The issue in DeCSS is that the DMCA (Digital Millenium Copyright Act) prohibits breaking encryption. In section 1201(a)(1)(A), it states, "No person shall circumvent a technological measure that effectively controls access to a work protected under this title." Connectix gets out for two reasons - first of all, Sony wasn't trying to control access to a DMCA-protected work. Additionallty, there is a great grey area defined in 1201(f)(2), "REVERSE ENGINEERING," which specifically states "...[A] person may...circumvent a technological measure...for the purpose of enabling interoperability of...a computer program with other programs..." which almost seems written to get Connectix out from under DMCA.
DMCA's biggest problem is its inherently split personality. In 1201(a)(2), it prohibits the manufacture or import of devices primarily intended to circumvent "effective" copyright measures. But, in 1201(c)(1), it states, "Nothing [in section 1201] shall affect rights...including fair use, under this title." That's right, boys and girls - you have the right to copy that DVD, it's just illegal to make a device to do it!
So, as usual, this is just folks who haven't actually read the law running off on tangents. Yes, it's a good analogy. But the law very clearly prohibits some things (building a device to defeat an "effective" copyright control system) and clearly doesn't prohibit others (building an emulator). Read the law before you post.
Oh yeah, and for all of you thinking, "Well, if DeCSS can break it, by definition, it isn't effective," the law has an answer to that, in 1201(b)(2)(B): An effective measure is one that "in the ordinary course of its operation, prevents...the excercise of a right of a copyright owner." DeCSS isn't in the "ordinary course of its operation," therefore, it doesn't make the copyright control ineffective! In fact, there is some argument that, if I simply put a bit on my content (much like the copyright bit in the MP3 standard) that said, "Don't copy me," and all the players in the market enforced that bit, making a player that ignored it would be prohibited by DMCA!
There's not any clever legal arguments to get out from under this. Either the Supreme Court strikes it down (which it conceivably could do simply for being so internally inconsistent in stating that fair use is OK but you can't build a device to enable fair use, or perhaps on first ammendment grounds), or We The People get Congress to revoke the law. Us against Disney, Microsoft, the MPAA and the RIAA...Hmmm. I know who's the favorite on this one...
(DMCA information taken from
The EFF. Large amounts of legal verbage have been removed from the quotes above in order to make them actually readable.)
Obviously, it's great if you're out in the middle of nowhere and a modem (or nothing) is the only alternative. But it's not gonna be really nice until the thing you're sending to is a lot less than a quarter-light-second away.
If you can get cable or DSL, there's no comparison. You know that half-second latency you get on transcontinental calls? Imagine having that on all your web requests. It's easily twice as bad as the latency on most dialups.
Now, that said, if you live in the middle of nowhere, it's still a heck of a lot better than 56k. But DSL or cable is what's going to drag this country into broadband, not satellite access.
I think the behavior is more ingrained...
on
TigerCloning
·
· Score: 1
The conventional wisdom on this is "well, you'll save the DNA, sure, but the animal's 'culture' is destroyed." I'm not sure I agree, for a lot of reasons.
The strongest reason I think it's all instinct is people, actually. My son was born five months ago, and I was amazed at the instincts he came bundled with. There are so many behaviors that well all have that we think are learned and conscious that really just came pre-programmed. A simple, but profound, example is yawning - when he was only a few weeks old (certainly before I'd exhibited this behavior in front of him, and in any case before he was old enough to mimic my actions), I saw him yawn, and then smack his lips three times. It's such a normal, human action, and it just stopped me in my tracks to realize it's not something learned - for whatever reason, we come preprogrammed to smack our lips after we yawn!
It has been amazing to see the pre-programmed instincts he's come with, from the instinct to grab things to the more esoteric ones like "close your eyes and hold your breath when someone blows in your face." Most of these instincts, in humans, lead the way toward learned behavior. The random, instinctual movement of his limbs right after birth leads him to learn how to control them, consciously. But, in non-sentient animals, complex behavior in adults is more and more being shown to be pre-programmed.
