Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researchers Want Right to Bypass Protected Spyware

Posted by Zonk on from the just-a-peek dept.

Dotnaught writes "Computer security researchers Professor Edward Felten and Alex Halderman have asked the U.S. Copyright Office for an exemption (pdf) to the Digital Millennium Copyright Act (DMCA) so that they can circumvent copy protection technology used to protect spyware. The DMCA currently makes it illegal to bypass digital locks almost regardless of what they protect or the user's intent. As noted by the Electronic Frontier Foundation, the Copyright Office theoretically grants exemptions, but in reality discourages anyone from asking. What's significant about the application submitted by Felten and Halderman is that they knew about the dangers posed by Sony's XCP DRM software a month before the news became public. But they delayed publication for fear of prosecution. During that time, many more consumers fell victim to the spyware propagated by Sony."

17 of 266 comments (clear)

  1. This story should've had the censorship icon by davidwr · · Score: 4, Interesting

    What's significant about the application submitted by Felten and Halderman is that they knew about the dangers posed by Sony's XCP DRM software a month before the news became public. But they delayed publication for fear of prosecution. During that time, many more consumers fell victim to the spyware propagated by Sony.

    This story deserves the Slashdot Censorship Icon.

    I wonder of the victims can go after the copyright office for contributory neglegence? Probably not but it's fun to think about.

    Darn, looks like I missed "first post" by --><-- that much.

    --
    Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
  2. It's about time by sarlos · · Score: 5, Interesting

    As someone who has worked in sensitive research areas, I have to say it is about time this came up. There were many times in college when we could not tell our sponsors straight out what we were doing because technically it was illegal. We were doing legitimate research, but because of how poorly written the DMCA is, we could have gotten in hot water because of what we were doing.

    What makes it even worse... our sponsor was the Department of Defense. I can not give any specific details becaus of a NDA, so you will have to take my word on it, but what we were doing was of great value to our serving men and women. This is something that is most definitely sorely needed.

    --
    Government's view of the economy: If it moves, tax it. If it keeps moving,regulate it. If it stops moving, subsidize it.
  3. Re:A horrible idea... by Miros · · Score: 5, Interesting

    I'm not so sure. Let's face it, we wont defeat the DMCA by continuing to say it's "illegitimate." I think what we need to do is work through its channels to set precedents, so we can build a case for how studying various mechanisms actually helps society more than it hurts it. I don't see any good new reasons to oppose the DMCA coming up if we continue to stonewall it. But if we use its own language to get a foot in the door, we stand a good chance of weakening its strangle hold on certain aspects of security research. (not to mention fair use)

  4. Scotch Tape by DownWithTheMan · · Score: 5, Interesting

    At the very least I hope Sony is fair when they sue people under the DMCA and that they sue Scotch tape manufacturer 3m... I mean you can use Scotch tape to circumvent copyright protection on Sony CDs and isn't that a violation of the DMCA even though Scotch tape has many legal uses...

  5. Re:It's Really Sad That... by Miros · · Score: 2, Interesting

    Well, be careful not to overstate the problem. While the language of the DMCA makes it clear that it is illegal to even do this type of investigation with your own computer, it's not reasonable to assume that they would prosecute you unless you published the information you obtained (indeed, how would they know?). This is not an issue of individual rights, but instead it is an issue of the overall welfare of a community and how it is hurt by stifling curiosity, communication, and collaboration in a very critical area (security).

  6. So NDA to everyone? by DarthStrydre · · Score: 3, Interesting

    In other words, you cannot tell us what you did for the DoD due to the NDA, but then neither can you tell the DoD what you did for them. The secrets will die with you, brother!

    Interesting... It would be laughable in some other context, but I feel your pain.

    1. Re:So NDA to everyone? by sarlos · · Score: 2, Interesting

      This is so true. There have been times I had no other choice but to laugh about it or cry over it. People just don't think about the cases where there is a real need to get around this stuff. Oh! Piracy is bad! Stop anything that looks like piracy!

      *grinds teeth*

      --
      Government's view of the economy: If it moves, tax it. If it keeps moving,regulate it. If it stops moving, subsidize it.
  7. This is getting ridiculous by sabre307 · · Score: 5, Interesting

    So does this mean that if I go out and copyright a new computer virus with the USPTO, I can sue the federal government and the anti-virus manufacturers when they crack open my code to figure out how to stop the virus from damaging computers? I would love to see someone try that one. It would almost be worth going to jail for a while if I could patent a nice new form of self-propogating worm, then upload it onto the servers of the *AA. Then, when they figure out how to stop the worm, I can sue them for millions because the only way they can figure out how to stop it is to circumvent my copyright protection and reverse engineer my application. I might spend a while in jail, but I would probably have a smile on my face the whole time!!!!!

