password-cracking by journalists...
A couple of months ago, a Wall Street Journal reporter bought two abandoned al Qaeda computers from a looter in Kabul. Some of the files on those machines were encrypted. But they're dealing with that problem: The unsigned report, protected by a complex password, was created on Aug. 19, according to the Kabul computer's internal record. The Wall Street Journal commissioned an array of high-speed computers programmed to crack passwords. They took five days to access the file. Does anyone have any technical details on this? (I assume that it's a standard password-guessing approach, but it it would be nice to know for certain. If nothing else, are Arabic passwords easier or harder to guess than, say, English ones?) - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: password-cracking by journalists...
At 03:15 PM 16/01/02, Steve Bellovin wrote: >A couple of months ago, a Wall Street Journal reporter bought two >abandoned al Qaeda computers from a looter in Kabul. Some of the >files on those machines were encrypted. But they're dealing with >that problem: > > The unsigned report, protected by a complex password, was > created on Aug. 19, according to the Kabul computer's > internal record. The Wall Street Journal commissioned an > array of high-speed computers programmed to crack passwords. > They took five days to access the file. > >Does anyone have any technical details on this? (I assume that it's >a standard password-guessing approach, but it it would be nice to know >for certain. If nothing else, are Arabic passwords easier or harder >to guess than, say, English ones?) Most Arabic words have a root of 3 letters, to which prefixes, suffixes and vowels are added: the root drs for example is related to books and teaching: madrasa is a school, mudaris a teacher, etc. (It's been a while since I studied any Arabic, so I aplogise for errors here.) Of more use (I would have thought) is the fact that the Coran has a limited and standardised vocabulary (unlike the Bible, for example, which has many versions, both modern and old.) That would certainly speed up any dictionary search - assuming that any password/phrase came from the Coran, of course. Jim -- * Jim Cheesman * Trabajo: [EMAIL PROTECTED] - (34)(91) 724 9200 x 2360 If there's one thing I can't stand, it's intolerance. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: password-cracking by journalists...
At 9:15 AM -0500 1/16/02, Steve Bellovin wrote: >A couple of months ago, a Wall Street Journal reporter bought two >abandoned al Qaeda computers from a looter in Kabul. Some of the >files on those machines were encrypted. But they're dealing with >that problem: > > The unsigned report, protected by a complex password, was > created on Aug. 19, according to the Kabul computer's > internal record. The Wall Street Journal commissioned an > array of high-speed computers programmed to crack passwords. > They took five days to access the file. > >Does anyone have any technical details on this? (I assume that it's >a standard password-guessing approach, but it it would be nice to know >for certain. If nothing else, are Arabic passwords easier or harder >to guess than, say, English ones?) > Outside of the good possibility that they might be quotations from Islamic religious texts, why would you think Arabic passwords are any easier to guess? Another interesting question is whether the reporters and the Wall Street Journal have violated the DCMA's criminal provisions. The al Qaeda data was copyrighted (assuming Afghanistan signed one of the copyright conventions--they may not have), the encryption is arguably a "technological protection measure" and the breaking was done for financial gain. "17 USC 1204 (a) In General. - Any person who violates section 1201 or 1202 willfully and for purposes of commercial advantage or private financial gain -(1) shall be fined not more than $500,000 or imprisoned for not more than 5 years, or both, for the first offense..." BTW: The 2600 Magazine defense team has filed an appeal for en banc review of the 2nd Circuit's DMCA opinion: Brief: http://www.eff.org/IP/Video/MPAA_DVD_cases/20020114_ny_2600_appeal.html Press Release: http://www.eff.org/IP/Video/MPAA_DVD_cases/20020114_ny_eff_pr.html Arnold Reinhold - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: password-cracking by journalists...
Would such documents be protected by the DMCA? Let us say that instead these files were found on Enron computers up at auction. Does it make a difference? Could the reporters be prosecuted and convicted in either case? Steve Bellovin <[EMAIL PROTECTED]> writes: > A couple of months ago, a Wall Street Journal reporter bought two > abandoned al Qaeda computers from a looter in Kabul. Some of the > files on those machines were encrypted. But they're dealing with > that problem: > > The unsigned report, protected by a complex password, was > created on Aug. 19, according to the Kabul computer's > internal record. The Wall Street Journal commissioned an > array of high-speed computers programmed to crack passwords. > They took five days to access the file. > > Does anyone have any technical details on this? (I assume that it's > a standard password-guessing approach, but it it would be nice to know > for certain. If nothing else, are Arabic passwords easier or harder > to guess than, say, English ones?) - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: password-cracking by journalists...
At 9:15 AM -0500 1/16/02, Steve Bellovin wrote: >Does anyone have any technical details on this? This is from the UK Independent today: http://www.independent.co.uk/story.jsp?story=114885 - [Excerpt] How they cracked the terrorists' code Getting to the heart of the documents contained in the al-Qa'ida computer bought by chance by the Wall Street Journal's reporter in Kabul meant cracking the encryption of Microsoft's Windows 2000 operating system installed on the machine, which had been used to protect the data. That is not a trivial task. Microsoft will only say that if you lose the password that controls entry to a Windows 2000 system, your best option is to remember it or simply to wipe the machine and start again. And its Encrypting File System (EFS), which had been used to encode the files, is just as strong. But the files were too valuable for that. Instead, the team embarked on the task of breaking through the encryption, which jumbles the contents of the files so that even someone reading the individual bytes of data stored on the actual hard disk (rather than trying to access them through the operating system, which had locked them out) would simply find rubbish. Cracking the encryption meant finding the digital "key" that had previously been used to unlock it. That was not stored in any readable file on the machine, for it was itself encrypted. The only way to reproduce it was to generate the key from first principles: by trying various combinations of random bits and trying to decrypt the file with them, and seeing if it produced sense or gibberish. Luckily, the PC had a version of Windows 2000 with an "export-quality" key only 40-bits long, rather than the "US" quality, which being 128-bits long would have been billions of times harder to crack. Even so, it took the equivalent of a set of supercomputers running for five days, 24 hours a day, to find the key. But find it they did. The irony that the terrorists used a product made by one of the US's biggest corporations to protect plans it was making against it may not be lost on an administration that recently relaxed rules on the export of "strong" encryption. Tighter controls may follow. By Charles Arthur [End excerpt] - - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: password-cracking by journalists...
