Plaintiffs claimed merely that AOL enacted an improper license agreement. The ownership of copyrights is not at issue, and Plaintiffs have not claimed any infringement, or requested relief, under the Copyright Act.
That's the only mention of 17 USC in the whole ruling, the rest of the common carrier stuff is only about 47 USC, so I'm pretty sure that the DMCA still stands. --
As far as I can tell, there are two different definitions of "common carrier" in the US Code: one that affects the FCC, and one that affects copyright law (and thus, DMCA).
The term ''common carrier'' or ''carrier'' means any person
engaged as a common carrier for hire, in interstate or foreign
communication by wire or radio or interstate or foreign radio
transmission of energy, except where reference is made to common
carriers not subject to this chapter; but a person engaged in
radio broadcasting shall not, insofar as such person is so
engaged, be deemed a common carrier.
A service provider shall not be liable for monetary relief, or for injunctive or other equitable relief, for infringement of copyright by reason of the provider's transmitting, routing, or providing connections for, material through a system or network controlled or operated by or for the service provider, or by reason of the intermediate and transient storage of that material in the course of such transmitting, routing, or providing connections, if -
(1) the transmission of the material was initiated by or at the
direction of a person other than the service provider;
(2) the transmission, routing, provision of connections, or
storage is carried out through an automatic technical process
without selection of the material by the service provider;
(3) the service provider does not select the recipients of the
material except as an automatic response to the request of
another person;
(4) no copy of the material made by the service provider in the
course of such intermediate or transient storage is maintained on
the system or network in a manner ordinarily accessible to anyone
other than anticipated recipients, and no such copy is maintained
on the system or network in a manner ordinarily accessible to
such anticipated recipients for a longer period than is
reasonably necessary for the transmission, routing, or provision
of connections; and
(5) the material is transmitted through the system or network
without modification of its content.
This ruling was on telephones, so it probably doesn't affect the DMCA? --
Yes, there's no copyright control device to be circumvented. That's why DMCA wasn't used as an argument, they were trying to argue something about the IP in the BIOS. --
DMCA provides for devices that allow for interoperability, but outlaws devices that allow copyright infringement. Doesn't that mean that it matters what a program does with its output? --
Connectix reverse engineered the Playstation for the purpose of allowing Playstation games to interoperate with an IBM-PC. This is fully covered under the DMCA. Nothing has changed. --
AFAIK, a program that read in a DVD and produced an MPEG that had SCMS (serial copy management system) on it, such that it couldn't be recopied... that would be legal. --
Here's my take on it... reverse engineering is perfectly legal, if done right. Releasing public documents that completely describe the protocol is fine. Using the knowledge of the protocol to write a program that circumvents copy protection: bad. Even if it's trivial to go from {description of protocol} to {program that copy unprotects}, it's still illegal to do.
--
Methods can't be copyrighted, they can only be patented. DeCSS isn't patented * .
DMCA covers devices that control access to copyrighted works (eg CSS). AFAIK, changing the delivery method is all good, as long as the new method also prevents copying. --
If there's a very large visible car whose popularity is partly staked on being locked, then it's in a different class from some Anonymous Coward's car. Malicious people are much more likely to target the big car, and the people in the big car generally think they're safe, so it's nice if someone informs them that they're less secure than they thought (thinking you're 98% secure but really being 80% secure is much worse than just being 80% secure). --
Because not everyone has the same ideas of what is censorable and what isn't. Would you include a description of nude art on your examples page or not?
Examples of pages that censorware messes up on are just a way to poke fun at things some people have a fundamental disagreement with. --
Our boundaries are expanding all the time. Ability to go really fast. Ability to fly. Ability to see and measure distant stars. Ability to leave the earth. Ability to sort through an entire library of information in a second. Ability to send a message at light speed to the other side of the world. Ability to karma whore from thousands of people all over the globe.
Okay, it's a large leap from "our boundaries are constantly expanding" to "it's okay if our only boundaries are memory and CPU usage". But, unless you give a strong argument as to why we should force our boundaries to remain static, I don't know why it would be bad to change them arbitrarily. --
Most US Law up until now have presumed a person innocent until proven guilty. And "guilty" usually meant using that weapon to hurt/kill someone or anything else that's illegal. Okay, there are laws that don't let you carry guns in certain places, but the NRA has been actively fighting that. Any arguments against the Cybercrime treaty are essentially the same as the NRA's arguments that non-criminals should be allowed to have/carry/use-in-a-legal-manner guns.
