Yes, it is a problem with the programmer. Programmers don't live in a vacuum, though. If you write stuff for Windows, you tend to be surrounded by the MicroSoft mindset - that everything should be easy, that server and client both have a GUI, that the default should be convenience instead of security, etc. MS is finally making noise indicating that they might start to change, with their "trustworthy computing" and whatnot.
The more lines of code running on the server, the more I can do at once.
Only if those lines of code implement services that you need.
It's the quality of programming and the basic mindset
You also have to consider the design and mindset of the operating system the software is running on.
MS unfortunately has to break backwards compatibility to fix some of their design problems, so I'm not holding my breath with regards to Windows.
There is also the danger that Linux might repeat MS' mistakes by not thinking enough about security with regards to kparts, bonobo, et.al.
any time you mix environments you create places of disturbance.
Yes, you do. But why is that? If everything was able to speak the same protocols and file formats, there would be no disturbance. There are certain major players that decided quite early on that it would not be in their own best interest to describe file formats and protocols - why spend time and money to ensure interoperability when they make more money on vendor lock-in.
In addition, a homogenous environment has its own dangers. Think of it in the terms of biology - a monoculture is more vulnerable to external changes than a heteroculture. A server farm of only NT or only RH7.3 is way more vulnerable to the next worm than a mixed environment. In a mixed environment, there is a higher probability that a few of your servers will catch the next Internet plague, but there is close to no probability that the plague will take down your entire server park.
One hopes that one day something like some flavor of CORBA or (god forbid).NET will become successful enough to where computers all look the same to one another, and they can use components of each other for storage, input, output, and so on.
Do we really need all that remote function call capability? Can't we get by with a secure file transfer protocol with authentication capability and a decent set of documented file formats? Add SOAP, XML-RPC and wireless devices like PDAs and cell phones to your list above and you have just described my security nightmare. Heaps of devices with heaps of entry points with potential security holes available. cgi-bin on steroids.
Most people will find that NT (of some sort) is their best option
Also true, but mostly because of economies of scale and the network effect. For many tasks NT/2000 is, all things considered, a smart choice. But does that mean that it is illegal to point out the problems with Windows?:-)
This won't be so bad what with Hammer coming, it's long past time for x86 to go 64 bit.
Crystal ball time - will IA-64 or X86-64 win the next platform battle? MS is still the major software force in the x86 market, so they can make or break Hammer.
OpenBSD has only had "One remote hole in the default install, in nearly 6 years!" But it has had one, does this make it as insecure as unpatched win98?
If we talk about Win95 instead of Win98, you can truthfully say that "Win95 has not had a single remote[1] hole in the default install". ('95 didn't install TCP/IP by default);-)
[1] If we define remote as 'outside your local network segment'.
The reason NT is so popular today is that the desktop and the server run the same shit, they're easier to administer.
True, and also the source of the problem.
Lots of apps depend on IE for various functionality so the GUI needs to run all the time.
Perhaps I'm an old-schooler, but desktop and server are two entirely different tasks.
The desktop is supposed to be easy to use. Ease of use and security are, in many situations, mutually exclusive.
A server is that remotely administrated box sitting in the air-cooled server-room. After the initial install, you should not have to touch the box unless you are doing a hardware upgrade or replacing a disk in the RAID.
A GUI running on the server makes it too damn easy for a programmer to forget that he is writing server software.
What I'm worried about is the bugs, not the amount of stuff that's running.
The more lines of code running on the server, the more lines of code that can contain a bug.
>>the code only needs to be checked when the programs are first loaded, not all the time
>In that case I'm not worried about it at all. >Just get a generic authentication program made, add it as a bumper to the program, and call the area of the program that actually starts running real code.
Until Intel and Microsoft provide more detailed information about the system, we can only guess at hw it actually works.
A system that authenticates signed binaries is most likely to compare a signed hash contained in the binary with a checksum of the entire binary. So, if you add a new binary to the end of a correctly signed bumper, the checksum won't match.
This would also have to check all objects loaded by the binary - like plugins and dlls. The system would have to deny programs from loading unknown object types (in the 640K DOS days, programs often had to be split into many separate parts loaded and discarded by the program at demand. There were a lot of different standards for doing this). To stop a trusted program from executing unsigned code, it must be impossible for the program to load unsigned/checked data to process memory that is executable, or to modify executable code.
In other words, all executable objects loaded by the program must be signed and in a format known to the security system and executable pages in process memory space must be marked as execute only or execute/read.
If I'm not mistaken, X86 page tables only have bits for read, read/write and no_access so the OS would have to emulate support for execute. Does anyone know what page table flags WinNT set on executable code today, and whether the above would have a negative impact on performance?
why not recharge the batteries via-induction while your in the pits?
They were (supposedly) using standard lead-acid car batteries. If you try to fast-charge them, they start to boil.
