Slashdot Mirror
Bernstein Cryptography Case Dismissed
notime writes "According to a post to export@list.cr.yp.to, djb's crypto case has been dismissed without deciding the constitutionality of the current regulations since the DOJ said the
government would not enforce several portions of the regulations. Bernstein said in a statement that he hopes the government keeps its promise - 'But if they change their mind and start harassing Internet-security researchers, I'll be back.'" EFF has a document archive for this on-again, off-again case against U.S. Government regulation of cryptography exports.
DJB is the only mailserver writer that has to lie about the competition to get users. and it isn't free software either.
But if they change their mind and start harassing Internet-security researchers, I'll be back.
Or does that sound like a threat?
I have over 70 freaks, do you?
They'll just pass a new law to get security researchers if existing laws don't work.
Subject: [IP] The Bernstein Cryptography Case Is Dismissed
From: Dave Farber To: ip@v2.listbox.com Date: Wed, 15 Oct 2003 17:41:19 -0400 Delivered-To: dfarber+@ux13.sp.cs.cmu.edu Date: Wed, 15 Oct 2003 17:19:29 -0400 From: "Peter D. Junger" Subject: The Bernstein Cryptography Case Is Dismissed To: Dave Farber
For IP if you consider it suitable.
This inconclusive ending of the Bernstein case is a consequence of the government's policy in cases where there are first amendment challenges to restrictions on the publication of software to claim that they have no intention of enforcing the law as it is written and thus getting the cases dismissed as moot.
The end result is that, though Bernstein had originally won in both the District Court and the 9th Circuit and I lost my later-filed case involving much the same issues---Junger v. Daley---in the federal District Court for the Northern District of Ohio, it is the 6th Circuit Court of Appeal's decision reversing the District Court's decision in Junger v. Daley that is the leading case holding that computer programs are speech that is protected by the First Amendment. In the Bernstein case, when the government amended the regulations forbidding the publication of computer programs, the 9th Circuit Court of Appeals withdrew its earlier opinion in Bernstein's favor and remanded the case to the district court, where the government claimed that they would not enforce the restrictions on cryptography against Dan Bernstein. In my case, on the other hand, the 6th Circuit Court of Appeals reversed the District Court's holding that the First Amendment does protect those who would publish software and then remanded the case to the District Court for further proceedings. At that point, rather than risking our victory in the 6th Circuit, we settled my case, even though the new regulations were---and are---constitutionally questionable.
Although my case is now the leading case holding that publishing software is protected by the First Amendment, I do not believe that we would have had our success without the efforts of Dan Bernstein and his lawyers from the Electronic Freedom Foundation.
------- Forwarded Message
From: "D. J. Bernstein" To: export@list.cr.yp.to Subject: Crypto Case On Indefinite Hold
PRESS RELEASE
Contact: Daniel J. Bernstein, press-20031015@box.cr.yp.to
CRYPTO CASE ON INDEFINITE HOLD
Chicago, 15 October 2003 - The longest-running court case against the government's encryption regulations has come to an end, for now.
The regulations were challenged by Daniel J. Bernstein, a professor of mathematics, statistics, and computer science at the University of Illinois at Chicago. Bernstein filed his lawsuit in February 1995 and won four court decisions against the constitutionality of the government's previous regulations.
In an October 2002 court hearing on the current encryption regulations, Department of Justice attorney Tony Coppolino told the court that the government would not enforce several portions of the regulations.
``I can assure you that the regulatory authority does not want [researchers who are collaborating at conferences] sending us an e-mail every time they change something in an algorithm,'' Coppolino told the court. Coppolino also said that commmercial book publishers and assembly-language publishers did not need to obtain licenses.
As observers predicted after the hearing, Chief Judge Marilyn Hall Patel of the United States District Court for the Northern District of California relied on the government's promises and dismissed Bernstein's case without deciding the constitutionality of the current regulations.
``If and when there is a concrete threat of enforcement against Bernstein for a specific activity, Bernstein may return for judicial resolution of that dispute,'' Patel wrote, after citing Coppolino's ``repeated assurances that Bernstein is not prohibited from engaging in his activities.''
