that I have results," says Ferguson. "Someone who is braver, who has less money, and who doesn't travel to the U.S."

This, right here, is his mistake. If, in the near future, those master keys are published, I bet a nickel that Ferguson gets hauled up for a lawsuit (or perhaps even criminal prosecution), for exactly the reasons that he states here himself. It's extremely stupid, but on the other hand, I can easiliy see an overpaid bunch of useless humanity (i.e. corporate lawyers) effectively convincing judges and law enforcement officials that Ferguson should be liable. They would be right that he probably helped along other efforts to crack the encryption doing nothing more letting people know that it was possible. Ferguson's mistake is in thinking that the dunderheads who thought that arresting Sklyarov was a good idea will let him slide after he's said this.

The world is a cold, demon-haunted place nowadays. It sickens me to be a citizen of this country that so hypocritically prides itself on being free.

-Rob

Re:Ferguson's Mistake

[hearingaid]

that's right. the proof requirement is lower in a civil case.

normally, the prosecution in a criminal case needs to show that the accused is guilty beyond a reasonable doubt. also normally, the plaintiff in a civil case needs to show that the defendant is liable on the balance of probabilities.

there are exceptions to both. and this only applies to anglo-american common-law countries.

there are other things too. generally, to show criminal liability, the prosecution needs to show a criminal intent. that is, the state of mind of the accused is relevant. usually that's not the case with civil trials.

the criminal intent requirement is probably Dmitry's biggest hope. the prosecution has to show that the accused either know or should have known that the conduct in question was illegal and wrong. his argument against would be, as a Russian citizen, he had no way to keep track of the intellectual property laws of every country in the world. he was just coding for his boss.

unfortunately, his arrest and the publicity surrounding it makes this argument weaker for any programmers in the future, like Ferguson.

Re:Ferguson's Mistake

"Eventually, some judge somewhere along the line and, perhaps more importantly, the public are going to realize how absurd this law is."
I fear you underestimate the stupidity, ignorance and apathy of the Great Unwashed.
Here in the UK it has been illegal for more than 6 people to stand in close proximity in public since 1995 (Criminal Justice Act) amongst other things.

Re:Ferguson's Mistake

[sqlrob]

Reasonable doubt is for criminal trials. Doesn't mean diddley in civil. Intel could still place a civil suit.

Re:Ferguson's Mistake

[rknop]

I don't think so. The matter at hand is "reasonable doubt" and I think it would be easy to produce reasonable doubt that Ferguson was the source of the master keys, especially if the protection is trivial.

IANAL, of course, but I believe that what you say here might only get him off in a criminal case. My understanding of civil law is such that all those great constitutional protections we enjoy under criminal law don't apply. E.g., "innocent until proven guilty" doesn't seem to apply, and I don't think that proof beyond a reasonable doubt applies either. Nor do I think that double jeapordy applies.

After all, OJ was found liable for Nicole's death under a civil lawsuit, even though the criminal courts decided that they couldn't convict him beyond a reasonable doubt. Think what you will about OJ and what the criminal courts did there, I was a little... surprised to find out that civil law meant that double jeapordy and reasonable doubt were out the window in that case. And you'd better believe that the MPAA has substantially more resources (i.e. killer-lawyer hiring ability) than Ron Goldman.

-Rob

Re:Ferguson's Mistake

More free than the few worst is definitely not the same as "freer here than anywhere else".

You mention prison conditions - the US has some of the worst of industrialized democracies...

Re:DMCA makes encryption a dubious concept

[mpe]

Imagine the people who design & use encryption standards as the occupants of a castle, and the hackers are trying to use a battering ram to enter the facility. Thanks to DMCA, the walls are padded, so the people inside don't hear the pounding of a battering ram on their door. The king overruled the castle engineers who wanted a thicker door. "No need for that", says the king. "My DMCA padded walls will take care of the noise, therefore I proclaim that the hacker problem is solved!" Of course, when the door gives way, it will be quite a suprise to the occupants!

Not only that they also expect the "walls" to protect long after battering rams have been superceded as front line weapons. The kind of "castle" they need is one of the Chyeanne mountain complex, but instead they have one built out of balsa wood.

Fake Sircam Infection

[Skidmarq]

So just fake an infection by Sircam, and have it release the info. :)

DMCA-like legislation coming ot a country near you

[hillct]

Many countries are cinsidering DMCA type legislation to bring them into compliance with the WIPO Intelectual Property Treaties. For more on the the legal constructs being cinsidered by the World Intellectual Property Organization, see their whitepaper "Technical Protection Measures: The Intersection of Technology, Law, and Commercial Licenses" (M$ Word or PDF). Take a good look at this stuff. It's important that people fully understand the actions being taken by WIPO and begin to realize that arguing about your rights or my rights isn't the critical issue. The critical issue is that if WIPO has their way, there will be no protection for citizens of any country, from potentially usurous and monopolistic IP practices.

