Slashdot Mirror
Researchers Want Right to Bypass Protected Spyware
Dotnaught writes "Computer security researchers Professor Edward Felten and Alex Halderman have asked the U.S. Copyright Office for an exemption (pdf) to the Digital Millennium Copyright Act (DMCA) so that they can circumvent copy protection technology used to protect spyware. The DMCA currently makes it illegal to bypass digital locks almost regardless of what they protect or the user's intent. As noted by the Electronic Frontier Foundation, the Copyright Office theoretically grants exemptions, but in reality discourages anyone from asking. What's significant about the application submitted by Felten and Halderman is that they knew about the dangers posed by Sony's XCP DRM software a month before the news became public. But they delayed publication for fear of prosecution. During that time, many more consumers fell victim to the spyware propagated by Sony."
This strikes me as a horrible idea.
I fear that by building these loopholes, we will actually be legitamizing the DMCA as a whole... And we will be losing 1 more datapoint in our arguments against this monstrosity...
hard core geek-ware
I am grateful to live outside the United States when I see lawyers, judges and DMCA bureaucrats shackling reasonable fair use and fair experimentation research.
A caveman dreams of being us, the incalculable power and riches. We dream of being Q, then what?
Just another reason why politicians shouldn't be writing laws concerning subjects they know nothing about.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Part of me wishes Sony had not withdrawn their software voluntarily and had put up a legal fight, such that the courts could have struck down parts of the law as unconstitutional and or invalid. An appeal to the US Copyright office has less legal weight and force of precedence, IMO.
It would have taken a lot of gall from Sony to sue anyone who would blow the whistle on their rootkit. Their public image has been damaged enough as it is with the rootkit scandal to damage it even more with a stupid lawsuit.
In the US, it is legal (with restrictions) to own a gun. It is not legal to go out and randomly pop a cap in someone's behind. The tool, or mechanism, is legal, but the act is not.
Contrast that to the restrictions being argued against. The tool, circumvention of copy protection technology, is illegal. The act, distributing copies in violation of copyright, is also illegal.
Why is circumventing copy protection illegal? Because the **AA want it to be.
Say I want to rent a bike for the day. I license the use of the bike, and am provided with a bike lock. Is it illegal for me to pick that lock? Even if you go by the **AAs' ridiculous licensing theory, it still doesn't make sense to have circumventing copy protection be illegal.
"Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
Your argument doesn't work against those wanting the excemption. Your argument actually applies to employees of the Sony corporation who knew that they were installing a rootkit on computers and what damage it could do. This is closer to the Nuremburg Trials situation wherein Nazi officers claimed that they were only following orders.
At Nuremburg the court held that if you know something is wrong/evil you are obligated to not do it no matter what your superior officers tell you to do.
We have always been at war with Eurasia!
If you know that someone is doing something mean, nasty and evil.... you let someone know. Plain and simple.
I assume you have plenty of money to fight frivolous lawsuits filed against you when you heroically denounce evil deeds, right? For the rest of us, when the law muzzles us, we tend to shut up because otherwise we'd go broke. Sad but that's how it is, and I suspect you'd probably do the same despite all your Slashdot bravado.
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
If a company ever tried to bring charges against me because I released a fix to their crippleware/malware/spyware/lameware to neuter it or remove it completely, I would be citing 'home defense' laws.
They brought their property, on to yours, with the intent to cripple or hinder use of your equipment, without adequately informing you and without your express permission. In my world, this is the same as home invasion. Just the same as a fat man standing over your computer yelling at you or fucking with your machine's innards when you weren't looking.
Its absolutely retarded that this is even LEGAL. The only reason they haven't been able to apply the DMCA to car innards is because they know that the person OWNS that piece of equipment, and putting in measures to defeat it would be taken apart in all of ten minutes. And spread the information. Eventually it would lead to bad press, as a useless piece of metal would be trying to keep you from having access TO YOUR OWN car. Same thing with computers and software..but people don't think they're as important as things meatside.
Job? I don't have time to get a job! Who will sit around and bitch about being broke and unemployed then?
Nope. At Nurenberg they were on trial because they'd definitely done SOMETHING! They were not guilty of acts of ommission, like forgetting to tell you that they'd installed DRM software onto your computer BEFORE presenting you with an EULA and asking if you wanted to allow them to install software on your computer.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
How can it be moral or ethical to prevent someone from examining how something they use and integrate into their computer? A person should have the right to know what they are buying, renting, or using when they pay for it. They should know exactly what a computer program is doing, especially when the computer is also used to buy items online and check health care stuff. I expect to know what I am buying whether it's a a hamburger (does it have something I am allergic to? Is it prepared safe ?), a paper plate, a car (do the brakes work as normal), or software (does it make my system vulnerable, can it affect other software?).
And no, them saying it won't does suffice (unless I get a massive payment if it turns out they are wrong). Not even third party certification would work (although they would never agree to that anyway).
Perhaps they kept thier mouths shut not only out of fear, but to use the situation as an opportunity to do exactly what they are doing. By waiting until it was public they have legitimized their claims without fear of a lawsuit.
Does anyone know if similar laws to the DMCA exist is the UK? I'd be seriously worried if they do. I'm of the opinion that you have a right to bypass any technology used to protect spyware. It's a pretty deceitful form of software, it's effectively carrying out surviellence against you, you should be able to respond to it.
So . . . why do software manufacturers (including malware manufacturers) have a right to dictate what I will do with my hardware. Certainly, if I start making bootlegged copies of software/data available I can see where I have abnegated the implicit agreement between myself and the software vendor (damaging the apartment), but so long as such transgressions remain securely within the bounds of my equipment they should have no right to complain (I furnished the apartment with the most hideous furniture in existence, but the apartment remains undamaged).