``I hope the government sticks to its promises and leaves me alone,'' Bernstein said in a statement today acknowledging Patel's decision. ``But if they change their mind and start harassing Internet-security researchers, I'll be back.''
try here
The Bearanstan Bears were always favorites of mine and to think they might end up in prison for volating crypto laws is unthinkable.
"Eve of Destruction", it's not just for old hippies anymore...
Who the hell is Bernstein?
I'm as confused as you, but I did find this, which is apparantly his website.
I have over 70 freaks, do you?
Absolutely. WTF is this about?? Is there anybody out there that can translate this into english for us non-crypto types??
The case archive is now http://export.cr.yp.to. That archive has about 200 of the case documents; the old EFF archive has only about 100.
The answer in the manual was to use a server for each, which entirely missed the point of why I was seeking Free Software to do this in the first place. Ultimately I went with Windows 2000, which in this narrow scenario did what I wanted without the issues that plague BIND.
qmail, on the other hand, installed simply (for a Unix program) and worked flawlessly. A true gem of a program.
Try not. Do or do not, there is no try.
-- Dr. Spock, stardate 2822-3.
Tried to read the article, but it appears encrypted using the Lawyer-iese Obfuscation 2.0. I'm afraid if I decode it they'll prosecute me under the DMCA.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Is it just me, or does anyone else wish that the government was forced to enforce its own laws, instead of picking and choosing when and where to do so? There are a truly ridiculous number of laws on the books that are rarely enforced, until the prosecutors feel they have a "good" case to drop the hammer on some poor schmuck.
The public doesn't care about laws that aren't enforced, so most people break the law every day blissfully unaware. It would seem that laws that nobody cares about need to be done away with, instead of criminalizing large portions of the population.
I just hope the feds never try to housebreak a puppy.
I ain't evil, I'm just good looking.
sPh
Put deez nutz back in ya mouf.
"Unlike many 3-letter unix/linux types (rms, esr, jwz, bdp, dek, etc) Dan is not a stuck up prick!"
:)
Careful son, I could resemble that remark.
Got a nickel or should I just paypal you one?
KFG
Ah. Yes. The freedom of speech depends on the freedom to export crypto-algorithms out of the USA? Ok...
BOO! TERRO
please just give us a break down one minute with an expert is worth an hour with google
Sex is what happens when people think no one else will ever find out
I just want to say thanks for the tireless efforts of the EFF in this case. In so many instances they are the only real force to bring intelligent discussion to the judicial system about technology and it's uses. If you don't yet contribute to the EFF coffers, perhaps this should convince you!
Fnord.sig
What the fuck does WTF mean?!!!
That's because those are two totally different services (proxy dns resolving, and authoritative dns content serving), handled by different programs. They're supposed to be separate, even in BIND installations.
It would have been trivial for you to set up dnscache (the proxy dns resolver portion of djbdns) and tinydns (one of the authoritative dns content servers included in djbdns) to do what you want, and indeed this is described in the documentation and examples -- it's the most-common configuration.
--
Twoflower
I think these reposts of the whole article should only be modded up when the original site is likely to be slashdotted. In this case, since the site is pure text, that is MOST UNLIKELY.
In fact, I propose that the parent to this post be moderated down as redundant.
MM
--
By including this sig, the copyright holders of this work or collection unreservedly place it in the public domain.
Yeah, its much better if all crypto-specialists just leave the country and work somewhere where they can distribute their work freely.
I've heard Dan J. Bernstein being called a lot of things, but "security researcher" is a new one...
He doesn't care about exporting... He cares about being able to freely discuss crypto concepts with his peers and students. Some of those peers and students may just happen to be overseas. Even if not, he was threatened with enforcement actions for having his thoughts/ideas available on an unrestricted web site available to the Internet at large. This is a free speech issue. (Words are NOT munitions. Programs are written words. Programs are not munitions.)
What a fucking snarky comment. If you think it is important tell us why.
There are two types of DNS servers - Authoritative servers and recusive resolvers. The default BIND configuration conflates these two services into a single running instance, but you'll notice that even the BIND documentation recommends operating your authoritative servers sepparately from your resolvers.
With djbdns you typically run tinydns (the authoritative dns server) on 127.0.0.1, and dnscache (the recursive resolver) on your public IP, configured to look for your authoritative records at localhost. This configuration is extremely stable and very fast.