This is not to say that learning isn't involved. Tasmanian Tigers, no doubt, hunted and their offspring learned a lot of the idea and mode of hunting from watching their parents. And it does seem likely that a Tasmanian Tiger brought up by a Tasmanian Devil would have an "accent" to its hunting style.
So, it's true that today's Tigers won't hunt exactly the way they did a century ago. I'd be willing to bet the social structure will be similar, though. Think about how housecats regularly fail to become a part of human social structures, while dogs (whose social structures already fit ours) fit in well - even if these animals are rasised from a very young age in the absence of others of their species.
But, it seems to me that bringing back an extinct species that is 90% the same as the original is extremely worthwhile. Obviously, it would be better to keep them alive, to begin with. But, if we as humans are ever going to coexist with the creatures around us, making these kinds of amends is a good start.
I think the thought is more that it requires energy to start life. Although, of course, we're still very fuzzy on how life actually gets started. Mostly we've got interesting theories and "hey, this doesn't actually violate the laws of physics..." type of things. Unfortunately, early life had no rigid structures (in fact, depending on definitions, may have just been strings of molecules), and therefore didn't leave fossils.
The thought on Europa is that the energy would be provided by volcanic heat. In the past decade, life has been discovered deep in the ocean around volcanic vents, and that has led to a lot of the speculation about possible life on Europa.
As the programmer largely responsible for 5.0 Unix (flaws and all), I've got to respond to some of this. Some of it is simply not factual, other parts of it contain opinion which I consider to be incorrect. Disclaimer, first - I do not work for NAI or PGP, Inc., and my words are most certainly my own and not theirs.
Point-by-point:
1) "PGP 5.x was, is, and will continue to be a screwup". Your opinion, obviously. I agree some things could have been better with it (especially the Unix version).
2) "They deliberately changed the command line interface to break every PGP-interoperable tool out there." No. *I* deliberately changed the command line interface (with much deliberation) for two reasons: Once Unix development started, we were on a very tight schedule, as the Windows and Mac versions had already been released (see blow). The primary goal was to make it possible for Unix to decrypt the new key formats as quickly as possible. There was not time, under the schedule, to reimplement the 2.x command line item-for-item. Given that we were creating a security application, my opinion was that it was much better to create a new interface and break everything than to try to emulate the old interface and perhaps subtly break other things without complaint. The secondary goal was to improve the interface to be more Unix-like and less DOS-like (note, for example, that under 2.6.2, you can't do something like "pgp -ea president@whitehouse.gov *.txt"). In the end, I suspect my interface failed; I know I didn't have time to think about it, design it or get the input I would've liked. So, it is technically acurate that the change was "to break every...tool out there," but the intent was to prevent subtle security flaws in programs that interoperate with PGP.
3) "They released the Windows version months before the UNIX version." True enough. We were a startup, in those days, and, if you look at Wired Magazine from the same time period, youll find we did significant layoffs at the company around that time. As 5.0 was rolling out, PGP, Inc. was realizing that it didn't really have enough funding to keep going as an independent entity. As a result, we didn't have any resources to devote to Unix. Windows and Mac were our focus because that was what was needed for the corporate clients we needed to keep the business going. Once Windows 5.0 shipped (I was a developer on that, as well), work was begun on 5.0 for Unix. I was the only person on the non-crypto team (who were now busy working on 5.5) who had any knowledge of Unix, so I got to do it all by myself, with essentially no other resources. So, yes, it came out later. We didn't have the people to do it any sooner.
4) "When they finally were releasing the UNIX versions, they were binary-only." In July of 1996, we published the first source-code books, containing the PGP 5.0 source code from the late June releases of 5.0 for Windows and Mac. Our intent with these books was to make the source code available for international review within the constraints of US export law at the time. It took about a month to get them together, as we had to write code to format the books correctly, etc. With every subsequent book, it took less time for the code to be released, as we improved the process. In the July book, we included the "alpha" version of PGP 5.0 for Unix that I was developing, at the time. It had a lot of flaws, but let people see the code. This was scanned in and became available online in late July or early August (if memory serves). Once the final Unix version was released, the code was available in the next source code book. I know we discussed publishing an addendum with the 5.0 Unix code, final version in it, but I don't recall if that happened. The 5.0 Unix source-code book may have been delayed because PGP, Inc. was running out of money, that fall. As I recall, the code itself was completed in September, but it may be true that the code was not actually published for some months, afterward. Again, this was not due to a conspiracy, but due to a lack of funds.
