Researchers Want Right to Bypass Protected Spyware

Dotnaught writes "Computer security researchers Professor Edward Felten and Alex Halderman have asked the U.S. Copyright Office for an exemption (pdf) to the Digital Millennium Copyright Act (DMCA) so that they can circumvent copy protection technology used to protect spyware. The DMCA currently makes it illegal to bypass digital locks almost regardless of what they protect or the user's intent. As noted by the Electronic Frontier Foundation, the Copyright Office theoretically grants exemptions, but in reality discourages anyone from asking. What's significant about the application submitted by Felten and Halderman is that they knew about the dangers posed by Sony's XCP DRM software a month before the news became public. But they delayed publication for fear of prosecution. During that time, many more consumers fell victim to the spyware propagated by Sony."

This story should've had the censorship icon

[davidwr]

What's significant about the application submitted by Felten and Halderman is that they knew about the dangers posed by Sony's XCP DRM software a month before the news became public. But they delayed publication for fear of prosecution. During that time, many more consumers fell victim to the spyware propagated by Sony.

This story deserves the Slashdot Censorship Icon.

I wonder of the victims can go after the copyright office for contributory neglegence? Probably not but it's fun to think about.

Darn, looks like I missed "first post" by --><-- that much.

It's about time

[sarlos]

As someone who has worked in sensitive research areas, I have to say it is about time this came up. There were many times in college when we could not tell our sponsors straight out what we were doing because technically it was illegal. We were doing legitimate research, but because of how poorly written the DMCA is, we could have gotten in hot water because of what we were doing.

What makes it even worse... our sponsor was the Department of Defense. I can not give any specific details becaus of a NDA, so you will have to take my word on it, but what we were doing was of great value to our serving men and women. This is something that is most definitely sorely needed.

Re:A horrible idea...

[Miros]

I'm not so sure. Let's face it, we wont defeat the DMCA by continuing to say it's "illegitimate." I think what we need to do is work through its channels to set precedents, so we can build a case for how studying various mechanisms actually helps society more than it hurts it. I don't see any good new reasons to oppose the DMCA coming up if we continue to stonewall it. But if we use its own language to get a foot in the door, we stand a good chance of weakening its strangle hold on certain aspects of security research. (not to mention fair use)

Scotch Tape

[DownWithTheMan]

At the very least I hope Sony is fair when they sue people under the DMCA and that they sue Scotch tape manufacturer 3m... I mean you can use Scotch tape to circumvent copyright protection on Sony CDs and isn't that a violation of the DMCA even though Scotch tape has many legal uses...

So NDA to everyone?

[DarthStrydre]

In other words, you cannot tell us what you did for the DoD due to the NDA, but then neither can you tell the DoD what you did for them. The secrets will die with you, brother!

Interesting... It would be laughable in some other context, but I feel your pain.

This is getting ridiculous

[sabre307]

So does this mean that if I go out and copyright a new computer virus with the USPTO, I can sue the federal government and the anti-virus manufacturers when they crack open my code to figure out how to stop the virus from damaging computers? I would love to see someone try that one. It would almost be worth going to jail for a while if I could patent a nice new form of self-propogating worm, then upload it onto the servers of the *AA. Then, when they figure out how to stop the worm, I can sue them for millions because the only way they can figure out how to stop it is to circumvent my copyright protection and reverse engineer my application. I might spend a while in jail, but I would probably have a smile on my face the whole time!!!!!

Let me get this straight...

[masdog]

Alright, I'm a little confused here. We have laws on the book which prevent breaking into computers and installing "spyware" without the user knowing about it, but if that "spyware" is encrypted/hidden/copy protected in any way, it is also illegal to remove it??

Is it just me, or is the US government getting too stupid for its britches??

Re:Let me get this straight...

[Surt]

The process is clear as defined by current law:

If you discover spyware is on your system, and your state has laws against that, you may pursue a suit against the spyware vendor.

If the spyware is protected by anti-circumvention devices, you are not permitted to remove it yourself.

Ergo, include removal as part of your recompense for damages in the suit. Sony will need to provide for the removal of the spyware, and at its discretion could give you permission to remove the spyware using a 3rd party tool.

Even better, prompt for all

[davidwr]

I'd like to see "autorun" treated like "autoplay" for disks of ALL types:

If you go to the properties page of your CD drive, you will see an "autoplay" tab. For each type of non-data disk, you can select an option.

Add an option for two additional type:
* Disks that automatically run a program

with the options:
* Enable autorun
* Disable autorun and treat CD as another type of CD
* Do nothing
* Prompt for choice