When I started using qmail and djbdns I was astounded by the number of Sendmail- and BIND-isms that I assumed to be aspects of the SMTP and DNS protocols. Working with djb's tools have given me a _much_ clearer understanding of the difference between what makes up the standard and what makes up the most common implementation of that standard.
Give the djbdns package another look - It's more than worth your time.
Ideology breeds Hypocrisy. Just how much is up to you.
+1, Informative.
Zodiac Survey
I interpret the article to mean that the professor's use of code decryption was legal, and that such coding in general is non-criminal.
Is this correct?
This post encoded with ROT26. If you can read it, you've violated the DMCA. Handcuffs please, sergeant.
I actually use the reverse of this. I use a dnscache on localhost so that my server can resolve anything it needs without depending on an external DNS server. And I run a publically accessible authoritative dns server to publish my own zones. I don't see the need in letting the public at large use my DNS server to resolve the IP address for yahoo.com. They can use yahoo's dns servers for that.
Of course your configuration makes much more sense in a protected network, like an office setting.
One thing I have wondered about tinydns, is why does it have a long timeout when trying to resolve a record that it is not authorative for? ie if I do dig www.yahoo.com @my.tinydns.server it doesn't return immediately? Is this a config problem with my setup? It is not a big deal, since no one should every query the server with non-authorative queries but still...
Semantics. Of course that is exporting.
Thoughts and ideas are not free to disseminate if they are a threat to the national security. That was always the basis behind the government's actions. How has that changed recently?
BOO! TERRO
That you don't recognize the case or the person involved is perhaps an indication that you should do some additional research.
I thought reading Slashdot was research. My mistake, next time I will bone up on my news before reading a news site.
http://use.perl.org
o/~ Join us now and share the software
...this same judge has apparently been ruling on Napster stuff, interesting .pdf's on the Napster case also on the site....
o/~ Join us now and share the software
A more informative article here [news.com.com.com.com.com]
They call me the working man. I guess that's what I am.
How about the *fact* that most advanced cryptography work is being done *outside* the US these days due to the bass-ackwards export restrictions that made it infeasibly expensive for US companies to develop 'internal' (US-Only) versions (unlimited key length) of their cryptography stuff as well as international versions (*very* limited key length).
These same restrictions made it somewhat dicey to *teach* advanced cryptography techniques and theories in the US if the class contained even a single student with non-citizen friends/family (god forbid one of your students have a grandmother who lives in Iran, he might be using her to funnel cryptography secrets to terrorists who can already obtain stronger stuff than he's been exposed to on the open market).
Contrary to our wonderful "USA, we're #1! Yay!" egos, the US has *never* led the outside world by any significant margin when it comes to cryptography research.
I love djbdns and dnscache, much easier to work and just made sense. BIND always seemed like a hack on a hack. I also learned a whole lot more about DNS after using djb's stuff, then I ever did with BIND.
Maybe I am just not smart enough to use BIND.
Don't worry. The author is just trying to be cryptic... if you knew the code, you'd completely understand the article.
!
jhgld4djbdyfsjn4b/vf84gf*fdsgfg+fdh5hdgh8fghg!!
So, Did I get this right? -- Dan Bernstein's encryption software is free speech and protected by the First Amendment, but DeCss decryption software is not.
I know that the politicians that make these laws are the best that money can buy, nevertheless, I'm still confused with all of this. Help me understand.
Apparently you've never tried to maintain a constructive discussion with Dan.
Just Google for "Dan Bernstein" or "djbdns" in the newsgroups and you'll see what I mean.
~dlb
I think the appropriate answer is, "not much," despite the fact that we fought a little war over that very issue a couple of hundred years ago.
The Web is like Usenet, but
the elephants are untrained.
The timeout is in dig, not in tinydns. This is the way it's supposed to work; tinydns doesn't answer queries for which it has no authoritative data and after a while dig stops waiting for an answer.
You can simulate the BIND behavior by adding the corresponding records to your data file, but there's no point in doing so - you would be encouraging lame delegation.
Develop an algorithm that would totally compromise the US crypto. Watch how fast the government would use its right to declare it in its eminent domain and prevent you from publishing it. Freedom of speech has limits even in the USA, no matter how much you'd like to believe otherwise.
BOO! TERRO
Thank you, Daniel Bernstein. You had the guts to stand up for your principles, doing us all a great service in the process.