--CTH

Crypto-Gram

[tiny69]

The recent newsletter from Crypto-gram talks about the DMCA and brings up a few good points:

Dmitry Sklyarov (age 27) landed in jail because the Digital Millennium Copyright Act (DMCA) makes publishing critical research on this technology a more serious offense than publishing nuclear weapon designs. Just how did the United States of America end up with a law protecting the entertainment industry at the expense of freedom of speech?

. . .

There are also provisions in the DMCA to allow for security research, provisions that I and others fought hard to have included. But these provisions are being ignored, as we've seen in the DeCSS case against 2600 Magazine, the RIAA case against Ed Felten, and this arrest.

It's a good read.

Great

[HerrGlock]

So, now no one can read about the crack, rather how it was done. No one can learn from the mistakes of others and no one can make a better encryption technique because of the stupid DMCA. Wasn't there something about everyone coming out better when there is discussion and people didn't have to re-make the same mistakes?

So, how long do you think it's going to take for this to make it to some server in Zanzabar where the DMCA doesn't cover?

DanH

US will just cut off RoC's upstream

[yerricde]

Taiwan is not signed to either the Berne nor WIPO treaties. So copyright does not apply.

That is, unless every WIPO member embargoes Taiwan.

And where [copyright] does not apply is where information will flow freely.

Not if all routers in all WIPO states drop all packets originating from Taiwan's IP blocks. Then Taiwan can't communicate with anybody.

Re:You lie, anonymous

From Elcomsoft:

07/03/2001 Now it's time for the brutal truth on Adobe eBook protection. We claim that ANY eBook protection, based on Acrobat PDF format (as Adobe eBook Reader is), is ABSOLUTELY insecure just due to the nature of this format and encryption system developed by Adobe. The general rule is: if one can open particular PDF file or eBook on his computer (does not matter with what kind of permissions/restrictions), he can remove that protection (by converting that file into "plain", unprotected PDF. Not very much experience needed. In brief: ANY security plugin (actually, eBooks are protected with security plug-in as well: EBX) does nothing but returns a decryption key to Adobe Acrobat Reader or Adobe Acrobat eBook Reader. Plug-in can make various hardware verifications, use parallel port dongles, connect to the publisher's web site and use asymmetric encryption, etc, but all ends up with a decryption key, because the Reader needs it to open the files. And when the key is there, we can use it to decrypt the document removing all permissions.

Sure sounds to me like Elcomsoft was claiming that their product does more than just allow fair use. Besides, you don't actually believe that anybody purchased this program to exercise their fair use rights, do you? You can't possibly be that naive. If you look over their product line, you'll see that Elcomsoft has two markets for their products: pirates and spammers.

And no, I'm not on the payroll of anybody related to this case. Do you really think I'd be wasting my time arguing with somebody like you if I were paid to astroturf? You probably also think that anybody who says anything good about Windows must be paid by Microsoft. And I'm not giving you my email address. The last thing I need is an inbox full of hate mail and/or spam. Grow up.

Re:fp!

[Guppy06]

"foobar"

Man, you didn't even spell it right... What is the world coming to when people don't even know how to properly use profanities?

Now that we're being punished

[SlackerJacks]

for showing weaknesses in systems will the creators be held responsible for those weaknesses? Nah

Re:Duplication

[dschuetz]

The master key allows you to [...] create new displays and start selling HDCP compatible devices.

Now I may be hopelessly naive or idealistic, but wouldn't the goal of selling HDCP compatible devices permit the disclosure of the system? Or can "they" really, legally, absolutely, limit the entry of independent 3rd-party hardware manufacturers to the game?

What if Diamond wanted to start selling HDCP displays, but didn't want to pay the $$$$ that they're probably requiring for membership in the "club"? This research could allow them to create fully functional, compliant, standards based displays.

As long as they don't deliberately leave backdoors in their display to give end-users access to the raw digital stream (which would make the display itself a circumvention device), they should be in compliance with DMCA, right?

And, since they developed the system after someone outside of DMCA jurisdiction (if there is such a place, truly) reverse-engineered it, there's no trade-secret violation, they've signed no NDAs, etc., so they're free to publish their spec, right?

Or is this just a pipe dream?

How do we get a decent-sized player like Rio to start selling DeCSS-based DVD players, publishing their spec as they go "so that other manufacturers can do the same"? :)

the risk of publishing

[Kartoffel]

" . . . person could recover the master key in two weeks given four standard PCs and fifty HDCP displays . . . a textbook example of a cryptographic attack."

Bravo. Sounds like Niels Furgeson really worked on it and come up with legitimate break. This kind of hard work and perseverance should be applauded. His craft is worth of respect.

However, Cryptology has never been something that you can partake in out in the open in full view of the world. I don't blame Niels for not wanting to publish.

Imagine Alan Turing announcing in 1940s "look guys, I figured out how to break those German enigma machines!" Whoops. Treason. You lose. Capital punishment, etc. And there wouldn't even have been a public trial.

In this case though, we're just dealing with commercial video appliances rather than military comms. We're only dealing with Intel and their DMCA-buddies, not the Axis. Niels Furgeson isn't at risk of becoming an unperson if he publishes a a break against HDCP, but there are real-life risks involved. The corporations involved do not play nice. There are many parties involved, vested interests, many millions of dollars at stake. I wish we lived in a world where Niels could publish and not have to worry.