On Friday, January 18, 2002, at 03:23 AM, Arnold G. Reinhold wrote: > "17 USC 1204 (a) In General. - Any person who violates section 1201 or > 1202 willfully and for purposes of commercial advantage or private > financial gain -(1) shall be fined not more than $500,000 or imprisoned > for not more than 5 years, or both, for the first offense..." > Does this mean that if you are a private researcher, and reverse-engineered something for fun or the challenge, you escape the clutches of this law? Cheers, Nick -- Real friends help you move bodies. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: password-cracking by journalists...
> > "17 USC 1204 (a) In General. - Any person who violates section 1201 or > > 1202 willfully and for purposes of commercial advantage or private > > financial gain -(1) shall be fined not more than $500,000 or imprisoned > > for not more than 5 years, or both, for the first offense..." > > > > Does this mean that if you are a private researcher, and > reverse-engineered something for fun or the challenge, you escape the > clutches of this law? You may be able to escape the *criminal* clutches of this law. But you might still be sued under 17 USC 1203, which provides for seriously frightening statutory damages (as well as actual damages). -matt - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: password-cracking by journalists...
In message, "Arnold G. Reinhold" writes: >At 9:15 AM -0500 1/16/02, Steve Bellovin wrote: >>A couple of months ago, a Wall Street Journal reporter bought two >>abandoned al Qaeda computers from a looter in Kabul. Some of the >>files on those machines were encrypted. But they're dealing with >>that problem: >> >> The unsigned report, protected by a complex password, was >> created on Aug. 19, according to the Kabul computer's >> internal record. The Wall Street Journal commissioned an >> array of high-speed computers programmed to crack passwords. >> They took five days to access the file. >> >>Does anyone have any technical details on this? (I assume that it's >>a standard password-guessing approach, but it it would be nice to know >>for certain. If nothing else, are Arabic passwords easier or harder >>to guess than, say, English ones?) >> > >Outside of the good possibility that they might be quotations from >Islamic religious texts, why would you think Arabic passwords are any >easier to guess? I didn't say that they would be easier; I asked... As for why I asked -- while I don't know much about Arabic, I do know some Hebrew, and the languages are related. Some aspects of Hebrew would certainly impact a guessing program. For one thing, in Hebrew (and, I think, Arabic) vowels are not normally written. Hebrew vowels look like dots or lines surrounding the letters, which are all consonants; printed Hebrew material aimed at Israeli adults omits the vowels. Also, there are a few Hebrew letters which have different forms when they're the final letter in a word -- my understanding is that there are more Arabic letters that have a different final form, and that some have up to four forms: one initial, two middle, and one final. Finally, Hebrew (and, as someone else mentioned, Arabic) verbs have a three-letter root form; many nouns are derived from this root. Do these matter? I think so, though I suspect they'd make the problem harder. But I don't know, and I'd like to learn from someone who has paid more attention to the problem of password-cracking in other languages and alphabets. --Steve Bellovin, http://www.research.att.com/~smb Full text of "Firewalls" book now at http://www.wilyhacker.com - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: password-cracking by journalists...
Arnhold writes: >Another interesting question is whether the reporters and the Wall Street >Journal have violated the DCMA's criminal provisions. The al Qaeda data >was copyrighted (assuming Afghanistan signed one of the copyright >conventions--they may not have), the encryption is arguably a >"technological protection measure" and the breaking was done for financial >gain. That, I think, is an unintended consequence of the law, but I bet there's a lawyer somewhere who'd take a crack at it. More important is the origin of the info. itself: were it peacetime you'd have a pretty clear case of receiving stolen property. Add to that certain trade-secret laws in various of the 50 United States, and you could do a long time in the slammer over this... Will Rodger - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: password-cracking by journalists...
At 9:41 AM -0500 1/18/02, Will Rodger wrote: >Arnhold writes: > >>Another interesting question is whether the reporters and the Wall >>Street Journal have violated the DCMA's criminal provisions. The al >>Qaeda data was copyrighted (assuming Afghanistan signed one of the >>copyright conventions--they may not have), the encryption is >>arguably a "technological protection measure" and the breaking was >>done for financial gain. > >That, I think, is an unintended consequence of the law, but I bet >there's a lawyer somewhere who'd take a crack at it. More important >is the origin of the info. itself: were it peacetime you'd have a >pretty clear case of receiving stolen property. Add to that certain >trade-secret laws in various of the 50 United States, and you could >do a long time in the slammer over this... > >Will Rodger This law has LOTS of unintended consequences. That is why many people find it so disturbing. For example, as I read it, and I am *not* a lawyer, someone who offered file decryption services for hire to people who have a right to the data, e.g. the owner lost the password, or a disgruntled employee left with the password, or a parent wants to see what was stored on their child's hard drive, could still be charged with committing a felony. As for the legal situation before the DMCA, the Supreme Court issued a ruling last year in a case, Barniki v. Volper, of a journalist who broadcast a tape he received of an illegally intercepted cell phone conversation between two labor organizers. The court ruled that the broadcast was permissible. So the stolen property argument you give might not hold. The change wrought by the DMCA is that it makes trafficking in the tools needed to get at encrypted data, regardless whether one has a right to (there is an exemption for law enforcement) unlawful. Arnold Reinhold - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: password-cracking by journalists...
