Slashdot Mirror
Researchers Want Right to Bypass Protected Spyware
Dotnaught writes "Computer security researchers Professor Edward Felten and Alex Halderman have asked the U.S. Copyright Office for an exemption (pdf) to the Digital Millennium Copyright Act (DMCA) so that they can circumvent copy protection technology used to protect spyware. The DMCA currently makes it illegal to bypass digital locks almost regardless of what they protect or the user's intent. As noted by the Electronic Frontier Foundation, the Copyright Office theoretically grants exemptions, but in reality discourages anyone from asking. What's significant about the application submitted by Felten and Halderman is that they knew about the dangers posed by Sony's XCP DRM software a month before the news became public. But they delayed publication for fear of prosecution. During that time, many more consumers fell victim to the spyware propagated by Sony."
This strikes me as a horrible idea.
I fear that by building these loopholes, we will actually be legitamizing the DMCA as a whole... And we will be losing 1 more datapoint in our arguments against this monstrosity...
hard core geek-ware
I am grateful to live outside the United States when I see lawyers, judges and DMCA bureaucrats shackling reasonable fair use and fair experimentation research.
A caveman dreams of being us, the incalculable power and riches. We dream of being Q, then what?
Just another reason why politicians shouldn't be writing laws concerning subjects they know nothing about.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
I'm glad to see this. Up to now I thought the only thing the U.S. Copyright office did was register the official names of stars in cooperation with some official sounding international registry about which I know very little.
(sic)
Trying to use sarcasm in text-based forums does not work.
Part of me wishes Sony had not withdrawn their software voluntarily and had put up a legal fight, such that the courts could have struck down parts of the law as unconstitutional and or invalid. An appeal to the US Copyright office has less legal weight and force of precedence, IMO.
What's significant about the application submitted by Felten and Halderman is that they knew about the dangers posed by Sony's XCP DRM software a month before the news became public. But they delayed publication for fear of prosecution. During that time, many more consumers fell victim to the spyware propagated by Sony.
This story deserves the Slashdot Censorship Icon.
I wonder of the victims can go after the copyright office for contributory neglegence? Probably not but it's fun to think about.
Darn, looks like I missed "first post" by --><-- that much.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
It would have taken a lot of gall from Sony to sue anyone who would blow the whistle on their rootkit. Their public image has been damaged enough as it is with the rootkit scandal to damage it even more with a stupid lawsuit.
In the US, it is legal (with restrictions) to own a gun. It is not legal to go out and randomly pop a cap in someone's behind. The tool, or mechanism, is legal, but the act is not.
Contrast that to the restrictions being argued against. The tool, circumvention of copy protection technology, is illegal. The act, distributing copies in violation of copyright, is also illegal.
Why is circumventing copy protection illegal? Because the **AA want it to be.
Say I want to rent a bike for the day. I license the use of the bike, and am provided with a bike lock. Is it illegal for me to pick that lock? Even if you go by the **AAs' ridiculous licensing theory, it still doesn't make sense to have circumventing copy protection be illegal.
"Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
As someone who has worked in sensitive research areas, I have to say it is about time this came up. There were many times in college when we could not tell our sponsors straight out what we were doing because technically it was illegal. We were doing legitimate research, but because of how poorly written the DMCA is, we could have gotten in hot water because of what we were doing.
What makes it even worse... our sponsor was the Department of Defense. I can not give any specific details becaus of a NDA, so you will have to take my word on it, but what we were doing was of great value to our serving men and women. This is something that is most definitely sorely needed.
Government's view of the economy: If it moves, tax it. If it keeps moving,regulate it. If it stops moving, subsidize it.
Your argument doesn't work against those wanting the excemption. Your argument actually applies to employees of the Sony corporation who knew that they were installing a rootkit on computers and what damage it could do. This is closer to the Nuremburg Trials situation wherein Nazi officers claimed that they were only following orders.
At Nuremburg the court held that if you know something is wrong/evil you are obligated to not do it no matter what your superior officers tell you to do.
We have always been at war with Eurasia!