It's the act of crime that's illegal, not the weapon itself. What's wrong with that?
I don't know, maybe they scale things back to allowing people to be licensed virus carriers, since viruses do have ligitimate uses. There are very few of them (eg. making sure your antivirus tool actually works, studying viruses, making an antivirus tool...), but they aren't insignificant uses. Especially the antivirus tester. --
When the United States acts against its citizens abroad, it can do so only in accordance with all the limitations imposed by the Constitution, including Art. III, 2, and the Fifth and Sixth Amendments. Pp. 5-14. [354 U.S. 2]
Wow. Storage of traffic is mandatory? Time to buy stock in some hard drive companies. My first reaction would be that this attempt would be prohibitive, and that they wouldn't store all traffic, but re-reading it, it looks like they mean to store all the data.
Okay. Let's say they recorded traffic at a backbone. An OC-48. 5Gbps. That's 52TB of data in one day. I guess that's not terrribly prohibitive...? --
This depends on where you are. In the U.S. the common case seems to be that it is legal to carry potential "burglar tools" such as keys, picks, crowbars, jacks, bricks, etc., but use of such tools to commit a crime is a crime in itself. Call your local library, district attorney, police department, or your own attorney to be sure. Possession of potential "burglar tools" can be be used as evidence against you if you are found in incriminating circumstances. An example of a state law can be found in the Viginia State Code: Section 18.2-94 _Possession of burglarious tools, etc._ "If any person have in his possession any tools, implements or outfit, with intent to commit burglary, robbery or larceny, upon conviction thereof he shall be guilty of a Class 5 felony."
Note that the prosecution has to prove "intent". However, the law continues: "The possession of such burglarious tools, implements or outfit by any person other than a licensed dealer, shall be prima facie evidence of an intent to commit burglary, robbery or larceny." This means that the possessor can have a bit of an uphill battle and has to convince the jury that this 'prima facie evidence' is misleading.
Places where it *is* illegal to carry lock picks:
The District of Columbia, New York State and Illinois. New Jersey law appears to make these illegal if they can work motor vehicle locks. There may be many other places as well (such as Canada, Maryland and California.) It can be hard to tell since the relevant laws can be dealing with burglary, motor vehicles or locksmith regulation, etc. This emphasizes the importance of finding out for *your* area - and determining the applicability to *your* circumstances (e.g., locksmith, full or part-time), repo worker, building maintenance worker,...
As leading security practitioners, educators, vendors, and users of information security, we wish to register our misgivings about portions of the Council of Europe draft treaty on Crime in Cyberspace.
We are concerned that some portions of the proposed treaty may inadvertently result in criminalizing techniques and software commonly used to make computer systems resistant to attack. Signatory states passing legislation to implement the treaty may endanger the security of their computer systems, because computer users in those countries will not be able to adequately protect their computer systems and the education of information protection specialists will be hindered.
Critical to the protection of computer systems and infrastructure is the ability to
Test software for weaknesses
Verify the presence of defects in computer systems
Exchange vulnerability information
System administrators, researchers, consultants, and companies all routinely develop, use, and share software designed to exercise known and suspected vulnerabilities. Academic institutions use these tools to educate students and in research to develop improved defenses. Our combined experience suggests that it is impossible to reliably distinguish software used in computer crime from that used for these legitimate purposes. In fact, they are often identical.
Currently, the draft treaty as written may be misinterpreted regarding the use, distribution, and possession of software that could be used to violate the security of computer systems. We agree that damaging or breaking into computer systems is wrong and we unequivocally support laws against such inappropriate behavior. We affirm that a goal of the treaty and resulting legislation should be to permit the development and application of good security measures. However, legislation that criminalizes security software development, distribution, and use is counter to that goal, as it would adversely impact security practitioners, researchers, and educators.
Please do not hesitate to call on us for technical advice in your future deliberations.
I guess the treaty would, at the very least, make a significant part of the Bugtraq mailing list illegal.
Also note that I don't think they're only asking for an academic exclusion. If corporations want to do internal testing, they would need exceptions also. And individuals... and... --
Indeed, when the wild west was starting to be civilized, the govmnt didn't outlaw guns altogether. So this situation is clearly worse (primarily because these guns can be copied for free and with very little effort and it's easy to hide the transaction), and they realize it. --
But gun offense and defense technology is mostly developed by now.