On Thu, 17 Jan 2002, Steven M. Bellovin wrote: >For one thing, in Hebrew (and, I think, Arabic) vowels are not normally >written. If something, this would lead me to believe there is less redundancy in what *is* written, and so less possibility for a dictionary attack. >Also, there are a few Hebrew letters which have different forms when >they're the final letter in a word -- my understanding is that there are >more Arabic letters that have a different final form, and that some have >up to four forms: one initial, two middle, and one final. At least Unicode codes these as the same codepoint, and treats the different forms as glyph variants. Normalizing for these before the attack shouldn't be a big deal. >Finally, Hebrew (and, as someone else mentioned, Arabic) verbs have a >three-letter root form; many nouns are derived from this root. This would facilitate the attack, especially if the root form is all that is written -- it would lead us expect shorter passwords and a densely populated search space, with less possibility for easy variations like punctuation. Sampo Syreeni, aka decoy - mailto:[EMAIL PROTECTED], tel:+358-50-5756111 student/math+cs/helsinki university, http://www.iki.fi/~decoy/front openpgp: 050985C2/025E D175 ABE5 027C 9494 EEB0 E090 8BA9 0509 85C2 - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: password-cracking by journalists...
In message <[EMAIL PROTECTED]>, Sampo Syreeni writes: >On Thu, 17 Jan 2002, Steven M. Bellovin wrote: > >>For one thing, in Hebrew (and, I think, Arabic) vowels are not normally >>written. > >If something, this would lead me to believe there is less redundancy in >what *is* written, and so less possibility for a dictionary attack. > >>Also, there are a few Hebrew letters which have different forms when >>they're the final letter in a word -- my understanding is that there are >>more Arabic letters that have a different final form, and that some have >>up to four forms: one initial, two middle, and one final. > >At least Unicode codes these as the same codepoint, and treats the >different forms as glyph variants. Normalizing for these before the attack >shouldn't be a big deal. > >>Finally, Hebrew (and, as someone else mentioned, Arabic) verbs have a >>three-letter root form; many nouns are derived from this root. > >This would facilitate the attack, especially if the root form is all that >is written -- it would lead us expect shorter passwords and a densely >populated search space, with less possibility for easy variations like >punctuation. > Right -- there are factors pushing in both directions, and I don't know how it balances. Your mention of Unicode, though, brings up another point: the encoding that's used can matter, too. If UCS-2 or UCS-4 (16 and 31-bit encodings) are used, I believe that there are many constant bits per character. Even UTF-8 would have that effect. --Steve Bellovin, http://www.research.att.com/~smb Full text of "Firewalls" book now at http://www.wilyhacker.com - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: password-cracking by journalists...
At 4:12 PM -0500 1/18/02, Will Rodger wrote: >>This law has LOTS of unintended consequences. That is why many >>people find it so disturbing. For example, as I read it, and I am >>*not* a lawyer, someone who offered file decryption services for >>hire to people who have a right to the data, e.g. the owner lost >>the password, or a disgruntled employee left with the password, or >>a parent wants to see what was stored on their child's hard drive, >>could still be charged with committing a felony. > >If it's your copyright, it's still yours. The law recognizes that. You can presumably write your own programs to decrypt your own files. But if you provide that service to someone else you could run afoul of the law as I read it. The DMCA prohibits trafficking in technology that can be used to circumvent technological protection measures. There is no language requiring proof than anyone's copyright was violated. Traffic for hire and it's a felony. Now a prosecutor probably wouldn't pursue the case of a cryptographer who decoded messages on behalf of parents of some kid involved in drugs or sex abuse. But what if the cryptographer was told that and the data turned out to be someone else's? Or if the kid was e-mailing a counselor about abuse by his parents? Or the government really didn't like the cryptographer because of his political views? There is also the argument that Congress only intended to cover tools for breaking content protections schemes like CSS and never intended to cover general cryptanalysis. You might win with that argument in court (I think you should), but expect a 7 digit legal bill. And if you lose, we'll put up a "Free Will" web site. >>As for the legal situation before the DMCA, the Supreme Court >>issued a ruling last year in a case, Barniki v. Volper, of a >>journalist who broadcast a tape he received of an illegally >>intercepted cell phone conversation between two labor organizers. >>The court ruled that the broadcast was permissible. > >The journalist received the information from a source gratis. That's >different from paying for stolen goods, hiring someone to eavesdrop, >or breaking the law yourself. The First Amendment covers a lot, in >this case. Correct. The Barniki opinion pointed out that the journalists were not responsible for the interception. But journalists receive purloined data from whistle-blowers all the time. Suppose in the future it was one of those e-mail messages with a cryptographically enforced expiration date? A journalist who broke that system might be sued under DMCA. That possibility might not frighten the WSJ, but what about smaller news organizations? > >> So the stolen property argument you give might not hold. The >>change wrought by the DMCA is that it makes trafficking in the >>tools needed to get at encrypted data, regardless whether one has a >>right to (there is an exemption for law enforcement) unlawful. > >There's language governing that in the statute. Trafficking in tools >specifically designed to break a given form of copy protection is >one thing. The continued availability of legal tools for >cryptanalysis and legitimate password cracking is another. As bad as >the DMCA is, it's not _that_ bad. > >Will I've read the statute very carefully and I never found such language. (You can read my analysis at http://world.std.com/~reinhold/DeCSSamicusbrief.html) It's certainly possible that I overlooked something. Perhaps you could cite the language you are referring to? Arnold Reinhold - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: password-cracking by journalists...