If you know that someone is doing something mean, nasty and evil.... you let someone know. Plain and simple.
I assume you have plenty of money to fight frivolous lawsuits filed against you when you heroically denounce evil deeds, right? For the rest of us, when the law muzzles us, we tend to shut up because otherwise we'd go broke. Sad but that's how it is, and I suspect you'd probably do the same despite all your Slashdot bravado.
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
At the very least I hope Sony is fair when they sue people under the DMCA and that they sue Scotch tape manufacturer 3m... I mean you can use Scotch tape to circumvent copyright protection on Sony CDs and isn't that a violation of the DMCA even though Scotch tape has many legal uses...
If a company ever tried to bring charges against me because I released a fix to their crippleware/malware/spyware/lameware to neuter it or remove it completely, I would be citing 'home defense' laws.
They brought their property, on to yours, with the intent to cripple or hinder use of your equipment, without adequately informing you and without your express permission. In my world, this is the same as home invasion. Just the same as a fat man standing over your computer yelling at you or fucking with your machine's innards when you weren't looking.
Its absolutely retarded that this is even LEGAL. The only reason they haven't been able to apply the DMCA to car innards is because they know that the person OWNS that piece of equipment, and putting in measures to defeat it would be taken apart in all of ten minutes. And spread the information. Eventually it would lead to bad press, as a useless piece of metal would be trying to keep you from having access TO YOUR OWN car. Same thing with computers and software..but people don't think they're as important as things meatside.
Job? I don't have time to get a job! Who will sit around and bitch about being broke and unemployed then?
Nope. At Nurenberg they were on trial because they'd definitely done SOMETHING! They were not guilty of acts of ommission, like forgetting to tell you that they'd installed DRM software onto your computer BEFORE presenting you with an EULA and asking if you wanted to allow them to install software on your computer.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
How can it be moral or ethical to prevent someone from examining how something they use and integrate into their computer? A person should have the right to know what they are buying, renting, or using when they pay for it. They should know exactly what a computer program is doing, especially when the computer is also used to buy items online and check health care stuff. I expect to know what I am buying whether it's a a hamburger (does it have something I am allergic to? Is it prepared safe ?), a paper plate, a car (do the brakes work as normal), or software (does it make my system vulnerable, can it affect other software?).
And no, them saying it won't does suffice (unless I get a massive payment if it turns out they are wrong). Not even third party certification would work (although they would never agree to that anyway).
Perhaps they kept thier mouths shut not only out of fear, but to use the situation as an opportunity to do exactly what they are doing. By waiting until it was public they have legitimized their claims without fear of a lawsuit.
In other words, you cannot tell us what you did for the DoD due to the NDA, but then neither can you tell the DoD what you did for them. The secrets will die with you, brother!
Interesting... It would be laughable in some other context, but I feel your pain.
Does anyone know if similar laws to the DMCA exist is the UK? I'd be seriously worried if they do. I'm of the opinion that you have a right to bypass any technology used to protect spyware. It's a pretty deceitful form of software, it's effectively carrying out surviellence against you, you should be able to respond to it.
So . . . why do software manufacturers (including malware manufacturers) have a right to dictate what I will do with my hardware. Certainly, if I start making bootlegged copies of software/data available I can see where I have abnegated the implicit agreement between myself and the software vendor (damaging the apartment), but so long as such transgressions remain securely within the bounds of my equipment they should have no right to complain (I furnished the apartment with the most hideous furniture in existence, but the apartment remains undamaged).
So does this mean that if I go out and copyright a new computer virus with the USPTO, I can sue the federal government and the anti-virus manufacturers when they crack open my code to figure out how to stop the virus from damaging computers? I would love to see someone try that one. It would almost be worth going to jail for a while if I could patent a nice new form of self-propogating worm, then upload it onto the servers of the *AA. Then, when they figure out how to stop the worm, I can sue them for millions because the only way they can figure out how to stop it is to circumvent my copyright protection and reverse engineer my application. I might spend a while in jail, but I would probably have a smile on my face the whole time!!!!!
