DMCA Attacks: NAI Tells Sites To Remove PGP

daecabhir writes: "I am on Declan McCullough's excellent policy and technology mailing list, and received this article on Declan's Politech web site. Basically, Network Associates now appears to be using the DMCA to force sites that provide access to the "free" versions of PGP to cease and desist, if this is any indication. Unfortunately, I think that Network Associates may well be within their rights with regards to 'their' intellectual property, even if I disagree with the manner in which they are going about things." Update: 05/22 13:55 GMT by T : Looks like this wasn't the whole story, and in fact NAI was only objecting to a site with the commercial version of its software -- read below for more. Grant Bayley writes: "The hype being generated by the "NAI pulls out the DMCA stick" postings and the spectre of PGP being "removed from the Internet" is entirely bogus, and provably so with a little bit of fact checking.

Looking through the Google cache, it becomes very clear very quickly that crypto.radiusnet.net was hosting a copy of the commercial version of the software - not a copy of the PGPi (aka freeware) version of the PGP product. Given that this is the case, NAI is well within their rights to demand the removal of the files.

You can confirm this in the Google Cache.

Re:I am not a lawyer

[Cardhore]

It doesn't, except they included the letters DMCA in the title of their e-mail. This is probably just ordinary copyright law.

Re:This is a good thing!

[Wintersmute]

Yeah - but can anyone explain why Network Associates wants to orphan their privacy software at a time when online privacy concerns are really coming into focus? Seems like this is a time to be getting into the market, rather than out.

Any chance they're worried about the implications of widely available privacy software for "bad guys"?

it's dead, Jim

[g4dget]

What's the point? If it's not open source and if it's not commercially supported, it's dead. Oh, you may still be able to use it for a little while but then operating systems and libraries will drift away.

crypto.radiusnet.net is a joke

Hi all,

I think we'll all find that this ends up being less of a problem than it seems to be, and certainly one unworthy of Declan's attention. The first thing to consider is that of the couple of security/crypto archives out there (Wiretapped, munitions.vipul.net, the old zedz.net site, Packetstorm), the crypto.radiusnet.net one is the only one of the group that is out of date, disorganised and discourages mirroring. Look over the site, and you'll see what I mean. The second thing to consider is that (as another poster has already mentioned) PGPi.org has the explicitly freeware versions of the software available on a number of mirrors worldwide, and does not appear to have been made a target here.

Conspiracy theories aside, if they were mirroring commercial versions of the product, NAI is well within their rights to pursue them, and I'm sure the other legitimate crypto/security archive sites will be glad to see crypto.radiusnet.net stop sullying their good names by association.

Re:That's point

[Dwonis]

It's still a good philosophy. The problem here is not that the frontend is separate, but that there are few (if any?) frontends.

That said, using PGP-style crypto properly requires some background knowledge, and I won't be recommending it to the masses until that is addressed (by an interface or otherwise).

Re:That's point

[_Sprocket_]

Grandma doesn't want to have to learn to use cdda2wav, lame, and cdrecord on the command line to "rip, mix, and burn".

Actually... if Grandma wants to RIP CDs, she uses something like GRIP. This actually continues with the "unix way". GRIP is a GUI frontend that focuses on the interface. It takes advantage of strong components in the background that handle each step well. And Grandma has no idea. She just goes clicky-clicky and everything works. Well.

Ho Hum Lunix Lunix Lunix

The subject line here should be: Free Software Advocates shoot their mouth off without checking the facts.

Over 100 posts, and only one or maybe two have hit the nail on the head - the site was posting commercial, proprietary software. Not free software in whatever sense you like to use the term. Not open source either.

Please guys, get your facts right before posting.

Whoops - I forgot - this is Slashdot.

Home of irresponsible adhocratic journalism...

Another proof for how right RMS is

[Baki]

Richard Stallman was (once again) criticized by some of the slashdot crowd today in this article, about being pedantic, purist, impracticle etc. PGP/GPG is an excellent example of RMS being pedantic and purist, and rightly so.

RMS and the FSF have always been refusing to use PGP, because of its license. They have been critiziced along the same lines for this, since PGP was "free in a practical sense" i.e. free as in free beer, even though it had been written by "good guy" Phil Zimmermann. Today we may be glad that the FSF refused to use PGP, started to write GPG as soon as the RSA patent expired (i.e. as it was legally possible to write a clone without infringing on patents).

Re:DMCA or plain copyright?

[gilroy]

Blockquoth the poster:

Are the letters "DMCA" more scary or something?

That's it, exactly. Copyright law (pre-DMCA) has a long, detailed history in the courts. There are lots of precedents, including relatively wide fair-use harbors. The DMCA, while paying lip service to fair use, actually narrows its applicability a lot. But more importantly, no one knows how courts will interpret the DMCA, as few cases have percolated through the system. It's that element of uncertainty that serves as a bludgeon ... many companies would be unwilling to fight tooth-and-nail against a lawsuit if they aren't relatively sure of how the underlying law is going to be interpreted.