Ockham's Razor implies that this is just a regular scam-job, the car was run until the batteries were nearing the dipping point. (voltage doesn't drop linearely with the discharge of the battery, a top charged car battery with no load shows ~13V while a battery that is getting close to empty is ~10V)
Did anyone else here see the Andy Rooney segment on 60 minutes a couple of weeks ago? He was bitching about how all his connectors are different shapes and sizes... he said "if they're so smart, why can't they make one cable that works for everything."
Is it me, or is Andy incapable of ever saying something interesting?
It never has been legal to make copies of copyrighted works except in special circumstances.
I guess people will always argue whether the firewall of copyright law has a default policy of allow or deny.
Anyway, the laws and technologies pushed by the *AAs in the US of A are having an effect on the rest of the world also. The US makes it difficult for legislators in other countries to make their own policy decitions regarding the correct balance in copyright law.
The Norwegian copyright law, for example, states that it is your right to make copies of a copyrighted work for personal use. CSS and other use restriction technologies makes it damn close to impossible to maintain that right.
Shite, guys, your countries started AT LEAST two major wars because of your habit of screwing treaties.
If the countries of Europe had not honored their treaties and alliances, WWI would have been a small regional conflict.
It is true that Germany screwed the treaty of Versailles. However, that treaty was certainly screwed up to begin with, and caused the recession and social instability in Germany that lead to WWII.
I'm getting dangerously close to invoking Godwin's Law here, so I guess I'll stop.:)
So, you believe that a guy in France who thinks that all Americans should get shafted makes a good peer, while, an American who believes in fair trials isn't?
Please explain why a guy in France has less respect for fair trials than an American. The average french citizen certainly has less respect for american culture than an american, but a disagreement over culture is a far cry from throwing americans in jail without a fair trial.
It is as if "oh my, they don't like McDonalds" suddenly has become the equivalent of "they hate us, and want to take us down".
We CAN'T consider the World Community to be a community we want to be a part of, as long as the world resents us for having a mostly-Capitalist system that puts personal responsibility first.
Sorry, but that makes no sense to me. Please explain.
And seriously, Europeans. I've had enough of this BS crap that, whenever you discuss foreign policy amongst yourselves on message boards and junk, that you assume that all Americans agree with their government.
It is riddled with comments about hoping that American's 'get what they deserve', whatever that may be.
A few comments in a narrow public forum does not a world conspiracy make.
Having US soldiers brought before a different court system would be a blow to one of the fundamentals of the US military and hurt combat effectiveness.
Having to obey international treaties also hurts combat effectiveness. Should we do away with them too?
Besides this, we in the US believe in a 'jury by your peers'. A world courty is hardly that.
If the issue at hand is an international issue, your peers are the citizens of the world, not the citizens of the US.
According to Maginary, it must be a very successful gene, given that it was able to spread that wide in such a short time frame...ignoring the fact that humans showing the strongest effects of the gene generally fail to reproduce.
luckily the error doesn't change the territorial bugbear it illustrated.
The bugbear is the same. That is, how the (non)exhaustion of rights at first sale and commercial import interact.
I am not fond of community exhaustion, as set forth in the EUCD. It sounds too much like creating a 'Festung Europa' for copyrighted works.
in about '94/'95 my boss at the time ordered laserdiscs from the US. They were stopped at the border because the discs hadn't come through the official release channels and weren't officially available in NZ.
That sounds like an example of parallel import laws.
can you tell us if the EU 'fair terms for consumers' directive applies in Norway?
According to the EFTA Surveillance Authority database, this directive is implemented in Norway.
If the case against Jon Johansen initially stems from the resctrictment that the user used only autorised playback equipmen is it "reasonable" to claim a consumer is prohibited playing a legally purchased dvd on a linux box ?
_I_ would say that it is unreasonable.:)
Please note that the Økokrim indictment does not claim that a customer is contractually bound to only play DVDs on 'authorised' players. It claims that the DVDs were sold with the expectation that they would only be played on 'authorised' players.
I don't know what Økokrim is thinking, and to me it seems like they have an extremely weak case. After all - there is no contract. Once you buy a DVD record you should only be bound by copyright law regarding what you can or can't do with the content of that DVD.
A judge might not agree, though, and that scares me.
What would be your advice to his legal team?
Focus on two questions:
- The question of legitimate/illegitmate access. If you own a DVD, why would you not have legitimate access to the content?
- Ask the MPAA to show why some DVD players are more equal than others. That is - why are only DVDCCA-licensed players authorised to access DVDs? Why and how is it possible that the 'right to access' is attached to the DVD player and not to the DVD record?
The actual text of the law is about equipment designed to listen in on someone elses conversation.
There are three s in Norwegian Penal Code that might apply here.
145a covers eavesdropping equipment. It is illegal to use tape recorders or similar to eavesdrop.
262 makes it illegal to manufacture, sell, import or own devices which makes it possible to gain unauthorised access to pay-services like pay-TV. In other words, pirate decoder cards.
Jon's indictment is based on 145.