My software never has bugs.
It just develops random features.
And this would be bad because...?
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Look, the hackers don't give a damn about the DMCA. Heck, a good many live outside the US, so what does that even matter. By making circumvention illegal, the only people that are being harmed are consumers who don't find out when corporate villains like Sony start distributing this kind of crap until it's too late. But Congress is the core of this. By essentially ignoring anything other than the corporate sugar daddies, they have tacitly given them permission to be as immoral and unethical as they please.
The world's burning. Moped Jesus spotted on I50. Details at 11.
Given that all these technological measures only break Windows because of Autorun, why doesn't MS issue a patch to disable it.
All that would be required is a simple popup when you insert a CD: "This disc appears to be an audio disc. Do you want to play it as normal, or would you like to install the program that is on the disc".
Look. If American corporations and the American government actually wanted to work together to eradicate spyware (as opposed to working together to make lots of money), we wouldn't have spyware. We also wouldn't have spam, viruses, or any number of other nasty things. The fact of the matter is that almost all sorts of online nastiness can be used to benefit the already super-rich. Example: Spyware used to benefit Sony (or so they think), viruses used by companies to insert, well, spyware... spam used, of course, to advertise the products of big companies (directly, indirectly, or "The makers of Viagra paid a marketing firm, who paid another marketing firm, who paid a slightly sleazier marketing firm, who sold a list to an even sleazier one, who sold it in turn to an even sleazier one, who ended up spamming you about buying Viagra")...
They. Don't. Give. A. Fuck. In fact, tacitly I think they like this sort of online plague, since they know damned well that only the 'little guys' (read: their competition and their user base) will ever get in trouble for breaking the DMCA, or spreading spyware, or releasing viruses, or spamming-- but they never will.
It will be a cold day in Hell when Sony actually experiences any pain over this. N.b.: A pathetic boycott by 0.1% of 1% of nerds, who in turn make up 1% of the population, will not cause them pain. Also, a $100,000,000 *kof*slaponthewrist*kof* "fine" will not cause them pain either.
The DMCA was conceived as a way of keeping the rich rich. Full stop. End sentence.
And to those of you who think that the combined might of the Fortune 500 companies and the American government couldn't eradicate spyware, spam, etc. if they REALLY wanted to, think again. It's as simple as implementing new security standards and specs, testing them with the cooperation of the security community, setting a worldwide/nationwide rollout date, then requiring everyone's software to support them as of that date. Think "Attention (ebay|Yahoo|Google|MSN) Users: After JULY 23, 2007, you must have upgraded your Web browser to support the new HardenedHTTP specification. Browsers which support this include: Mozilla Firefox 2.0, Netscape 8.1, Opera 9.01, or Internet Explorer 8 Beta."
Yeah, it'd cost billions. But these companies and the US government, put together, have TRILLIONS.
They don't care, though. They'd rather bring their considerable resources to bear upon the tricky problem of making their CEOs and Board members a few more billion apiece. Consumers? Pfeh, they don't even have people to read their email for them. Who cares about them?
With spending like this, exactly what are "conservatives" conserving?
Sony wouldn't have had a DMCA fight by continuing to ship the software. That's not illegal under the DMCA, nor are they being sued under its provisions.
The researchers who determined how it worked, and how to workaround and/or remove it would have had to carry the burden of the fight if Sony charged them with violating the DMCA.
Sony had to pull it because of: a) Immense bad PR; and b) Being sued for every instance still out there under Spyware/Computer Invasion laws. Sony's only hope for defense (a huge lie, btw, in light of what has been revealed since this story first broke) is, "We didn't know it was bad when we shipped it, and the moment we found out it was bad we recalled it and offered replacements."
I hope this won't save them because they truly deserve to go all the way down over this, and should serve as a severe warning to every other remaining company that this is just plain Wrong!
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Alright, I'm a little confused here. We have laws on the book which prevent breaking into computers and installing "spyware" without the user knowing about it, but if that "spyware" is encrypted/hidden/copy protected in any way, it is also illegal to remove it??