At 7:38 PM -0500 1/19/02, Steven M. Bellovin wrote: >In message ><[EMAIL PROTECTED]>, Sampo > Syreeni writes: >>On Thu, 17 Jan 2002, Steven M. Bellovin wrote: >> >>>For one thing, in Hebrew (and, I think, Arabic) vowels are not normally >>>written. >> >>If something, this would lead me to believe there is less redundancy in >>what *is* written, and so less possibility for a dictionary attack. >> >>>Also, there are a few Hebrew letters which have different forms when >>>they're the final letter in a word -- my understanding is that there are >>>more Arabic letters that have a different final form, and that some have >>>up to four forms: one initial, two middle, and one final. >> >>At least Unicode codes these as the same codepoint, and treats the >>different forms as glyph variants. Normalizing for these before the attack > >shouldn't be a big deal. Arabic Unicode is based on ISO 8859/6 so this was presumably the case before Unicode as well. > > >>>Finally, Hebrew (and, as someone else mentioned, Arabic) verbs have a >>>three-letter root form; many nouns are derived from this root. >> >>This would facilitate the attack, especially if the root form is all that >>is written -- it would lead us expect shorter passwords and a densely >>populated search space, with less possibility for easy variations like >>punctuation. >> > I'm not sure why someone would only write the root. I don't think it's any more natural for speaker of those languages than writing Latin roots would be for English speakers. >Right -- there are factors pushing in both directions, and I don't know >how it balances. A few more factors: 1. Neither Hebrew nor Arabic have capitalization the way Latin does. This reduces opportunities for variation. The Hebrew final forms make up for that to a small degree. They are treated as different code points in all encodings*, by the way. 2. Almost all Hebrew encodings* include the Latin letters as well. In 7-bit ASCII Hebrew, the Hebrew alphabet replaces the lowercase Latin letters. In IBM-PC and ISO 8859/8 encodings, the Hebrew alphabet is in the upper 128 characters, with the lower 128 printable characters being standard ASCII. So a Hebrew user could mix Latin and Hebrew characters if they wished. I suspect most Arabic computer users have easy access to Latin characters too. 3. Arabic and Hebrew users might be counseled to selectively use vowels or diacritical marks in their passwords. 4. People outside the U.S. are less likely to be mono-lingual. Someone from Israel for example might be expected to know several languages among Hebrew, Arabic, Aramaic, English, Russian, Yiddish and Ladino. 5. Unicode includes an extended Arabic-encoding with 96 additional letter/diacritic forms used in non-Arabic languages that use Arabic alphabet, including 9 for Pashto. I don't know if these are available in consumer PC's yet. 6. Finally users of these or other non-Latin alphabet languages might well choose to transliterate their password into Latin characters to make them easy to enter on any computer. > >Your mention of Unicode, though, brings up another point: the encoding >that's used can matter, too. If UCS-2 or UCS-4 (16 and 31-bit >encodings) are used, I believe that there are many constant bits per >character. Even UTF-8 would have that effect. > I think the analysis depends on the type of password system employed. In a properly designed system that places no restriction on password length and applies a cryptographic hash to the password input + ample salt, the existence of constant bits per character in some encodings has no effect. The entropy of the password is determined by the symbol space the user is employing, not the internal encoding. Systems like these are probably best attacked by trying long lists of likely passwords, preferably guided by whatever personal information is known about the password creator. If the password bit length is limited to a low number, e.g. the Unix 56-bit limit, switching to 16-bit or 32-bit per character encoding would be disastrous. As far as I know, no one does this. I don't know if any implementations attempt to accept UTF-8 encoding. There are clearly some pitfalls there. On the other hand, the Unix password system, particularly those where the hashed password can be obtained by an attacker, is so broken that any natural language password is going to be weak. Random 8 character passwords from a 26 letter alphabet, will only have 38 bits of entropy. A dictionary attack is quite feasible at that size. A random password with 6 letters, one digit and one special character (typical of what users are counseled to choose) has 42 bits. A random password using the full 96 printable ASCII character set only gets you to 53 bits of entropy. Stamping out the 8 character Unix password limit would be a good use of Homeland Defense money. Arnold Reinhold *At least all those listed in Narshon and Rosenschein, "The
Re: password-cracking by journalists...
