So what happens if I trademark cokeauctions.com as within the Coal/Steel manufacturing and wholesale markets? Can I go after The Coca-Cola Company for control over cokeauction.com?
I would have to agree with you. What the RIAA declares the law to mean is irrelevent. Court rulings will determine what the law means.
Perhaps this document should be taken as an indication for actions that the RIAA will attempt to bring before the courts.
I really have to wonder about the "copy of a copy" issue. What happens when my primary copy is destroyed (by those UN Black Helicopters). Now, I'm not able to create another backup? What if they (UNBH) come back? I won't be able to listen to my New Kids on the Block, oh no!
Furthermore, what happens when I'm playing my _William Shattner Sings_ on my computer and it copies portions of the CD to memory which could be swap space on my hard-drive?
Finally, to bunk (or is it debunk?) the final paragraph: I believe it has been documented (though on Slashdot, by Slashdotters) that Artists don't make much money from recordings (rather through concerts and merchandise such as t-shirts).
That's certainly an appropriate form of action. But where is the MPAA getting money to pay for the lawyers in the lawsuits? It all comes down to money from its affiliates. These in turn get money from (for example):
1. Box office ticket sales. 2. Movie soundtracks. 3. Paraphenalia (e.g. Toy Story action figures). 4. VHS sales. 5. DVD sales.
All I'm saying is that some portion (albiet tiny) of your $7 goes to the fight against DeCSS and other forms of reverse engineering.
In my opinion, we have two courses of viable action: 1. Change the laws. 2. Impose economic sanctions (boycotts, sit-ins, etc.) upon those who oppose our liberty.
I'm not saying that closed source is bad. I'm an avid Coke drinker. I play lots of video games written for a certain closed source operating system.
The problem is that Disney gets money from the soundtrack, DVDs, VHSes and theatre tickets. Review's like Mr. Katz's might entice people to see the movie.
Here's my point: Since Miramax is owned by Disney and since Disney is in the MPAA, and since most Slashdotters (IMHO), in theory, oppose the MPAA's decision to sue under the DCMA (enough TLAs yet?) why should Slashdot promote our enemy?
My understanding of the case is that under Canadian Law (where iCraveTV is based) one is *allowed* to re-broadcast a transmission in its entirety. What iCraveTV was trying to do was claim that they are akin to a Cable Television station (as the transmissions go over wire). The problem was that Americans could see the shows. And, as we all know, anytime an American is involved (in any situation) then American Law applies.
My problem with the story is that, generally, Slashdotters are at odds with the MPAA (witness the NY, CN and CA lawsuits. I believe that _Scream 3_ is distributed by Miramax. While Miramax is not listed as a member on the MPAA.org website, I haven't traced their corporate geneology to see if a parent company is. At any rate, Miramax's web site does mention that Miramax movies are available on DVD.
My problem is that this review tacitally endorses the movie and record (this though indirectly) industry. These companies are one of the biggest threats to OSS. Why support them even indirectly?
What does Scream 3 have to do with News for Nerds? This is hardly Stuff That Matters.
The only thing technological in the review was a brief mention of cell phones. Great, lets do an analysis of the evolution of cell phones using the Scream Trilogy as the data source...
Suffering sucatash, won't somebody please moderate Jon Katz down!
But the key will be whether ZDNet will ever admit that Linux is "Enterprise-Ready". If running on Big Iron doesn't make it so, then I wonder what does.
Yes, but the point is that there aren't a significant number of possible algorithms. There are about 5 candidates for AES from a field of about 10. At best, you have 2^4 (roughly) possibities. Some are less strong than others (DES/Triple DES) and you can have dedicated hardware for those (US$100,000).
Please remember that public key algorithms and symmetric key algorithms have very different contexts as far as what key-length is required for 'security'. Pulling numbers out of my ass, it could take the same amount of time to crack a symmetric algorithm's 64 bit key as it does to crack an asymmetric algorithm's 1024 bit key.