145 covers breaking a protection in order to gain illegitimate access to data. That is - it is the act of breaking that is covered, not devices used for breaking. Breaking a protection is not illegal if you are entitled access to the data.
145 also makes it illegal to assist in breaking a protection, and Økokrim claims that he has assisted by making DeCSS available.
The Supreme Court ruled in the Betamax case that a technology that has even one significant legitimate use (doesn't even have to be the predominant one) CANNOT be banned based on theories of contributory copyright infringement.
Oh, I wish that was the truth.
The supreme court ruling was very close (5-4), and - as far as I remember - evidence from studies showed that at least 20% of the taping was legitimate.
Even with 20%+ legitimate use, it was a close call. We might not be this lucky next time.
It seems like DVD's are sold with the requirement that it only is to be playbacked on authorised equipment.
145 in the Norwegian Penal Code was originally a paragraph that made it illegal to open letters in order to gain illegitimate access to information.
It was later extended to also cover typical "hacker[1] crimes". Typically, breaking into a server to gain illegitimate access to data.
In order to be convicted by 145, you have to break a protection (which DeCSS arguably does), and get illegitimate access to data by doing so.
The entire case hinges on the question whether it is legitimate or not to gain access to the cleartext of a DVD movie that is in my physical possession.
Økokrim claims that it is illegitimate because the movies were sold with the expectation that they would only be played on "authorised"[2] DVD players. An interesting - in the chinese meaning of the word - claim, to say the least.
[1] I know the difference between hacker/cracker.
[2] One unexplored issue wrt DVD players is exactly where this authorisation comes from. That is - by what right can a movie studio claim that their movies are only allowed to be played on players produced by manufacturers that have signed the DVDCCA license? It is even more complicated than this because of DVD manufacturing plants, different subsidiaries of movie companies releasing movies for different regions, etc.
In fact, the copyright holder has the right to require their works be viewed only in one city if they want, though it would obviously be silly to do so.
Please cite chapter and verse of the law or court decitions that support this argument.
I might agree with you if you are talking about public performance of a work, but you are dead wrong if you are talking about selling physical copies of a work.
Levi recently took the major UK supermarket to court in the UK to prevent them buying jeans legitimately in the USA and importing them, on copyright grounds. Levi won.
Levi claimed trademark infringement, not copyright infringement.
it's still the right of the copyright holder to limit distribution if they want.
They are only allowed to limit distribution within the bonds of the law.
First Sale - the exhaustion of the distribution right - is one of the largest limitations of the copyright holders power to control distribution.
Many countries have laws regarding parallel import, and they might apply for commercial import.
Trademark law might also apply for commercial import.
Licenses and contracts might also apply.
What is important to note, is that you - as a private person - are rarely affected by parallel import laws, trademark laws and contracts. Thus, you only have to care about First Sale in most situations. And First Sale is the exact opposite of "it's still the right of the copyright holder to limit distribution if they want".
Authors are not required to translate books into multiple languages
True
If they want to write their book in hieroglyphics they may do so and no one may translate the material
Untrue. If I happen to be able to read hieroglyphics, it is not copyright infringement if I translate the book while reading it aloud.
and distribute these translations.
True.
If somneone buys the book second hand (right of first sale), they can't violate the copyrights and translate
Untrue.
and distribute
True.
Content creators are not required to release their material without region encoding or copy-protection if they choose not to do so.
True.
If you want a translation, you'll have to buy the translation from the copyright holder. In this case it means you'll have to hope they offer a copy of the DVD in your region.
Untrue.
It is not illegal to own a hieroglyphics to english thesaurus. If I have the means to translate/transform the work to a format that is more suitable for me, I'm perfectly entitled to do so. However, In most situations I am not entitled to distribute that translation.
With regards to region coding - The MPAA isn't saying "you can't translate and distribute this work", they are saying "hand over your thesauruses, because we only want people that know hieroglyphics by heart to watch our work".
Some EU countries are about to make this the law, because of some silly EU directive. Norway is not an EU country, though. In fact I'll bet that only a tiny percentage of people here are familiar with Norwegian copyright law, so I'm assuming that comments are talking out of their asses until proven otherwise:)
Norway is part of the EEA, and must unfortunately implement the brain damage that is the EU Copyright Directive in Norwegian law.
And as for the tiny percentage of us that are familiar with.no copyright law, we tend to correct other comments when they get it wrong.;)
The copyright holder's right to control distribution of a particular copy ends at the first sale.
With - unfortunately - a few exceptions:
Many countries have parallel import laws. If someone holds an exclusive distribution right to a particular movie, book or other work in that country, 3rd parties are not allowed to to import the same goods from abroad for commercial purposes - i.e., resale. It is still, however, legal to import for personal use.
In the US, First Sale is Global First Sale. That is, once a physical copy of a work has been sold anywhere in the world, US copyright law considers the distribution right to that copy to be exhausted.