Computer security isn't developed very much yet, and this law will probably encourage admins to be lazier. And the only people who will have hacking skills worth mentioning will be the criminals.
If hacking were allowed to go on for a few more years, most of it would be innocent. During that time, defense strategies would be refined, allowing our overall security to be actually stronger, rather than legally stronger (which isn't worth much). --
Slashdot Mirror
- Plaintiffs claimed merely that AOL enacted an improper license agreement. The ownership of copyrights is not at issue, and Plaintiffs have not claimed any infringement, or requested relief, under the Copyright Act.
That's the only mention of 17 USC in the whole ruling, the rest of the common carrier stuff is only about 47 USC, so I'm pretty sure that the DMCA still stands.--
47 USC 153(10) (telegraphs, telephones, radiographs)
- The term ''common carrier'' or ''carrier'' means any person
engaged as a common carrier for hire, in interstate or foreign
communication by wire or radio or interstate or foreign radio
transmission of energy, except where reference is made to common
carriers not subject to this chapter; but a person engaged in
radio broadcasting shall not, insofar as such person is so
engaged, be deemed a common carrier.
17 USC 512 (Copyright:DMCA)- A service provider shall not be liable for monetary relief, or for injunctive or other equitable relief, for infringement of copyright by reason of the provider's transmitting, routing, or providing connections for, material through a system or network controlled or operated by or for the service provider, or by reason of the intermediate and transient storage of that material in the course of such transmitting, routing, or providing connections, if -
This ruling was on telephones, so it probably doesn't affect the DMCA?(1) the transmission of the material was initiated by or at the direction of a person other than the service provider;
(2) the transmission, routing, provision of connections, or storage is carried out through an automatic technical process without selection of the material by the service provider;
(3) the service provider does not select the recipients of the material except as an automatic response to the request of another person;
(4) no copy of the material made by the service provider in the course of such intermediate or transient storage is maintained on the system or network in a manner ordinarily accessible to anyone other than anticipated recipients, and no such copy is maintained on the system or network in a manner ordinarily accessible to such anticipated recipients for a longer period than is reasonably necessary for the transmission, routing, or provision of connections; and
(5) the material is transmitted through the system or network without modification of its content.
--
Yes, there's no copyright control device to be circumvented. That's why DMCA wasn't used as an argument, they were trying to argue something about the IP in the BIOS.
--
DMCA provides for devices that allow for interoperability, but outlaws devices that allow copyright infringement. Doesn't that mean that it matters what a program does with its output?
--
Connectix reverse engineered the Playstation for the purpose of allowing Playstation games to interoperate with an IBM-PC. This is fully covered under the DMCA. Nothing has changed.
--
AFAIK, a program that read in a DVD and produced an MPEG that had SCMS (serial copy management system) on it, such that it couldn't be recopied... that would be legal.
--
Here's my take on it... reverse engineering is perfectly legal, if done right. Releasing public documents that completely describe the protocol is fine. Using the knowledge of the protocol to write a program that circumvents copy protection: bad. Even if it's trivial to go from {description of protocol} to {program that copy unprotects}, it's still illegal to do.
--
DMCA covers devices that control access to copyrighted works (eg CSS). AFAIK, changing the delivery method is all good, as long as the new method also prevents copying.
--
DeCSS allows people to both view/play and copy DVDs to different format.
I believe this is the crucial difference.
--
s/napster/peer-to-peer/;
--
If there's a very large visible car whose popularity is partly staked on being locked, then it's in a different class from some Anonymous Coward's car. Malicious people are much more likely to target the big car, and the people in the big car generally think they're safe, so it's nice if someone informs them that they're less secure than they thought (thinking you're 98% secure but really being 80% secure is much worse than just being 80% secure).
--
Examples of pages that censorware messes up on are just a way to poke fun at things some people have a fundamental disagreement with.
--
fewer restrictions? You can call someone on the other side of the world, why not just appear there?
--
Okay, it's a large leap from "our boundaries are constantly expanding" to "it's okay if our only boundaries are memory and CPU usage". But, unless you give a strong argument as to why we should force our boundaries to remain static, I don't know why it would be bad to change them arbitrarily.
--
I bet that right now some RIAA people are accusing MP3.com of paying off a congressman to get this bill into the books.
--
It's the act of crime that's illegal, not the weapon itself. What's wrong with that?
I don't know, maybe they scale things back to allowing people to be licensed virus carriers, since viruses do have ligitimate uses. There are very few of them (eg. making sure your antivirus tool actually works, studying viruses, making an antivirus tool...), but they aren't insignificant uses. Especially the antivirus tester.