I'll agree that DES isn't secure (note: not the same as trivial to break). I find 3 minutes difficult to swallow.
I'm not so sure that I would throw IDEA into the lo, though surely the AES candidates are stronger.
I don't see your jump to...breaking a 128-bit key is probably irrelevent, as DES uses 56-bits. I think you're confused; PGP uses IDEA with a session key. The session key is encrypted using RSA and the message is encrypted with IDEA using the session key.
At this point, your math really confuses me. Why does one have to break the header? You could just brute force the IDEA (or whatever) keyspace. In fact, one hopes that this is easier to do than break the header. If you can break the header for 1 message, you can now recover all session keys and read all messages. Once you have the session key, all you have to do is plug it into 16 or 32 symetric algorithms and you've got the message.
The problem is if the NSA can find public/private key pairs. This means they can: 1. Decrypt messages intended for me. 2. Sign messages in my name (spoof being me).
I think your comments are on-target. According to current published technology, 128-bit encryption (and by this I mean TwoFish and other 'strong' algorithms) is tough. Who's to say what the NSA has cooked up, though. Mr. Schneier is far more qualified to comment. I would recommend http://www.counterpane.com/pitfalls.html for his assessment.
Your understanding of #2 is correct, I believe.
I'm pretty sure that all Public Key Crypto systems work the same way. A session key is generated (if this isn't random, it's a place to attack) and encrypted using public key crypto. The message itself is encrypted using a symetric algorithm. Thus you can do 2 things to try to read the message:
1. Brute force the key for the symetric algorithm. 2. Try to crack the public key/private key pair. This will then allow you to decrypt the session key for all communications, not that particular conversation.
Ideally the determining the private key is much harder than brute forcing the symetric algorithm (since it allows you to decrypt *all* messages).
As far as PGP/GPG go, you assume that the NSA has no shortcuts on cracking IDEA, Blowfish, etc. The solution space for algorithms is so small as to not effect the workload. Don't count on "Security through obscurity (of algorithm)". Need I remind you that "when you assume, you make and ass out of you and me":)
The problem with Echelon is the lack of oversight. How can the NSA claim client/attorney privileges? What is being done to verify that ECHELON breaks no laws?
As the saying goes, the first step to dictatorship is secrecy.
Here, it is perfectly clear that CSS is a technological measure that effectively controls access to plaintiffs' copyrighted movies because it requires the application of information or a process, with the authority of the copyright owner, to gain access to those works. Indeed, defendants conceded in their memorandum that one cannot in the ordinary course gain access to the copyrighted works on plaintiffs' DVDs without a "player key'' issued by the DVDCCA that permits unscrambling the contents of the disks.13 It is undisputed also that DeCSS defeats CSS and decrypts copyrighted works without the authority of the copyright owners. As there is no evidence of any commercially significant purpose of DeCSS other than circumvention of CSS, defendants' actions likely violated Section 1201(a)(2)(B). Moreover, although defendants contended at oral argument that DeCSS was not designed primarily to circumvent CSS, that argument is exceptionally unpersuasive.14 In consequence, plaintiffs have an extremely high likelihood of prevailing on the merits unless defendants' activities come within one of the exceptions in the DMCA or unless there is a constitutional impediment to this conclusion.
I'd like to address these issues.
It is undisputed also that DeCSS defeats CSS and decrypts copyrighted works without the authority of the copyright owners. I am not sure that this is "undisputed". Correct me if I'm wrong: A requirement for use of DeCSS is a DVD player. Such players are granted "keys" by the MPAA or one of its authorized agents. Thus, we can reasonably assume that a DeCSS user is decrypting the copyrighted work legally.
As there is no evidence of any commercially significant purpose of DeCSS other than circumvention of CSS. Isn't DVD piracy a "commercially significant purpose"? Doesn't this undermine the entire argument? While DeCSS cannot determine if the DVD it is accessing was legally purchased or not, neither can a legit device (in the case of a bit-for-bit DVD copy).