And this would be bad because...?
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Look, the hackers don't give a damn about the DMCA. Heck, a good many live outside the US, so what does that even matter. By making circumvention illegal, the only people that are being harmed are consumers who don't find out when corporate villains like Sony start distributing this kind of crap until it's too late. But Congress is the core of this. By essentially ignoring anything other than the corporate sugar daddies, they have tacitly given them permission to be as immoral and unethical as they please.
The world's burning. Moped Jesus spotted on I50. Details at 11.
Look. If American corporations and the American government actually wanted to work together to eradicate spyware (as opposed to working together to make lots of money), we wouldn't have spyware. We also wouldn't have spam, viruses, or any number of other nasty things. The fact of the matter is that almost all sorts of online nastiness can be used to benefit the already super-rich. Example: Spyware used to benefit Sony (or so they think), viruses used by companies to insert, well, spyware... spam used, of course, to advertise the products of big companies (directly, indirectly, or "The makers of Viagra paid a marketing firm, who paid another marketing firm, who paid a slightly sleazier marketing firm, who sold a list to an even sleazier one, who sold it in turn to an even sleazier one, who ended up spamming you about buying Viagra")...
They. Don't. Give. A. Fuck. In fact, tacitly I think they like this sort of online plague, since they know damned well that only the 'little guys' (read: their competition and their user base) will ever get in trouble for breaking the DMCA, or spreading spyware, or releasing viruses, or spamming-- but they never will.
It will be a cold day in Hell when Sony actually experiences any pain over this. N.b.: A pathetic boycott by 0.1% of 1% of nerds, who in turn make up 1% of the population, will not cause them pain. Also, a $100,000,000 *kof*slaponthewrist*kof* "fine" will not cause them pain either.
The DMCA was conceived as a way of keeping the rich rich. Full stop. End sentence.
And to those of you who think that the combined might of the Fortune 500 companies and the American government couldn't eradicate spyware, spam, etc. if they REALLY wanted to, think again. It's as simple as implementing new security standards and specs, testing them with the cooperation of the security community, setting a worldwide/nationwide rollout date, then requiring everyone's software to support them as of that date. Think "Attention (ebay|Yahoo|Google|MSN) Users: After JULY 23, 2007, you must have upgraded your Web browser to support the new HardenedHTTP specification. Browsers which support this include: Mozilla Firefox 2.0, Netscape 8.1, Opera 9.01, or Internet Explorer 8 Beta."
Yeah, it'd cost billions. But these companies and the US government, put together, have TRILLIONS.
They don't care, though. They'd rather bring their considerable resources to bear upon the tricky problem of making their CEOs and Board members a few more billion apiece. Consumers? Pfeh, they don't even have people to read their email for them. Who cares about them?
With spending like this, exactly what are "conservatives" conserving?
Sony wouldn't have had a DMCA fight by continuing to ship the software. That's not illegal under the DMCA, nor are they being sued under its provisions.
The researchers who determined how it worked, and how to workaround and/or remove it would have had to carry the burden of the fight if Sony charged them with violating the DMCA.
Sony had to pull it because of: a) Immense bad PR; and b) Being sued for every instance still out there under Spyware/Computer Invasion laws. Sony's only hope for defense (a huge lie, btw, in light of what has been revealed since this story first broke) is, "We didn't know it was bad when we shipped it, and the moment we found out it was bad we recalled it and offered replacements."
I hope this won't save them because they truly deserve to go all the way down over this, and should serve as a severe warning to every other remaining company that this is just plain Wrong!
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
I generally do not see much of any coverage relating to the issues surrounding the DCMA and all the hoopla coming from it. Seems like all of the news about it is on Slashdot or the Register. Why are the big news outfits not publishing anything on this???
My suspicions are that "keeping it quiet" is a tendancy being brought about by a select group of lawyers that work quite possibly in the entertainment industry, and are looking to covet their bank accounts and the future deposits thereof.
I mean;.. we all know the silly thing is entirely political apeasement to a small group, and that somehow the thing got in and passed with very little fanfare. What is disturbing is that it takes all this to convince folks to take a look at the language of this thing, and research it against constitutional law. Odds are that you would find that it nullifies much of your rights without you ever even committing a crime!
Yea, I know... "Black hellicopter" and all... but.. sure does make you wonder what the heck is going on!!
Cheers.
All content in this message is copyright (c) 2008. All rights reserved. RIAA is prohibited here.
There should just be a general warning, "Do you wish to allow execution of software on this CD?" for all CDs that try to autorun... with games/programs/etc, the answer is probably yes, but seeing that on a music CD, or a DVD should set off some alarms in people. Maybe even have a list of known CDs somewhere, so that you can click a 'always do this action for this CD' box or something, sort of like what they do with file types.
If the government told you to jump off a cliff or chop your own hand off would you? No of course not and even if they made a law saying that all left handers must chop off their left hands and become righties you still wouldn't. When the laws are ridiculous and the governement is out of control people need to stop obeying and change them out even if it's bloody and hard. The US govenment used to be like a block of cheese that had some mold (corruption) on the outside which you could avoid and still enjoy the center. Now the whole thing is moldy and the room smells like feet so something has got to be done, unless of course you enjoy the smell of toe cheese.
then it ever use to be.
Who modded the parent as Flamebait? The US has moved far from it's democratic ideals. It may not be any China or North Korea, but it is a far sight less free and democratic then it ever use to be.
To wit:
1) DMCA
2) Patriot Act
3) Congressional gerrymandering.
4) Copyright extentions and patent law broadening.
5) Air travel ID requirements