--
Reid v. Covert (1957) Supreme Court
- When the United States acts against its citizens abroad, it can do so only in accordance with all the limitations imposed by the Constitution, including Art. III, 2, and the Fifth and Sixth Amendments. Pp. 5-14. [354 U.S. 2]
Commentary on the case here.--
Okay. Let's say they recorded traffic at a backbone. An OC-48. 5Gbps. That's 52TB of data in one day. I guess that's not terrribly prohibitive...?
--
This depends on where you are. In the U.S. the common case seems to be that it is legal to carry potential "burglar tools" such as keys, picks, crowbars, jacks, bricks, etc., but use of such tools to commit a crime is a crime in itself. Call your local library, district attorney, police department, or your own attorney to be sure. Possession of potential "burglar tools" can be be used as evidence against you if you are found in incriminating circumstances. An example of a state law can be found in the Viginia State Code: Section 18.2-94 _Possession of burglarious tools, etc._ "If any person have in his possession any tools, implements or outfit, with intent to commit burglary, robbery or larceny, upon conviction thereof he shall be guilty of a Class 5 felony."
Note that the prosecution has to prove "intent". However, the law continues: "The possession of such burglarious tools, implements or outfit by any person other than a licensed dealer, shall be prima facie evidence of an intent to commit burglary, robbery or larceny." This means that the possessor can have a bit of an uphill battle and has to convince the jury that this 'prima facie evidence' is misleading.
Places where it *is* illegal to carry lock picks: The District of Columbia, New York State and Illinois. New Jersey law appears to make these illegal if they can work motor vehicle locks. There may be many other places as well (such as Canada, Maryland and California.) It can be hard to tell since the relevant laws can be dealing with burglary, motor vehicles or locksmith regulation, etc. This emphasizes the importance of finding out for *your* area - and determining the applicability to *your* circumstances (e.g., locksmith, full or part-time), repo worker, building maintenance worker, ...
--
As leading security practitioners, educators, vendors, and users of information security, we wish to register our misgivings about portions of the Council of Europe draft treaty on Crime in Cyberspace.
We are concerned that some portions of the proposed treaty may inadvertently result in criminalizing techniques and software commonly used to make computer systems resistant to attack. Signatory states passing legislation to implement the treaty may endanger the security of their computer systems, because computer users in those countries will not be able to adequately protect their computer systems and the education of information protection specialists will be hindered.
Critical to the protection of computer systems and infrastructure is the ability to
System administrators, researchers, consultants, and companies all routinely develop, use, and share software designed to exercise known and suspected vulnerabilities. Academic institutions use these tools to educate students and in research to develop improved defenses. Our combined experience suggests that it is impossible to reliably distinguish software used in computer crime from that used for these legitimate purposes. In fact, they are often identical.
Currently, the draft treaty as written may be misinterpreted regarding the use, distribution, and possession of software that could be used to violate the security of computer systems. We agree that damaging or breaking into computer systems is wrong and we unequivocally support laws against such inappropriate behavior. We affirm that a goal of the treaty and resulting legislation should be to permit the development and application of good security measures. However, legislation that criminalizes security software development, distribution, and use is counter to that goal, as it would adversely impact security practitioners, researchers, and educators.
Please do not hesitate to call on us for technical advice in your future deliberations.
I guess the treaty would, at the very least, make a significant part of the Bugtraq mailing list illegal.
Also note that I don't think they're only asking for an academic exclusion. If corporations want to do internal testing, they would need exceptions also. And individuals... and...
--
Indeed, when the wild west was starting to be civilized, the govmnt didn't outlaw guns altogether. So this situation is clearly worse (primarily because these guns can be copied for free and with very little effort and it's easy to hide the transaction), and they realize it.
--
2) this law = can't sell/make/link-to debugers or compilers if they're primarily advertised as cracking devices.
--
Additional clauses were added for forgery, fraud, kiddie porn, and copyright infringement on a computer.
--
Computer security isn't developed very much yet, and this law will probably encourage admins to be lazier. And the only people who will have hacking skills worth mentioning will be the criminals.
If hacking were allowed to go on for a few more years, most of it would be innocent. During that time, defense strategies would be refined, allowing our overall security to be actually stronger, rather than legally stronger (which isn't worth much).
--
Thus, third world countries can make lots of money by being data havens. The knowledge gap meets the freedom gap.
--