First, defendants have submitted no evidence---as distinguished from unsubstantiated assertions at oral argument---to support these contentions [Ed. DeCSS's primary use is for lawful viewing of legal DVDs]. WTF? Does EFF need to show the judge a Linux box playing a legal DVD?
Second, even if DeCSS were intended and usable solely to permit the playing, and not the copying, of DVDs on Linux machines, the playing without a licensed CSS "player key" would "circumvent a technological measure" that effectively controls access to a copyrighted work and violate the statute in any case. The CSS "player key" resides on the DVD player and the Disk itself. How many rogue DVD players are out there? DeCSS's primary intent is not violating copyright, but rather interoperability.
One last point: Are all DVDs copyrighted? If so, won't they fall into public domain after a nearly infinite period of time (thanks Sony Bono Copyright Perpetuity^H^H^H^H^H^H^H^H^H^HExtention Act!)?
By what right does the government claim the property (i.e. the encrypted data)?
IANAL: I can understand the gov't not returning a handgun to a person convicted of a violent gun crime if the state has a law which states that such people are not permitted to own a gun. While I may argue that the law is unconstitutional, I would have to take it to court. But does any law exist for data? Or is the government trying to claim that the data might be "stolen property", to which Kevin has no claim?
Suppose I commit a violent crime and in the process steal a gun. During my arrest, the government finds a safe that they cannot open (for either legal or technical reasons). In fact, they cannot even determine if anything is in the safe. It could contain the gun I stole (that they never recovered) or it could be my (perfectly legal) tax filings.
I understand the judge's quandry. By returning the safe to my possesion, is the judge handing over property that I stole?
Back to the point, I suppose this lends more weight to the case for using stenography (I think that's what it's called). Encrypt all your Overthrow-the-NWO-HOWTO files in png's of the UN flag. Gee, judge, could I get my images back?:)
"This is a DVD. This is a Linux box. This is what happens when you put DVD on Linux." [cut over to a Braveheart-esque scene of MPAA Lawyers filing Copyright lawsuits]. "Don't get LiViD."
Looks like it's DreamWorks. I don't know if they have a relationship (i.e. are a subsidiary of Disney, Paramount, etc.).
I have already begun my boycott of these firms. I called the MPAA and told them so.
I've also been tinkering with the idea of distributing leaflets at movie theatres documenting the abuse by the MPAA (Motion Picture Association of America) of a Norwegian minor.
I don't much understand the UDP, but is there an equivalent that could be used for DNS? Could sympathetic DNS administrators remove their reference to www.mpaa.org, causing the mpaa.org primary name server to respond to all requests for mpaa.org? Could routers be configured to "dis-allow" packets coming from or going to mpaa.org, forcing the packet to route along a slower path?
While I agree with you in principle, I believe they can win (in the legal sense). In fact, we must believe that we are facing overwelming odds, because, in a very real sense we are.
The MPAA has mucho denero. Jon has very little. The MPAA controls the horizontal. The MPAA controls the vertical. The MPAA will not broadcast the revolution. They will not be a Nero playing as Rome burns.
What can we do? First: support the EFF and ACLU. Second: take the offensive - boycott the MPAA and its affiliates. Please do so non-violently. If the MPAA is (ab)using the legal system, perhaps we need to look at doing the same. How? Get the laws changed, for one. The DCMA and Sony Bono acts (in the US) are a travesty. Write your Congress-person. Perhaps we need to encourage the ACLU and EFF to take the offensive; instead of defending victims, take out a class action lawsuit on behalf of DVD owners.
Second, write the press with tales of the MPAA abusively interrogating a 15 year old.
This is the key battle in the war; if Norwegien Courts find that the Reverse Engineering was legal, then all the other cases go away since the "Trade Secret" was legally destroyed.
Anyone know anything about the legality of Shrink Wrap licenses in Norway? Can a 15 year old be legally bound by one?
Slashdot Mirror
So what happens if I trademark cokeauctions.com as within the Coal/Steel manufacturing and wholesale markets? Can I go after The Coca-Cola Company for control over cokeauction.com?
