Slashdot Mirror
Researchers Want Right to Bypass Protected Spyware
Dotnaught writes "Computer security researchers Professor Edward Felten and Alex Halderman have asked the U.S. Copyright Office for an exemption (pdf) to the Digital Millennium Copyright Act (DMCA) so that they can circumvent copy protection technology used to protect spyware. The DMCA currently makes it illegal to bypass digital locks almost regardless of what they protect or the user's intent. As noted by the Electronic Frontier Foundation, the Copyright Office theoretically grants exemptions, but in reality discourages anyone from asking. What's significant about the application submitted by Felten and Halderman is that they knew about the dangers posed by Sony's XCP DRM software a month before the news became public. But they delayed publication for fear of prosecution. During that time, many more consumers fell victim to the spyware propagated by Sony."
This strikes me as a horrible idea.
I fear that by building these loopholes, we will actually be legitamizing the DMCA as a whole... And we will be losing 1 more datapoint in our arguments against this monstrosity...
hard core geek-ware
I am grateful to live outside the United States when I see lawyers, judges and DMCA bureaucrats shackling reasonable fair use and fair experimentation research.
A caveman dreams of being us, the incalculable power and riches. We dream of being Q, then what?
Just another reason why politicians shouldn't be writing laws concerning subjects they know nothing about.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Part of me wishes Sony had not withdrawn their software voluntarily and had put up a legal fight, such that the courts could have struck down parts of the law as unconstitutional and or invalid. An appeal to the US Copyright office has less legal weight and force of precedence, IMO.
What's significant about the application submitted by Felten and Halderman is that they knew about the dangers posed by Sony's XCP DRM software a month before the news became public. But they delayed publication for fear of prosecution. During that time, many more consumers fell victim to the spyware propagated by Sony.
This story deserves the Slashdot Censorship Icon.
I wonder of the victims can go after the copyright office for contributory neglegence? Probably not but it's fun to think about.
Darn, looks like I missed "first post" by --><-- that much.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
It would have taken a lot of gall from Sony to sue anyone who would blow the whistle on their rootkit. Their public image has been damaged enough as it is with the rootkit scandal to damage it even more with a stupid lawsuit.
In the US, it is legal (with restrictions) to own a gun. It is not legal to go out and randomly pop a cap in someone's behind. The tool, or mechanism, is legal, but the act is not.
Contrast that to the restrictions being argued against. The tool, circumvention of copy protection technology, is illegal. The act, distributing copies in violation of copyright, is also illegal.
Why is circumventing copy protection illegal? Because the **AA want it to be.
Say I want to rent a bike for the day. I license the use of the bike, and am provided with a bike lock. Is it illegal for me to pick that lock? Even if you go by the **AAs' ridiculous licensing theory, it still doesn't make sense to have circumventing copy protection be illegal.
"Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
As someone who has worked in sensitive research areas, I have to say it is about time this came up. There were many times in college when we could not tell our sponsors straight out what we were doing because technically it was illegal. We were doing legitimate research, but because of how poorly written the DMCA is, we could have gotten in hot water because of what we were doing.
What makes it even worse... our sponsor was the Department of Defense. I can not give any specific details becaus of a NDA, so you will have to take my word on it, but what we were doing was of great value to our serving men and women. This is something that is most definitely sorely needed.
Government's view of the economy: If it moves, tax it. If it keeps moving,regulate it. If it stops moving, subsidize it.
Your argument doesn't work against those wanting the excemption. Your argument actually applies to employees of the Sony corporation who knew that they were installing a rootkit on computers and what damage it could do. This is closer to the Nuremburg Trials situation wherein Nazi officers claimed that they were only following orders.
At Nuremburg the court held that if you know something is wrong/evil you are obligated to not do it no matter what your superior officers tell you to do.
We have always been at war with Eurasia!
At the very least I hope Sony is fair when they sue people under the DMCA and that they sue Scotch tape manufacturer 3m... I mean you can use Scotch tape to circumvent copyright protection on Sony CDs and isn't that a violation of the DMCA even though Scotch tape has many legal uses...
If a company ever tried to bring charges against me because I released a fix to their crippleware/malware/spyware/lameware to neuter it or remove it completely, I would be citing 'home defense' laws.
They brought their property, on to yours, with the intent to cripple or hinder use of your equipment, without adequately informing you and without your express permission. In my world, this is the same as home invasion. Just the same as a fat man standing over your computer yelling at you or fucking with your machine's innards when you weren't looking.
Its absolutely retarded that this is even LEGAL. The only reason they haven't been able to apply the DMCA to car innards is because they know that the person OWNS that piece of equipment, and putting in measures to defeat it would be taken apart in all of ten minutes. And spread the information. Eventually it would lead to bad press, as a useless piece of metal would be trying to keep you from having access TO YOUR OWN car. Same thing with computers and software..but people don't think they're as important as things meatside.
Job? I don't have time to get a job! Who will sit around and bitch about being broke and unemployed then?
Nope. At Nurenberg they were on trial because they'd definitely done SOMETHING! They were not guilty of acts of ommission, like forgetting to tell you that they'd installed DRM software onto your computer BEFORE presenting you with an EULA and asking if you wanted to allow them to install software on your computer.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Perhaps they kept thier mouths shut not only out of fear, but to use the situation as an opportunity to do exactly what they are doing. By waiting until it was public they have legitimized their claims without fear of a lawsuit.