on Thu, Jan 17, 2002 at 11:23:49AM -0500, Arnold G. Reinhold ([EMAIL PROTECTED]) wrote: > At 9:15 AM -0500 1/16/02, Steve Bellovin wrote: > Another interesting question is whether the reporters and the Wall > Street Journal have violated the DCMA's criminal provisions. The al > Qaeda data was copyrighted (assuming Afghanistan signed one of the > copyright conventions--they may not have), the encryption is arguably > a "technological protection measure" and the breaking was done for > financial gain. > > "17 USC 1204 (a) In General. - Any person who violates section 1201 > or 1202 willfully and for purposes of commercial advantage or private > financial gain -(1) shall be fined not more than $500,000 or > imprisoned for not more than 5 years, or both, for the first > offense..." Note that my reading the language of 1201 doesn't requre that the work being accessed be copyrighted (and in the case of Afghanistan, there is a real question of copyright status), circumvention itself is sufficient, regardless of status of the specific work accessed: 17 USC 1201(a)(1)(A): No person shall circumvent a technological measure that effectively controls access to a work protected under this title. ...if the measure controls access to _a_ work protected under 17 USC, than _any_ circumvention is illegal, whether or not that circumvention affects a protected work? I don't see the statuatory exceptions as covering the case of the WSJ. Peace. -- Karsten M. Self <[EMAIL PROTECTED]>http://kmself.home.netcom.com/ What part of "Gestalt" don't you understand? Home of the brave http://gestalt-system.sourceforge.net/Land of the free We freed Dmitry! Boycott Adobe! Repeal the DMCA! http://www.freesklyarov.org Geek for Hire http://kmself.home.netcom.com/resume.html msg01551/pgp0.pgp Description: PGP signature
RE: password-cracking by journalists...
> Karsten M. Self[SMTP:[EMAIL PROTECTED]] writes: > > Note that my reading the language of 1201 doesn't requre that the work > being accessed be copyrighted (and in the case of Afghanistan, there is > a real question of copyright status), circumvention itself is > sufficient, regardless of status of the specific work accessed: >17 USC 1201(a)(1)(A): >No person shall circumvent a technological measure that >effectively controls access to a work protected under >this title. I'm sure I'm picking nits here (and I praise God every day that I Am Not A L*wy*r), but what does 'effectively' mean? If it can be broken, was it effective? What level of work is required to make it an 'effective technological measure'? If the standard is 'anything, including rot13', then why is the word present in the rule at all? Technological measures can range from violating the CDROM standard and introducing deliberate errors to confuse some readers, all the way up to full real-time, online, 3-factor authentication. The inclusion of the word 'effectively' presumes the existance of 'ineffective' technological measures, which it would be no crime to circumvent. Where, then, is the distinction? I'm reminded of a humorous button I've seen at some SF conventions: "Anything not nailed down is legally mine. Anything I can pry up wasn't nailed down in the first place." Peter Trei - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: password-cracking by journalists...
At 8:57 PM -0800 1/20/02, Karsten M. Self wrote: >... >Note that my reading the language of 1201 doesn't requre that the work >being accessed be copyrighted (and in the case of Afghanistan, there is >a real question of copyright status), circumvention itself is >sufficient, regardless of status of the specific work accessed: > >17 USC 1201(a)(1)(A): >No person shall circumvent a technological measure that >effectively controls access to a work protected under >this title. > >...if the measure controls access to _a_ work protected under 17 USC, >than _any_ circumvention is illegal, whether or not that circumvention >affects a protected work? > >I don't see the statuatory exceptions as covering the case of the WSJ. > Circumvention is defined in 17 USC 1201 (a) (3): "As used in this subsection - (A) to ''circumvent a technological measure'' means to descramble a scrambled work, to decrypt an encrypted work, or otherwise to avoid, bypass, remove, deactivate, or impair a technological measure, without the authority of the copyright owner; ... I'd read that as implying that the law is talking about a copyrighted work; otherwise if someone encrypts text in the public domain, no one would be allowed to decrypt it. But an aggressive prosecutor might adopt your interpretation. It's a very poorly written law with great potential for abuse. Arnold Reinhold Who is not a lawyer and is not offering legal advice - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: password-cracking by journalists...
On Mon, 21 Jan 2002, Peter Trei wrote: > >17 USC 1201(a)(1)(A): > >No person shall circumvent a technological measure that > >effectively controls access to a work protected under > >this title. > > I'm sure I'm picking nits here (and I praise God every day that > I Am Not A L*wy*r), but what does 'effectively' mean? If it can be > broken, was it effective? What level of work is required to make > it an 'effective technological measure'? If the standard is 'anything, > including rot13', then why is the word present in the rule at all? When I last brought this up (29 to 30 July 2001, Subject: Effective and ineffective technological measures), people posted references to two slightly different sections that try to define what "effectively protects" and "effectively controls" means: 1201(b)(2)(B): a technological measure ''effectively protects a right of a copyright owner under this title'' if the measure, in the ordinary course of its operation, prevents, restricts, or otherwise limits the exercise of a right of a copyright owner under this title. 1201(a)(3)(B): a technological measure ''effectively controls access to a work'' if the measure, in the ordinary course of its operation, requires the application of information, or a process or a treatment, with the authority of the copyright owner, to gain access to the work.' The key phrase seems to be "in the ordinary course of its operation". If you publish the fact that you use rot to protect your copyrighted material, but keep secret the fact that n = 13, then the ordinary course of operation of the decryption process requires the application of this secret value, so the process "effectively controls access" and "effectively protects". The fact that somebody can guess the secret value would seem to have no bearing on whether rot "effectively" does anything. --apb (Alan Barrett) - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: password-cracking by journalists...