Cheers,
Slak
Terrific point. Moderate up.
Here's a link to the text of the Audio Home Recording Act. I found "computer" twice in the text.
I would have to agree with you. What the RIAA declares the law to mean is irrelevent. Court rulings will determine what the law means.
Perhaps this document should be taken as an indication for actions that the RIAA will attempt to bring before the courts.
I really have to wonder about the "copy of a copy" issue. What happens when my primary copy is destroyed (by those UN Black Helicopters). Now, I'm not able to create another backup? What if they (UNBH) come back? I won't be able to listen to my New Kids on the Block, oh no!
Furthermore, what happens when I'm playing my _William Shattner Sings_ on my computer and it copies portions of the CD to memory which could be swap space on my hard-drive?
Finally, to bunk (or is it debunk?) the final paragraph: I believe it has been documented (though on Slashdot, by Slashdotters) that Artists don't make much money from recordings (rather through concerts and merchandise such as t-shirts).
Cheers,
Slak
That's certainly an appropriate form of action. But where is the MPAA getting money to pay for the lawyers in the lawsuits? It all comes down to money from its affiliates. These in turn get money from (for example):
1. Box office ticket sales.
2. Movie soundtracks.
3. Paraphenalia (e.g. Toy Story action figures).
4. VHS sales.
5. DVD sales.
All I'm saying is that some portion (albiet tiny) of your $7 goes to the fight against DeCSS and other forms of reverse engineering.
In my opinion, we have two courses of viable action:
1. Change the laws.
2. Impose economic sanctions (boycotts, sit-ins, etc.) upon those who oppose our liberty.
Cheers,
Slak
I'm not saying that closed source is bad. I'm an avid Coke drinker. I play lots of video games written for a certain closed source operating system.
The problem is that Disney gets money from the soundtrack, DVDs, VHSes and theatre tickets. Review's like Mr. Katz's might entice people to see the movie.
Here's my point: Since Miramax is owned by Disney and since Disney is in the MPAA, and since most Slashdotters (IMHO), in theory, oppose the MPAA's decision to sue under the DCMA (enough TLAs yet?) why should Slashdot promote our enemy?
Cheers,
Slak
My understanding of the case is that under Canadian Law (where iCraveTV is based) one is *allowed* to re-broadcast a transmission in its entirety. What iCraveTV was trying to do was claim that they are akin to a Cable Television station (as the transmissions go over wire). The problem was that Americans could see the shows. And, as we all know, anytime an American is involved (in any situation) then American Law applies.
My problem with the story is that, generally, Slashdotters are at odds with the MPAA (witness the NY, CN and CA lawsuits. I believe that _Scream 3_ is distributed by Miramax. While Miramax is not listed as a member on the MPAA.org website, I haven't traced their corporate geneology to see if a parent company is. At any rate, Miramax's web site does mention that Miramax movies are available on DVD.
My problem is that this review tacitally endorses the movie and record (this though indirectly) industry. These companies are one of the biggest threats to OSS. Why support them even indirectly?
Cheers,
Slak
What does Scream 3 have to do with News for Nerds? This is hardly Stuff That Matters.
The only thing technological in the review was a brief mention of cell phones. Great, lets do an analysis of the evolution of cell phones using the Scream Trilogy as the data source...
Suffering sucatash, won't somebody please moderate Jon Katz down!
Cheers,
Slak
But the key will be whether ZDNet will ever admit that Linux is "Enterprise-Ready". If running on Big Iron doesn't make it so, then I wonder what does.
Cheers,
Slak
Yes, but the point is that there aren't a significant number of possible algorithms. There are about 5 candidates for AES from a field of about 10. At best, you have 2^4 (roughly) possibities. Some are less strong than others (DES/Triple DES) and you can have dedicated hardware for those (US$100,000).
Please remember that public key algorithms and symmetric key algorithms have very different contexts as far as what key-length is required for 'security'. Pulling numbers out of my ass, it could take the same amount of time to crack a symmetric algorithm's 64 bit key as it does to crack an asymmetric algorithm's 1024 bit key.
