Slashdot Mirror
New RedHat Kernel Patch Illegal to Explain to U.S. Users
Russellkhan writes "The Register is running a story about a new RedHat kernel patch that cannot be explained to U.S. citizens or others in the U.S. because of DMCA restrictions. The illegal explanation is hosted at Thefreeworld.net, a site created specifically to deal with these DMCA issues."
Um, whose name is at the bottom of the DMCA? I'm pretty sure it's not Bush's. Want a high comment score on Slashdot? Bash Bush.
To quote the article:
...just as ridiculous as the idea that the US authorities are going to start flying non-US citizens to Cuba to shoot them...
Isn't this almost what we are doing to supposed Taliban and Al Qaeda "war prisoners". Not so far off...
People who have witty things here blow.
Yes, ofcourse, but you may not be able to fathom out what the patch does from the source. A security fix which prevents a buffer overflow could be as simple as adding or removing a typecast, which, if the kernel coders themselves didnt realise could be a security issue - Most Joe User's wont notice either... :(
Still, as a principal, it is a bit silly to disallow a text describing the change but allow the source which IS the change. Stupid law.
loply.com
Anything you say can and will be held against you in a court of law.
Land of the free ride to jail.
What the fuck has happened to our country? It's time to get rid of all the unenforceable bullshit laws. Copyright holders do not have the right to have their business models enforced by the police. And as for prohibition let's get the fuck over it.
Dosent seem too unlikely considering the chaps at the top
My Aurora : http://www.youtube.com/watch?v=o91ZsGwJYyg
FB : https://www.facebook.com/TanveersPhotography
I'd agree. I'd really like to know what the problem is. And where the DMCA has any damn right to tell me I can't read it. I cannot fathom what could be in that stupid text that would violate the DMCA. Anyway. Since this is an explination of the changes made to the software that I run, that I risk my data on, I think I have the right to that text. And if the goverment disagrees, then I'll take my ass and my money, and my vote over seas.
Can all fish swim?
They are posting information about ways to break the security of Linux. That sounds an awful lot like a DMCA violation under the same parts that were used to threaten Professor Felten, and indict Skylarov. The only difference is that Linux is not an asset of the entertainment industries....
7 November 2006: The day Americans realized corruption and incompetence weren't addressing 11 September 2001
Sounds to me like this is a stunt. Clearly they will get media attention (thanks Register) and hopefully get picked up by major media in the states. This is especially possible if there is a nice long stream of indignation from folks on Slashdot (including mine). That said, what a great stunt, and for what a great cause. Some one at RedHat is smart enough to be motivated not by legal paranoia (however recently justified) but by political savvy.
...begins in wonder
So, is your point that there is only one stupid/bent judge in the system or that there is no one who would have a vested interest in having RedHat slapped for breaking a stupid law? In either case, you're wrong.
TWW
"Encyclopedia" is to "Wikipedia" what "Library" is to "Some people at a bus stop"
You're right. The signature at the bottom of the DMCA is:
(signed) All American Citizens
In a democracy, you are responsible for the actions of those you elect.
There is still time. Your elected representatives will pay attention to you, the American voters, only for the next 3 weeks or so. Mobilize if you can; otherwise suffer 2 more years of the same but please don't complain!.
That patch was released on 2002-08-20, nearly two months ago, and was available through RH's up2date system so many US users will have updated to it. It's only now being reported as news about the DCMA restrictions?
I've got a fever and the only prescription is more COBOL.
No, it makes sense. Teaching people about security holes is illegal. Patching them isn't.
Describing what you patched, though, would entail describing the security holes on an unpatched system. Ding! Go to Jail...
-- IANAEG - I am not an elder god.
Posting this in the US would not be a violation of the DMCA except if you used some ludicrously tortured logic.
Tell that to Skylarov, who wrote a program that was mandatory in Russia under Russian law, and who found himself in jail in the US under the DMCA. It doesn't matter if he wins in the end, or isn't even allowed back in or whatever. He's totally innocent, has nothing to do with the US and shouldn't have been treated like that.