Is it just me, or is the US government getting too stupid for its britches??
My Sysadmin Blog
Researchers: "Give us the right to bypass protected spyware!"
U.S. Copyright Office: "No problem. That'll be $10,000,000; small, non-sequential bills, please."
Are you...Are you some kind of genius?
No, ma'am, I'm just a regular Slashdot reader.
Hey script kiddies and virus creators (I know at least SOME slashdotters are. Come on, admit it, you're out there!), want to help kill DMCA?
In your next trojan horse and virus releases, implement some sort of DRM which will make it illegal for anyone to remove the utilities. You can then prosecute Symantec, etc. citing DMCA violations. This will show just how evil the DMCA really is.
The Christian Right is Neither (Christian nor right). See: Matthew 23, Matthew 25, Ezekiel 16:48-50
I generally do not see much of any coverage relating to the issues surrounding the DCMA and all the hoopla coming from it. Seems like all of the news about it is on Slashdot or the Register. Why are the big news outfits not publishing anything on this???
My suspicions are that "keeping it quiet" is a tendancy being brought about by a select group of lawyers that work quite possibly in the entertainment industry, and are looking to covet their bank accounts and the future deposits thereof.
I mean;.. we all know the silly thing is entirely political apeasement to a small group, and that somehow the thing got in and passed with very little fanfare. What is disturbing is that it takes all this to convince folks to take a look at the language of this thing, and research it against constitutional law. Odds are that you would find that it nullifies much of your rights without you ever even committing a crime!
Yea, I know... "Black hellicopter" and all... but.. sure does make you wonder what the heck is going on!!
Cheers.
All content in this message is copyright (c) 2008. All rights reserved. RIAA is prohibited here.
Laws that require a bunch of exemptions need to be revisited. It's just like when software gets too many nested conditionals - you know the logic needs to be cleaned up or scrapped. Has anyone ever tried to apply complexity measures to portions of the law?
If the government told you to jump off a cliff or chop your own hand off would you? No of course not and even if they made a law saying that all left handers must chop off their left hands and become righties you still wouldn't. When the laws are ridiculous and the governement is out of control people need to stop obeying and change them out even if it's bloody and hard. The US govenment used to be like a block of cheese that had some mold (corruption) on the outside which you could avoid and still enjoy the center. Now the whole thing is moldy and the room smells like feet so something has got to be done, unless of course you enjoy the smell of toe cheese.
...our new gorgonzola overlords!
I'd like to see "autorun" treated like "autoplay" for disks of ALL types:
If you go to the properties page of your CD drive, you will see an "autoplay" tab. For each type of non-data disk, you can select an option.
Add an option for two additional type:
* Disks that automatically run a program
with the options:
* Enable autorun
* Disable autorun and treat CD as another type of CD
* Do nothing
* Prompt for choice
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
The DCMA, the US's favorite export.
Actually the DMCA as well as its EUCD european counterpart are both implementations of the TRIPS international treaty which was brought to us by our loved and highly democratic World Trade Organization.
It also seems that EUCD is yet more restrictive than DMCA, actually the french implementation of EUCD, if adopted by the parliament at the end of the month, will simply make it illegal to publish free software .
It's more than time for all this nonsense to stop.
Slashcode bug # 497457 - unfixed since December 2001 - Go look it up!
o/~ Join us now and share the software
Sounds like the defence used in the Nurenburg trials.
Wow, Godwin's Law in the FP. You lose!
Switch back to Slashdot's D1 system.
Should be hidden in some DCMA protected software so that even discovering the viral code requires a DCMA violation... I am not a programmer, but at least that situation would model the need for security researchers to be able to do their work.
then it ever use to be.
Who modded the parent as Flamebait? The US has moved far from it's democratic ideals. It may not be any China or North Korea, but it is a far sight less free and democratic then it ever use to be.
To wit:
1) DMCA
2) Patriot Act
3) Congressional gerrymandering.
4) Copyright extentions and patent law broadening.
5) Air travel ID requirements