Crap.

[sn0wdude]

Why are you linking to a crappy article on Securityfocus.com ? Please go read the original document:

http://www.macfergus.com/niels/dmca/index.html

He talks about why DMCA sucks. The Copyright issues, Jurisdiction, Freedom of Speech etc.

A must read !

Re:Next DMCA test - prosecution for doing research

1. Then why weren't the Elcomsoft SALES personnel at that conference arrested as well? The charge may have been distribution, but actually he WAS arrested for writing it.

2. Actually, you can't. Threatening legal action you don't intend to follow through on is illegal. That's part of the Felten/EFF countersuit against the RIAA.

3&4. However, these exceptions do not prevent the media conglomerates from threatening anyone with extremely expensive legal action. Even if the defendant is able to prove that the product was reverse-engineered, or that the research was conducted in "good faith" (and the burden of proof would be on the defendant), the legal costs of fighting the action would be prohibitive. This means that the DMCA has the effect of preventing even research and reverse engineering that is legal under it.

The media conglomerates bought and easily abuseable law, and have proceeded to abuse it.

The fact of the matter is that the DMCA is indefensible.

Re:Next DMCA test - prosecution for doing research

The RIAA threatened a lawsuit, but there were never any criminal charges against Felten and his colleagues under the DMCA, which is part of the criminal code.

You can sue somebody for any reason you want, regardless of what current law says. Given that Felten's work was NOT illegal under the DMCA, and the fact that the RIAA endorsed & supported the SDMI challenge, the RIAA had no hope of winning any lawsuit. But that doesn't mean they can't try.

Re:What about The Press?

Just post it AC from a free wireless network

the essential sentence

[thopo]

"This is a country that tells others they should protect human rights, but they have trampled on mine," says Ferguson. "The U.S. Congress is telling me what I can or cannot say in my own country."

Don't you smell the hipocracy Mr.G.W.B?

Re:send the results to me

[4n0nym0u$+C0w4rd]

true, prison probably wouldn't be all that great (even though I'd be chilling in a minimum security country club) but I'm pretty sure that they can't even put you in a minimum security prison until your convicted, I might be wrong but I think people awaiting trial are held somewhere a little more agreeable. If I did have some problems with a fellow prisoners, I'm sure my 250+ pounds and martial arts training would come in handy :). Worse comes to worse, smack a gaurd and get thrown in solitary for a few weeks (I like being by myself) then when your found innocent claim Post-Traumatic Stress Syndrome from the confinement (provable by the feces you rubbed on the wall of solitary while singing "I'm a Little Teapot") and get a nice fat check from the government. The real reason prisons are no fun is because people aren't creative enough, my father had some experience with prisons too (goes with his "profession"), he acted like a loon (not too far from the truth) and he was pretty much left alone.

Post anon to USENET. How can anyone stop that?

It's pretty hard to "go after the medium" when there's no centralised authority.

Re:Me Too ... Me Too ...

[Rosmo]

I have broken RSA encryption, but I can't release the details because I fear I will be prosecuted under DMCA.

Re:send the results to me

[Sara+Chan]

I agree with your p.s. I've had the same thing, even worse a couple of times, and it is extremely frustrating. I've sent a message about it to malda@slashdot.org. Maybe if enough folks do the same, things will change....

Fifty displays?

[raygundan]

Did anybody else catch this little bit?

"An experienced IT person could recover the master key in two weeks
given four standard PCs and fifty HDCP displays,"

I'm sure there are a couple of experienced IT people around here, and most of them probably have four PCs sitting around their homes... now we just need to scratch up FIFTY FREAKING HDCP DISPLAYS. That's a lot of hardware!

Re:Fifty displays?

[topham]

nothing syas they have to be in the same room, without the specifics of the hack why not assume that 50 PC's & 50 displays would work fine and that little data is tansfered between them.

Try and verify these assumptions and start a distributed project...

No, he won't.

[Jacco+de+Leeuw]

Immediately after his talk at the HAL2001 (wait for the video recordings to show up on this site!) hackers from the audience shouted: "Give us the paper! We'll get the word out!".

Ferguson of course declined.

He didn't break it :)

[ravi_n]

Not releasing the details just means he didn't really break the HDCP encryption. He just wanted some publicity and blaming the DMCA is trendy...

And the really great thing about the DMCA is that he can't do anything to refute my trolling because it would expose him to civil or criminal liability (remember the DMCA even outlaws acts of circumvention, and given past experience I'd guess that that provision can be streched to apply outside US border as well).

Re:He didn't break it :)

[(void*)]

No, I am pointing out that it is technically possible for him to demostrate that he has broken the encryption, without actually revealing how he did it. If the DMCA crowd tries to persecute him, he can claim that he was not the one who did it.

That would be a sneaky way to make an end-run areound the DMCA. This interesting piece of law actually allows for all sorts of stupid claims all across the board. It does not grant the copyright holders the protectioo that they think they might have. To actually win a case therefore has nothing to with the legality of the situation, but how much money you have.

Re:He didn't break it :)

[Kilmir]

He doesn't say he has the masterkey, just the method to attain it.

