Re: Is distribution of cracked Texas Instruments signing keys illegal according to DMCA?

[Steve Langasek]

On Thu, Oct 15, 2009 at 11:23:41AM +0200, Krzysztof Burghardt wrote:
> Is distribution of cracked Texas Instruments signing keys illegal
> according to DMCA?

This list is not a source for legal advice.  If you have questions about the
legality of distributing a particular piece of software, you should contact
the DPL who can refer the question to SPI's legal counsel.

> If not, is it legal to remove TI's keys and include rabbitsign
> in Debian (it will still be usable with community-created "0005" key
> which anyone can use to sign their own third-party OS).

If the only component being disputed are the signing keys, why do you think
this would not be legal?

> Finally, is it possible that signing application is illegal at all, no
> matter if distributed with or without keys, because it "circumvents DRM"?

There are numerous applications in Debian that can be (and are) used for
codesigning.

-- 
Steve Langasek   Give me a lever long enough and a Free OS
Debian Developer   to set it on, and I can move the world.
Ubuntu Developerhttp://www.debian.org/
slanga...@ubuntu.com vor...@debian.org


signature.asc
Description: Digital signature

Is distribution of cracked Texas Instruments signing keys illegal according to DMCA?

[Krzysztof Burghardt]

Dear debian-legal members,

While working on packages related to Texas Instruments (TI) graphical
calculators [1] I decided to package rabbitsign [2]. This application
includes TI signing keys that was requested by TI to be removed from
various places (including Wikipedia [3]). Currently some of those keys
are available on Wikileaks [4]. Most (if not all) keys are available
from [5].

While most sites removed keys on TI requests, Electronic Frontier
Foundation (EFF) stated [6] that "TI's DMCA claim fails for another
reason, as well: running software of your choice on your calculator
has no "nexus" with copyright infringement". And warned Texas
Instruments "not to pursue its baseless legal threats against
calculator hobbyists" [7]. I'm not an US citizen, so I don't have any
knowledge about US copyright law.

Is distribution of cracked Texas Instruments signing keys illegal
according to DMCA? If it's legal then rabbitsign can be included in
Debian. If not, is it legal to remove TI's keys and include rabbitsign
in Debian (it will still be usable with community-created "0005" key
which anyone can use to sign their own third-party OS). Finally, is it
possible that signing application is illegal at all, no matter if
distributed with or without keys, because it "circumvents DRM"?

[1] namely TiEmu, TiLP and their dependencies
[2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=533838
[3] http://en.wikipedia.org/wiki/Texas_Instruments_signing_key_controversy
[4] 
http://wikileaks.org/wiki/Suppressed_Texas_Instruments_cryptographic_signing_keys,_28_Aug_2009
[5] http://db48x.net/TI-keys/keys.shtml
[6] http://www.eff.org/deeplinks/2009/09/ti-leave-those-kids-alone
[7] http://www.eff.org/press/archives/2009/10/13

(Please CC me. I'm not subscribed.)

Best regards,
-- 
Krzysztof Burghardt 
http://www.burghardt.pl/


-- 
To UNSUBSCRIBE, email to debian-legal-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org