Slashdot Mirror
HP Backs Off DMCA Threat
Bruce Perens wrote with this interesting reversal: "News.com reports HP has backed off of its DMCA threat." Which makes SNOsoft's official response thankfully beside the point now. Update: 08/02 05:37 GMT by T : Declan McCullagh points out this CNET story, which includes words from HP, Snosoft, and Bruce Perens. Writes Declan: "HP blames the snafu on... their lawyers!"
let's see here:
Vivendi sues bnet.d, originally was under DMCA, but filed under traditional copyright;
HP threatens under DMCA, but backs down.
i think companies *know* that if the DMCA gets taken to court, it will die and we will all live free, so they don't want to risk it. which, incidentally, means that we should try to as much as possible (within reason)
My life in the land of the rising sun.
... but as the DMCA is a statute, isn't it up to the FBI or some such to actually `use' it?
Adobe brought a `DMCA violation' to the attention of the FBI to prompt the Skylarov / Elcomsoft affair. When they backed down, the FBI did not follow suit. Is it not the case that all a person or company can do is bring a `violation' to the attention of the FBI, and let them take it from there?
If this is the case, would not HP's original statement in regards to the researchers violating the DMCA be enough to set the ball in motion? If the FBI were to agree that the event in question is a DMCA violation, would their backing down be enough to prevent further action from being taken?
IANAL and I'm not even from the US, so maybe I've completely misunderstood how this works. But isn't there more to it than HP just deciding to stop waving the DMCA stick?
- SMJ - (It's not just a name: it's a bad aftertaste.)
So... someone fill me in here. Is it normal for organizations to ask companies for money before they'll share info about exploits? After reading the note from SNOsoft, it seems clear that they must have asked for money. How else do you explain them trying "to build a working relationship with HP" and HP (mis?)perceiving their actions as extortion.
Don't get me wrong, as far as I'm concerned, it sounds like HP needs to spend more money on developers and less on lawyers. I'm not trying to defend their actions at all. But, it seems to me that if SNOsoft was merely acting altruistically, they shouldn't need to "build a relationship" in order to "transfer the information privately."
-- dR.fuZZo
Appreciate your note and concern. Let me just start by saying, "don't :-)". I can assure you that my :-). We also encourage our customers and 3rd parties
...
believe everything you read in the press
primary interest and concern is for the Tru64 customers and that the
Tru64 engineering team is committed to finding and fixing any security
problem in the product and getting these fixes/notifications out to
customers ASAP. Trying to do everything possible for Tru64
customers is what motivates and brings me to work every day
(and night
that find security issues in the product to coordinate through the
CERT process, which has been set up to support both product
vendors and customers. Again, I appreciate your concern and
feedback.
Kent
-----Original Message-----
From: XXXXXXX
[mailto:teaser@XXXX.com]
Sent: Tuesday, July 30, 2002 10:56 PM
To: Ferson, Kent
Subject: Rethink this approach.
Concerning this Zdnet article: http://news.com.com/2100-1023-947325.html
HP is going about this all wrong. You have managed to alert many more
people of the mentioned exploit (by making legal threats) than would
otherwise have ever noticed the Bugtraq post. That genie is way to far oput
of the bottle to to be put back now and the poster will just comply to any
cease and desist requests. Besides, there are plenty of buffer overflows in
True64 according to the Bugtraq poster Phased.
My suggestion to you and your colleagues would be that you quietly fix the
code, in a timely fashion, and avoid both the bad publicity and potential
liability.
Thank you.
We really need your help
http://www.gofundme.com/help-sherry
Comment removed based on user account deletion
OK, OK, I shouldn't make fun of someone just because they pressed "Submit" too fast. But the slip opens up an interesting thought in my mind: It is a fact of history that in World War II, American infantry units were the only ones to get progressively more mechanized as a campaign went on. For most armies, continuing action meant trucks and tanks broke down (bad maintenance, lack of supplies, etc.). But for the US, the infantry units would gain mechanized capacity. It was not unheard of that a unit not have to march anywhere, having scrounged enough vehicles to ride. This made the infantry many times more effective and enhanced the efficiency of armor, too (since the infantry could keep up with the tanks).
It doesn't seem that, with the wear-and-tear of battle, you should get more capacity. What was the secret? Well, just about every man in a US unit had some experience with motor vehicles. Most owned their own; many if not all repaired their own. So on the battlefield, they were able to scrabble spare parts together and keep the trucks rolling. In fact, they were often able to scavenge from damaged enemy machines! When a truck or car broke down, most armies had to call in a specialist repair team. But the US infantry could fix it themselves and keep moving. (Source: Dirty Little Secrets of World War II , Dunnigan and Nofi)
What's the point? Well, consider that everyone thinks sooner or later we're going to get into a "cyberwar" -- assaults upon information infrastructure. Maybe our only chance of winning such a conflict is to have legions of people familiar with computers and security, with securing a system or attacking it, with picking apart a program and then putting it back together better. In other words, maybe we need a culture of "hackers" (in both sense) as an insurance policy.
In which case, the DMCA is not just intrusive and unbalanced. It's actually a threat to national security. How do you like them apples?
The Mongrel Dogs Who Teach