Schneier on Security
A blog covering security and security technology.
« Interesting Bioterrorism Drill |
| Erasable Ink Scam »
November 28, 2006
New DMCA Exemptions
Last week the U.S. Copyright Office released a new list of exemptions to the DMCA. Commentary here. And an article.
Posted on November 28, 2006 at 6:18 AM
• 12 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Wow, a step in the right direction.
However (Yea i know lots of BUT/However comments here) I don't think it really permits full discloure of attacks with particular implemetations of things like TC. So if i find a attack on the TC platform or XBOX or whatever, i'm still not allowed to publish the results (in the US anyway). And if i do publish the results and I'm not in the US i can still be arrested when i travel to the US.
There are a couple of reasonable U-turns to the DMCA in this ruling, and I think the most powerful are the unlocked mobile phones and the 'if DRM broke my computer I'm allowed to break it' ruling.
But as someone pointed out on Slashdot, this is really like a Cop (the Govt) standing, watching and doing nothing while you're beaten stupid by a couple of Mob guys (Industry) and once they're done the cop hands you an ice-pack.
The cop should have never allowed the beating to occur in the first place.
The businessweek headline misstates the subject - "new" rights were not issued, (pre-existing) rights were returned.
Neat: the word "dongle" now has governmental sanction.
"Anyone can study, test, or remove malware distributed on CDs."
The downside is that it explicitly only applies to 'compact disc format', and 'sound recordings, and audiovisual works associated with those sound recordings'.
So that leaves out DVDs, and I would assume video that is not associated with a sound recording. Which means you can't circumvent copy protection on a DVD to investigate security vulnerabilities it creates or exploits on your computer.
I think that these rules are remarkable for 2 reasons.
Firstly, the government is explicitly acknowledging (and relying upon) the fact that copy protection is relatively easy to break.
Also, the government is relying on the hackers/crackers to prepare circumvention techniques that would otherwise be illegal (presumably the circumvention techniques must be developed before the associated software/hardware becomes obsolete).
It's a shame they removed the exemption for people who reverse engineer Internet content-filtering software. That one is of considerable personal interest to me (see my link) but it should be important to everyone.
Yes, well, as Prof. Felton's comments mentioned, they removed the exemption because all exemptions have to re-applied for every three years, and Seth Finkelstein and the other people involved were getting tired of having to jump through the same hoops every three years. Without someone present to re-hash the same arguments over again, the 'default deny' kicked in and the exemption went away.
Not that I'm saying that's a good way of doing things, just that it's the way the law seems to be set up now. I just hope we don't import that sort of idiocy into Canada. We have enough of our own idiocy, thank you.
"And if i do publish the results and I'm not in the US i can still be arrested when i travel to the US."
It might have allready happened...
I searched Google the other day with
["Schneier on Security" "clive Robinson"]
And was rewarded with the following message,
"n response to a complaint we received under the US Digital Millennium Copyright Act, we have removed 2 result(s) from this page. If you wish, you may read the DMCA complaint that caused the removal(s) at ChillingEffects.org."
Google have not seen fit to reply to my EMail asking if it is a technical error or not...
Since most technical folks not associated with shoveling DRM consider DRM itself to be malware, it sounds like it's now open-season on DRM systems.
Why is this good news? Making people go to Washington to request loopholes in an unconstitutional law merely legitimizes that law. The DMCA makes any device which can solve a problem used to protect digital works a crime. Operating systems are used to protect digital works. Some people can solve these types of problems in their heads. The result? People who understand how some operating systems work are walking felonies, in possession of their own felonious brains. They can be re-convicted every day they wake up able to circumvent poorly designed access controls. This is not how a free country works. This is totalitarianism.
The only correct response to the DMCA is universal, widespread, publicized disobedience. Someone needs to be jailed for public service; something as dramatic as helping blind people read ebooks. Only a succession of absurd convictions like this has a chance of waking America up.
Don't play their game.
In 2003, Rep. Rick Boucher (D-VA) introduced the Digital Media Consumers' Rights Act. One function of the act was to permit the access control technology on a DRM-covered work to be circumvented for non-infringing utilization of the work. The act was reintroduced in 2005. See http://en.wikipedia.org/wiki/DMCRA
In the meantime, there is the Defective by Design campaign which opposes DRM technology. See http://www.defectivebydesign.org/
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.