Slashdot Mirror
DMCA Attacks: NAI Tells Sites To Remove PGP (Updated)
daecabhir writes: "I am on Declan McCullough's excellent policy and technology mailing list, and received this article on Declan's Politech web site. Basically, Network Associates now appears to be using the DMCA to force sites that provide access to the "free" versions of PGP to cease and desist, if this is any indication. Unfortunately, I think that Network Associates may well be within their rights with regards to 'their' intellectual property, even if I disagree with the manner in which they are going about things." Update: 05/22 13:55 GMT by T : Looks like this wasn't the whole story, and in fact NAI was only objecting to a site with the commercial version of its software -- read below for more.
Grant Bayley writes: "The hype being generated by the "NAI pulls out the DMCA stick" postings and the spectre of PGP being "removed from the Internet" is entirely
bogus, and provably so with a little bit of fact checking.
Looking through the Google cache, it becomes very clear very quickly that crypto.radiusnet.net was hosting a copy of the commercial version of the software - not a copy of the PGPi (aka freeware) version of the PGP product. Given that this is the case, NAI is well within their rights to demand the removal of the files.
You can confirm this in the Google Cache.
What is the DMCA's policy on older software?
Does this mean that older versions of PGP now belong to Network Associates and are subject to the company's will? Even if they were free?
So which version was being hosted that led to NAI sending out the copyright violation notice? Was this a commercial version that truly was a `pirate' copy, or was it the same version hosted at pgpi.com? (http://www.pgpi.org/products/pgp/versions/freewar e/) The pgpi site doesn't seem to have any information regarding this, and you would think they would given the impact of it to them.
How exactly do they think they are going to profit from this? more like a Nail in the Coffin than anything else, free PGP from MIT is considered a sacred inalienable right, right?
Why, yes, I AM a Pagan Libertarian.
I purchased several copies of NAI's PGP for Unix version 5. The CD had a standard license agreement with it. Two years later, I receive a letter from NAI telling me that my license was revoked and I could no longer use the software.
Somehow, I do not think I received my $1500 worth.
I should have known, I asked NAI's sales department for a price quote on NAI virus protection products for the "enterprise" and I never did receive a straight answer.
Thank God for GPG! Works with NAI's PGP plug-ins and it's truly free.
Has Phil made a comment yet regarding this? PGP is his child and it seems like if anyone has anything useful regarding this to say, he does. Where are you, Phil?
If your user agent happens to include "wget", watch out! "Any IP/Host seen using wget or any other mirror tool will be banned!
Got friends?
Why isn't this just a "plain copyright" case? Like the Church of Scientology attacking Google with the DMCA, I don't see why they need the part about circumventing access controls to copyrighted material. It would make more sense to invoke plain old copyright law. Are the letters "DMCA" more scary or something?
How about a link to a scan of that letter (with your details blanked out, of course)? It'd also be educational to see the original license agreement, to determine if it even contained an out like that for NAI (providing that it's enforcable to begin with, which is probably a stretch in a non-UCITA state anyway). IANAL, etc.
CEE5210S The signal SIGHUP was received.
it's too bad that people don't pay more attention to rms when he talks about freedom.
and it's also too bad that people kept doing dev on possibly not free pgp versions instead on truly free implementations of pgp (ie gnupg).
how many times are we going to learn this lesson?
US Citizen living abroad? Register to vote!
deus does not exist but if he does
That's the thing. NAI ain't selling PGP anymore.
Makes you wonder who's running NAI.
Is this truly the only Earth I can live on?
I use GPG with Evolution daily, and have had no problems in the 1.0.3 release.
It even handles different keys for different accounts without user intervention (after telling it the key number for a given account, of course).
It has the handy features like "remember pass phrase for this session" (it's an option for the paranoid), sign-every-message, and verification of a signed message sent to you with a mouse click.
Check it out - it's the only mail client I use now!
I know gnupg has made some very big strides in this area, but clearly, now is the time to devise a framework upon which popular encryption is allowed to survive PGP.
The point isn't whether the geeks can do it. The point is whether some poor, persecuted soul in some totalitarian country, like -- um, you know -- can click a button and send an email out of the country or to his best friend, securely.
Clearly we would like to see front-ends developed for all the popular email applications that can accept code implementing any kind of encryption scheme whatsoever, and encryption algorithms that can fit into any popular email application available.
If somebody comes up with a new encryption algorithm, they shouldn't have to write code to support Evolution, Eudora, Outlook Express, so forth and so on.
Likewise, somebody should be able to write a front-end for a email application according to a specific API and expect to see every available encryption algorithm thus far implemented available from within that email application.
And of course, it all needs to be open source. If anything needs to be open source, it is this.
gnupg is great, but it presumes a single algorithm, doesn't it? Wouldn't it be much better to make it easier to introduce new algorithms into the mix? Put yourself in the position of the GS-7 analyst sitting in Virginia who has to run all these decipher jobs. If he gets to *assume* that the encryption being used is pgp-style, his workload is modest, he just needs to feed the file to the program.
But if he first has to figure out what algorithm is being used, suddenly his job becomes many orders of magnitude harder. Especially if there are hundreds if not thousands of algorithms out there, each and every one available to the common man for his use.
I know we're not supposed to rely on obscurity for encryption, but that presumes your only interest is in protecting a single channel of communication. If your interest is in protecting *all* channels of communication, obscurity becomes viable. Something as trivial as taking the output of gnupg and exclusive-or'ing with a Erica Rose Campbell jpeg would add another - if - statement to the NSA's decryption code. Add another 100 jpegs every day and very quickly the NSA's job becomes very, very hard.
I never liked PGP. They zip before encrypting, and I could never get an answer from Zimmermann as to whether or not the checksum survived the zip. If the checksum survives, all the NSA has to do is unzip every try at an encrypted file and see if the checksums match. Strip out the checksum, and their job becomes much harder. The checksum needs to go.
Is this truly the only Earth I can live on?
We tried to buy a site license at work. We needed something that would plug into Outlook Exchange and work with everyone inside and outside the company. But after NAI killed PGP, we tried GPG but there was no plugin for Outlook Exchange (client).
Good product, lots of people wanting to buy it, and no alternative program. If someone came out with a windows office plugin, maybe they could make/start a software company.
First they came for the Amiga, and I did not speak out because I was not an Amiga user.
Then they came for Be, and I did not speak out because I was not a Be user.
Then they came for Blender and I did not speak out because I was not a Blender user.
Then they came for PGP, and I was thankful that someone had spoken for me.
Many thanks to the GnuPG developers.
"I may not have morals, but I have standards."