In EU (and EEA), the EU Copyright Directive will harmonise First Sale to "community exhaustion". That is, the distribution right has not been exhausted unless the First Sale happened inside the EU community, or the rightholder has explicitly allowed the work to be distributed in EU.
Of course, the major content providers will only recognize DRM hardware signed by sources they trust.
You're suggesting that PKI puts great power in the hands of certificate signing bodies. I don't buy that.
You should think about the implications created by "signed by sources they trust".
Hollywood trusts DVD-players manufactured by companies that have signed the DVDCCA-license. This enables Hollywood to force contractual requirements on all DVD manufacturers - the most obvious one being the region code requirement.
By deciding which CA's the content owners trust, they are in a position to determine which players they will allow their content to be played on, which companies that are allowed to manufacture these players, and which features these players should have.
If this kind of regime had existed today, Hollywood would have been in a position to stop TiVO and ReplayTV.
That was the case I was thinking of. But there are two issues here:
1. Whether it is legal for someone to make extracts of any resolution, and;
2. Whether the copyright holder should be obliged to make them available or make it possible for them to be obtained.
Good point. 1 is a given, but 2 is not that clear cut. There are some acts of fair use that can not be performed unless you have a full quality unprotected digital copy, but the majority of fair use could probably be satisfied with a lesser-quality copy.
When I indicated that DRM implementations must remove all restrictions when the copyright expires, I was thinking of that as part of redress for this imbalance.
Removing restrictions on copyright expired works should be a requirement. Not doing so would, imho, be a case of copyright abuse.
(I think we both agree that the copyright term is insanely long for many types of works.)
My take is that if the DRM can be defeated, there is no right to prevent such defeat, if it enables some fair use uses. However, if DRM is such that it is impossible to do so, then some accomodation to facilitate exercise of traditional fair use is required.
Agreed. This would require some changes to the DMCA and the EU Infosoc directive, so let's stop arguing and start lobbying.:)
Nowhere do they address "perfect copies". So, while you might have a right to make a perfect copy, I don't see an obligation on the part of a copyright holder to make it possible for you to have one, only that you can make "some" copy, sufficient for criticism, parody, etc.
I'd be perfectly willing to fight for the right to have "perfect copies", but as you say - there is no firm support for that view in current legislation.
But there is also nothing in the legislation that says that you are _not_ entitled to perfect copies for fair use purposes, so as a matter of law it seems like it is an undecided issue and as a matter of precedent we (afaik) only have the Kaplan ruling.
"Advances in technology create opportunities for rightholders to sell new products, and it also create new opportunities for fair use. DRM will preserve the rightholders' benefits of new technology, but might to a large extent deny the creation of new fair use rights. "
What new rights? I can see new ways to exercize fair use rights (i.e. time- and space-shifting, i.e. with a VCR) but the rights do not change (making personal copies, in this case).
"Fair use" is not an exhaustive list. When a court is called upon to determine if something is fair use or copyright infringement they use the four step test:
1. What is the character of the use? 2. What is the nature of the work to be used? 3. How much of the work will you use? 4. What effect would this use have on the market for the original or for permissions if the use were widespread?
[I dare you to try to implement this as DRM rules:) ]
See this for a more detailed discussion on fair use.
So - if Sony had not included a 'record' button on the Betamax, it is likely that the supreme court would never have had the opportunity to decide whether time shifting of TV broadcasts was a fair use or not. If I remember correctly, the fair use-ness of time shifting had not been determined by the courts prior to Universal vs Sony so this ruling actually _created_ the time shifting right.
New technology create new opportunities for using copyrighted works. By using DRM to prevent many acts, the courts are not given the possibility to decide which of these acts are fair use.
For example, one new potential right might be "storage shifting". I buy some music, and want to be able to access it from anywhere. I upload the music to 'mp3storage.com', and they give me an username/password so that I, and only I, can access the music from any Internet-connected device. Is this a 'fair use'? Maybe, maybe not.
It appears that you wish to only give AAs legal recourse against copyright violators, and not technical recourse.
Correct.
Please keep in mind that technology might also make it easier for them to discover copyright infringement online. To participate in massive copyright infringement, I have to make it easy for other people to find the material. This will also make it easier for rightholders to find me (think infringement-searching spiders on the web and P2P networks). Paired with DMCA'esque notice-and-takedown systems and a kind of copyright small-claims court, the rightholders will not be without teeth.
Going after the infringers instead of killing P2P service providers and spending a lot of money on developing and pushing DRM systems is - in my book - a better solution.
Slashdot Mirror
Yes, it is a problem with the programmer. Programmers don't live in a vacuum, though. If you write stuff for Windows, you tend to be surrounded by the MicroSoft mindset - that everything should be easy, that server and client both have a GUI, that the default should be convenience instead of security, etc. MS is finally making noise indicating that they might start to change, with their "trustworthy computing" and whatnot.
.NET will become successful enough to where computers all look the same to one another, and they can use components of each other for storage, input, output, and so on.
:-)
The more lines of code running on the server, the more I can do at once.