5) [Long rant about publishing the books not making sense]. We did not publish the source code electronically for very specific export-control reasons. At the time, it was illegal (punishable with jail time) to let that type of stuff out of the country. We felt that, as a company, we had a big, fat target on us, and we had to do everything in a completely legal fashion. As I said in number four, I agree that the Unix source code didn't come out as quickly as it could, but that had more to do with a lack of funds than anything else.
6) "They deliberately broke interoperability..." The answer to this one is really simple: Patents. We wanted to release a completely freeware version of PGP. We couldn't, as long as RSA was a requirement. Therefor, we had to move the product off of RSA.
Finally, you complain that "PGP Incorporated is a government shill organization..." Technically speaking, "PGP, Inc." doesn't really exist since they were purchased by Network Associates, Inc. in December of 1997. I'm going to assume what you're trying to get across here is that, earlier in 1997, PGP, Inc. was a government shill organization (as evidenced by its poor support of Unix, apparently).
This was an accusation frequently leveled against us at the time, but which we were not permitted, as employees, to counter. I've never really said anything about it, before, and certainly slashdot is not the kind of place where this is going to be widely read an understood, but:
PGP, Inc. was a lot of things. It was a startup with too much money, too fast, that burned that money too quickly on unimportant things. It made a lot of business decisions, some which I agree with (making Windows a priority, for example) and many of which I didn't. It was quite amusing, at the time, to see how everything we did was considered evidence of a government conspiracy. My wife was the build mistress, and she'd make some trivial change to a README and the next thing you'd know there would be people on Usenet analyzing the wording for proof that the NSA was controlling us.
In the end, PGP, Inc. lasted about a year and a half. I joined in November, 1996, when they had gotten their first financing. Like a lot of other people, I took a significant pay cut to come work on PGP, because of my love of the product and desire to help create a product that would help people protect their privacy and resist tryanny. Almost every employee there (and certainly all the engineers) were there for similar reasons. We did a lot of things that I think we'd change, in retrospect. But I personally lost thousands of dollars in lost wages working for PGP (and got basically nothing in the sale to NAI). The reason all of us were there was to build a company that could take encryption to the masses. The strategy we chose was to do that by selling a product to large corporations.
You may have complaints about what we did. I personally was never happy with PGP 5.0 for Unix, and can understand why others (especially those who actually paid for it) might have complaints about it. But to say that we did it in concert with the government or to aid the government in any way is not just ridiculous, it's offensive. Staring a company from the ground-up is hard, and it's not surprising that we made mistakes. But they were all honest ones.
I was at PGP when we printed the source code. The source code was printed so that we could easily distribute it for review without having to worry about US Export law. Crypto was once classified as a munition, but by the time the PGP source was printed, that definition was changed and it was by the standard export controls that prevent you from doing things like exporting super computers to Libya. Obviously, though, one of the things we were trying to accomplish was to clearly underscore that, to keep PGP in the country, the government would have to ban a book, which really makes clear the First Ammendment issues. I think the DeCSS people would be extremely wise to print up the code in a book and begin selling it - if the judge in the case has to actually ban a book, I think that would really bring home the issues.
Also, for what it's worth, export regs on crypto have now significantly been loosened, and it is now legally possible to export "machine readable" crypto code without an explicit license.
Uh...maybe it's just me, but this looks weird. "...I am financially qualified to purchase a limited addition Mach 5..." Don't they mean limited edition? You'd think for $61,000, they could hire a lawyer with a grammar checker.
And, yes, there's prolly a grammar or spelling error up there someplace (or down here), but you didn't pay me $61,000 for this comment, now, did you?
Number 3 is closest to the truth, but it's not as bad you're making out.
The RIAA quite intentionally avoided the question of whether mp3.com has the right to send you a song you already own.
