Is e-mail in transit communications or data in storage? Seems like a basic question, but the answer matters a lot to the police. A U.S. federal Appeals Court has ruled that the interception of e-mail in temporary storage violates the federal wiretap act, reversing an earlier court opinion.
The case and associated privacy issues are summarized here. Basically, different privacy laws protect electronic communications in transit and data in storage; the former is protected much more than the latter. E-mail stored by the sender or the recipient is obviously data in storage. But what about e-mail on its way from the sender to the receiver? On the one hand, it’s obviously communications on transit. But the other side argued that it’s actually stored on various computers as it wends its way through the Internet; hence it’s data in storage.
The initial court decision in this case held that e-mail in transit is just data in storage. Judge Lipez wrote an inspired dissent in the original opinion. In the rehearing en banc (more judges), he wrote the opinion for the majority which overturned the earlier opinion.
The opinion itself is long, but well worth reading. It’s well reasoned, and reflects extraordinary understanding and attention to detail. And a great last line:
If the issue presented be “garden-variety”… this is a garden in need of a weed killer.
I participated in an Amicus Curiae (“friend of the court”) brief in the case. Here’s another amicus brief by six civil liberties organizations.
There’s a larger issue here, and it’s the same one that the entertainment industry used to greatly expand copyright law in cyberspace. They argued that every time a copyrighted work is moved from computer to computer, or CD-ROM to RAM, or server to client, or disk drive to video card, a “copy” is being made. This ridiculous definition of “copy” has allowed them to exert far greater legal control over how people use copyrighted works.
Posted on August 15, 2005 at 7:59 AM •
Two years ago I (and others) wrote about the security dangers of Microsoft’s monopoly. In the paper, we wrote:
Security has become a strategic concern at Microsoft but security must not be permitted to become a tool of further monopolization.
A year before that, I wrote about Microsoft’s trusted computer system (called Palladium—Pd for short—at the time):
Pay attention to the antitrust angle. I guarantee you that Microsoft believes Pd is a way to extend its market share, not to increase competition.
Intel and Microsoft are using DRM technology to cut Linux out of the content market.
This whole East Fork scheme is a failure from the start. It brings nothing positive to the table, costs you money, and rights. If you want to use Linux to view your legitimately purchased media, you will be a criminal. In fact, if you want to take your legitimately bought media with you on a road trip and don’t feel the need to pay again for it—fair use, remember—you are also a criminal. Wonderful.
Intel has handed the keys to the digital media kingdom to several convicted monopolists who have no care at all for their customers. The excuse Intel gives you if you ask is that they are producing tools, and only tools, their use is not up to Intel. The problem here is that Intel has given the said tools to some of the most rapacious people on earth. If you give the record companies a DRM scheme that goes from 1 (open) to 10 (unusably locked down), they will start at 14 and lobby Congress to mandate that it can be turned up higher by default.
Posted on July 28, 2005 at 7:25 AM •
The Hymn Project exists to break the iTunes mp4 copy-protection scheme, so you can hear the music you bought on any machine you want.
The purpose of the Hymn Project is to allow you to exercise your fair-use rights under copyright law. The various software provided on this web site allows you to free your iTunes Music Store purchases (protected AAC / .m4p) from their DRM restrictions with no loss of sound quality. These songs can then be played outside of the iTunes environment, even on operating systems not supported by iTunes and on hardware not supported by Apple.
Initially, the software recovered your iTunes password (your key, basically) from your hard drive. In response, Apple obfuscated the format and no one has yet figured out how to recover the keys cleanly. To get around this, they developed a program called FairKeys that impersonates iTunes and contacts the server. Since the iTunes client can still get your password, this works.
FairKeys … pretends to be a copy of iTunes running on an imaginary computer, one of the five computers that you’re currently allowed to authorize for playing your iTMS purchases. FairKeys logs into Apple’s web servers to get your keys the same way iTunes does when it needs to get new keys. At least for now, at this stage of the cat-and-mouse game, FairKeys knows how to request your keys and how to decode the response which contains your keys, and once it has those keys it can store them for immediate or future use by JHymn.