There. Now go ahead: Mod -1: politically incorrect.
Apparently the Chewbacca defense works!
HIV Crosses Species Barrier... into Muppets
Dan does not tolerate fools gladly. For better or worse, he's smarter than nearly everybody, so we're all fools in his eyes. That doesn't take any responsibility off us for being foolish, of course. It just makes it hard not to be foolish.
-russ
Don't piss off The Angry Economist
I'm not trying to be smart, but that's like sarcastically saying "Next time I'll bone up on the rules of baseball before I play a baseball game" after you're thrown out for trying to run straight to 2nd base...
This case has been around for years and Bernstein is a well known figure in the field of crypto research. If it was something that interested you enough to enter the story, you should have either already known about it or gone and looked up the history of the case. Google's for research, Slashdot's for current news.
Alito: A vote for Alito is a punch in the eye to put that bitch back in her place!
Do you include me in that?
-hpa
A better example might be this: Try publishing a book which explains how to build an H-bomb. See how far you get. Be sure to say goodbye to your friends and families before you start.
Also, I don't think eminent domain comes into it at all. Eminent domain, AFAIK, is for real property only, and requires the government to compensate the owner at market value (whatever that means). What is the market value of an unpublished book?
MM
--
By including this sig, the copyright holders of this work or collection unreservedly place it in the public domain.
Dan Bernstein doesn't write "free software". If you'd stopped to read the licensing section of the manual as thoroughly as you read the quickstart, you might have noticed that DJB expressly forbids anyone from re-distributing modified versions of his code. You can download and use it freely, and you can modify it freely, but you cannot distribute a modification. And DJB is a bitch about taking patches--he wants his software to work "his" way. This is why the GNU has not, and probably never will, approve Bernstein's software as being "open source"--he doesn't even offer much of an explicit license for it.
And you know what else? "Free software" generally means "do whatever you want with it". It does NOT generally mean "I want someone to hand be a perfect solution, rent-free". DJB's software doesn't do what you want? Get the source code and re-write it.
Or, better yet: Try out this new invention called "Google", and look up the patches that other people have already written! See that? Someone already wrote the functionality that you were too lazy to STFW to find?
Fucking whiners.
About the technical aspects of this: so you're running Linux, right? Or some other OS that can alias multiple IP addresses to a single link-level interface?
Try this:
ifconfig eth0:a 10.0.0.240 netmask 255.255.255.0
on a machine that has eth0 up and running with an existing address. Then, do an 'ifconfig -a', do a 'ping 10.0.0.240', and whatever else you need to verify that the IP works correctly.
Then, run an instance of dnscache (the caching nameserver) on the original IP address, and run an instance of tinydns on the aliased IP address. This would probably be in the documentation, but Dan Bernstein is a Unix guy, and I'm not sure about the state of aliasing features in the Unices.
This stuff IS available on the web, and the mailing list archive.
Here you suggest that people must be "controlled" - which implies that people are incapable of controlling themselves. Then, in the very next paragraph, you say:
Your freedom comes with responsibility.
This implies that people *are* capable of controlling themselves.
You can't have it both ways: people who exercise self-control do *not* need to be micro-managed by the government.
I disagree with your apparent belief that a repeal of the bulk of the laws on the books would lead inevitably to cultural suicide, because I disagree that people are "fundamentally lawless". If they were, then no amount of laws would be sufficient to control the people, because the people would simply ignore the laws.
Arrr!
So how many people are killed by crypto? Bad crypto can get people killed, but that's not the same, now is it? Besides, if it's bad crypto, maybe we shouldn't be using it? So we're going to infringe on Constitutional rights because the military can't afford good crypto?
Or are you arguing that the enemy shouldn't have good crypto? Newsflash: They already do! You think the only good math geeks are U.S. math geeks?
Publishing does not equal exporting, BTW. And books are specifically excluded from the regulation. What's the difference between a book and a web site? Perhaps before you support stupid laws, you could learn what they are. I wish Congress would...
This is just a way the government evades constitutional scrutiny. Drop cases they think they'll lose, without conceding the principle. And pursuing those they think they'll win. So their wins count and their losses do not. When the legal climate changes (e.g. a judge is replaced, another terrorist attack occurs), they go ahead and try again on those cases they thought they'd lose before.