You can make up any BS laws you want for yourselves over there, but totally innocent people who have nothing to do with the US end up in jail because of them. I think the thefreeworld.net site is a brilliant idea.
If there's even the tiniest chance that some information posted could be illegal under some strange law of a country you have nothing to do with (and this security info certainly could be), and they're known to get (innocent, foreign, never been to the US) people jailed over this stupid law, then the prudent thing to do is post that info only on sites like this.
Unfortunately, given how few people in the US even know their own laws, it's practically impossible for people in Russia, Norway etc to be aware of all the weird quirks in US law, and they don't even know they should be aware of them. And people from those countries were still jailed for doing something perfectly legal. The US is a threat.
I'm sorry for ranting, mod me a troll or something, I can get real angry over stuff like this.
I believe posters are recognized by their sig. So I made one.
Ok, this looks to me to be the same as any other patch documentation. My impression is that the reasons it's illegal are the same sections and logic used to indight Skylarov. If I'm not mistaken in those two things, isn't all patch documentation illegal under the DMCA?
Quick word of commentary, it wouldn't surprise me at all if this were true by the letter of the law. This is exactly why we have been complaining for so long, because the law is overly broad, and restricts things that it obviously shouldn't. On the other hand, I didn't think it was so broad as to cover all security documentation.
Science may someday discover what faith has always known.
There is no way a kernel patch can violate the DMCA for the simple fact that the Linux kernel doesn't enforce any type of copy protection.
Doing it like this is just prudent. Why should someone from Europe have to know all the details of US law, weigh the chances of it being a violation, when non-US people have already gone to jail over it and there's the option of not distributing it to Americans in the first place?
I believe posters are recognized by their sig. So I made one.
Yes, but read this sentence on thefreeworld.net site:
* acknowledge that by downloading the data outside of the European Union you are performing an act of importation.
I think it clearly means that the site is in the E.U. Moreover, netcraft says that it is hosted by planet online which is based in the UK, AFAIK. So the owner is in the US, the site in the EU.
I'll do it for cheesy poofs.
To me providing a patch in source form is exactly the same as providing a description. Source code is readable. People who can program in the language that the patch was made in, can understand (with a little bit of effort) what is going on there. So to me this patch is a description. It is only given in another language then plain english.
:-)
I leave aside what this implies for the DMCA though
Greetings,
Project Manager of Crystal Space (http://www.crystalspace3d.org). Support CS at http://tinyurl.com/cb3x4
There is still time. Your elected representatives will pay attention to you, the American voters, only for the next 3 weeks or so. Mobilize if you can; otherwise suffer 2 more years of the same but please don't complain!.
You can honestly say that? My elected officials will pay attention to me only during election season, and I'm not supposed to complain? Screw that. Democracy only works if you don't pay attention to what happens. We have the DMCA, the Patriot Act, corporate tax breaks out the wazoo, and politicians who are essentially puppets for the companies who paid to have them elected. You're right, I shouldn't complain.
Ding! This is the correct answer. Yes, telling people about security holes is a DMCA violation under every interpretation of the law that I've seen (other than the cursory, "it only covers copying mp3s d00d!")
Please mod up the parent.
It's a subtle point, but it's not the DMCA that says you can't read it. It's the author who says you can't read it. The DMCA says he can't tell you. You don't violate the DMCA by reading it; you violate the author's copyright. This kind of difference is important in matters of law.
'SBEMAIL!' is better than a goat!!
Go figure. :)
BD Phone Home!
Shameless plug. Like you weren't expecting it.
One of the prime rules of administering a system is to never destabilize it. I have great respect for Red Hat, and use their systems every day, but whatever this patch does, I will not apply it until I understand what effect it is going to have on my systems.
I suppose I could (and really SHOULD) look at the source and figure it out from there, but given the fact that time is a scarce resource, it will be lower on my priority list than the other problems that are more readily apparent to me.
That means that the DMCA is actually contributing to the destabilization of the systems I am responsible for. Makes me wonder just who is being protected here in the land of "free speech" and home of the brave.
We do value the ideas of Democracy, but we are a Republic. A Republic is just a little bit different then a Democracy. For instance, we do vote for the men and women that represent us in our nation's capital.