Instead, they focused on the creation of the database: did mp3.com, the company, have the right to encode a bunch of CDs to use for commercial gain? This is a totally different point from you as an individual encoding a bunch of a CDs - you're just doing it for yourself. If you're doing it for commercial gain (and, by definition, almost anything a company does is for commercial gain), then, under US copyright law, you've got to compensate the rights holders. That's all the case was about, and it has no ramifications for any other online music services - liquidaudio.com, emusic.com, musicmaker.com or even napster.com. None of them were so willfully STUPID as to go and make a commercial database of songs they haven't licensed the rights to. The shareholder lawsuits alone on such poor thinking should keep as all entertained for years...
One of the cases used against MP3.com, for example, is that of Kinko's copying a book. If you buy a book, and buy a photocopier, it is within your rights to make a copy of that book, as long as you don't make any money on it. However, if you take that same book down to Kinko's, and PAY Kinko's to make a copy, you have just crossed the line. Kinko's made money on the deal, which means that legally they have to have a contract with the author to distribute royalties. Absent such a contract, Kinko's has violated copyright law. It's the same thing with mp3.com - by using the songs in a commercial context, they are required to seek licenses from the original rights holders. They didn't, and hence are liable for copyright infringement, even though their service went through backflips to prevent hackability (and, from a technical standpoint, I think they did a pretty good job, there). Should've saved some money on programmers, though, and paid a good copyright lawyer to tell them if it was legal, first.
It's not like this is some new "Net Act" that's untested in court...what they did violated the essential basis of US copyright law, and precedents on it go back more than 100 years. That's why the judge agreed to the summary judgement - he thought it was so completely obvious they broke the law that it wasn't even worth going to trial. Again, how a publically traded company could make such a boneheaded error is completely beyond me. What a train wreck!
Wired is following the industry wisdom here, which totally ignores the realities of copying, fair use, and the real convenience of digital media - not being locked into a single physical format. Not the mention their total misunderstanding of what has just occurred, here:
Increasing security is definitely a start, along with changing the security system. That would mean every DVD console on the marketplace would need a firmware upgrade.
"Increasing" security is only the start to having this happen, again. Client-side security by definition HAS to rely on security-through-obscurity. It is my personal hope that all the security firms involved in the DVD encryption are put out of business by their greed to help in designing a system that they had to know wouldn't work from the get-go.
When I worked at PGP, one of the Big Five record labels came to us and asked us to design a crypto system for encrypted music, much like what just got broken with DVD. Despite being a cash-hungry start up, we sent them packing, because our analysis was that there was no way to make a system like that unbreakable. Since PGP's reputation depended on our security prowess, we decided the short-term cash wasn't nearly as important as the long-term damage our business would suffer when this stuff was cracked, as we knew it would be. As Phil Z. has said recently, "Encrypted music is like having a secure channel to Linda Tripp."
This is just the same old thinking that is paralyzing all of Hollywood. There is this enormous fear in all parts of the entertainment industry of digital technology. Controlling exactly how much data a PC DVD drive can write, or requiring firmware upgrades to ALL DVD drives on the market is NOT going to solve the problem. All it's going to do is alienate people from these formats.
All of the entertainment industry has been trying to use the move to digital formats to lock things down a lot more than they are, now. In theory, your ability to make "fair use" copies of DVDs still exists. In reality, Congress has made it illegal to create a device to break the encryption. I don't suppose the fact that the brakers, in this case, were overseas will halt the entertainment industry's inevitable cries for more legislative action on these issues.
Unfortunately, the entertainment industry is between a rock and a hard place - they can either open up a little and let average people do basically honest things, or they can be completely crushed by piracy. Hiding behind innefctive security will, in the end, make things worse by forcing average users to pirate media in order to do what they want. It's the same old story of the digital age - do what the people want, and maintain a little control. Or go completely against them and get crushed.
It will be telling to see how the industry reacts to this latest issue. I'm hopeful maybe some lessons were learned. If they think we're all going to reflash our DVDs, I think they'll be suprised. The customer doesn't care about encryption as long as it doesn't cause him any hassle. Hollywood has basically two choices, now - kill DVD (either by forcing a reflash, or by refusing to release movies in it at all), or recognize that the genie is out of the bottle. I'm hopeful they'll do the latter. They're going to have to wake up and smell the coffe, eventually. I just hope it's now and not in five years.