Re:He didn't break it :)

[einhverfr]

Not releasing the details just means he didn't really break the HDCP encryption. He just wanted some publicity and blaming the DMCA is trendy...

And the really great thing about the DMCA is that he can't do anything to refute my trolling because it would expose him to civil or criminal liability (remember the DMCA even outlaws acts of circumvention, and given past experience I'd guess that that provision can be streched to apply outside US border as well).

This is exactly the position of Intel if you read the article...

Re:He didn't break it :)

[rhadamanthus]

That is the precisely the point! He feels he is unable to even do something as trivial as that for fear of persecution via the DMCA.

Did you read the article or his essay?

--------------rhad

Re:What about The Press?

[jacoplane]

I think the point is that a researcher shouldn't have to resort to submitting his work anonymously. Whatever happened to freedom of speech?

Plus anonymously, the researcher would be unable to get any credit for his work, and it would be impossible to discuss the work with peers. Also, it would probably become illegal to host the document.

So maybe posting anonymously could be a last resort, but not e very desirable one.

Alias and Freenet

[shokk]

Sounds like he should pick up a good hacker-type alias (no one ever figures out who these folks are), and post to Freenet. That's sure to boost Freenet's usage if it is only centrally released there and the alias would protect him if he ever decides to transit through an American airport lest they pull a Skylarov on him. Surely there's enough anonymity tools out there to mask his identity?

Addition to paper

[KeithIrwin]

I added an addendum to the fourth attack and fixed some minor typos today. The addendum essentially demonstrates the fourth attack as practical in the real world and much quicker than previously though through the use of a birthday-paradox style attack.

Since I'm writing a reply, I'll also take a moment to mention Scott Crosby's short critique of HDCP. Roughly it's the same thing as the second part of my fourth attack. Essentially, it is correct, although he skips over the difficult issues such as the modulo 2^56 math without mentioning them. Myself and other did later show that one can do so with impunity, but it was a desire to hammer out these difficulties which was why my paper comes to the public after his rather than before. He has told me that he's now working on a more in depth paper with some other researchers. I suspect that it contains things not found in my own, although he hasn't explicitly told me as much.

I will also say that I view Ferguson's claims of being able to recover the whole of the master key (which I don't refer to by that name in my paper, but certainly agree that it exists in the form of some 1600 56-bit values) with some skepticism. In my attack, I describe how to get all but the left-most approximately 8 bits of each. To extract the whole thing as best I can tell requires solving sets of linear equations with no division by 2 at any point. Although there are certain sets of KSVs for which that could be done, I don't know how one would expect to reliably find such. My suspicion is that he has broken the fundamental cipher (which I do not do) but overlooked the same modulo 2^56 math gotcha that Crosby initially did. I am, of course, just speculating about that, however.

Keith

Time Magazine Article

[Amazing+Quantum+Man]

Time Mag had a 2 page article - well written

In an example of blatant karma whoring, here it is.

Meritocracy vs Freedom

[jabber01]

Ah, so we have found the fatal flaw in the Open Source movement then.. Pride.

Information may want to be Free, but will only be freed if the one letting it loose gets to take credit for doing so? That's hardly the idealism we've come to expect from the Linux crowd - though I do agree to a degree about the peer review.

Peer review can still be had however, if the originator can argue for the implementation without disclosing that they are in fact the source of the information.

Whatever happenned to scientific idealism? Doing the work for the benefit of mankind?

A TRUE hero is one who makes the sacrifice without even thinking of the recognition - in fact, one who realizes that he might be branded a traitor, or never acknowledged for his deeds, is a bigger hearo than anyone who is welcomed home to a ticker-tape parade.

Re:send the results to me

[weave]

After all I live in the U.S and personally wouldn't mind 3 meals and a cott plus an extension to my summer vacation.

You forgot about the all the sex you can take part...

Seriously, those that are sitting around claiming that U.S. prisons are pieces of cake have obviously never been in one. My father, a minister, visits prisons all the times and it's not a nice place to be. Maybe if you're rich and in a fed prison for defrauding someone of 100 million bucks you're OK, but if you commit the more serious crime of holding up a 7-eleven for 20 bucks using the ole finger in the coat pocket trick, you get to do some hard time in a state pen...

p.s. slashdot can really suck at times. I try to be a nice @home customer and use their proxy servers to keep their inter-connect traffic down but whenever I try to post it says I can't cause my IP address has posted too many moded down posts recently. Well D'OH, that IP has a few million people behind it. Learn about how a proxy works guys. It just forces me to uncheck my proxy connection but then I can't post because I get an invalid key msg (probably cause my IP address changes). So I open up a new browser section, hit reply, copy/paste my reply over, and the bitch tells me I have to wait 20 seconds after hitting reply before I submit. Arrrgh...

Duplication

[Apotsy]

Sound like it will be easy for others to duplicate his efforts:

"An experienced IT person could recover the master key in two weeks given four standard PCs and fifty HDCP displays," said Ferguson. "The master key allows you to recover every other key in the system and lets you decrypt [HDCP video content], impersonate a device, or create new displays and start selling HDCP compatible devices."