However, the laws that they create do not necesarily represent the views of their constituents. If that was the case, then every American Citizen would have the right to vote on the creation of laws such as the DMCA.
Our Republic is a popularity contest regarding who ends up in office. This popularity contest is run in front of a back-drop of "parties" which are supposed to represent the basic views of the person running for that office.
In the Republic of the United States, true Democracy only exists in the local arena (School Millage Hikes/Cuts, local ordinances and such) and sometimes shows its face in state elections when public acts are put up for citizen review.
If we lived in a true Democracy, I personally believe that the citizenry would have destroyed the Constitution many years ago by creating laws that limit the freedoms and liberties that our Republic currently partially protects. The trouble is that our representatives have forgotten that and so have the citizens that voted them in. If they were to remember what our form of government really is and change some of their ways, we can once again move forward with our great experiment.
If you ignore the other uses of a tool, does that make the tool less useful, or you less useful?
You're being silly here. None of this is going to happen, because other countries are considering, or have already enacted, laws just as bad, if not worse than, the DMCA. Check out the information on the EU directive known as the European Union Copyright Directive, or the Digital Agenda Act, which is Australia's answer to the DMCA. The DMCA is on shaky constitutional grounds in the US, is the act your country going to pass be?
Marxism is the opiate of dumbasses
Sticking feathers up your butt does not make you a chicken - Tyler Durden
I believe that these guys try the wrong way to persuade others that the DMCA is bad.
What? This is one of the most effective anti-DMCA bits, uh, ever. "You, over there. In the US. You can't read this. Shoo." Telling people 'no' is a sure way to invoke thier interest.
Maybe the state's highest function is to grind out insoluble problems. (Zelazny, Hall of Mirrors)
The issues discussed in the patch notice are pretty mundane, and it took me quite some time to figure out what the hell the problem with the DMCA might be. I'm still not sure.
The reasoning, apparently, is that by documenting the security weaknesses that were fixed, they reveal ways to hack unpatched versions of the kernel. And that would be circumvention, and hence violations of the DMCA. All of the holes were found in code audits, and there are no known exploits, so this announcement documents these problems for the first time. (Maybe it's less of an issue if you announce fixes to holes that someone else already found.)
But if that is really taken as a violation of the DMCA, then almost all public notices of security issues may be illegal, even if the author did not write an exploit, and indeed even if no exploit is known to exist. The entire CERT site is at risk. Bruce Schneier may be one of the rampant criminals on Earth.
I dunno, it certainly would be crazy if the DMCA really has that implication, but are Cox and Co. certain that the law really means that? I'll bet there is no case law suggesting such a thing -- and after all, it's the courts' interpretations that really matter in the end. Has any legal scholar ever suggested that the DMCA can be interpreted this way?
I certainly don't like the DMCA, and I think it's unconstitutional (First Amendment, you know), but I wonder if this stunt will backfire. If it turns out that they're making a big deal out of something that the DMCA doesn't actually forbid, then opponents of the law will end up looking a bit hysterical.
Always keep a sapphire in your mind
They never talked about my pothole in front of my driveway either...
The majority of America doesn't give a rats ass about DCMA...DAMC...what's it called?
yet...
Yes, but am I responsible for the actions of a president I most emphatically did not elect, whom many would say was not legitimately elected at all but sits in the Oval Office nonetheless? Am I responsible for the actions of some senator from North Carolina or Texas (I'm in Massachusetts) who is the chair of some committee that exercises extra-Constitutional power to affect what bills even get seen by the full legislature? Am I responsible for the actions of some unelected official even though their rules and regulations only have the force of law because Congress improperly abdicated their legislative authority when they created some bureau fifty years ago?
No, no, and no. I can and do vote for a mere handful of representatives, whose roles have become so diluted by the above factors that voting is purely an act of principle untinged by practical effect. To say that people in general are responsible for outcomes that people in general can affect so little is ridiculous.
Slashdot - News for Herds. Stuff that Splatters.
Next time, actually read the law. The DMCA is VERY broad. Sounds to me like your extent of reading on it was the name, and not the contents of the act itself.