I know/. has been doing this for a LONG time, and I certainly don't have a problem with Cmdr. Taco and company getting a little bit of money off the books they review.
However, given/.'s highly political stance on software patents (and that of its readership) is perhaps a different bookseller in order? I personally have sworn off Amazon as long as they insist on pursuing their one-click patent. It would be nice to see/. put its money where its mouth is. In fact, it might be very nice if they spearheaded a techie boycott of Amazon on this subject.
I think it's interesting that both sides were able to use computers. It could be interesting to set up (perhaps on/., as you suggest) a Team A vs. Team B game, where each side decides over some long amount of time their moves, is able to consult grand masters, etc. I'm assuming we couldn't get Kasparov to play us - but, even if we could, this might be neater. I could see how, in some ways, it might lead to a different view of chess - one in which teams and computers spend long periods of time trying to outguess the competetition. Of course, you'd have the problem that your opponents would be able to view your decision making process...:)
Yeah, the patent thing is quite frustrating. When I saw Amazon's news, this morning, my first thought was "Gee. I wish I'd bought some Amazon stock so I could sell it, now." Hrmph. Come to think of it, I suppose I should be boycotting them, now...
They've been doing that for months, at least. I use it a lot for Linux-related info. The Uncle Sam search is new, though. Hmmm, maybe it can find all my money old Uncle Sam made off with...
Slashdot Mirror
Are you kidding me? You've gotta count, man!
Just stop reading at one hundred words. :p
DMCA's biggest problem is its inherently split personality. In 1201(a)(2), it prohibits the manufacture or import of devices primarily intended to circumvent "effective" copyright measures. But, in 1201(c)(1), it states, "Nothing [in section 1201] shall affect rights...including fair use, under this title." That's right, boys and girls - you have the right to copy that DVD, it's just illegal to make a device to do it!
So, as usual, this is just folks who haven't actually read the law running off on tangents. Yes, it's a good analogy. But the law very clearly prohibits some things (building a device to defeat an "effective" copyright control system) and clearly doesn't prohibit others (building an emulator). Read the law before you post.
Oh yeah, and for all of you thinking, "Well, if DeCSS can break it, by definition, it isn't effective," the law has an answer to that, in 1201(b)(2)(B): An effective measure is one that "in the ordinary course of its operation, prevents...the excercise of a right of a copyright owner." DeCSS isn't in the "ordinary course of its operation," therefore, it doesn't make the copyright control ineffective! In fact, there is some argument that, if I simply put a bit on my content (much like the copyright bit in the MP3 standard) that said, "Don't copy me," and all the players in the market enforced that bit, making a player that ignored it would be prohibited by DMCA!
There's not any clever legal arguments to get out from under this. Either the Supreme Court strikes it down (which it conceivably could do simply for being so internally inconsistent in stating that fair use is OK but you can't build a device to enable fair use, or perhaps on first ammendment grounds), or We The People get Congress to revoke the law. Us against Disney, Microsoft, the MPAA and the RIAA...Hmmm. I know who's the favorite on this one...
(DMCA information taken from The EFF. Large amounts of legal verbage have been removed from the quotes above in order to make them actually readable.)
Obviously, it's great if you're out in the middle of nowhere and a modem (or nothing) is the only alternative. But it's not gonna be really nice until the thing you're sending to is a lot less than a quarter-light-second away.
Now, that said, if you live in the middle of nowhere, it's still a heck of a lot better than 56k. But DSL or cable is what's going to drag this country into broadband, not satellite access.
The strongest reason I think it's all instinct is people, actually. My son was born five months ago, and I was amazed at the instincts he came bundled with. There are so many behaviors that well all have that we think are learned and conscious that really just came pre-programmed. A simple, but profound, example is yawning - when he was only a few weeks old (certainly before I'd exhibited this behavior in front of him, and in any case before he was old enough to mimic my actions), I saw him yawn, and then smack his lips three times. It's such a normal, human action, and it just stopped me in my tracks to realize it's not something learned - for whatever reason, we come preprogrammed to smack our lips after we yawn!