[snip] ... he says it is a textbook example of a cryptographic attack.

Even if he never releases it himself, it'll be all over the place before too long, now that it's known to be possible. He gives a pretty good hint about how to duplicate his results.

Re:Duplication

[gtdistance]

Now I may be hopelessly naive or idealistic, but wouldn't the goal of selling HDCP compatible devices permit the disclosure of the system? Or can "they" really, legally, absolutely, limit the entry of independent 3rd-party hardware manufacturers to the game?

As long as they don't deliberately leave backdoors in their display to give end-users access to the raw digital stream (which would make the display itself a circumvention device), they should be in compliance with DMCA, right?

Isn't this how css was broken? One of the (licensed) manufacturers goofed up, and left an encryption key in the clear on a dvd?

I'm not saying that makes it right to restrict other companies from making compatible products, but I can understand the hesitancy.

Re:Duplication

Why don't these people just release the information publically in an anonymous way, such as usenet (maybe even using a "borrowed" account)?

Re:Duplication

[gorf]

DeCSS (or some other version of it) doesn't need the key at all. The originally released one did, but it's been improved upon.

Re:Duplication

[mpe]

But as you mentioned, the device could not provide access to the raw unencrypted data stream. But in addition to that, publishing the specs, source code, or other information that would help other people circumvent the encryption would also be illegal.

Thus you can interpret this as violating the 14th ammendment as well as the 1st...

Post it to Freenet

[redcliffe]

If he posted it to Freenet, under an anonymous nickname, he could have released it without fear of being arrested next time he goes to the USA.

who gets hurt?

[botono9]

Can anyone here think of a recent content protection scheme that has done anything to stop "actual" pirating (making thousands of bootlet copies)? So far every single one I've seen has only served to limit the abilities of the consumer to use the content they pay for in the ways they choose. The bootleggers are free to keep on bootlegging! If that doesn't show that the DMCA is just a way for the big content providers to squeeze a little more money out of the consumers I don't know what does.

What about The Press?

[jabber01]

Anonimous submissions to the papers, inside, unnamed sources and subsequent 'expert' analysis have taken down Presidents..

Why don't people anonimously submit this sort of thing (cracks, weaknesses, bug reports) to news sources?

Would the papers be liable for printing someone elses 'approach', without necessarily verifying it's correctness first? After all, Deep Throat wasn't named to be right, he only gave 'hints' about Watergate...

I could see The Register, the Motley Fool, the Washington Post, or maybe just some online news source (ahem, slashdot, ahem) printing 'suggestions' from anonimous sources... And as 'reputable' guardians of Liberty (*sigh*) they would be able to claim the need to protect the identities of the submitters in order to maintain their 'professionalism', or some such...

How about it slashdot? Set up a PO Box where people could send neat stuff without a return address..

Re:What about The Press?

[mabinogi]

From what I can tell, he already HAS the reputation...and in fact is afraid of this hurting his reputation.....

If you ask me...there's no force on this earth more terrifying than a hoard of US Laywers with the backing of a multi billion dollar company, and a brain dead law behind them

Re:Next DMCA test - prosecution for doing research

The "eBook cracker" is a tool which can only be used by people who already own the eBook in question. You are legally entitled to "fair use", and that is all the eBook "cracker" provides.

Elcomsoft's tool is to eBooks what DeCSS is to DVDs. You can use it for fair use purposes, but its primary use is to unencrypt the work so that it can be distributed to people who don't legally own it. Elcomsoft even advertised it as such.

What exactly do you think the difference is? I want to use IBM's BIOS in a non IBM machine; I want to play DVD's on by non Windows machine.

At the time of the DeCSS arrests, there was actually a licensed Linux DVD player already on the market, and there were ZERO working DVD players based on DeCSS. So at the time there were no actual non-infringing uses of DeCSS (only a potential one), meanwhile there were lots of people using DeCSS to rip DVDs to DiVX for trading.

If somebody had cracked CSS and made a non-licensed Linux DVD player available without providing source code or algorithms of the DeCSS part, it would have been legal under the reverse engineering clause of the DMCA.

What Felten did was a straightforward attack against a known encryption technique, but you said it was legal.

Felten worked on a set of experimental, unknown (to the public) encryption methods whose vulnerabilities were not well understood. In other words, he was actually making a contribution to the field of encryption. Further, the challenge itself was often described by SDMI as research effort, and he was publishing his results in a crytographic research forum. Finally, since SDMI issued the challenge, there was no question that the research was performed in "good faith".

Although the details are not clear yet, the HDCP crack appears to be more akin to crunching a 40-bit DES key in that it didn't advance the field of cryptographic knowledge at all. You can't just brute force crack some well known encryption method and call it research.

And the DMCA scores!

[CyberPhunk]

As much as I'd like to mention how the DMCA probably means very little to those that live overseas, the DMCA has done a good job at doing exactly what it was meant to do. Intimidate people into fearing the release of anything. I can almost hear big brother jumping up and down in joy, planning another party for tonight!

Hmm...