This case has been around for years and Bernstein [cr.yp.to] is a well known figure in the field of crypto research. If it was something that interested you enough to enter the story, you should have either already known about it or gone and looked up the history of the case. Google's for research, Slashdot's for current news.
Slashdot's for current news with enough information, and or links to previous stories to lead you along.
I expect when I read a story on something I've never seen before for it to at least allude to what it is talking about.
Hopefully give me links to information that will fill me in. That's what news sites do.
That's what Slashdot (usually) does.
http://use.perl.org
Qmail isn't free to the extent of the GPL, but it's not closed-source, and you are allowed to distribute patches for it (qmail.org has hundreds of 3rd-party patches). You can't distribute patched binaries, but that's the only restriction. Woop-de-doo. Debian includes all the DJB packages in source format, along with their custom patches. They also include a small script for each package, and dpkg/apt-get auto-executes that script at installation time. The end-user can basically twiddle his thumbs because he doesn't have to even type 'configure && make && make install' (well the normal tarball install procedure is more involved than that and is described in the INSTALL file that comes with qmail, but you get the idea...) Debian's script makes the djbwarez as easy to install as any other Debian package.
Related reading is a little sparse on this story, but I think these two links under the "related links" section should bring you up to speed (although the reading in the second is undoubtedly dry...):
Dan has a more complete archive than the EFF's at: http://export.cr.yp.to/
Alito: A vote for Alito is a punch in the eye to put that bitch back in her place!
The reasearch community may think highly of the work and it may be the best algorithm in the public domain ever. The Government may not care if they already have what they feel are better algorithms or they know they can break the cyrpto. With massive computing power most cyrpto (except a 1 time pad) can be defeated. The NSA and other agencies have some sense. They hire the best cyrpto minds for a nice sum except they can never publish the results of any work due to National Security. You are right, it is a LIMITED freedom of speech we have, not and absolute one. Having worked at one time in the "black world" I can tell you there is a LOT of really cool stuff in there the public will never know about (and I still can't talk about). But not knowing it does not hurt you in the least.
despite what people think how eccentric djb is this is still a major win for someone who actually stood up for what he believed in rather then people who say what they believe about the the SCO case or the RIAA or MPAA.
DJB is accepting donations here for his case and for his open source writing.
Numerous people and businesses have benefited his work and he deserves every contribution he receives.
Although I don't disagree with your conclusions, I'd like to make a few ad-hominem observations.
Your speech is typical of the prevailing socialist mindset. Like many brainwiped propagandites, you believe that governments have rights, whereas individuals don't.
The only thing that has changed, really, is that the autocrats have learned from history to perform their encroachments more slowly, to avoid inciting rebellion.
The Web is like Usenet, but
the elephants are untrained.
Is any of that really cool stuff stuff which would improve our quality of living?
It upsets me to think that the government is spending millions of dollars of taxpayer money, possibly developing solar cells which are 90% efficient and using them in their miniature spy sattelites, or creating superconductors, or cheap tiny CCD's which could improve digital cameras, or some kind of electrical storage technology which is 10x better than batteries and would revolutionize the auto industry, but we can't make use of it until it is indpependently invented (and not shusshed up by the government) because of "national security" issues.
I saw a TV show once about these guys who were doing sonar research which allowed them to identify different whales with sonar or something and they didn't release the technology for years cause the government went to them and told them that that was how they were detecting russian subs. And so because of paranoid spooks, technology in that area didn't advance as quickly as it could have.
Who knows what other technolgoies society is being denied which could have a major impact on our quality of life?
If the government discovered the secret of eternal youth, would they cover it up due to "national security" issues?
Why is it that in america its absolutely fine for people to own high-power rapid fire chain guns, but not afew lines of code? Lets say for example (ignoring the fact that encryption is free speech anyway) that theres a war and everyone needs to "bear arms", wouldn't encryption count as a weapon to allow people to communicate without the enemy hearing? so whats the problem? Just because its newer technology shouldnt make a difference. If the bill of rights was written when bows and arrows were a common weapon would guns be illigal because they are much more hi-tech? If they were then people would be saying "hey thats not fair, when we have to bear arms we'll have bows and arrows and the enemy will have guns!"!