It has been amazing to see the pre-programmed instincts he's come with, from the instinct to grab things to the more esoteric ones like "close your eyes and hold your breath when someone blows in your face." Most of these instincts, in humans, lead the way toward learned behavior. The random, instinctual movement of his limbs right after birth leads him to learn how to control them, consciously. But, in non-sentient animals, complex behavior in adults is more and more being shown to be pre-programmed.
This is not to say that learning isn't involved. Tasmanian Tigers, no doubt, hunted and their offspring learned a lot of the idea and mode of hunting from watching their parents. And it does seem likely that a Tasmanian Tiger brought up by a Tasmanian Devil would have an "accent" to its hunting style.
So, it's true that today's Tigers won't hunt exactly the way they did a century ago. I'd be willing to bet the social structure will be similar, though. Think about how housecats regularly fail to become a part of human social structures, while dogs (whose social structures already fit ours) fit in well - even if these animals are rasised from a very young age in the absence of others of their species.
But, it seems to me that bringing back an extinct species that is 90% the same as the original is extremely worthwhile. Obviously, it would be better to keep them alive, to begin with. But, if we as humans are ever going to coexist with the creatures around us, making these kinds of amends is a good start.
The thought on Europa is that the energy would be provided by volcanic heat. In the past decade, life has been discovered deep in the ocean around volcanic vents, and that has led to a lot of the speculation about possible life on Europa.
Point-by-point:
1) "PGP 5.x was, is, and will continue to be a screwup". Your opinion, obviously. I agree some things could have been better with it (especially the Unix version).
2) "They deliberately changed the command line interface to break every PGP-interoperable tool out there." No. *I* deliberately changed the command line interface (with much deliberation) for two reasons: Once Unix development started, we were on a very tight schedule, as the Windows and Mac versions had already been released (see blow). The primary goal was to make it possible for Unix to decrypt the new key formats as quickly as possible. There was not time, under the schedule, to reimplement the 2.x command line item-for-item. Given that we were creating a security application, my opinion was that it was much better to create a new interface and break everything than to try to emulate the old interface and perhaps subtly break other things without complaint. The secondary goal was to improve the interface to be more Unix-like and less DOS-like (note, for example, that under 2.6.2, you can't do something like "pgp -ea president@whitehouse.gov *.txt"). In the end, I suspect my interface failed; I know I didn't have time to think about it, design it or get the input I would've liked. So, it is technically acurate that the change was "to break every...tool out there," but the intent was to prevent subtle security flaws in programs that interoperate with PGP.
3) "They released the Windows version months before the UNIX version." True enough. We were a startup, in those days, and, if you look at Wired Magazine from the same time period, youll find we did significant layoffs at the company around that time. As 5.0 was rolling out, PGP, Inc. was realizing that it didn't really have enough funding to keep going as an independent entity. As a result, we didn't have any resources to devote to Unix. Windows and Mac were our focus because that was what was needed for the corporate clients we needed to keep the business going. Once Windows 5.0 shipped (I was a developer on that, as well), work was begun on 5.0 for Unix. I was the only person on the non-crypto team (who were now busy working on 5.5) who had any knowledge of Unix, so I got to do it all by myself, with essentially no other resources. So, yes, it came out later. We didn't have the people to do it any sooner.
4) "When they finally were releasing the UNIX versions, they were binary-only." In July of 1996, we published the first source-code books, containing the PGP 5.0 source code from the late June releases of 5.0 for Windows and Mac. Our intent with these books was to make the source code available for international review within the constraints of US export law at the time. It took about a month to get them together, as we had to write code to format the books correctly, etc. With every subsequent book, it took less time for the code to be released, as we improved the process. In the July book, we included the "alpha" version of PGP 5.0 for Unix that I was developing, at the time. It had a lot of flaws, but let people see the code. This was scanned in and became available online in late July or early August (if memory serves). Once the final Unix version was released, the code was available in the next source code book. I know we discussed publishing an addendum with the 5.0 Unix code, final version in it, but I don't recall if that happened. The 5.0 Unix source-code book may have been delayed because PGP, Inc. was running out of money, that fall. As I recall, the code itself was completed in September, but it may be true that the code was not actually published for some months, afterward. Again, this was not due to a conspiracy, but due to a lack of funds.