On Mon, Jan 21, 2002 at 09:55:53AM -0500, Trei, Peter wrote: > > > >17 USC 1201(a)(1)(A): > >No person shall circumvent a technological measure that > >effectively controls access to a work protected under > >this title. > > I'm sure I'm picking nits here (and I praise God every day that > I Am Not A L*wy*r), but what does 'effectively' mean? If it can be > broken, was it effective? What level of work is required to make > it an 'effective technological measure'? If the standard is 'anything, > including rot13', then why is the word present in the rule at all? The "effectively" is used to make the law "effectively" vague and confusing like the ECPA. This means the prosecutor can convict you of anything. A guy in Tulsa was tried and convicted in federal court on 27 counts under the ECPA. The judge studied the law for months before sentencing and finally overturned all counts on the grounds the defendant had not violated the law. If judges have difficulty understanding laws, we have no chance. BTW, IANAL and this is from news reports, I haven't found the actual ruling. -- Please note new e-mail address - | 73,E-mail | [EMAIL PROTECTED] | | Lyn Kennedywebpage | http://home.earthlink.net/~lrkn | | K5QWB pony express = P.O. Box 5133, Ovilla, TX, USA 75154| ---Livin' on an information dirt road a few miles off the superhighway--- - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: password-cracking by journalists...
> From: "Trei, Peter" <[EMAIL PROTECTED]> > Date: Mon, 21 Jan 2002 09:55:53 -0500 > The inclusion of the word 'effectively' presumes the existance of > 'ineffective' technological measures, which it would be no crime > to circumvent. Where, then, is the distinction? 17.1201 actually contains a definition: (B) a technological measure ''effectively controls access to a work'' if the measure, in the ordinary course of its operation, requires the application of information, or a process or a treatment, with the authority of the copyright owner, to gain access to the work. I confess that I can't tell whether this implies that everything is effective or that nothing is. Ray - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: password-cracking by journalists...
On Tue 22 Jan 2002 at 11:25:49 +0200, Alan Barrett wrote: > 1201(b)(2)(B): a technological measure ''effectively protects a right of > a copyright owner under this title'' if the measure, in the ordinary > course of its operation, prevents, restricts, or otherwise limits > the exercise of a right of a copyright owner under this title. Is this really the text? Either I read this wrong, or the text is incredibly wrong in expressing its apparent intention. What I read is that *copyright owner* is being restricted here, and not a "user". How: the measure prevents, restricts or limits ((the exercise of) a right of) a copyright owner)... So either I can't read (which I don't believe), the lawmakers cannot write (I am more inclined to believe that), or the rules of language in laws is different (that is true no matter what, in my experience). -Olaf. -- ___ Olaf 'Rhialto' Seibert - rhialto@ --Soep van de dag, wat zal dat zijn \X/ xs4all.nl --wat kan dat wezen, beter maar het ergste vrezen -Boy Bensdorp - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: password-cracking by journalists...
On Thu, 24 Jan 2002, Rhialto wrote: > On Tue 22 Jan 2002 at 11:25:49 +0200, Alan Barrett wrote: > > 1201(b)(2)(B): a technological measure ''effectively protects a right of > > a copyright owner under this title'' if the measure, in the ordinary > > course of its operation, prevents, restricts, or otherwise limits > > the exercise of a right of a copyright owner under this title. > > What I read is that *copyright owner* is being restricted here, and not > a "user". An example of a "right of a copyright owner under this title" is the right to distribute copies of a work. A copy-protection scheme limits the exercise of this right. The "copyright owner" referred to here is the person who the particular right belongs to, not necessarily the person whose exercise of that right is being limited. ---Bruce Fields - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: password-cracking by journalists... (long, sorry)
Arnold says: >You can presumably write your own programs to decrypt your own files. But >if you provide that service to someone else you could run afoul of the law >as I read it. The DMCA prohibits trafficking in technology that can be >used to circumvent technological protection measures. There is no language >requiring proof than anyone's copyright was violated. Traffic for hire >and it's a felony. I think there's a good argument to the contrary. The DMCA only bans trafficking in devices whose _primary_ purpose is infringement. And it only applies to works "protected by this Title," that is, Title 17, which is the collection of laws pertaining to copyright. There was a very long, drawn out discussion of what would be banned and what not before passage. It included all sorts of people traipsing up to Capitol Hill to make sure that ordinary research and system maintenance, among other things, would not be prosecuted. Bruce Schneier was among those who talked to the committees and was satisfied, as I recall, that crypto had dodged a bullet. I'm not saying that Bruce liked the bill, just that this particular fear was lessened greatly, if not eliminated, by the language that finally emerged. >Now a prosecutor probably wouldn't pursue the case of a cryptographer who >decoded messages on behalf of parents of some kid involved in drugs or sex >abuse. But what if the cryptographer was told that and the data turned out >to be someone else's? Or if the kid was e-mailing a counselor about abuse >by his parents? Or the government really didn't like the cryptographer >because of his political views? It all gets down to knowingly doing something, right? If our cryptographer acted in good faith, he wouldn't be prosecuted -- the person who set him up would be. >There is also the argument that Congress only intended to cover tools for >breaking content protections schemes like CSS and never intended to cover >general cryptanalysis. You might win with that argument in court (I >think you should), but expect a 7 digit legal bill. And if you lose, >we'll put up a "Free Will" web site. No argument there! >>>As for the legal situation before the DMCA, the Supreme Court issued a >>>ruling last year in a case, Barniki v. Volper, of a journalist who >>>broadcast a tape he received of an illegally intercepted cell phone >>>conversation between two labor organizers. The court ruled that the >>>broadcast was permissible. >> >>The journalist received the information from a source gratis. That's >>different from paying for