And another thing while im at it. If hacking (basically doing anything you like with a computer) was protected under the first amendment (im not saying it would be good or bad, just speculating). Eg. if it was decided that "anything involving bits on a computer was just information and thus speech" then what would happen? companies would go mad from hackers and beef up their security - probably employing allot more hackers to help them. (thats more jobs).
Why is accessing a remote computer without permission an offence? if that machine is connected to a network that you have legal physical access to then isnt it up to them to secure it? Unless your sending 25,000 volts down a line (which should be physical damage), digital breaking and entering is not the same as physical breaking and entering. Every door has a bigger hammer that can knock it down, every bolt has a sharper cutter that can slice it. However a properly secured system should be able to take any pattern of 1's and 0's and be able to survive until it gets that "correct" sequence (which can be too long to brute force), unlike a door which just cant be secured like that.
Ok, this is slightly off topic, im just trying to understand why we have laws regarding what you can do with 1's and 0's
This comment does not represent the views or opinions of the user.
I thought the concept of software as protected as speech
was already tossed out with the DeCSS case. The ruling
there was that DeCSS was NOT protected as free speech.
So the Bernstein case seems like "too little, too late".
From the comments in this case, it seems like it is quite
clear that it's established that code is speech. But that
seems not to be reality here. Please correct me if I'm wrong.
Do terms "eminent domain" and "national security" mean anything to you?
Umm.. No? Should it?
Illinois had a seatbelt law passed this way...
"We won't give tickets for it unless there's an accident", now they pull people over for it.
While I won't necessarily argue with the law, the TRICK used to pass it was a flat out lie.
Maybe laws and some rules should have a time limit associated with it. If it hasn't been enforced in $many years, it becomes null and void.
Some laws at least.
Ah, that explains it. So tinydns just drops the request without telling the requestor that it isn't going to answer the query. That is fair enough, since we are talking about a query that should have never happened in the first place.
Thanks for the answer...
Here at the University of Illinois at Chicago, they don't let this guy teach anyone but PhD students.
A few years ago, he wrote an exam for a CS 101 class, and the dept head felt he couldn't even pass it.
His web server is in the building next to where I am right now. Weird.
He hates the UIC computer center and has his own pipe for his server.
They also no longer allow him to teach undergrads since he just fails them all.
Why do they want to ruin freedom of speech/research when they should arrest him for qmail instead!
Man, have you tried to understand the installation instructions???
Evolution of Language Through The Ages: 6000 BC : ungh, grrf, booga 2000 AD : grep, awk, sed
...governments have rights, whereas individuals don't.
It seems to me that, yes, people have rights, to be certain, and they are inherent in the makeup of the human existance. Hence the recognition of this by the founders of the United States in the US constitution.
But, because the US founders recognized that governments are necessary institutions, they also understood that the People need to delegate some of their rights to the governement, in order to secure certain benefits that they otherwise wouldn't have. This delegation took place originally in the ratification of the US constitution, whereby the People delegated certain rights to the government (namely: effect commerce and secure the common defense).
This means that governments (or, rather, at least the US government), does have rights...in theory it is set of rights that was given to it by the people.
These rights can be extended or removed through the leglislative process (or abused, but that's a different conversation). My point is that, at least in theory, the process is there for the People (as a group) to control the government, but, at the same time, give up some of their rights (as individuals) to the government. So, you can have a government that controls a given aspect of a person/the people's lives, such as a restriction of the export of crypto, but, again, in theory it is because that is what the People chose to allow. Not that it always works this way (obviously), but it seems to me that this is close to what the US founders had in mind.
Just my two cents...
Don't click on that link unless you're into chicks with dicks.
hey, share the wealth.
According to the Constitution (not that it means anything, these days) governments don't have "rights." They have "powers" which are granted to them in order to secure the "rights" of the people, which rights are "inalienable."
The word "inalienable" means "cannot be taken away."
The word "secure" does not mean the same thing as "grant". Governments can grant privileges but they cannot grant rights.
According to the constitution, governments derive their just powers from the consent of the governed. Historically, the use of "prior restraint" has never been viewed as a "just power."
To paraphrase the conversation between DJB and GOV:
If that doesn't constitute prior restraint, I don't know what does.
The Web is like Usenet, but
the elephants are untrained.
then I ever did with BIND.
Maybe I am just not smart enough to use BIND.
