RE: Effective and ineffective technological measures
On Mon, 30 Jul 2001, Paul Onions wrote: > Indeed, my reading of the following extract defining 'encryption research' > in the DMCA seems to indicate that it is easier to prosecute someone for > exposing a vulnarability in a weak system than for a stronger system. > > `(1) DEFINITIONS- For purposes of this subsection-- > > `(A) the term `encryption research' means activities necessary to > identify and analyze flaws and vulnerabilities of encryption > technologies applied to copyrighted works, if these activities are > conducted to advance the state of knowledge in the field of encryption > technology or to assist in the development of encryption products; and > > `(B) the term `encryption technology' means the scrambling and > descrambling of information using mathematical formulas or algorithms. > > The reasoning being that exposing a vulnerability in a weak system will not > 'advance the state of knowledge in the field of encryption technology'. It seems to me there is another loop-hole... "...encryption technologies applied to copyrighted works." If one can discuss the subject such that the applications never come up, in other words you're not drawing somebody a roadmap to crack. -- Nature and Nature's laws lay hid in night: God said, "Let Tesla be", and all was light. B.A. Behrend The Armadillo Group ,::;::-. James Choate Austin, Tx /:'/ ``::>/|/ [EMAIL PROTECTED] www.ssz.com.', `/( e\ 512-451-7087 -~~mm-'`-```-mm --'- - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
RE: Effective and ineffective technological measures
> -- > From: Alan Barrett[SMTP:[EMAIL PROTECTED]] > > > The DMCA said: > > 1201(a)(1)(A): > >No person shall circumvent a technological measure that effectively > >controls access to a work protected under this title. > > What does "effectively" mean here? > > If it has its plain english meaning, then one could argue that ROT13, > CSS (and anything else that can easily be broken) are *ineffective* > technological measures, so circumventing them is not prohibited by this > clause. Distinguishing effective measures from ineffective measures > might reduce to measuring the resources required to break them. > > Or does the clause really mean "No person shall circumvent a > technological measure that *purports to control* access to a work > protected under this title"? > > --apb (Alan Barrett) > Take a look at Sklyarov's presentation: http://www.treachery.net/~jdyson/ebooks/ and especially http://www.treachery.net/~jdyson/ebooks/slide11.html The listed company allegedly puts ROT13 in a dongle, and then encrypts documents for $3000 a pop. [In fairness, I can't confirm this from their own website, and I suspect that they are just 'protecting' their own investor reports]. but read the whole Sklyarov presentation - this is not the most fraudulent form of 'protection' being foisted on naive e-publishers. Peter Trei - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
RE: Effective and ineffective technological measures
Dave Archer wrote: > ... > > However, if the intention of the IP owner was to use ROT13 to make > unauthorized viewing of the data subject to the DMCA, then it > is effective. > > This may seem somewhat silly, but access does not need to be > controlled by making unauthorized viewing difficult, it can also be > controlled by making unauthorized viewing (and/or assistance with such) > a criminal act. Indeed, my reading of the following extract defining 'encryption research' in the DMCA seems to indicate that it is easier to prosecute someone for exposing a vulnarability in a weak system than for a stronger system. `(1) DEFINITIONS- For purposes of this subsection-- `(A) the term `encryption research' means activities necessary to identify and analyze flaws and vulnerabilities of encryption technologies applied to copyrighted works, if these activities are conducted to advance the state of knowledge in the field of encryption technology or to assist in the development of encryption products; and `(B) the term `encryption technology' means the scrambling and descrambling of information using mathematical formulas or algorithms. The reasoning being that exposing a vulnerability in a weak system will not 'advance the state of knowledge in the field of encryption technology'. e.g. telling the world that product X uses ROT13 is of no interest to the cryptographic community. So an individual (not engaged in developing encryption products) exposing a 'ROT13 product' does not qualify for the encryption research exemption. So a technically savvy person stating the technically obvious had better be careful! Is this a reasonable interpretation? (I have only read exerts of the act that have been posted here and there, so am missing much information :-) Paul(o) - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Effective and ineffective technological measures
At 11:20 AM 7/29/2001 +0200, Alan Barrett wrote: >The DMCA said: > > 1201(a)(1)(A): > >No person shall circumvent a technological measure that effectively > >controls access to a work protected under this title. > >What does "effectively" mean here? 1201(b)(2)(B): a technological measure ''effectively protects a right of a copyright owner under this title'' if the measure, in the ordinary course of its operation, prevents, restricts, or otherwise limits the exercise of a right of a copyright owner under this title. -- Greg Broiles [EMAIL PROTECTED] "We have found and closed the thing you watch us with." -- New Delhi street kids - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Effective and ineffective technological measures
