Slashdot Mirror

← Back to Stories (view on slashdot.org)

HP Backs Off DMCA Threat

Posted by timothy on from the maybe-that-wasn't-such-a-hot-idea dept.

Bruce Perens wrote with this interesting reversal: "News.com reports HP has backed off of its DMCA threat." Which makes SNOsoft's official response thankfully beside the point now. Update: 08/02 05:37 GMT by T : Declan McCullagh points out this CNET story, which includes words from HP, Snosoft, and Bruce Perens. Writes Declan: "HP blames the snafu on... their lawyers!"

23 of 320 comments (clear)

  1. Finally by Anonymous Coward · · Score: 0, Insightful

    A company with some fucking common sense.

  2. Misunderstanding? by Overand · · Score: 2, Insightful

    Actually, it looks like this whole thing was a misunderstanding, and involved screw-ups by people on both sides. And believe me, I'm the first one who'll go on about how awful the DMCA is, but I think this was just overreaction on one side and misbehavior on the other. But... well, we'll never know the real story.

    1. Re:Misunderstanding? by delta407 · · Score: 5, Insightful

      Misunderstanding or not, HP has done something I (and many others) will not soon forget. Even if it was one rogue element of management mouthing off, damage has been done. "Backed down" or not, they were in the process of screwing more people with the DMCA for pointing out a problem with their software.

      Remind me, again, why I should continue doing business with an entity like this? Give me back the old HP.

    2. Re:Misunderstanding? by Anonymous Coward · · Score: 2, Insightful

      In a company of 150,000 people, some of them will screw up from time to time. Haven't you ever overreacted and said something you later regretted? The poor bastard just did it in a more public forum than is usual.

      The guy made a mistake, and was quickly slapped down by reactions both inside and outside HP. As Declan said, there were a huge number of emails from HP engineers letting Carly know why it was a really dumb way to react.

      It's not good, but it's not necessarily reflect HP as a whole, or any kind of systematic policy.

      In some ways, HP quickly admitting that it overstepped the line is a really good outcome for people who are afraid that the DMCA will be abused.

    3. Re:Misunderstanding? by HiThere · · Score: 4, Insightful

      Do you feel that they appologized? Do you feel that they made amends for issuing threats? Do you feel that they have indicated that they are something other than a bully?

      They got what they wanted. Then they said, "OK, everythings all right now."

      Everything is not all right. A bully threatened someone smaller and got what he wanted out of it. If anything else happened, it sure isn't clear. But it will take a lot more than that before I ever trust them again.

      --

      I think we've pushed this "anyone can grow up to be president" thing too far.
  3. Before the arguing starts by Anonymous Coward · · Score: 5, Insightful
    I would like to just interject two Very Important Thoughts into the discussion.
    1. Despite being legally treated as such, corporations are not singular entities. Corporations contain quite a lot of people, and many of these people have different viewpoints. Some corporations even have seperate departments with conflicting goals and incomplete coordination and communication between them. For example, you may have an overzealous legal/ intellectual property affairs department that just kind of goes off and does its thing and tries to enforce the company's IP vigilante style, a very liberal software development department that does things like fund linux development, and an upper management that kind of just says "hands off" and lets the people in the sub-departments do what they like unless one of them goes overboard. Like, say, the legal department makes legal threats that would never in a billion years stand up in court (i.e. applying the DMCA where it clearly does not apply) against someone who is performing a service for the company. Or, say, the software development team is paying for one of the people on their linux staff to go speak at a conference, and he's saying upfront that he is going to break a law on stage. These are the kinds of situations that, in this hypothetical example, the upper management would take notice and override the things that the sub-departments wanted to do. Anyway, the point is, you have to understand that within a corporation are a great many conflicting interests, and you can't call a corporation evil just becuase certain of its departments are acting in evil ways-- especially if in the end, upper management pulls through and makes everyone play nice with the consumer people.

    2. Some corporations really will sit up and reform themselves if there is sufficient public outcry against what they are doing. Most corps aren't at all responsive to "the public", but some of them realize it's not in their best interest to do something that makes your customer base hate you. As such, sometimes if enough people complain loudly about something a corp is doing, said corp will change it. The moral to be gleaned from this is to never stop bitching about the things the corporations are doing wrong. After all, if we don't point out the error of their ways to them, it's quite likely they'll never see the error, which would suck; but if we bitch at them, well, the absolute worst that could happen is that we'd get ignored. So it's worth the trouble.
  4. I think I would have rather it had been tested by tlambert · · Score: 5, Insightful

    I think I would have rather it had been tested in court.

    "We can say emphatically that HP will not use the DMCA to stifle research or impede the flow of information that would benefit our customers and improve their system security." ...great. I get to rely on their self-restaint in not abusing the law, rather than striking down an eminently abusable law.

    As long as the only test cases are against individuals and groups the public perceives as "black hats" (e.g. 2600), this damnable law will never be changed.

