Slashdot Mirror
Debunking (some) DMCA Myths
An anonymous reader writes "C|Net's News.com is running an article under their Perspectives section about some of the myth and hype surrounding the DMCA. The author talks about how the EFF is exaggerating the danger from the DMCA. The author mentions that although "the DMCA is both an egregious law and a brazen power grab by Hollywood, the music industry and software companies", groups like the EFF are not much better, engaging in "fear-mongering" and scare tactics to increase opposition."
Really. He probably had to fill a deadline and came up with this, knowing it would generate a lot of interest. First he says this:
Then he goes on to say "no wait a minute, it's not so bad, we can live with it". He goes on to say, basically, how he believes the line between "encryption research" and "trafficking in circumvention devices" is completely clear and bright.
Well guess what. It ain't. I don't feel like the line between code and speech is a clear one. He even acknowledges in his article that including code in a research paper is vital:
So, by his own words, the chances of a lawsuit are not zero if you include code.
And what is code? How about some pseudocode? How about a working copy of code, except some constants are changed? How about a complete working example of code, but only in the print version? If this print version later appears on the web in full, will the author suddenly be liable? (Remember, by their own words, they went after Skylarov because his name was in the copyright notice, not because he personally was trafficking in the device.)
He then goes on to mention all the recent news items (the HP flap, IEEE, etc) and dismisses them all by saying basically: well it's bad PR for these companies, so they'll withdraw their lawsuits. Well, no thanks, "bad PR" is a pretty thin safety net.
And I also sense a vibe that traditional security research published in a journal or university web site, with lots of verbage is okay, but a bugtraq posting from "Cyb3rH4xx0r" who lives in his mom's basement is not. Well personally, I learn as much from posted exploit code as I do from long-winded papers. And any smart person could generate one from the other. Which is why a researcher should be a afraid, even if they don't use code in their paper.
So I think a security researcher has every right to be afraid of the DMCA. We know exactly why: because 1) code is not always considered speech and 2) pretty much anything can be a "technological protection measure", from bits in a TrueType font (remember that one?) to ineffective LFSR's in DVD players. Put these two together with the DMCA and you feel the chilling wind.
(And that's not even discussing the awful "takedown" provision of the DMCA, which allows copyright holders to arbitrarily take down web pages and eBay auctions. I'm surprised we haven't seen more abuse of that one from people forging affidavits.)
He was a principal player of an enterprise engaging in commercial activity that was criminalized in the US, and that impacted a US company -- Adobe. Despite that, he entered the country voluntarily and demonstrated this activity. According to a DOJ press release, he is also the copyright holder on his program, so any distribution should be going on only with his full consent -- which is likely given the nature of his presentation.
The program was also purchasable from within the United States from an Elcomsoft.com server hosted in Chicago (again, within the US...). Payment was handled through an online service located with the United States.
So, he was willingly distributing an illegal circumvention device within the United States, to Americans.
Only the dead have seen the end of war.