Or to spell correctly.
Why is accessing a remote computer without permission an offence? if that machine is connected to a network that you have legal physical access to then isnt it up to them to secure it? Unless your sending 25,000 volts down a line (which should be physical damage), digital breaking and entering is not the same as physical breaking and entering. Every door has a bigger hammer that can knock it down, every bolt has a sharper cutter that can slice it. However a properly secured system should be able to take any pattern of 1's and 0's and be able to survive until it gets that "correct" sequence (which can be too long to brute force), unlike a door which just cant be secured like that.
I may be splitting hairs here, but from my perspective as a computer engineer, the information in a computer system has a very real physical presence, whether it's the charge held in one cell of DRAM, or the orientation of some magnetic elements on a disk. While it's true that these physical elements change while the machine is running, they are doing so in a way that is intended by the owner of the machine, much like the pistons, valves, flywheel, and transmission all interoperate in a way that enables your vehicle to work as expected.
To continue the analogy, you may legally borrow someone's car, and use it in an acceptable way. However, if you deliberately take that car out on the highway and suddenly shove the gearshift into reverse, causing the transmission to self destruct, you wouldn't claim that it was the owner's, or even the manufacturer's responsibility to secure the car from letting you do that. Correct? In this case, you are guilty of a form of vandalism, or if you're just incompetent, then you're at least liable for the damage.
Likewise, if someone starts poking around the interfaces of a computer they find on the network, and finds a way to make the machine perform in an unintended way, or causing it to lose data, then that person should be liable for the damages.
Now, certainly we lock our cars to prevent just anyone from taking them, and we should put a reasonable amount of protection on our computers to secure them as well. However, if someone defeats the locking mechanism, or cracks into your computer, both are crimes of unauthorized access.
Is it my fault if someone slides open an unlocked window on my house, comes in, and steals a bunch of my stuff? Most of you would agree that I'm not at fault, though perhaps I should keep my window locked 24 hours a day. Why would you then think that it's ok for someone to damage another person's machine, whether they secure it or not?
Look, I'm all for hacking, but do it on your own system, not mine.
"I have never let my schooling interfere with my education." - Mark Twain
Good grief, don't you have something better to do?
it appears that you're assuming I was commenting on the "prior restraint" part...which I wasn't. The only thing I was responding to was the "government rights" part as I don't really have an opinion yet on prior restraint.
Though I do see a difference between "rights" and "powers", I also see a lack of practical difference as well. Take the following for example (somewhat relevant for our time):
The People grant the Government the Power to wage war.
Now, what power is useful without the right to exercise it? No power is. It requres not only the ability, but the authority, or right, to take the action. The authority is delegated by the people, and they retain the right to revoke that authority (or right), as they hold (in theory) ultimate control over the government. However, they still grant a portion of their "inalienable" (cannot be taken away from them, but it seems that one can certainly freely relenquish it) "rights" to another entity.
The word "secure" does not mean the same thing as "grant". Governments can grant privileges but they cannot grant rights.
This sentence, in context, makes no sense. The first part doesn't apply to anything either you or I wrote. The second part was never suggested by me, as I suggested that the People granted (or "freely relinquished") certain of their rights to the government, not the reverse.
Now, to prior restraint. I still don't have an opinion on it yet, and I'm not going to address what you wrote, except to make one note:
It seems to me that the government's response in your posting is within the limits of their rights/powers/etc, in that the government basically admits that one must "incorporate", "hire...employees", etc. before they believed it relevant. Interestingly, it appears to me that the only rights/powers/what-ever-you-want-to-call-it that the US government could legally exercise falls under one of two categories:
- Secure the common defense, or
- Effect commerce
Looks to me that #2 is applicable to the government's response, which, paraphrased, might read something like this:
DJB: I wrote some information and would like to publish it. If I did, would you prosecute?
GOV: We might. But you should have a hand in some commerce before that's a relevant question ( because otherwise we don't have the right to do so).
Again, just my $0.02. I am not a constitutional scholar...just a network engineer.
I'm sorry; much of my comment was directed at "Eric Ass Raymond", but I still bristle at the mentality (admittedly a numerical majority in this country) which turns the Constitution on its head.
Rights cannot be given or received. They can be "abridged," or interfered-with. A government may pass laws which make the free exercise of my rights a crime punishable by death, but only death can remove my right to exercise my rights.