The DMCA makes it illegal to publish any sort of information that provides data relating to any sort of bug that could be potentially exploited. This was, IMHO, added to prevent people from writing applications that would allow individuals to circumvent applications that where protecting copywrited materials, but it's all in the wording.
-- I'm the root of all that's evil, but you can call me cookie..
Seriously, how do people defend Bush? Clinton was a crappy president in a lot of ways (DMCA, weapons treaties, etc) and so is Bush.
You do realise that your country is holding people prisoner in Cuba in violation of the Geneva Convention on the treatment of Prisoners of War (and don't be nice to them!), right? And that your country has decided that doing something about the Greenhouse Effect is too expensive? Or that letting other countries try your soldiers on war crimes is too hard? And that getting rid of weapons of mass destruction is good, unless they're yours
Not that my country is innocent; Little Johnny locks up kids in the desert and uses the navy to storm refugee ships and then pays other countries to take the refugees of our hands.
¦ ©® ±
to trick someone who isn't free to believe he is, than it is to trick someone who is free into believing he isn't.
Think about it.
But then it actually happened in Real Life. Lawyers at HP saw how DMCA could be abused to prevent discussion about vulnerabilities, they used it to bully. Most people wouldn't have believed it six months ago, but nowdays, thanks to HP, we know that it really is plausible that DMCA could be used by someone to attack Red Hat for discussing a security problem. It's not just theoretical. It's not just paranoia. It actually happened.
So it's more than just a stunt; it's also a ridiculous but legitimate ass-covering, made necessary by a ridiculous law.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
If I read all of this right, it appears that the discoverers of the bug copyrighted their white paper in a way that prohibited distribution to anyone in the US. Thereby allowing them to invoke the DMCA if they so choose. As the register article points out, Red Hat was forced to go along with this because the authors of the bug whitepaper wanted to prove a point. With all of the real issues (Here & here) surrounding the DMCA, why are we even wasting our time with this?
Who are you? The new #2 Who is #1? You are #617565. I am not a number, I am a free man! Muhahaha.
The mere thought that knowledge is criminal is patently absurd. This nonsense is further proof that US corporations prefer the American public as dumb as possible.
A preferably dumb American consumer is simply fuel for the machine. Don't ask, just pay us and thank us for providing you with insert good or service here?.
Hopefully, within the Supreme Court, will see that the rights of free speech trump this ridiculous law.
That's where the problem is. Most of the major players involved in some way with the DMCA are in favor of it, most of it's opponents don't have the resources to fight them.
Sure, there are plenty of other wealthy people/corportations who COULD help in the fight, but there's no reason for them to do so. Why help out people like us at their expense, unless they're helping themselves too?
This has been a test. Had this been a real emergency, we would have fled in terror and you would not have been informed.
This is really stupid and childish. I'll be the first to condemn the DMCA (after my own legal troubles with it), but this is not the way to go about it.
Someone correct me if I'm wrong (I'm not a lawyer though I have studied the DMCA and lawsuits based on it carefully), but the DMCA absolutely does not ban security information. The only related things that it addresses are circumvention (of protection technology in order to access a copyrighted work) and trafficking in circumvention devices. Security information (especially in the form of a vague changelog) is absolutely not either of those. By no stretch of the imagination can I figure out how it's supposed to be a violation of the DMCA.
What's really going on here? Someone (Alan Cox) is trying to make a point about the control that the DMCA gives to copyright holders. He's placed a piece of his copyrighted information that some people want (text of the kernel changelog) behind a click-through license that says you can't access it if you're from the USA. In my opinion this has fuck-all to do with the DMCA (because there is no "technological measure" to circumvent -- please read the definition of technological measure in the DMCA if you disagree with me), just click-through licenses, but, whatever. Then Red Hat decides, well, we can't copy that information because the copyright holder has told us we can't. Assuming that such click-through licenses are legal in the first place, of course, RH would be entirely within its rights for a non-US-citizen to license the document and then summarize it for Red Hat. Either they are too lazy for this, don't understand the issues involved, or are perpetuating this same bizarre notion that the DMCA makes every single thing you'd want to do illegal.