Cheers,
Slak
I'll agree with you on point 1.
...breaking a 128-bit key is probably irrelevent, as DES uses 56-bits. I think you're confused; PGP uses IDEA with a session key. The session key is encrypted using RSA and the message is encrypted with IDEA using the session key.
I'll agree that DES isn't secure (note: not the same as trivial to break). I find 3 minutes difficult to swallow.
I'm not so sure that I would throw IDEA into the lo, though surely the AES candidates are stronger.
I don't see your jump to
At this point, your math really confuses me. Why does one have to break the header? You could just brute force the IDEA (or whatever) keyspace. In fact, one hopes that this is easier to do than break the header. If you can break the header for 1 message, you can now recover all session keys and read all messages. Once you have the session key, all you have to do is plug it into 16 or 32 symetric algorithms and you've got the message.
The problem is if the NSA can find public/private key pairs. This means they can:
1. Decrypt messages intended for me.
2. Sign messages in my name (spoof being me).
Cheers,
Slak
I think your comments are on-target. According to current published technology, 128-bit encryption (and by this I mean TwoFish and other 'strong' algorithms) is tough. Who's to say what the NSA has cooked up, though. Mr. Schneier is far more qualified to comment. I would recommend http://www.counterpane.com/pitfalls.html for his assessment.
Your understanding of #2 is correct, I believe.
I'm pretty sure that all Public Key Crypto systems work the same way. A session key is generated (if this isn't random, it's a place to attack) and encrypted using public key crypto. The message itself is encrypted using a symetric algorithm. Thus you can do 2 things to try to read the message:
1. Brute force the key for the symetric algorithm.
2. Try to crack the public key/private key pair. This will then allow you to decrypt the session key for all communications, not that particular conversation.
Ideally the determining the private key is much harder than brute forcing the symetric algorithm (since it allows you to decrypt *all* messages).
Cheers,
Slak
Slashdot reported http://slashdot.org/articles/99/ 11/14/058247.shtml that the NSA holds various patents for sifting through transcripts.
:)
As far as PGP/GPG go, you assume that the NSA has no shortcuts on cracking IDEA, Blowfish, etc. The solution space for algorithms is so small as to not effect the workload. Don't count on "Security through obscurity (of algorithm)". Need I remind you that "when you assume, you make and ass out of you and me"
The problem with Echelon is the lack of oversight. How can the NSA claim client/attorney privileges? What is being done to verify that ECHELON breaks no laws?
As the saying goes, the first step to dictatorship is secrecy.
Cheers,
Slak
On a related note, why would any of us see any movie given the state of the MPAA/DVD/DeCSS situation?
Cheers,
Slak
Best yet, use ROT 26 as your scrambling mechanism.
Cheers,
Slak
This is an excellent point. Moderate up!
I'd like to address these issues.
It is undisputed also that DeCSS defeats CSS and decrypts copyrighted works without the authority of the copyright owners. I am not sure that this is "undisputed". Correct me if I'm wrong: A requirement for use of DeCSS is a DVD player. Such players are granted "keys" by the MPAA or one of its authorized agents. Thus, we can reasonably assume that a DeCSS user is decrypting the copyrighted work legally.
As there is no evidence of any commercially significant purpose of DeCSS other than circumvention of CSS. Isn't DVD piracy a "commercially significant purpose"? Doesn't this undermine the entire argument? While DeCSS cannot determine if the DVD it is accessing was legally purchased or not, neither can a legit device (in the case of a bit-for-bit DVD copy).
First, defendants have submitted no evidence---as distinguished from unsubstantiated assertions at oral argument---to support these contentions [Ed. DeCSS's primary use is for lawful viewing of legal DVDs]. WTF? Does EFF need to show the judge a Linux box playing a legal DVD?