In other words, you cannot tell us what you did for the DoD due to the NDA, but then neither can you tell the DoD what you did for them. The secrets will die with you, brother!
Interesting... It would be laughable in some other context, but I feel your pain.
So . . . why do software manufacturers (including malware manufacturers) have a right to dictate what I will do with my hardware. Certainly, if I start making bootlegged copies of software/data available I can see where I have abnegated the implicit agreement between myself and the software vendor (damaging the apartment), but so long as such transgressions remain securely within the bounds of my equipment they should have no right to complain (I furnished the apartment with the most hideous furniture in existence, but the apartment remains undamaged).
So does this mean that if I go out and copyright a new computer virus with the USPTO, I can sue the federal government and the anti-virus manufacturers when they crack open my code to figure out how to stop the virus from damaging computers? I would love to see someone try that one. It would almost be worth going to jail for a while if I could patent a nice new form of self-propogating worm, then upload it onto the servers of the *AA. Then, when they figure out how to stop the worm, I can sue them for millions because the only way they can figure out how to stop it is to circumvent my copyright protection and reverse engineer my application. I might spend a while in jail, but I would probably have a smile on my face the whole time!!!!!
My software never has bugs.
It just develops random features.
Look. If American corporations and the American government actually wanted to work together to eradicate spyware (as opposed to working together to make lots of money), we wouldn't have spyware. We also wouldn't have spam, viruses, or any number of other nasty things. The fact of the matter is that almost all sorts of online nastiness can be used to benefit the already super-rich. Example: Spyware used to benefit Sony (or so they think), viruses used by companies to insert, well, spyware... spam used, of course, to advertise the products of big companies (directly, indirectly, or "The makers of Viagra paid a marketing firm, who paid another marketing firm, who paid a slightly sleazier marketing firm, who sold a list to an even sleazier one, who sold it in turn to an even sleazier one, who ended up spamming you about buying Viagra")...
They. Don't. Give. A. Fuck. In fact, tacitly I think they like this sort of online plague, since they know damned well that only the 'little guys' (read: their competition and their user base) will ever get in trouble for breaking the DMCA, or spreading spyware, or releasing viruses, or spamming-- but they never will.
It will be a cold day in Hell when Sony actually experiences any pain over this. N.b.: A pathetic boycott by 0.1% of 1% of nerds, who in turn make up 1% of the population, will not cause them pain. Also, a $100,000,000 *kof*slaponthewrist*kof* "fine" will not cause them pain either.
The DMCA was conceived as a way of keeping the rich rich. Full stop. End sentence.
And to those of you who think that the combined might of the Fortune 500 companies and the American government couldn't eradicate spyware, spam, etc. if they REALLY wanted to, think again. It's as simple as implementing new security standards and specs, testing them with the cooperation of the security community, setting a worldwide/nationwide rollout date, then requiring everyone's software to support them as of that date. Think "Attention (ebay|Yahoo|Google|MSN) Users: After JULY 23, 2007, you must have upgraded your Web browser to support the new HardenedHTTP specification. Browsers which support this include: Mozilla Firefox 2.0, Netscape 8.1, Opera 9.01, or Internet Explorer 8 Beta."
Yeah, it'd cost billions. But these companies and the US government, put together, have TRILLIONS.
They don't care, though. They'd rather bring their considerable resources to bear upon the tricky problem of making their CEOs and Board members a few more billion apiece. Consumers? Pfeh, they don't even have people to read their email for them. Who cares about them?
With spending like this, exactly what are "conservatives" conserving?
Alright, I'm a little confused here. We have laws on the book which prevent breaking into computers and installing "spyware" without the user knowing about it, but if that "spyware" is encrypted/hidden/copy protected in any way, it is also illegal to remove it??
Is it just me, or is the US government getting too stupid for its britches??
My Sysadmin Blog
...our new gorgonzola overlords!
I'd like to see "autorun" treated like "autoplay" for disks of ALL types:
If you go to the properties page of your CD drive, you will see an "autoplay" tab. For each type of non-data disk, you can select an option.
Add an option for two additional type:
* Disks that automatically run a program
with the options:
* Enable autorun
* Disable autorun and treat CD as another type of CD
* Do nothing
* Prompt for choice
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
The DCMA, the US's favorite export.
Actually the DMCA as well as its EUCD european counterpart are both implementations of the TRIPS international treaty which was brought to us by our loved and highly democratic World Trade Organization.
It also seems that EUCD is yet more restrictive than DMCA, actually the french implementation of EUCD, if adopted by the parliament at the end of the month, will simply make it illegal to publish free software .
It's more than time for all this nonsense to stop.
Slashcode bug # 497457 - unfixed since December 2001 - Go look it up!
o/~ Join us now and share the software
then it ever use to be.
Who modded the parent as Flamebait? The US has moved far from it's democratic ideals. It may not be any China or North Korea, but it is a far sight less free and democratic then it ever use to be.
To wit:
1) DMCA
2) Patriot Act
3) Congressional gerrymandering.
4) Copyright extentions and patent law broadening.
5) Air travel ID requirements