At 11:20 AM +0200 7/29/2001, Alan Barrett wrote: >The DMCA said: > > 1201(a)(1)(A): >>No person shall circumvent a technological measure that effectively >>controls access to a work protected under this title. > >What does "effectively" mean here? The law attempts to define it: '1201(a)(3)(B) a technological measure ''effectively controls access to a work'' if the measure, in the ordinary course of its operation, requires the application of information, or a process or a treatment, with the authority of the copyright owner, to gain access to the work.' >If it has its plain english meaning, then one could argue that ROT13, >CSS (and anything else that can easily be broken) are *ineffective* >technological measures, so circumventing them is not prohibited by this >clause. Distinguishing effective measures from ineffective measures >might reduce to measuring the resources required to break them. > >Or does the clause really mean "No person shall circumvent a >technological measure that *purports to control* access to a work >protected under this title"? I suspect most judges would interpret "the ordinary course of its operation" the latter way. Clearly Judge Kaplan was not impressed by the fact that CSS was broken by a high school kid. There is also the argument that if a measure is really effective in plain English meaning, you don't *need* an anti-circumvention law. Whether the anti=circumvention provision is constitutional, since it eliminates fair use, is another question. There is an excellent "Twiki" site at Harvard Law School that has many of these arguments and also allows others to contribute: http://eon.law.harvard.edu/twiki/bin/view/Openlaw/OpenlawDVD Arnold Reinhold - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Effective and ineffective technological measures
on 7/29/01 5:20 AM, Alan Barrett at [EMAIL PROTECTED] wrote: > The DMCA said: >> 1201(a)(1)(A): >> No person shall circumvent a technological measure that effectively >> controls access to a work protected under this title. > > What does "effectively" mean here? > > If it has its plain english meaning, then one could argue that ROT13, > CSS (and anything else that can easily be broken) are *ineffective* > technological measures[...] > > Or does the clause really mean "No person shall circumvent a > technological measure that *purports to control* access to a work > protected under this title"? > Depending on what plain english meaning your prosecutor wants to use, you can end up with an interesting result here. The meaning I see in my dictionary says "Having an expected or intended effect." Thus, it goes to expectations and intentions. If the intention of the IP owner was to use ROT13 to make it difficult for unauthorized users to view the data, it would generally be agreed this was ineffective. However, if the intention of the IP owner was to use ROT13 to make unauthorized viewing of the data subject to the DMCA, then it is effective. This may seem somewhat silly, but access does not need to be controlled by making unauthorized viewing difficult, it can also be controlled by making unauthorized viewing (and/or assistance with such) a criminal act. Perhaps it helps to think of the new war on piracy in terms of the war on drugs (aka controlled substances): >From the Controlled Substances Act (CSA) 21 USCS Section 802: >(5) The term "control" means to add a drug or other substance, or immediate >precursor, to a schedule under part B of this title, whether by transfer from >another schedule or otherwise. If you apply this sense of "control" with DMCA, instead of there being a list of "controlled IPs", there's a virtual list where an IP owner just needs to add some (any!) technological measure (aka ROT13) to get on the list to be protected by DMCA. Again, using the CSA to explain the DMCA may seem silly, but try to look at it from the perspectives of government prosecutors and judges. They've been working with the CSA for some time now and think in those terms. It's human nature to try and apply what you're already familiar with to something new. There's a striking number of parallels between the CSA and the DMCA and I suggest reading them both together to get a sense of what the DMCA will mean in reality. Why, the CSA even begins with an acknowledgement of "fair use" almost as if they mention it to get it out of the way before they completely ignore it in practice. Dave - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Effective and ineffective technological measures
The DMCA said: > 1201(a)(1)(A): >No person shall circumvent a technological measure that effectively >controls access to a work protected under this title. What does "effectively" mean here? If it has its plain english meaning, then one could argue that ROT13, CSS (and anything else that can easily be broken) are *ineffective* technological measures, so circumventing them is not prohibited by this clause. Distinguishing effective measures from ineffective measures might reduce to measuring the resources required to break them. Or does the clause really mean "No person shall circumvent a technological measure that *purports to control* access to a work protected under this title"? --apb (Alan Barrett) - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]