Second, even if DeCSS were intended and usable solely to permit the playing, and not the copying, of DVDs on Linux machines, the playing without a licensed CSS "player key" would "circumvent a technological measure" that effectively controls access to a copyrighted work and violate the statute in any case. The CSS "player key" resides on the DVD player and the Disk itself. How many rogue DVD players are out there? DeCSS's primary intent is not violating copyright, but rather interoperability.
One last point: Are all DVDs copyrighted? If so, won't they fall into public domain after a nearly infinite period of time (thanks Sony Bono Copyright Perpetuity^H^H^H^H^H^H^H^H^H^HExtention Act!)?
Cheers,
Slak
By this logic, publishing a CarHotwiring-HOWTO is illegal.
Cheers,
Slak
By what right does the government claim the property (i.e. the encrypted data)?
:)
IANAL: I can understand the gov't not returning a handgun to a person convicted of a violent gun crime if the state has a law which states that such people are not permitted to own a gun. While I may argue that the law is unconstitutional, I would have to take it to court. But does any law exist for data? Or is the government trying to claim that the data might be "stolen property", to which Kevin has no claim?
Suppose I commit a violent crime and in the process steal a gun. During my arrest, the government finds a safe that they cannot open (for either legal or technical reasons). In fact, they cannot even determine if anything is in the safe. It could contain the gun I stole (that they never recovered) or it could be my (perfectly legal) tax filings.
I understand the judge's quandry. By returning the safe to my possesion, is the judge handing over property that I stole?
Back to the point, I suppose this lends more weight to the case for using stenography (I think that's what it's called). Encrypt all your Overthrow-the-NWO-HOWTO files in png's of the UN flag. Gee, judge, could I get my images back?
Cheers,
Slak
I'm starring in the following PSA:
"This is a DVD. This is a Linux box. This is what happens when you put DVD on Linux." [cut over to a Braveheart-esque scene of MPAA Lawyers filing Copyright lawsuits]. "Don't get LiViD."
Cheers,
Slak
I would recommend the boycott should take place immediately; coinciding with the MPAA's irresponsible use of the courts.
Cheers,
Slak
Try imdb
http://us.imdb.com/Companies?0169547
Looks like it's DreamWorks. I don't know if they have a relationship (i.e. are a subsidiary of Disney, Paramount, etc.).
I have already begun my boycott of these firms. I called the MPAA and told them so.
I've also been tinkering with the idea of distributing leaflets at movie theatres documenting the abuse by the MPAA (Motion Picture Association of America) of a Norwegian minor.
Cheers,
Slak
I don't much understand the UDP, but is there an equivalent that could be used for DNS? Could sympathetic DNS administrators remove their reference to www.mpaa.org, causing the mpaa.org primary name server to respond to all requests for mpaa.org? Could routers be configured to "dis-allow" packets coming from or going to mpaa.org, forcing the packet to route along a slower path?
Cheers,
Slak
While I agree with you in principle, I believe they can win (in the legal sense). In fact, we must believe that we are facing overwelming odds, because, in a very real sense we are.
The MPAA has mucho denero. Jon has very little. The MPAA controls the horizontal. The MPAA controls the vertical. The MPAA will not broadcast the revolution. They will not be a Nero playing as Rome burns.
What can we do? First: support the EFF and ACLU. Second: take the offensive - boycott the MPAA and its affiliates. Please do so non-violently. If the MPAA is (ab)using the legal system, perhaps we need to look at doing the same. How? Get the laws changed, for one. The DCMA and Sony Bono acts (in the US) are a travesty. Write your Congress-person. Perhaps we need to encourage the ACLU and EFF to take the offensive; instead of defending victims, take out a class action lawsuit on behalf of DVD owners.
Cheers,
Slak
First of all, can the story be verified?
Second, write the press with tales of the MPAA abusively interrogating a 15 year old.
This is the key battle in the war; if Norwegien Courts find that the Reverse Engineering was legal, then all the other cases go away since the "Trade Secret" was legally destroyed.
Anyone know anything about the legality of Shrink Wrap licenses in Norway? Can a 15 year old be legally bound by one?
Cheers,
Slak