Only if those lines of code implement services that you need.
It's the quality of programming and the basic mindset
You also have to consider the design and mindset of the operating system the software is running on.
MS unfortunately has to break backwards compatibility to fix some of their design problems, so I'm not holding my breath with regards to Windows.
There is also the danger that Linux might repeat MS' mistakes by not thinking enough about security with regards to kparts, bonobo, et.al.
any time you mix environments you create places of disturbance.
Yes, you do. But why is that? If everything was able to speak the same protocols and file formats, there would be no disturbance. There are certain major players that decided quite early on that it would not be in their own best interest to describe file formats and protocols - why spend time and money to ensure interoperability when they make more money on vendor lock-in.
In addition, a homogenous environment has its own dangers. Think of it in the terms of biology - a monoculture is more vulnerable to external changes than a heteroculture. A server farm of only NT or only RH7.3 is way more vulnerable to the next worm than a mixed environment. In a mixed environment, there is a higher probability that a few of your servers will catch the next Internet plague, but there is close to no probability that the plague will take down your entire server park.
One hopes that one day something like some flavor of CORBA or (god forbid)
Do we really need all that remote function call capability? Can't we get by with a secure file transfer protocol with authentication capability and a decent set of documented file formats? Add SOAP, XML-RPC and wireless devices like PDAs and cell phones to your list above and you have just described my security nightmare. Heaps of devices with heaps of entry points with potential security holes available. cgi-bin on steroids.
Most people will find that NT (of some sort) is their best option
Also true, but mostly because of economies of scale and the network effect. For many tasks NT/2000 is, all things considered, a smart choice. But does that mean that it is illegal to point out the problems with Windows?
This won't be so bad what with Hammer coming, it's long past time for x86 to go 64 bit.
Crystal ball time - will IA-64 or X86-64 win the next platform battle? MS is still the major software force in the x86 market, so they can make or break Hammer.
OpenBSD has only had "One remote hole in the default install, in nearly 6 years!" But it has had one, does this make it as insecure as unpatched win98?
;-)
If we talk about Win95 instead of Win98, you can truthfully say that "Win95 has not had a single remote[1] hole in the default install". ('95 didn't install TCP/IP by default)
[1] If we define remote as 'outside your local network segment'.
The reason NT is so popular today is that the desktop and the server run the same shit, they're easier to administer.
True, and also the source of the problem.
Lots of apps depend on IE for various functionality so the GUI needs to run all the time.
Perhaps I'm an old-schooler, but desktop and server are two entirely different tasks.
The desktop is supposed to be easy to use. Ease of use and security are, in many situations, mutually exclusive.
A server is that remotely administrated box sitting in the air-cooled server-room. After the initial install, you should not have to touch the box unless you are doing a hardware upgrade or replacing a disk in the RAID.
A GUI running on the server makes it too damn easy for a programmer to forget that he is writing server software.
What I'm worried about is the bugs, not the amount of stuff that's running.
The more lines of code running on the server, the more lines of code that can contain a bug.
>>the code only needs to be checked when the programs are first loaded, not all the time
>In that case I'm not worried about it at all.
>Just get a generic authentication program made, add it as a bumper to the program, and call the area of the program that actually starts running real code.
Until Intel and Microsoft provide more detailed information about the system, we can only guess at hw it actually works.
A system that authenticates signed binaries is most likely to compare a signed hash contained in the binary with a checksum of the entire binary. So, if you add a new binary to the end of a correctly signed bumper, the checksum won't match.
This would also have to check all objects loaded by the binary - like plugins and dlls. The system would have to deny programs from loading unknown object types (in the 640K DOS days, programs often had to be split into many separate parts loaded and discarded by the program at demand. There were a lot of different standards for doing this). To stop a trusted program from executing unsigned code, it must be impossible for the program to load unsigned/checked data to process memory that is executable, or to modify executable code.
In other words, all executable objects loaded by the program must be signed and in a format known to the security system and executable pages in process memory space must be marked as execute only or execute/read.
If I'm not mistaken, X86 page tables only have bits for read, read/write and no_access so the OS would have to emulate support for execute. Does anyone know what page table flags WinNT set on executable code today, and whether the above would have a negative impact on performance?
Whatever you do, folks, don't convert your MP3 files to ogg.
This reminds me of people that converted their GIFs to JPEG because "JPEG is better". *shudder*
why not recharge the batteries via-induction while your in the pits?
They were (supposedly) using standard lead-acid car batteries. If you try to fast-charge them, they start to boil.
Ockham's Razor implies that this is just a regular scam-job, the car was run until the batteries were nearing the dipping point. (voltage doesn't drop linearely with the discharge of the battery, a top charged car battery with no load shows ~13V while a battery that is getting close to empty is ~10V)
Then they faked a blown bearing.
Did anyone else here see the Andy Rooney segment on 60 minutes a couple of weeks ago? He was bitching about how all his connectors are different shapes and sizes... he said "if they're so smart, why can't they make one cable that works for everything."