stolen goods, hiring someone to eavesdrop, or >>breaking the law yourself. The First Amendment covers a lot, in this case. > >Correct. The Barniki opinion pointed out that the journalists were not >responsible for the interception. But journalists receive purloined data >from whistle-blowers all the time. Suppose in the future it was one of >those e-mail messages with a cryptographically enforced expiration date? A >journalist who broke that system might be sued under DMCA. That >possibility might not frighten the WSJ, but what about smaller news >organizations? Fair enough. But what would the damages under copyright law be? They generally correspond to a harm in the market for a certain kind of information. I don't see a value for a single email on the open market except as a trade secret, say. But then you're back into First Amendment territory, as well as the vagaries of state trade-secret laws (There's no such thing in federal law). One of the failings of the federal law is that it does give unethical people room to tie up the courts. Nothing new there... >>>So the stolen property argument you give might not hold. The change >>>wrought by the DMCA is that it makes trafficking in the tools needed to >>>get at encrypted data, regardless whether one has a right to (there is >>>an exemption for law enforcement) unlawful. >> >>There's language governing that in the statute. Trafficking in tools >>specifically designed to break a given form of copy protection is one >>thing. The continued availability of legal tools for cryptanalysis and >>legitimate password cracking is another. As bad as the DMCA is, it's not >>_that_ bad. Arnold replied: >I've read the statute very carefully and I never found such language. (You >can read my analysis at >http://world.std.com/~reinhold/DeCSSamicusbrief.html) It's certainly >possible that I overlooked something. Perhaps you could cite the language >you are referring to? Sure. In Section 1204, we see reference to "works protected by this title." The DMCA as enacted is part of Title 17, which is specifically copyright laws. Copyright law in the US gives a person access to his own work and also allows for fair use _as defined by the courts_. Pro-consumer types failed to get language reminding the reader that fair use still applied. Drafters argued that would have been redundant. See ulterior motives
Re: password-cracking by journalists... (long, sorry)
Will Rodger wrote: >It included all sorts of people traipsing up to >Capitol Hill to make sure that ordinary research and system maintenance, >among other things, would not be prosecuted. I think our understanding of the DMCA has changed significantly since it was first introduced, and it's not clear to me that the DMCA provides the level of protection that should perhaps be there. For instance, none of the exemptions for research apply to 1201(b), the half of the DMCA that bans making circumvention devices (as opposed to 1201(a), which bans circumventing and does have a few exemptions). As far as I can tell, 1201(b) appears to be a real concern for certain types of research in this field. >OK. so that's my rap on why this law is bad but won't likely put anyone on >this list in jail. The biggest issue for researchers may be not in the DMCA's criminal provisions, but rather in its civil provisions. (i.e., money, not jailtime) And the civil aspects of the DMCA have a truly sharp sting. I spent a lot of time talking to lawyers at UC Berkeley and elsewhere about this very issue, and there appears to be a real but very-hard-to-quantify risk -- a risk to scientists that should not be lightly dismissed. Given this risk, I've decided I cannot afford to work any further in the area of copy protection as long as the uncertainty remains. And how in good conscience can I advise students working with me to work in this troubled area? I can't. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: password-cracking by journalists... (long, sorry)
David says: >I spent a lot of time talking to lawyers at UC Berkeley and >elsewhere about this very issue, and there appears to be a real >but very-hard-to-quantify risk -- a risk to scientists that should >not be lightly dismissed. > >Given this risk, I've decided I cannot afford to work any further >in the area of copy protection as long as the uncertainty remains. >And how in good conscience can I advise students working with me >to work in this troubled area? I can't. I'd say only the law isn't a bright line against research. Are there ambiguities that make it a hazard? No doubt. No arguments here, David. Will - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: password-cracking by journalists... (long, sorry)
At 5:16 PM -0500 1/21/02, Will Rodger wrote: >Arnold says: > >>You can presumably write your own programs to decrypt your own >>files. But if you provide that service to someone else you could >>run afoul of the law as I read it. The DMCA prohibits trafficking >>in technology that can be used to circumvent technological >>protection measures. There is no language requiring proof than >>anyone's copyright was violated. Traffic for hire and it's a >>felony. > >I think there's a good argument to the contrary. > >The DMCA only bans trafficking in devices whose _primary_ purpose is >infringement. No, DMCA bans trafficking in devices whose primary purpose is *circumvention.* I'm not trying to nit pick, it's an important point. DMCA creates a whole new class of proscribed activity, circumvention, that does not require proof of infringement. As for the phrase "primary purpose," I can easily see a judge accepting the argument that the primary purpose of a tool that breaks encryption is circumvention as defined in this act. In the 2600 case, the defense argued that DeCSS was also useful for playing purchased DVDs on Linux machines and for fair use. The courts dismissed this argument. >And it only applies to works "protected by this Title," that is, >Title 17, which is the collection of laws pertaining to copyright. Right, but just about everything written today is copyrighted from the moment of creation. You have to go out of your way (or work for the U.S. government) to place new works in the public domain. > >There was a very long, drawn out discussion of what would be banned >and what not before passage. It included all sorts of people >traipsing up to Capitol Hill to make sure that ordinary research and >system maintenance, among other things, would not be prosecuted. >Bruce Schneier was among those who talked to the committees and was >satisfied, as I recall, that crypto had dodged a bullet. I'm not >saying that Bruce liked the bill, just that this particular fear was >lessened greatly, if not eliminated, by the language that finally >emerged. I've heard that story as well. I don't know if he saw the final language, how long he had to study it or what he based that opinion on. Maybe there is some statement in the legislative history, which is only what the legislators said about the bill, that might be helpful in court. Absent that, we have to rely on what the law actually says. Bruce's opinion of what the law means would carry no weight in court. > >>Now a prosecutor probably wouldn't pursue the case of a >>cryptographer who decoded messages on behalf of parents of some kid >>involved in drugs or sex abuse. But what if the cryptographer was >>told that and the data turned out to be someone else's? Or if the >>kid was e-mailing a counselor about abuse by his parents? Or the >>government really didn't like the cryptographer because of his >>political views? > >It all gets down to knowingly doing something, right? If our >cryptographer acted in good faith, he wouldn't be prosecuted -- the >person who set him up would be. I see nothing in the law that exempts you from liability if you didn't know you acted without authorization of the copyright holder. There is a provision, 1203(c)(5), that lets a court reduce reducing civil damages if you didn't know. That presumably does not apply to the criminal provisions and prosecutors are notorious for doing whatever it takes if they want to get someone. See, for example http://www.nytimes.com/2002/01/21/nyregion/21CLEA.html > > >>There is also the argument that Congress only intended to cover >>tools for breaking content protections schemes like CSS and never >>intended to cover general cryptanalysis. You might win with that >>argument in court (I think you should), but expect a 7 digit legal >>bill. And if you lose, we'll put up a "Free Will" web site. > >No argument there! > As for the legal situation before the DMCA, the Supreme Court issued a ruling last year in a case, Barniki v. Volper, of a journalist who broadcast a tape he received of an illegally intercepted cell phone conversation between two labor organizers. The court ruled that the broadcast was permissible. >>> >>>The journalist received the information from a source gratis. >>>That's different from paying for stolen goods, hiring someone to >>>eavesdrop, or breaking the law yourself. The First Amendment >>>covers a lot, in this case. >> >>Correct. The Barniki opinion pointed out that the journalists were >>not responsible for the interception. But journalists receive >>purloined data from whistle-blowers all the time. Suppose in the >>future it was one of those e-mail messages with a cryptographically >>enforced expiration date? A journalist who broke that system might >>be sued under DMCA. That possibility might not frighten the WSJ, >>but what about smaller news organizations? > > >Fair enough. But wh
Re: password-cracking by journalists... (long, sorry)
Another point -- the law protects "encryption" research, not "cryptographic" research. Watermarking or DRM systems do not appear to be covered by the statute's definition of "encryption". --Steve Bellovin, http://www.research.att.com/~smb Full text of "Firewalls" book now at http://www.wilyhacker.com - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
1201 "effectively controls access" (was Re: password-cracking by journalists...)
on Mon, Jan 21, 2002 at 09:55 AM -0500, Trei, Peter ([EMAIL PROTECTED]) wrote: > > Karsten M. Self[SMTP:[EMAIL PROTECTED]] writes: > > > > Note that my reading the language of 1201 doesn't requre that the work > > being accessed be copyrighted (and in the case of Afghanistan, there is > > a real question of copyright status), circumvention itself is > > sufficient, regardless of status of the specific work accessed: > > >17 USC 1201(a)(1)(A): > >No person shall circumvent a technological measure that > >effectively controls access to a work protected under > >this title. > > I'm sure I'm picking nits here (and I praise God every day that > I Am Not A L*wy*r), but what does 'effectively' mean? If it can be > broken, was it effective? What level of work is required to make > it an 'effective technological measure'? If the standard is 'anything, > including rot13', then why is the word present in the rule at all? > > Technological measures can range from violating the CDROM > standard and introducing deliberate errors to confuse some > readers, all the way up to full real-time, online, 3-factor > authentication. > > The inclusion of the word 'effectively' presumes the existance of > 'ineffective' technological measures, which it would be no crime > to circumvent. Where, then, is the distinction? > > I'm reminded of a humorous button I've seen at some SF > conventions: "Anything not nailed down is legally mine. Anything > I can pry up wasn't nailed down in the first place." I'd taken some time to run 'round that logical circle myself. I believe the NY 2600 case dealt with this issue. Kaplan, at least, wasn't convinced. I've attached Wendy Seltzer's comments to the dvd-discuss list. Peace. -- Karsten M. Self <[EMAIL PROTECTED]>http://kmself.home.netcom.com/ What part of "Gestalt" don't you understand? Home of the brave http://gestalt-system.sourceforge.net/Land of the free We freed Dmitry! Boycott Adobe! Repeal the DMCA! http://www.freesklyarov.org Geek for Hire http://kmself.home.netcom.com/resume.html --- Begin Message --- At 06:03 PM 2/7/01 +0100, Tom wrote: >On Wed, Feb 07, 2001 at 08:53:35AM -0800, [EMAIL PROTECTED] wrote: > > #3 is the most dangerous. My professional opinion is that the creators of > > CSS are incompetent and could have benefited from reading some of the IEEE > > journals and Sol Golomb's book. It is fortunate that they were. Triple DES > > would have really complicated the matter especially if the key were > > embedded in an ASIC that took cipher text in and spit out plaintext out. > >do we have an uncontested expert statement in evidence that CSS is, in >fact, pretty crappy? It doesn't matter. Kaplan's interpretation of ''effectively controls access to a work'' may have been the only sound part of his opinion -- replace with 'has the effect of controlling access' not 'stands up to attack'. The whole point of Section 1201 is that the TPM is backed by law, not strong encryption. CSS could have a hole the size of Texas and still import 1201's hellfire against those who "broke" it -- hence the need to break 1201. Anything we say about how weak CSS is will most likely be misinterpreted as a flawed claim that it's "ineffective," so I'd stay away from that line. --Wendy Wendy Seltzer -- [EMAIL PROTECTED] Fellow, Berkman Center for Internet & Society at Harvard Law School http://cyber.law.harvard.edu/seltzer.html --- End Message --- msg01562/pgp0.pgp Description: PGP signature