[fanatic]

"I have found a proof of this theorem which is too long to fit in this margin." Think it actuallly exists?

Re:Next DMCA test - prosecution for doing research

To my knowledge, Dmitry was the only Elcomsoft employee there. Do you have a source indicating otherwise?

Had one, but I can't dig it up. :( My understanding is that there were a couple salespeople there, but I could be wrong.

If the charge was distribution (trafficking), then that's what he was arrested for, right?

Only officially, if there were sales personnel there who weren't charged. I'd say sales has a more direct role in distribution than the programmer, so if sales wasn't charged while the programmer was, it's not distribution that was targeted. It's the creation of similar programs that the arrest was intented to deter, not simply sales. He was targeted because he authored the program, not because he sold it.

I believe they can get away with baseless threats unless you can show that some damages resulted from them.

Probably right. The question is whether you consider suppression of speech to be damages. I do, and given that the Felton countersuit hasn't been thrown out yet, I'd assume that the law does as well.

It depends on whether you are being sued (a civil action) or being prosecuted (a criminal action). If the latter, the burden of proof falls on the prosecution.

My understanding is that while the burden of proof is on the prosecution, when the defendant admits committing the crime but is pleading extenuating circumstances, or an exception under the law, it is their responsibility to prove that the circumstances under which they broke the law meet the exception. Of course, whether it's legally true or not, it's certainly true given the current condition of our legal system.

The actual wording of the law is not nearly as bad as the average slashdotter makes it out to be.

While that's true, the fact of the matter is that the wording of the law is less important than how it is used in practice. It was obvious from the day the DMCA was introduced in Congress that, regardless of the exceptions tacked on, it would be used by the media conglomerates in exactly the way it has been. It's not just tort reform we need, we need to start holding Congressmen responsible for passing easily-abuseable legislation.

HDCP weakness?

Googling around, I turned up this interesting linkabout a possible HDCP weakness: http://web.elastic.org/~fche/mirrors/cryptome.org/ hdcp-weakness.htm

You lie, anonymous

[Axe]

Elcomsoft's tool is to eBooks what DeCSS is to DVDs. You can use it for fair use purposes, but its primary use is to unencrypt the work so that it can be distributed to people who don't legally own it. Elcomsoft even advertised it as such.

LIE. Elcomsoft advertised its product as means to make a copy for fair use, from legally purchased e-book.

I am really curious of your identity, anonymous (you can find out mine, if you e-mail me), but I bet you $5 that you are on a payroll for one of the inetereseted parties. Liar.

Fermat's Last Theorem, revised.

...For this I have found a truly wonderful proof, but the DMCA prevents me from publishing it.

Use Code Red to install Freenet

[yerricde]

Could something like SirCam or another virus/worm be used as a distribuition method for information like this?

You could have a SirCam clone or a Code Red variant download and install the Freenet client and then request the hdcp crack.

In related news....

...my Romanian friend has turned 18. He's never been to America, but still he's refusing to drink beer, for fear that he'll break some American law that says you have to be 21. (The legal drinking age in Romania is 18.)

(There is no Dutch DMCA)

Use Sircam's Power for Good, not Evil

[lak3rs]

Niels Ferguson should place the paper with the HDCP encryption crack on a machine infected with Sircam. That way he doesn't have to "publish" his results.

Re:send the results to me

[weave]

but I'm pretty sure that they can't even put you in a minimum security prison until your convicted, I might be wrong but I think people awaiting trial are held somewhere a little more agreeable.

Probably differs depending on the state. In my state (Delaware) you get thrown into "Gander Hill" with the rest of the population. A lot of people who can't make bail spend quite a few months in there before their day in court. The place was designed with one-person cells to try to cut down on some of the prisoner-to-prisoner violence issues but due to the overcrowding because of all of the jail sentences given for drug USERS and such, they currently stick two and in some cases three people in one cell.

Re:Next DMCA test - prosecution for doing research

I guess you don't want the facts to get in the way of your rant.

1. For the 100th time, Sklyarov was NOT arrested for giving his talk, nor was he arrested for creating the eBook cracker when he was in Russia. He was arrested for selling it to customers in the US over the internet and for selling in person while in the US at the conference.

2. The fact that the RIAA threatened a lawsuit against Felten doesn't mean he did anything wrong. You can threaten to sue anybody for any damn reason you can think of. Since what he did was clearly NOT illegal, the RIAA wisely backed down. Note that violations of the DMCA are criminal offsenses, and no law enforcement agencies ever contacted Felten about it.

3. Reverse engineering is explicitly permitted under the DMCA, with the caveat that the purpose of the reverse engineering has to be make your product/device compatible with the protected product/device. This means that reverse engineering in the form that Compaq used to create an IBM compatible BIOS is legal, while reverse engineering to create something like DeCSS is not legal.

4. Cryptographic research is also legal under the DMCA, as long as it is done under "good faith". I don't believe that anybody would consider a straightforward attack against a known encryption technique for the purposes of key discovery to be "good faith" research. You probably have to be contributing new knowledge to the field of cryptography (or at least trying to) in order to claim you are doing research. Felten's work seems to count, but I'm not sure this does.