The DMCA only has to do with copyright, and only as far as circumventing technological measures that protect copyrighted material. The court enjoined DeCSS because it found it to be a circumvention device (they did NOT enjoin english descriptions of the algorithm, and especially not security notices about CSS being weak!). I don't agree with the decision, but at least it makes sense in terms of the law. (I also don't agree with the law!!)
The important point I'm trying to make is that to fight dumb laws like the DMCA, we need to understand what they really say and what the actual implications are. There's a tendency for hackers to use logical deduction ("If DeCSS is illegal because it can be used to break DVDs, then hammers must be illegal because they can be used to smash open store windows!") in order to decide the implications of a law. THIS IS NOT HOW COURTS WORK! Law is much more squishy than that. Making these sorts of alarmist claims, as if the DMCA outlaws everything that we'd ever want to do, hurts our cause by spreading misinformation. Instead, we should be educating people about what the DMCA actually addresses (ie, "Did you know it would be illegal for you to create MP3s from SACDs that you bought?" or "Did you know that it's illegal to buy mod chips for your Playstation so that you can play imported games that you also legally purchased?" or "Did you know that it's illegal to use your screen-reader software with the eBook that you legally bought?"). That's how we can convince people that the law is wrong.
You don't violate the DMCA by reading it; you violate the author's copyright.
No, the author has no right to stop me from reading something that he's published; all he can do is dictate who may distribute copies. Before anybody asks, the copying required to view the page doesn't count, as it is required to use the page normally
"We returned the General to El Salvador, or maybe Guatemala, it's difficult to tell from 10,000 feet"
No one here or in the referenced links has backed up the claim that DMCA would apply to publishing these kernel patches, using quotes from the DMCA itself. Why do you suppose this is?
And more importantly, why are so many people willing to accept these claims without any proof or even any evidence?
Readers need to think for themselves, and not just accept what people tell them. It's all too easy to swallow unsupported claims which fit into our preconceptions. But in fact those are the ones for which it is most important to check the facts, simply because they are the ones where we are most likely to make mistakes.
See my earlier post for evidence that the DMCA does not apply to publishing kernel source. I quote from the text of the DMCA itself, and link back to the rest of it.
Shouldn't a position that has evidence behind it be more believable than one which is offered without any backing at all? Pay attention to your own thought processes as you consider the new information I am presenting here. Think about whether you are being objective and open to new ideas, even when they contradict your prejudices.
Thinking for yourself is hard work, harder than letting other people think for you. But if you can get yourself to do it, eventually you'll find that it's a hard habit to break.
If a security document describing flaws in the kernel is a violation of the DMCA, than surely any coments in the source code of any Open Source product are also in violation (I guess that means my code is safe! *grin*)!
/bin/cat... HA! It's now a tool to circumvent copy protection, don't let it run with root privs! And don't forget to change chmod so it can't clear bits... the DMCA doesn't specify that *YOU* may circumvent your own protection!!!
Further, since the DMCA doesn't specify that the language must be English, the source code itself might well be in violation. Say goodbye to utilities like crack (and thus cracklib), or port-scanners. In fact, you might choose to view the contents of a protected file with
Hmmmm, now what big organization hates open-source, and would benefit the most from having it declared illegal.... what giant mega-corp would be happy to have security notifications disallowed.... hmmmmm....
I can understand that Cox wouldn't want to be skyleroved.. Yes he works for RedHat and RedHat is a US company.... All the more reason to be worried about being made a 'test case'.
It's one thing to cry 'paranoid'. It's another to be told by your lawyer that, should you take what you consider to be a completely reasonable and prudent action, you run the risk of:
- Being arrested and possibly held without bail (risk of flight as a foreign national).
- havin your trip schedule completely messed up.
- being denied access to your primary employer's home state
- having to defend yourself against criminal charges (even if you're found innocent, it could cost you hundreds of thousands of dollars).
- If found guilty, you could end up in jail for years.
Remember: We already have Skylerov as example of having this happen to a foreign national.Given a choice between this, and making a political statement about the stupidity of this law by simply obeying it, what would you do? If you had a family to support, would this change your decision?
Free Software: Like love, it grows best when given away.