Is it me, or is Andy incapable of ever saying something interesting?
It never has been legal to make copies of copyrighted works except in special circumstances.
I guess people will always argue whether the firewall of copyright law has a default policy of allow or deny.
Anyway, the laws and technologies pushed by the *AAs in the US of A are having an effect on the rest of the world also. The US makes it difficult for legislators in other countries to make their own policy decitions regarding the correct balance in copyright law.
The Norwegian copyright law, for example, states that it is your right to make copies of a copyrighted work for personal use. CSS and other use restriction technologies makes it damn close to impossible to maintain that right.
Shite, guys, your countries started AT LEAST two major wars because of your habit of screwing treaties.
:)
If the countries of Europe had not honored their treaties and alliances, WWI would have been a small regional conflict.
It is true that Germany screwed the treaty of Versailles. However, that treaty was certainly screwed up to begin with, and caused the recession and social instability in Germany that lead to WWII.
I'm getting dangerously close to invoking Godwin's Law here, so I guess I'll stop.
So, you believe that a guy in France who thinks that all Americans should get shafted makes a good peer, while, an American who believes in fair trials isn't?
Please explain why a guy in France has less respect for fair trials than an American. The average french citizen certainly has less respect for american culture than an american, but a disagreement over culture is a far cry from throwing americans in jail without a fair trial.
It is as if "oh my, they don't like McDonalds" suddenly has become the equivalent of "they hate us, and want to take us down".
We CAN'T consider the World Community to be a community we want to be a part of, as long as the world resents us for having a mostly-Capitalist system that puts personal responsibility first.
Sorry, but that makes no sense to me. Please explain.
And seriously, Europeans. I've had enough of this BS crap that, whenever you discuss foreign policy amongst yourselves on message boards and junk, that you assume that all Americans agree with their government.
It goes both ways.
It is riddled with comments about hoping that American's 'get what they deserve', whatever that may be.
A few comments in a narrow public forum does not a world conspiracy make.
Having US soldiers brought before a different court system would be a blow to one of the fundamentals of the US military and hurt combat effectiveness.
Having to obey international treaties also hurts combat effectiveness. Should we do away with them too?
Besides this, we in the US believe in a 'jury by your peers'. A world courty is hardly that.
If the issue at hand is an international issue, your peers are the citizens of the world, not the citizens of the US.
According to Maginary, it must be a very successful gene, given that it was able to spread that wide in such a short time frame. ..ignoring the fact that humans showing the strongest effects of the gene generally fail to reproduce.
luckily the error doesn't change the territorial bugbear it illustrated.
:)
The bugbear is the same. That is, how the (non)exhaustion of rights at first sale and commercial import interact.
I am not fond of community exhaustion, as set forth in the EUCD. It sounds too much like creating a 'Festung Europa' for copyrighted works.
in about '94/'95 my boss at the time ordered laserdiscs from the US. They were stopped at the border because the discs hadn't come through the official release channels and weren't officially available in NZ.
That sounds like an example of parallel import laws.
can you tell us if the EU 'fair terms for consumers' directive applies in Norway?
The directive is 93/13/EEC
According to the EFTA Surveillance Authority database, this directive is implemented in Norway.
If the case against Jon Johansen initially stems from the resctrictment that the user used only autorised playback equipmen is it "reasonable" to claim a consumer is prohibited playing a legally purchased dvd on a linux box ?
_I_ would say that it is unreasonable.
Please note that the Økokrim indictment does not claim that a customer is contractually bound to only play DVDs on 'authorised' players. It claims that the DVDs were sold with the expectation that they would only be played on 'authorised' players.
I don't know what Økokrim is thinking, and to me it seems like they have an extremely weak case. After all - there is no contract. Once you buy a DVD record you should only be bound by copyright law regarding what you can or can't do with the content of that DVD.
A judge might not agree, though, and that scares me.
What would be your advice to his legal team?
Focus on two questions:
- The question of legitimate/illegitmate access. If you own a DVD, why would you not have legitimate access to the content?
- Ask the MPAA to show why some DVD players are more equal than others. That is - why are only DVDCCA-licensed players authorised to access DVDs? Why and how is it possible that the 'right to access' is attached to the DVD player and not to the DVD record?
But surely you were aware that removing a watermark is done to remove the security that the watermark was intended to impose
Nay, a watermark does not impose any security. A watermark might be compared to a sign saying "thou shalt not trespass", but not to a lock.
The actual text of the law is about equipment designed to listen in on someone elses conversation.
There are three s in Norwegian Penal Code that might apply here.
145a covers eavesdropping equipment. It is illegal to use tape recorders or similar to eavesdrop.
262 makes it illegal to manufacture, sell, import or own devices which makes it possible to gain unauthorised access to pay-services like pay-TV. In other words, pirate decoder cards.
Jon's indictment is based on 145.