    -- Terry

  5. This is bad ... by cykes · · Score: 2, Insightful

    This is bad. So far the DMCA hasn't been challenged. Adobe asked the government to drop charges now HP has backed off. The problem with this is that this law has not had it's day in court.

    I'm sure any judge will realise how broad the DMCA is and as a result how damaging it can be to a persons rights as well as to a community of developers, not to mention privacy advocates.

    Unfortuantely we have lost another great opportunity. HP like all the others want this law to remain. Only when the stakes are really high will they seek to enforce it ... or denounce it.

    1. Re:This is bad ... by kcbrown · · Score: 3, Insightful
      I'm sure any judge will realise how broad the DMCA is and as a result how damaging it can be to a persons rights as well as to a community of developers, not to mention privacy advocates.

      You mean like Judge Kaplan did in the 2600 DeCSS case?

      --
      Use 'slashdot stuff' in the subject line in any email you send me if you want to get past the spam filter.
  6. Re:Good by antirename · · Score: 2, Insightful

    Except that they at least thought about it... and the DMCA is a LAW, not a company policy. Once HP cries wolf, what's to stop a creative procecutor from bringing charges?

  7. I thought so! by www.sorehands.com · · Score: 4, Insightful
    Just like the RIAA with Felton.

    They knew they would have their posterior kicked black and blue which would eliminate the DMCA threat power.

    --
    Fight Spammers!
  8. Actions, not words by v77 · · Score: 5, Insightful

    I think this is too early to tell. Since they already did say they could use DMCA, some damage is done. This obviously came through lawyers, so someone somewhere DID make that decision, regardless of who they blame. Now, even though they said they wouldn't, there is doubt in a researchers mind if anything might happen. You can not just release a program without "following standard procedures" any more (that's what I got from CNet's article). Following such procedures is a good thing, but it should NOT be a requirement to free speech.

    Lets wait for actions from HP, who knows what they'll do a year from now on some other bug. This also opens the door for MS or Oracle or whoever to do this, without being first, and citing HP, regardless of what HP said today. Can you really open your toaster now and see what's inside? This threat, even though withdrawn, has done what it was supposed to do.

    It is what they call the slippery slope.

  9. Re:How many people sent Mrs. Fiorina (CEO) Feedbac by dd301 · · Score: 2, Insightful

    Oh, this would have been soooo much fun to watch on Court TV!

    Too bad it would be torn to shreds in a real court. There would be all sorts of inadmissible evidence.

  10. Re:Responsible full disclosure by HiThere · · Score: 3, Insightful

    I do not see that this in any way justifies threatening someone with the DMCA.

    So far, I have not encountered anything which excuses that, though I am willing to keep looking.

    That HP has said "Now that you've withdrawn your threat to release infor about us, we won't threaten to pull the DMCA on you" doesn't count as very much of an appology at all. In fact, it doesn't count as an appology.

    I do not feel that HP has yet done anything to redeem themselves for this disgraceful action.

    --

    I think we've pushed this "anyone can grow up to be president" thing too far.
  11. Those of you who emailed HP to complain by BoneFlower · · Score: 4, Insightful

    Should now email them to express thanks that they have reversed the decision. I had emailed them to state my displeasure and to vow never to buy another HP product again(which would be tough, as my Pavillion continues to surprise me in quality).

    Now that they have reversed it, I sent a follow up thanking them and stating that I again looked forward to purchasing from them in the future. The rest of you should do the same- Express displeasure when they fuck up like this, but also express appreciation when they fix it as they have.

  12. SNOSoft Touting For Business by cranos · · Score: 2, Insightful

    After reading SNOSofts response, I've gotta say it looks like they were trying to drum up business and it back fired big time.

    Im not supporting HP in any way and personally I think the DMCA is the greatest piece of loo paper I've ever seen but if you go to someone and say "I know how to break into your house and steal all your hidden money and Im not going to tell you unless you pay me" you gotta expect to get burnt.

  13. DMCA strongest if not challenged by SgtChaireBourne · · Score: 3, Insightful

    The power of the DMCA is not necessarily in court. The threat of a long drawn out legal battle is usually enough to get what the large corps want, sort of a reverse "O.J." strategy, if you will. The DMCA can be milked by RIAA and others for many years without actually having to be tested. That won't lessen either it's application or damage to the IT sector.

    --
    Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
  14. Re:Responsible full disclosure by innocent_white_lamb · · Score: 2, Insightful

    The point that everyone seems to be missing is this:

    I don't care how many "good guys" know about a vulnerability. I do care if the "bad guys" know about it!

    By sitting on the information for any time longer than the length of time that it takes to post an alert message, I believe that "security researchers" are unnecesarily putting our systems in danger.

