Slashdot Mirror
DMCA Attacks: NAI Tells Sites To Remove PGP (Updated)
daecabhir writes: "I am on Declan McCullough's excellent policy and technology mailing list, and received this article on Declan's Politech web site. Basically, Network Associates now appears to be using the DMCA to force sites that provide access to the "free" versions of PGP to cease and desist, if this is any indication. Unfortunately, I think that Network Associates may well be within their rights with regards to 'their' intellectual property, even if I disagree with the manner in which they are going about things." Update: 05/22 13:55 GMT by T : Looks like this wasn't the whole story, and in fact NAI was only objecting to a site with the commercial version of its software -- read below for more.
Grant Bayley writes: "The hype being generated by the "NAI pulls out the DMCA stick" postings and the spectre of PGP being "removed from the Internet" is entirely
bogus, and provably so with a little bit of fact checking.
Looking through the Google cache, it becomes very clear very quickly that crypto.radiusnet.net was hosting a copy of the commercial version of the software - not a copy of the PGPi (aka freeware) version of the PGP product. Given that this is the case, NAI is well within their rights to demand the removal of the files.
You can confirm this in the Google Cache.
It doesn't, except they included the letters DMCA in the title of their e-mail. This is probably just ordinary copyright law.
Got friends?
There is a lot of people who would just love for PGP to just "go away". Like your local friendly FBI, CIA, and other 3 letter agencies one can only just guess at.
Now they can't snoop on people anymore. And that includes all the other "nasties" out there that want to do harm to us that use it extensively.
So they have put pressure on all the sites that link to copies of PGP to pull them, so eventually, nobody will know were to find their copy of PGP.
Yeah - but can anyone explain why Network Associates wants to orphan their privacy software at a time when online privacy concerns are really coming into focus? Seems like this is a time to be getting into the market, rather than out.
Any chance they're worried about the implications of widely available privacy software for "bad guys"?
It may be cold, but at least it's clear.
Sec. 1201 and 1202 deal with circumvention. Sec. 512 - a different provision - deals with service provider liability and entails the notice-and-take-down liability sections. These provisions limit service providers' liability for hosting copyrighted content. Thus, when Declan talks about the DMCA "nastystick", he's talking about Sec. 512 of the DMCA. Same with the Co$ incident. Sec 512 there too. Other than that, it is just 'plain old' copyright law.
What's the point? If it's not open source and if it's not commercially supported, it's dead. Oh, you may still be able to use it for a little while but then operating systems and libraries will drift away.
I think we'll all find that this ends up being less of a problem than it seems to be, and certainly one unworthy of Declan's attention. The first thing to consider is that of the couple of security/crypto archives out there (Wiretapped, munitions.vipul.net, the old zedz.net site, Packetstorm), the crypto.radiusnet.net one is the only one of the group that is out of date, disorganised and discourages mirroring. Look over the site, and you'll see what I mean. The second thing to consider is that (as another poster has already mentioned) PGPi.org has the explicitly freeware versions of the software available on a number of mirrors worldwide, and does not appear to have been made a target here.
Conspiracy theories aside, if they were mirroring commercial versions of the product, NAI is well within their rights to pursue them, and I'm sure the other legitimate crypto/security archive sites will be glad to see crypto.radiusnet.net stop sullying their good names by association.
That's exactly the point. That's the way it should be. The application does exactly one thing, cryptography, and nothing else. This is the unix way.
All applications should be responsible for a single task, we have wonderful examples to show us that this modularity is very positive, powerful applications, few bugs, easy customizations.
OTOH we have only few examples of stable applications that have lots of functionalities, usually hard to customize, adapt to new paradigms and maintaince.
The idea is keep all development teams independent of each other, by following few, but well defined, standards. That's the way X works, we must choose a window manager, X developers don't need to worry about user interface.
IMHO this is the way it should be, of course, a tarball/rpm/deb/whatever that packs the application and GUI is a great idea, but much more important then this is the quality of the application
-=-=-=-=
I know life isn't fair, but why can't it ever be un-fair in MY favor!?
Whats funny is originally PGP was released for free on the internet at a time when encryption software had heavy export restrictions. Being released for free on the internet was what made it so popular.
this is the most important sig ever! In your face 446154!
The subject line here should be: Free Software Advocates shoot their mouth off without checking the facts.
Over 100 posts, and only one or maybe two have hit the nail on the head - the site was posting commercial, proprietary software. Not free software in whatever sense you like to use the term. Not open source either.
Please guys, get your facts right before posting.
Whoops - I forgot - this is Slashdot.
Home of irresponsible adhocratic journalism...
Richard Stallman was (once again) criticized by some of the slashdot crowd today in this article, about being pedantic, purist, impracticle etc. PGP/GPG is an excellent example of RMS being pedantic and purist, and rightly so.
RMS and the FSF have always been refusing to use PGP, because of its license. They have been critiziced along the same lines for this, since PGP was "free in a practical sense" i.e. free as in free beer, even though it had been written by "good guy" Phil Zimmermann. Today we may be glad that the FSF refused to use PGP, started to write GPG as soon as the RSA patent expired (i.e. as it was legally possible to write a clone without infringing on patents).
Maybe it's unethical for you, but you're not authorative of ethics. Nobody is.
That's it, exactly. Copyright law (pre-DMCA) has a long, detailed history in the courts. There are lots of precedents, including relatively wide fair-use harbors. The DMCA, while paying lip service to fair use, actually narrows its applicability a lot. But more importantly, no one knows how courts will interpret the DMCA, as few cases have percolated through the system. It's that element of uncertainty that serves as a bludgeon
The Mongrel Dogs Who Teach
I found that by relying on proprietary toothpaste products I'm becoming too relient on Procter and Gamble proprietary Crest brand toothpaste. If they and their IP lawyers decide not to provide the proprietary tooth polishing product to me or the population at large, we might have to switch to another product. It's a vicious cycle.
So many people like you focus on the 'problem' of proprietary software. It's bullshit. The problem is corporate behavior and governmental collusion. Individuals are now officially meaningless. The choice has become anarchy or communism. The GNU generation has choosen communism. I'm hoping for a little anarchy.
It's about time that encryption was recognised as a tool to keep governments from spying on private citizens. The idea is that Goverment should have the power to spy on its citizens, but not that is should spend all of its time and resources doing so.