145 covers breaking a protection in order to gain illegitimate access to data. That is - it is the act of breaking that is covered, not devices used for breaking. Breaking a protection is not illegal if you are entitled access to the data.
145 also makes it illegal to assist in breaking a protection, and Økokrim claims that he has assisted by making DeCSS available.
The Supreme Court ruled in the Betamax case that a technology that has even one significant legitimate use (doesn't even have to be the predominant one) CANNOT be banned based on theories of contributory copyright infringement.
Oh, I wish that was the truth.
The supreme court ruling was very close (5-4), and - as far as I remember - evidence from studies showed that at least 20% of the taping was legitimate.
Even with 20%+ legitimate use, it was a close call. We might not be this lucky next time.
Hoisann.
It seems like DVD's are sold with the requirement that it only is to be playbacked on authorised equipment.
145 in the Norwegian Penal Code was originally a paragraph that made it illegal to open letters in order to gain illegitimate access to information.
It was later extended to also cover typical "hacker[1] crimes". Typically, breaking into a server to gain illegitimate access to data.
In order to be convicted by 145, you have to break a protection (which DeCSS arguably does), and get illegitimate access to data by doing so.
The entire case hinges on the question whether it is legitimate or not to gain access to the cleartext of a DVD movie that is in my physical possession.
Økokrim claims that it is illegitimate because the movies were sold with the expectation that they would only be played on "authorised"[2] DVD players. An interesting - in the chinese meaning of the word - claim, to say the least.
[1] I know the difference between hacker/cracker.
[2] One unexplored issue wrt DVD players is exactly where this authorisation comes from. That is - by what right can a movie studio claim that their movies are only allowed to be played on players produced by manufacturers that have signed the DVDCCA license? It is even more complicated than this because of DVD manufacturing plants, different subsidiaries of movie companies releasing movies for different regions, etc.
In fact, the copyright holder has the right to require their works be viewed only in one city if they want, though it would obviously be silly to do so.
Please cite chapter and verse of the law or court decitions that support this argument.
I might agree with you if you are talking about public performance of a work, but you are dead wrong if you are talking about selling physical copies of a work.
Levi recently took the major UK supermarket to court in the UK to prevent them buying jeans legitimately in the USA and importing them, on copyright grounds. Levi won.
Levi claimed trademark infringement, not copyright infringement.
See EU Court of Justice, case C-414/99
The "Levi's" and "501" trademarks in the UK are held by Levi Ltd, a UK company.
The court held that, by importing Levi jeans from the US, Tesco and Costco infringed on the trademarks held by Levi Ltd.
it's still the right of the copyright holder to limit distribution if they want.
They are only allowed to limit distribution within the bonds of the law.
First Sale - the exhaustion of the distribution right - is one of the largest limitations of the copyright holders power to control distribution.
Many countries have laws regarding parallel import, and they might apply for commercial import.
Trademark law might also apply for commercial import.
Licenses and contracts might also apply.
What is important to note, is that you - as a private person - are rarely affected by parallel import laws, trademark laws and contracts. Thus, you only have to care about First Sale in most situations. And First Sale is the exact opposite of "it's still the right of the copyright holder to limit distribution if they want".
That's a 50% batting average.
Authors are not required to translate books into multiple languages
True
If they want to write their book in hieroglyphics they may do so and no one may translate the material
Untrue. If I happen to be able to read hieroglyphics, it is not copyright infringement if I translate the book while reading it aloud.
and distribute these translations.
True.
If somneone buys the book second hand (right of first sale), they can't violate the copyrights and translate
Untrue.
and distribute
True.
Content creators are not required to release their material without region encoding or copy-protection if they choose not to do so.
True.
If you want a translation, you'll have to buy the translation from the copyright holder. In this case it means you'll have to hope they offer a copy of the DVD in your region.
Untrue.
It is not illegal to own a hieroglyphics to english thesaurus. If I have the means to translate/transform the work to a format that is more suitable for me, I'm perfectly entitled to do so. However, In most situations I am not entitled to distribute that translation.
With regards to region coding - The MPAA isn't saying "you can't translate and distribute this work", they are saying "hand over your thesauruses, because we only want people that know hieroglyphics by heart to watch our work".
Some EU countries are about to make this the law, because of some silly EU directive. Norway is not an EU country, though. In fact I'll bet that only a tiny percentage of people here are familiar with Norwegian copyright law, so I'm assuming that comments are talking out of their asses until proven otherwise :)
.no copyright law, we tend to correct other comments when they get it wrong. ;)
Norway is part of the EEA, and must unfortunately implement the brain damage that is the EU Copyright Directive in Norwegian law.
And as for the tiny percentage of us that are familiar with
The copyright holder's right to control distribution of a particular copy ends at the first sale.
With - unfortunately - a few exceptions:
Many countries have parallel import laws. If someone holds an exclusive distribution right to a particular movie, book or other work in that country, 3rd parties are not allowed to to import the same goods from abroad for commercial purposes - i.e., resale. It is still, however, legal to import for personal use.