    It seems that the good guys are the last to know in these situations, and the good guys here are the guys who are actually managing the affected systems and trying to get some real work done. If I have a vulnerable system and I don't know it, my data is in danger. Tell me about the problem NOW! Then I can assess the risk to my systems based on accurate information and take action to mitigate the problem if I see fit. If a patch is not yet available to fix the problem, I can change my setup or even yank it offline. But not telling me that I'm vulnerable for X period of time takes all of my options away from me and it's "be quiet and we'll tell you what you need to know when we think you should know it." Sorry, that's not good enough.

    --
    If you're a zombie and you know it, bite your friend!
  15. More like "Usual Tactic" by Anonymous Coward · · Score: 1, Insightful

    Has everyone forgotten what Adobe did to Skylarov? Adobe screamed "DMCA VIOLATION!" at the top of their lungs, got Dmitry arrested and then BACKED OFF.

    Why?

    They don't want the DMCA to see any kind of trial before a judge.

    Now HP is doing the same. Soon, the next big company will do the exact same thing. The DMCA is a THREAT and will be used as a THREAT...but the last thing the big corps want is for the DMCA to see actual court time.

  16. You obviously work for Microsoft by Anonymous Coward · · Score: 1, Insightful

    No way, the USERS / CUSTOMERS should be the first to know, that the product they bought is defective and/or dangerous.

    That's the whole point of full disclosure. Why should the vendor and the bad guys be the only ones to know about security holes for a month? So that the bad guys have a month to root all the systems in the world, and nobody to stop them? Why even notify the vendor, they don't start fixing the problem until their customers know about it anyway.

    As a user, I want to be the first to know about holes in any product I use, so that *I* can make the decision about whether to take the system offline, or use another workaround. (in this case (bug in su): chmod 0000 /bin/su).

    And no, I didn't like not knowing what was going on with ssh either, but at least I knew that there was a problem, and could take the service offline until disclosure. Not knowing what the problem was, I didn't have any other possibilities.

  17. Re:Don't send $100 to EFF! by Jah-Wren+Ryel · · Score: 3, Insightful

    The good thing about radical organizations is that they will sometimes spend money on radical causes which you don't agree with, because if no one were pushing the boundries then your "moderate causes" would be the radical ones.

    --
    When information is power, privacy is freedom.
  18. Corporate IP Rights? by Lord+MJ · · Score: 3, Insightful

    In another BBS I go to, when I posted about Palladium and the DMCA, all I got in reply were firey defenses of corporate intellectual property. You can't disclose specifics of design flaws in proprietary works since it violates the copyrights and trade secrets of the IP owner. Microsoft can impose Palladium, since you don't have an inherent right to choose which software you run on your computer, since windows is the property of M$ and the processor is the property of Intel. You don't have an inherent right to transfer your data out of a proprietary format, since the format is IP and if the vendor doesn't want you to have the ability to convert to other formats, then they have the right to say you can't because it's intellectual property. So on and so forth. Note that IP law doesn't give corporations the right to do any of those things. And in cases where IP does apply, those rights are overridden by anti-trust laws, monopoly laws, and restraint of trade laws. (I would argue that M$ using closed file formats in order to lock you in could be legitamately considered to be a restraint of trade.) But it seems that outside communities such as /. corporate IP takes precedence over anything, and to restrict companies like Micorsoft is a violation of corporate constitutional rights by a tyrannical government!

  19. Re:money for exploits? by Jester99 · · Score: 5, Insightful

    Just about any time that two companies collaborate, some sort of agreement must be signed between the two.

    (#include<std/disclaimer.h>, IANAL, etc)

    But anyway, assume that SNO simply emailed HP the bug and a patch and HP said "thanks, guys" and rolled it out in the next point release. Six months down the line, SNO *could* (if they were evil enough) sue HP for breech of copyright. Delete the part of the email that said they had permission, etc, and boom.

    That's no good.

    So, they almost always put stuff out in writing specifying exactly who's giving what to whom and what each party's allowed to do with it.

    This is why, if you watch MTV's Jackass, they specifically say at the end of each show "If you send us tapes of yourselves being jackasses, we won't open them. They will be thrown away." It's not that they don't think you could be funny; rather the contrary. They're afraid that if they see your stuff, and then end up publishing something similar by coincidence, they could be sued by you. Because there was no contract.

    Furthermore, a contract between two parties, to be legal, must allow both parties to benefit from it. (Which is what separates a contract from extortion.) That's why you don't just give somebody a car and hand them the deed. They always pay you a dollar - so that a contractual agreement was fulfilled between the two of you. If HP and SNO were going to write some sort of contract stating what info SNO was going to give HP, and what HP was allowed to do with it, a transfer of money or other consideration must be given to SNO. (Now, it doesn't have to be a large sum of money. But corporations usually don't work in pocket change. So, SNO probably did want a decent chunk of cash for their part of the bargain.)

    So, to summarize, "working relationships" always involve paperwork. Usually to cover people's collective asses. And they usually have cash involved, so that a mutual exchange occurs when the contract is signed. As to why that made HP's lawyers go trigger-happy, well, that's anyone's guess.