Effective and ineffective technological measures
The DMCA said: > 1201(a)(1)(A): >No person shall circumvent a technological measure that effectively >controls access to a work protected under this title. What does "effectively" mean here? If it has its plain english meaning, then one could argue that ROT13, CSS (and anything else that can easily be broken) are *ineffective* technological measures, so circumventing them is not prohibited by this clause. Distinguishing effective measures from ineffective measures might reduce to measuring the resources required to break them. Or does the clause really mean "No person shall circumvent a technological measure that *purports to control* access to a work protected under this title"? --apb (Alan Barrett) - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Effective and ineffective technological measures
on 7/29/01 5:20 AM, Alan Barrett at [EMAIL PROTECTED] wrote: > The DMCA said: >> 1201(a)(1)(A): >> No person shall circumvent a technological measure that effectively >> controls access to a work protected under this title. > > What does "effectively" mean here? > > If it has its plain english meaning, then one could argue that ROT13, > CSS (and anything else that can easily be broken) are *ineffective* > technological measures[...] > > Or does the clause really mean "No person shall circumvent a > technological measure that *purports to control* access to a work > protected under this title"? > Depending on what plain english meaning your prosecutor wants to use, you can end up with an interesting result here. The meaning I see in my dictionary says "Having an expected or intended effect." Thus, it goes to expectations and intentions. If the intention of the IP owner was to use ROT13 to make it difficult for unauthorized users to view the data, it would generally be agreed this was ineffective. However, if the intention of the IP owner was to use ROT13 to make unauthorized viewing of the data subject to the DMCA, then it is effective. This may seem somewhat silly, but access does not need to be controlled by making unauthorized viewing difficult, it can also be controlled by making unauthorized viewing (and/or assistance with such) a criminal act. Perhaps it helps to think of the new war on piracy in terms of the war on drugs (aka controlled substances): >From the Controlled Substances Act (CSA) 21 USCS Section 802: >(5) The term "control" means to add a drug or other substance, or immediate >precursor, to a schedule under part B of this title, whether by transfer from >another schedule or otherwise. If you apply this sense of "control" with DMCA, instead of there being a list of "controlled IPs", there's a virtual list where an IP owner just needs to add some (any!) technological measure (aka ROT13) to get on the list to be protected by DMCA. Again, using the CSA to explain the DMCA may seem silly, but try to look at it from the perspectives of government prosecutors and judges. They've been working with the CSA for some time now and think in those terms. It's human nature to try and apply what you're already familiar with to something new. There's a striking number of parallels between the CSA and the DMCA and I suggest reading them both together to get a sense of what the DMCA will mean in reality. Why, the CSA even begins with an acknowledgement of "fair use" almost as if they mention it to get it out of the way before they completely ignore it in practice. Dave - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Effective and ineffective technological measures
At 11:20 AM +0200 7/29/2001, Alan Barrett wrote: >The DMCA said: > > 1201(a)(1)(A): >>No person shall circumvent a technological measure that effectively >>controls access to a work protected under this title. > >What does "effectively" mean here? The law attempts to define it: '1201(a)(3)(B) a technological measure ''effectively controls access to a work'' if the measure, in the ordinary course of its operation, requires the application of information, or a process or a treatment, with the authority of the copyright owner, to gain access to the work.' >If it has its plain english meaning, then one could argue that ROT13, >CSS (and anything else that can easily be broken) are *ineffective* >technological measures, so circumventing them is not prohibited by this >clause. Distinguishing effective measures from ineffective measures >might reduce to measuring the resources required to break them. > >Or does the clause really mean "No person shall circumvent a >technological measure that *purports to control* access to a work >protected under this title"? I suspect most judges would interpret "the ordinary course of its operation" the latter way. Clearly Judge Kaplan was not impressed by the fact that CSS was broken by a high school kid. There is also the argument that if a measure is really effective in plain English meaning, you don't *need* an anti-circumvention law. Whether the anti=circumvention provision is constitutional, since it eliminates fair use, is another question. There is an excellent "Twiki" site at Harvard Law School that has many of these arguments and also allows others to contribute: http://eon.law.harvard.edu/twiki/bin/view/Openlaw/OpenlawDVD Arnold Reinhold - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Effective and ineffective technological measures
At 11:20 AM 7/29/2001 +0200, Alan Barrett wrote: >The DMCA said: > > 1201(a)(1)(A): > >No person shall circumvent a technological measure that effectively > >controls access to a work protected under this title. > >What does "effectively" mean here? 1201(b)(2)(B): a technological measure ''effectively protects a right of a copyright owner under this title'' if the measure, in the ordinary course of its operation, prevents, restricts, or otherwise limits the exercise of a right of a copyright owner under this title. -- Greg Broiles [EMAIL PROTECTED] "We have found and closed the thing you watch us with." -- New Delhi street kids - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
A pattern emerges...
Consider the DMCA (US law) as compared to the Terrorism Act of 2000 (UK law). Both make it effectively illegal for ordinary citizens to own, use, or distribute any software capable of performing decrypts by exploiting a weak cryptographic system. The US and UK, not coincidentally, are the two governments with the largest known investments in SIGINT -- the famous Echelon System. If people started using strong cryptographic systems, Echelon would be effectively useless. Therefore it is in the best interests of these two governments to make weak cryptographic systems the norm insofar as they are able. This is possible by providing an additional layer of legal protection to users of weak cryptographic systems -- with software capable of exploiting such weaknesses effectively illegal to own or use, the developers of such products have drastically reduced incentive to develop strong cryptographic systems to replace them. The DMCA and the Terrorism Act appear to provide exactly such laws. What has been passed recently by the other signatories to the UKUSA agreement that created Echelon? Bear - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: A pattern emerges...
Well, Australia is also looking at (and probably soon to pass) similarly draconian legislation. The EFA is Electronic Frontiers Australia -- see http://www.efa.org.au/Campaigns/cybercrime.html >EFA lodged a submission with the Inquiry into The Law Enforcement >Implications of New Technology being conducted by the Joint Committee on >the National Crime Authority. EFA is very concerned about proposals put >forward by several law enforcement agencies for legislation to require >Australian ISPs to retain transaction logs of all user activities. We >consider the monitoring or data warehousing of Internet traffic or content >on a mass scale to be highly privacy-invasive and an infringement of the >human rights of Internet users. This proposal, if not strongly opposed by >Internet users, is likely to foreshadow a move towards a Bill similar to >the draconian Regulation of Investigatory Powers Bill (R.I.P.) recently >passed in the U.K. The submission will be made available on EFA's website >as soon as the Committee has granted permission for it to be made publicly >available (this is normal prodecure in accord with Parliamentary inquiry >rules/procedures). The Committee's report is likely to be tabled in the >Winter sittings of Parliament. Greg. At 04:35 PM 7/29/2001 -0700, Ray Dillinger wrote: >The DMCA and the Terrorism Act appear to provide exactly such laws. >What has been passed recently by the other signatories to the UKUSA >agreement that created Echelon? Greg Rose INTERNET: [EMAIL PROTECTED] Qualcomm Australia VOICE: +61-2-9817 4188 FAX: +61-2-9817 5199 Level 3, 230 Victoria Road,http://people.qualcomm.com/ggr/ Gladesville NSW 2111232B EC8F 44C6 C853 D68F E107 E6BF CD2F 1081 A37C - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]