    --
    My software never has bugs.
    It just develops random features.
  8. Why doesn't MS patch autorun? by Richard_J_N · · Score: 2, Interesting

    Given that all these technological measures only break Windows because of Autorun, why doesn't MS issue a patch to disable it.
    All that would be required is a simple popup when you insert a CD: "This disc appears to be an audio disc. Do you want to play it as normal, or would you like to install the program that is on the disc".

  9. Re:It's Really Sad That... by Miros · · Score: 2, Interesting

    You are totally misinterpreting what I'm saying. I'm not arguing that people should not be allowed to share information. Indeed, i feel that sharing of information is the most important thing humans do. Instead, what i'm discussing is a completely differnt point: how able or allowed you as an individual are to do your own investigations on your own computer on your own time with your own software, which, i argue, is not at all restricted now because it's simply impossible to police. When you break a DRM system and then publish your method, that's differnt. But then again, if you look at the parent post, publishing information is completely differnt from exploring your own curiosity on your own system.

    I don't disagree with your last post, I just think you think i'm saying something other than what i am actually saying.

  10. Let me get this straight... by masdog · · Score: 4, Interesting

    Alright, I'm a little confused here. We have laws on the book which prevent breaking into computers and installing "spyware" without the user knowing about it, but if that "spyware" is encrypted/hidden/copy protected in any way, it is also illegal to remove it??

    Is it just me, or is the US government getting too stupid for its britches??

    --
    My Sysadmin Blog
    1. Re:Let me get this straight... by Surt · · Score: 4, Interesting

      The process is clear as defined by current law:

      If you discover spyware is on your system, and your state has laws against that, you may pursue a suit against the spyware vendor.

      If the spyware is protected by anti-circumvention devices, you are not permitted to remove it yourself.

      Ergo, include removal as part of your recompense for damages in the suit. Sony will need to provide for the removal of the spyware, and at its discretion could give you permission to remove the spyware using a 3rd party tool.

      --
      "Who is the Journal of Quantum Physics going to believe?" --Stephen Hawking
  11. Exemptions by gr8_phk · · Score: 2, Interesting

    Laws that require a bunch of exemptions need to be revisited. It's just like when software gets too many nested conditionals - you know the logic needs to be cleaned up or scrapped. Has anyone ever tried to apply complexity measures to portions of the law?

  12. Re:Would they have dared? by NeutronCowboy · · Score: 2, Interesting
    Taxpayers should build up bribe accounts so that when they need to protect themselves from ludicrous laws, they can hand it to the whore that represents them so that maybe he won't sell them down the river for a financial blow job.

    You might be kidding, but I've been thinking about the same lines. Votes don't count anymore. Instead, just pool money and pay off politicians. Sort of like a PAC, but where everyone gets involved instead of just the hardcore supporters. Plus it has the advantage of being able to account forhow much you like a politician, instead of a binary yes/no.

    --
    Those who can, do. Those who can't, sue.
  13. Even better, prompt for all by davidwr · · Score: 3, Interesting

    I'd like to see "autorun" treated like "autoplay" for disks of ALL types:

    If you go to the properties page of your CD drive, you will see an "autoplay" tab. For each type of non-data disk, you can select an option.

    Add an option for two additional type:
    * Disks that automatically run a program

    with the options:
    * Enable autorun
    * Disable autorun and treat CD as another type of CD
    * Do nothing
    * Prompt for choice

    --
    Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
  14. Re:A horrible idea... by ToxikFetus · · Score: 2, Interesting

    Actually from a PR standpoint, this move shows the public the idiocy of the DMCA. Think about it. Preeminent researchers must jump through legal hoops in order to investigate a piece of friggin' spyware! And it isn't like they can get a blanket exemption to "investigate all spyware", because who determines what counts as spyware? Take, for example, Sony's DRM rootkit. Before the current brouhaha there was no way that Sony would allow an exemption for these researchers. In hindsight, this was precisely the type of DMCA'ed software that required third-party investigation. I imagine a lot of people who fell victim to the Sony rootkit will be pissed to hear that it was known in private a month before it became public. Perhaps if security researchers keep applying for exemptions for legitamate security threats, the public will realize the absurdity of the DMCA in general. It shouldn't take weeks to publish critical security reports because of some asinine legal and bueracratic system.

  15. The DCMA protected virus by AZURERAZOR · · Score: 2, Interesting

    Should be hidden in some DCMA protected software so that even discovering the viral code requires a DCMA violation... I am not a programmer, but at least that situation would model the need for security researchers to be able to do their work.