5) [Long rant about publishing the books not making sense]. We did not publish the source code electronically for very specific export-control reasons. At the time, it was illegal (punishable with jail time) to let that type of stuff out of the country. We felt that, as a company, we had a big, fat target on us, and we had to do everything in a completely legal fashion. As I said in number four, I agree that the Unix source code didn't come out as quickly as it could, but that had more to do with a lack of funds than anything else.
6) "They deliberately broke interoperability..." The answer to this one is really simple: Patents. We wanted to release a completely freeware version of PGP. We couldn't, as long as RSA was a requirement. Therefor, we had to move the product off of RSA.
Finally, you complain that "PGP Incorporated is a government shill organization..." Technically speaking, "PGP, Inc." doesn't really exist since they were purchased by Network Associates, Inc. in December of 1997. I'm going to assume what you're trying to get across here is that, earlier in 1997, PGP, Inc. was a government shill organization (as evidenced by its poor support of Unix, apparently).
This was an accusation frequently leveled against us at the time, but which we were not permitted, as employees, to counter. I've never really said anything about it, before, and certainly slashdot is not the kind of place where this is going to be widely read an understood, but:
PGP, Inc. was a lot of things. It was a startup with too much money, too fast, that burned that money too quickly on unimportant things. It made a lot of business decisions, some which I agree with (making Windows a priority, for example) and many of which I didn't. It was quite amusing, at the time, to see how everything we did was considered evidence of a government conspiracy. My wife was the build mistress, and she'd make some trivial change to a README and the next thing you'd know there would be people on Usenet analyzing the wording for proof that the NSA was controlling us.
In the end, PGP, Inc. lasted about a year and a half. I joined in November, 1996, when they had gotten their first financing. Like a lot of other people, I took a significant pay cut to come work on PGP, because of my love of the product and desire to help create a product that would help people protect their privacy and resist tryanny. Almost every employee there (and certainly all the engineers) were there for similar reasons. We did a lot of things that I think we'd change, in retrospect. But I personally lost thousands of dollars in lost wages working for PGP (and got basically nothing in the sale to NAI). The reason all of us were there was to build a company that could take encryption to the masses. The strategy we chose was to do that by selling a product to large corporations.
You may have complaints about what we did. I personally was never happy with PGP 5.0 for Unix, and can understand why others (especially those who actually paid for it) might have complaints about it. But to say that we did it in concert with the government or to aid the government in any way is not just ridiculous, it's offensive. Staring a company from the ground-up is hard, and it's not surprising that we made mistakes. But they were all honest ones.
Also, for what it's worth, export regs on crypto have now significantly been loosened, and it is now legally possible to export "machine readable" crypto code without an explicit license.
And, yes, there's prolly a grammar or spelling error up there someplace (or down here), but you didn't pay me $61,000 for this comment, now, did you?
The RIAA quite intentionally avoided the question of whether mp3.com has the right to send you a song you already own.
Instead, they focused on the creation of the database: did mp3.com, the company, have the right to encode a bunch of CDs to use for commercial gain? This is a totally different point from you as an individual encoding a bunch of a CDs - you're just doing it for yourself. If you're doing it for commercial gain (and, by definition, almost anything a company does is for commercial gain), then, under US copyright law, you've got to compensate the rights holders. That's all the case was about, and it has no ramifications for any other online music services - liquidaudio.com, emusic.com, musicmaker.com or even napster.com. None of them were so willfully STUPID as to go and make a commercial database of songs they haven't licensed the rights to. The shareholder lawsuits alone on such poor thinking should keep as all entertained for years...