In the US, First Sale is Global First Sale. That is, once a physical copy of a work has been sold anywhere in the world, US copyright law considers the distribution right to that copy to be exhausted.
In EU (and EEA), the EU Copyright Directive will harmonise First Sale to "community exhaustion". That is, the distribution right has not been exhausted unless the First Sale happened inside the EU community, or the rightholder has explicitly allowed the work to be distributed in EU.
wasn't that hole Felton/SDMI thing the first time the DMCA was invoked* to stifle research related to computer security?
;-p
I must admit that I was not aware that the discovered weaknesses in audio watermarks enabled someone to gain root access on a server.
Of course, the major content providers will only recognize DRM hardware signed by sources they trust.
You're suggesting that PKI puts great power in the hands of certificate signing bodies. I don't buy that.
You should think about the implications created by "signed by sources they trust".
Hollywood trusts DVD-players manufactured by companies that have signed the DVDCCA-license. This enables Hollywood to force contractual requirements on all DVD manufacturers - the most obvious one being the region code requirement.
By deciding which CA's the content owners trust, they are in a position to determine which players they will allow their content to be played on, which companies that are allowed to manufacture these players, and which features these players should have.
If this kind of regime had existed today, Hollywood would have been in a position to stop TiVO and ReplayTV.
That was the case I was thinking of. But there are two issues here:
:)
:) ]
1. Whether it is legal for someone to make extracts of any resolution, and;
2. Whether the copyright holder should be obliged to make them available or make it possible for them to be obtained.
Good point. 1 is a given, but 2 is not that clear cut. There are some acts of fair use that can not be performed unless you have a full quality unprotected digital copy, but the majority of fair use could probably be satisfied with a lesser-quality copy.
When I indicated that DRM implementations must remove all restrictions when the copyright expires, I was thinking of that as part of redress for this imbalance.
Removing restrictions on copyright expired works should be a requirement. Not doing so would, imho, be a case of copyright abuse.
(I think we both agree that the copyright term is insanely long for many types of works.)
My take is that if the DRM can be defeated, there is no right to prevent such defeat, if it enables some fair use uses. However, if DRM is such that it is impossible to do so, then some accomodation to facilitate exercise of traditional fair use is required.
Agreed. This would require some changes to the DMCA and the EU Infosoc directive, so let's stop arguing and start lobbying.
Nowhere do they address "perfect copies". So, while you might have a right to make a perfect copy, I don't see an obligation on the part of a copyright holder to make it possible for you to have one, only that you can make "some" copy, sufficient for criticism, parody, etc.
I'd be perfectly willing to fight for the right to have "perfect copies", but as you say - there is no firm support for that view in current legislation.
But there is also nothing in the legislation that says that you are _not_ entitled to perfect copies for fair use purposes, so as a matter of law it seems like it is an undecided issue and as a matter of precedent we (afaik) only have the Kaplan ruling.
"Advances in technology create opportunities for rightholders to sell new products, and it also create new opportunities for fair use. DRM will preserve the rightholders' benefits of new technology, but might to a large extent deny the creation of new fair use rights. "
What new rights? I can see new ways to exercize fair use rights (i.e. time- and space-shifting, i.e. with a VCR) but the rights do not change (making personal copies, in this case).
"Fair use" is not an exhaustive list. When a court is called upon to determine if something is fair use or copyright infringement they use the four step test:
1. What is the character of the use?
2. What is the nature of the work to be used?
3. How much of the work will you use?
4. What effect would this use have on the market for the original or for permissions if the use were widespread?
[I dare you to try to implement this as DRM rules
See this for a more detailed discussion on fair use.
So - if Sony had not included a 'record' button on the Betamax, it is likely that the supreme court would never have had the opportunity to decide whether time shifting of TV broadcasts was a fair use or not. If I remember correctly, the fair use-ness of time shifting had not been determined by the courts prior to Universal vs Sony so this ruling actually _created_ the time shifting right.
New technology create new opportunities for using copyrighted works. By using DRM to prevent many acts, the courts are not given the possibility to decide which of these acts are fair use.
For example, one new potential right might be "storage shifting". I buy some music, and want to be able to access it from anywhere. I upload the music to 'mp3storage.com', and they give me an username/password so that I, and only I, can access the music from any Internet-connected device. Is this a 'fair use'? Maybe, maybe not.
It appears that you wish to only give AAs legal recourse against copyright violators, and not technical recourse.
Correct.
Please keep in mind that technology might also make it easier for them to discover copyright infringement online. To participate in massive copyright infringement, I have to make it easy for other people to find the material. This will also make it easier for rightholders to find me (think infringement-searching spiders on the web and P2P networks). Paired with DMCA'esque notice-and-takedown systems and a kind of copyright small-claims court, the rightholders will not be without teeth.
Going after the infringers instead of killing P2P service providers and spending a lot of money on developing and pushing DRM systems is - in my book - a better solution.