More security by inconvenience, and yet another illustration of the neverending arms race between attacker and defender.
Posted on July 11, 2005 at 8:09 AM •
This is from 2003, but I had not seen it before: “Analysis of the MediaMax CD3 Copy-Prevention System.”
Posted on June 16, 2005 at 7:57 AM •
The new Pentium D will contain technology that can be used to support DRM.
Intel is denying it, but it sounds like they’re weaseling:
According to Intel VP Donald Whiteside, it is “an incorrect assertion that Intel has designed-in embedded DRM technologies into the Pentium D processor and the Intel 945 Express Chipset family.” Whiteside insists they are simply working with vendors who use DRM to “design their products to be compatible with the Intel platforms.”
Posted on June 11, 2005 at 7:51 AM •
Why is the Department of Homeland Security involved in copyright issues?
Agents shut down a popular Web site that allegedly had been distributing copyrighted music and movies, including versions of Star Wars Episode III: Revenge of the Sith. Homeland Security agents from several divisions served search warrants on 10 people around the country suspected of being involved with the Elite Torrents site, and took over the group’s main server.
Shouldn’t they be spending their resources on matters of national security instead of worrying about who is downloading the new Star Wars movie? Here’s the DHS’s mission statement, in case anyone is unsure what they’re supposed to be doing.
We will lead the unified national effort to secure America. We will prevent and deter terrorist attacks and protect against and respond to threats and hazards to the nation. We will ensure safe and secure borders, welcome lawful immigrants and visitors, and promote the free-flow of commerce.
I simply don’t believe that running down file sharers counts under “promote the free-flow of commerce.” That’s more along the lines of checking incoming shipping for smuggled nuclear bombs without shutting down our seaports.
Edited to add: Steve Wildstrom of Business Week left this comment, which seems to explain matters:
The DHS involvement turns out to be not the least bit mysterious. DHS is a sprawling agglomeration of agencies and the actual unit involved was Immigration and Customs Enforcement, a/k/a the Customs Service. Its involvement arose because the pirated copy of Star Wars apparently originated outside the U.S. and Customs is routinely involved in the interception and seizure of material entering the U.S. in violation of copyright or trademark laws. In Washington, for example, Customs agents regularly bust street vendors selling T-shirts with unlicensed Disney characters and other trademarked and copyright stuff.
The Secret Service’s role in computer crime enforcement arose from its anti-counterfeiting activities which extended to electronic crimes against financial institutions and cyber-crime in general. But they aren’t very good at it (anyone remember the Steve Jackson Games fiasco?) and the functions would probably best be turned over to another agency.
Posted on June 1, 2005 at 2:31 PM •
Researchers who reverse-engineer software to discover programming flaws can no longer legally publish their findings in France, after a court fined a security expert on Tuesday.
Edited to add:
Seems like the case did not center around the publication of the bug, but the use of pirated software.
Posted on March 23, 2005 at 9:15 AM •
A very nicely written analysis of the recent DMCA-related court decisions in the Lexmark and Chamberlain cases.
Posted on February 24, 2005 at 2:00 PM •
From the Associated Press:
Microsoft Corp. plans to severely curtail the ways in which people running pirated copies of its dominant Windows operating system can receive software updates, including security fixes.
The new authentication system, announced Tuesday and due to arrive by midyear, will still allow people with pirated copies of Windows to obtain security fixes, but their options will be limited. The move allows Microsoft to use one of its sharpest weapons—access to security patches that can prevent viruses, worms and other crippling attacks—to thwart a costly and meddlesome piracy problem.
I’ve written about this before. Unpatched Windows systems on the Internet are a security risk to everyone. I understand Microsoft wanting to fight piracy, but reducing the security of its paying customers is not a good way to go about it.
Posted on February 17, 2005 at 8:00 AM •
Sidebar photo of Bruce Schneier by Joe MacInnis.