I assert that "rights", within the context of the Constitution, are granted by the "laws of Nature, and Nature's God." They are inalienable, an inherent part of our existence as free-willed human beings.
I have the right to communicate. Nobody can take away that right, short of cutting my throat.
I have the right to defend myself (keep and bear arms.) Nobody can take away that right, short of killing me. If dangerous criminals in maximum-security prisons manage to obtain weapons, then it is well-nigh impossible to deny them to the people at large.
I have many other rights, which are inherent to any free-willed, thinking creature. Governments are not free-willed, thinking creatures. They have no natural powers by virtue of existence. They have only those powers that we grant them by our willingness to "go along with it." Those powers may be vast (inconceivably greater than the founding fathers could have imagined) but they are not "rights." The government does not have a morality; it does not have a conscience; it does not have life.
At one time, I enlisted in the United States Navy. In some small way, I suppose I implicitly supported the U.S. Goverment's ability to wage war. But in so doing, I did not give up (or even delegate) my right to defend myself. Nobody in the U.S. government swore an oath to defend me. Quite the reverse, I swore an oath to defend the U.S. Constitution against all enemies, foreign and domestic. (Sadly, its most dangerous enemies are domestic, these days.)
The wording of the Constitution does not say that the government derives its powers by virtue of the people surrendering/relinquishing/delegating/granting their God-given rights to it, by proxy or otherwise. The Constitution says that the government "derives its just powers from the consent of the governed."
Aw, forget it. I'm wasting my time. I shouldn't expect you to actually read the Constitution. After all, you're a network engineer, not a constitutional scholar.
But I applaud Dan Bernstein and the EFF, and I spit my distain at the cowardly scum who denied them their rightful victory.
The Web is like Usenet, but
the elephants are untrained.
I agree with some of what you wrote, but I disagree with other parts of what you wrote.
All of that is moot at this point, because you decided to throw an insult instead of talk. You had me listening until you threw in "I shouldn't expect you to actually read the Constitution."
For your information, I have read the constitution, many times. Just because I admitted that I'm network engineer and not a constitutional scholar doen't mean that I haven't taken the time to try and understand any of it.
And...I also spent, what was it, oh, only around 10 years in the military.
You apparantly are "wasting [your] time" at this point, but that's because of your attitude, not mine.
Asshole.
You say that now, but if I started using a computer to order things online, and paying for them using your bank account # or your credit card number, I'm sure you would feel that I had stolen from you. You would be right - but I could do it all over the computer, which you claim shouldn't be an offense. The idea that people should be allowed to hack companies systems, that theft or destruction of information isn't wrong, and that anything you can do over a computer isn't "real" is complete bullshit.
You're right, if hacking were entirely legal, many hackers would find employment. Others would turn into legalized crimininals, stealing from honest folks. DoS attacks on competitors sites would be quite common, and information theft would be rampant. Some companies would disconnect fro the net altogether (which doesn't bar employees from using computers to do your legalized destruction, but helps limit external attacks.) And a number of business would go out of business. <sarcasm>Great plan.</sarcasm>
Before you manage to pass this law, I should get a job at a bank. After all, when I become an overnight millionaire, it'll just be 0's and 1's.
Sorry you felt insulted. But then, in another way, I'm glad. I'm glad you think enough of yourself and your country to take offense when somebody implies you haven't read the constitution.
(grin!) Guilty as charged. For me, this isn't a hypothetical discussion.
The Web is like Usenet, but
the elephants are untrained.
We can have the "few lines of code". The prohibition is against the export of cryptographic stuff. You see, they reworded ITAR such that publication of source code was considered just as bad as selling actual encryption devices to [China|Russia|N.Korea]. Subsequently, the state department (or is it commerce now?) claimed that under the new definition of "export", all books containing info on strong cryptography had to be approved by them before publication. The court basically called bullshit on that line of reasoning on 1st Amd grounds.
If a job's not worth doing, it's not worth doing right.
At various points politicians have discussed mandatory key-escrow/backdoors, but also i was thinking of it being illigal to own various DMCA violating code - eg DeCSS. Its entirely feasable that all sorts of circumvention devices could be used in war but would be illigal because of the DMCA
This comment does not represent the views or opinions of the user.