Copyright, then ROT-13 the paper

[UM_Maverick]

If he wrote the paper, then I would assume that he owns the copyright on it. If he's a cryptographer, then he can apply an encryption algorithm to it. If he does that, then nobody can read it w/out breaking the encryption, and, therefore, violating the dmca...correct? Granted, we'd all have to violate the dmca to read it, but how is Intel going to see you ROT-13 something in your cubicle?

Won't happen. China is our "most favored nation".

C'mon, they didn't do anything after Tienneman, why would they do something over something as trivial as copying discs.

Read your post again...

[schon]

Sklyarov isn't charged with breaking the encryption ... but standing on US soil telling people what he had discovered. ... I don't see the problem.

Go back and re-read that..

Then if you STILL don't see a problem, go read the US constitution (don't worry, you don't have to read the whole thing, just the first part.)

He was arrested for telling people what he had discovered.. now, correct me if I'm wrong, but doesn't the First Amendment allow freedom of speech?

Make it public with Code Red's Help

Why does he not release a new version of Code Red and replace millions of IIS server's home page with his cracked algorithm?? What a idea...

DMCA makes encryption a dubious concept

[dcavanaugh]

Thanks to DMCA and rabid lawyers, we're creating an "underground internet" that generally ignores the law. In a scenario like this, how will anyone know which encryption standards are working and which have been compromised? We can't assume that anyone who cracks and encryption scheme is going to publish the results, but what if no one publishes anything? What happens then?

Imagine the people who design & use encryption standards as the occupants of a castle, and the hackers are trying to use a battering ram to enter the facility. Thanks to DMCA, the walls are padded, so the people inside don't hear the pounding of a battering ram on their door. The king overruled the castle engineers who wanted a thicker door. "No need for that", says the king. "My DMCA padded walls will take care of the noise, therefore I proclaim that the hacker problem is solved!" Of course, when the door gives way, it will be quite a suprise to the occupants!

Re:Next DMCA test - prosecution for doing research

Although no criminal case was ever thrown out because of a weak lock, nobody (as far as I know) was also arrested and jailed for breaking the lock to their own home. When I "buy to own" a DVD or ebook, I consider it my property to do with as I please.

Huh?

[Axe]

And exactly where did you get this information from? I do not remember anybody mentioned sales here, not does DOJ complaint on arrest mention it. I think you are full of it.

Re:Next DMCA test - prosecution for doing research

[Frodo]

In other words, he was actually making a contribution to the field of encryption.

Do you think FBI agents really evaluated if Sklyarov did contribute to the field of encryption or not before arresting him? Are there many cryptography experts in that division, how do you think?

Elcomsoft's tool is to eBooks what DeCSS is to DVDs.

If one has problem with Elcomsoft, one goes to court and sues Elcomsoft. I have little sympaty to Elcomsoft as a company. But I bet you don't want to be arrested if you go to, say, Brazil and your company sales policy has some problem with some obscure Brazilian law. You probably would be outraged if you would be arrested on this basis.

Elcomsoft even advertised it as such.

Elcomsoft web pages are public. Can you quote me the place where the do it (URL, place there)? If not, please look in the mirror and say to yourself "I just lied. I am a liar. God forgive me".

The problem isn't HDCP

[WillSeattle]

The problem isn't HDCP, it's that it has been demonstratably defeated multiple times by multiple people, using multiple methods.

And even if it worked, which it does not, it would be a total and utter waste of time. Just send the audio out and record it. Filters can modulate any unneeded signals (encryption to hamper CD quality recording).

Information just wants to be free, and music should not profit the middleman, but the artists!

send the results to me

[4n0nym0u$+C0w4rd]

I'll proudly publicize the results of his work (giving him full credit for the discovery). After all I live in the U.S and personally wouldn't mind 3 meals and a cott plus an extension to my summer vacation. Not to mention the lawsuits to follow my arrest (yeah I know I'd have no legal grounds but when has that ever mattered?) should pay my way through college. Or better yet why doesn't he let a Dutch friend who doesn't plan on visiting the land of the oppressed anytime soon or just post it anonymously. There seems to be no point in keeping it secret now, after all he did openly admit violating the DMCA already (it's illegal to do it, not just to publish your work) and I have a feeling that if he comes to the U.S anytime soon he'll be sitting in a jail cell right next to Dmitry (well at least where Dmitry was before he made bail).

Whats worse than us having to wait a bit longer to find out how he cracked the encryption, is the fact that now the U.S will think that the DMCA is working and will fight for it much harder. I understand his fear, but the fact is he's already violated the DMCA (I won't bring jurisdiction into play, after all the U.S obviously doesn't understand the word, except when it comes to chasing after murderers and rapists...then it's strictly observed).

Re:send the results to me

I can think of many thirld world countries/people who would love or /prefer to be in a USA Jail. In fact many Americans with chronic/terminal illnesses could front up and give the talk/publish. To think that the derro who sleeps on the park bench - knows the key... We sit him down in the lab, tell him to push the stop button when he sees a picture, and tell him that number will get him a state subsidised liver/kidney/heart transplant. The solution is to scrap the DCMA, and just make it an offence to posess compromised private keys, or distribute them (with intent).