One of the cases used against MP3.com, for example, is that of Kinko's copying a book. If you buy a book, and buy a photocopier, it is within your rights to make a copy of that book, as long as you don't make any money on it. However, if you take that same book down to Kinko's, and PAY Kinko's to make a copy, you have just crossed the line. Kinko's made money on the deal, which means that legally they have to have a contract with the author to distribute royalties. Absent such a contract, Kinko's has violated copyright law. It's the same thing with mp3.com - by using the songs in a commercial context, they are required to seek licenses from the original rights holders. They didn't, and hence are liable for copyright infringement, even though their service went through backflips to prevent hackability (and, from a technical standpoint, I think they did a pretty good job, there). Should've saved some money on programmers, though, and paid a good copyright lawyer to tell them if it was legal, first.
It's not like this is some new "Net Act" that's untested in court...what they did violated the essential basis of US copyright law, and precedents on it go back more than 100 years. That's why the judge agreed to the summary judgement - he thought it was so completely obvious they broke the law that it wasn't even worth going to trial. Again, how a publically traded company could make such a boneheaded error is completely beyond me. What a train wreck!
Ah, but to be REALLY surreal, shouldn't it NOT do anything strange, since that's what you expect?
When I worked at PGP, one of the Big Five record labels came to us and asked us to design a crypto system for encrypted music, much like what just got broken with DVD. Despite being a cash-hungry start up, we sent them packing, because our analysis was that there was no way to make a system like that unbreakable. Since PGP's reputation depended on our security prowess, we decided the short-term cash wasn't nearly as important as the long-term damage our business would suffer when this stuff was cracked, as we knew it would be. As Phil Z. has said recently, "Encrypted music is like having a secure channel to Linda Tripp."
This is just the same old thinking that is paralyzing all of Hollywood. There is this enormous fear in all parts of the entertainment industry of digital technology. Controlling exactly how much data a PC DVD drive can write, or requiring firmware upgrades to ALL DVD drives on the market is NOT going to solve the problem. All it's going to do is alienate people from these formats.
All of the entertainment industry has been trying to use the move to digital formats to lock things down a lot more than they are, now. In theory, your ability to make "fair use" copies of DVDs still exists. In reality, Congress has made it illegal to create a device to break the encryption. I don't suppose the fact that the brakers, in this case, were overseas will halt the entertainment industry's inevitable cries for more legislative action on these issues.
Unfortunately, the entertainment industry is between a rock and a hard place - they can either open up a little and let average people do basically honest things, or they can be completely crushed by piracy. Hiding behind innefctive security will, in the end, make things worse by forcing average users to pirate media in order to do what they want. It's the same old story of the digital age - do what the people want, and maintain a little control. Or go completely against them and get crushed.
It will be telling to see how the industry reacts to this latest issue. I'm hopeful maybe some lessons were learned. If they think we're all going to reflash our DVDs, I think they'll be suprised. The customer doesn't care about encryption as long as it doesn't cause him any hassle. Hollywood has basically two choices, now - kill DVD (either by forcing a reflash, or by refusing to release movies in it at all), or recognize that the genie is out of the bottle. I'm hopeful they'll do the latter. They're going to have to wake up and smell the coffe, eventually. I just hope it's now and not in five years.
However, given /.'s highly political stance on software patents (and that of its readership) is perhaps a different bookseller in order? I personally have sworn off Amazon as long as they insist on pursuing their one-click patent. It would be nice to see /. put its money where its mouth is. In fact, it might be very nice if they spearheaded a techie boycott of Amazon on this subject.
I think it's interesting that both sides were able to use computers. It could be interesting to set up (perhaps on /., as you suggest) a Team A vs. Team B game, where each side decides over some long amount of time their moves, is able to consult grand masters, etc. I'm assuming we couldn't get Kasparov to play us - but, even if we could, this might be neater. I could see how, in some ways, it might lead to a different view of chess - one in which teams and computers spend long periods of time trying to outguess the competetition. Of course, you'd have the problem that your opponents would be able to view your decision making process...:)
Yeah, the patent thing is quite frustrating. When I saw Amazon's news, this morning, my first thought was "Gee. I wish I'd bought some Amazon stock so I could sell it, now." Hrmph. Come to think of it, I suppose I should be boycotting them, now...
They've been doing that for months, at least. I use it a lot for Linux-related info. The Uncle Sam search is new, though. Hmmm, maybe it can find all my money old Uncle Sam made off with...