There is NO JUSTICE ANYMORE

[PCHell]

Ferguson said in his article: 'I simply cannot afford to be sued or prosecuted in the US. I would go bankrupt just paying for my lawyers.'

When someone is afraid of getting in a lawsuit because the lawyers fees alone would cost him his LIFE'S SAVINGS, then I say there is no justice in this country. The legal system has become so rotten that the average person cant afford the price of justice anymore.

Re:Next DMCA test - prosecution for doing research

It's not the size of the lock, it's the fact that it's locked.

The courts, especially the criminal courts, understand that no matter HOW well something is locked up, it's still breaking and entering. Never in the history of US law has their been a case where the judge ruled for the defendant because the lock was too weak. Would you people *PLEASE!* stop making that argument!!! It's utterly useless.

This argument is not utterly useless. These schemes are presented to keep people from copying whatever and the schemes are extremely weak. What if Masterlock were selling a "paper" padlock and it was illegal (read DMCA) to prove the lock is not secure?

I understand the idea of locking material from copying is unpopular but this is the mean reason for these encryption schemes. If they don't work then the owners of the copyrights need to know.

Re:Next DMCA test - prosecution for doing research

[erroneus]

It's not the size of the lock, it's the fact that it's locked.

The courts, especially the criminal courts, understand that no matter HOW well something is locked up, it's still breaking and entering. Never in the history of US law has their been a case where the judge ruled for the defendant because the lock was too weak. Would you people *PLEASE!* stop making that argument!!! It's utterly useless.

What you should be arguing are the points that can be used effectively. These points include academic research and ability to share knowledge. (Knowledge and research without proof isn't knowledge so proof of concept code is virtually required in all cases.) Others could include reverse engineering; a topic related to academic research. How about "Public Safety" or "Public Interest" as an important point? Imagine "copyrighting food only to find later that they included some very tastey toxins? We're not allowed to know what we are eating? Yes, I know, but we aren't allowed to know what we are installing into our own PCs (regardless of whether we own the code or license or whatever.)? For me, that's a scary issue. I want to be able to "trust" the software industry but truthfully, we cannot trust ANY industry and we have butt-loads of other watchdog agencies "protecting the public" but we don't have one for software (yet). Ever wonder when that will happen?

So please, people, stop arguing the one point that continues to turn people AWAY from the validity of the arguments against the DMCA. It's a lock, effective or not, it's a lock. If it can be broken "accidentally" it's not a lock, but so far, I haven't seen one that can be broken accidentally.

release it on Freenet!

[Benjiman+McFree]

And don't leave your key laying around on your system.

What are we designing this freespeech network for anyway?

what if...

[pinkelefant]

somebody breaks into his house ,steals the pc and spreads the crack ??.... who will be arrested ? better yet...somebody should make a bunch of all these "cracks" and spread it as CodeRedIII .. then what?

DMCA VS SECURITY

[a-optic]

Ok how does our government think that anything will be secure with a Law like the DMCA in effect we need these programmers and hackers to divulge it so they can fix it. Our society has some real issues give into Business america having your valued info like CC#s and SSN ect... out to the public we joe smo can use it without it being secure .. we rather have it in plain text? DMCA needs to be kick out and I hope incidents like this and 2600 can stomp this law out before Security turnes to be Insecurity due to the DMCA

I found a hint on the KEY!

[thopo]

"An experienced IT person could recover the master key in two weeks given four standard PCs and fifty HDCP displays"

1
2 or 14
4
50

Therefore the key is:
12450 or
114450 or
12450 * 114450 = 1424902500 or
sqrt(12450^114450).

q.e.d.

Some mediums make that hard.

[cduffy]

See: freenet

Well...

[AlXtreme]

He can always pass it along to me. I don't mind waiting out until the DMCA is buried and dead. Going to the US would be nice, but i regard freedom a higher good, and if one person suffers for the freedom of everyone else, why not?

And yeah, my ego could use a boost ;)

prosecution for claiming vulnerability

[KFury]

I could see how the next stage would be to prosecute people who claim that they even know of a vulnerability in an encryption system.

Just think, if the laws were strong enough, you could just go back to ROT-13, because if anyone said 'Hey! That's ROT-13! That's easy to break!" then you could send them to jail.

Vs lbh'er ernqvat guvf, ynj rasbeprzrag jvyy neevir fubegyl. Erznva pnyz naq chg lbhe jrncba (vr, zbhfr) qbja.

Re:Next DMCA test - prosecution for doing research

[wiredog]

Will it become a crime to do research?

Of course not. What, do you think some company is going to file charges and get the FBI to arrest someone from Russia just because they give a talk about their work in Vegas? Or that an industry trade group would threaten a lawsuit if a college professor tried to present a research paper? My god, people are paranoid around here! Next thing you know they'll be saying that the Big Corporations are trying to outlaw reverse engineering!

No more DHCP?

[Nick+Number]

Of course, it is only a matter of time until someone does publish, probably anonymously, and DHCP dies the death it so richly deserves.

Whee, static IPs for everybody!