At 9:09 AM -0700 7/30/01, Ray Dillinger wrote:
On Sat, 28 Jul 2001, David Honig wrote:
Not a problem -- as long as what you're making available to the public at DefCon is not a program that script kiddies can download and use to break stuff.
What's a 'program' in the above sentence? Is source a program? Source without the main() and #includes? Source with an intentionally missing ';'? Precise english description of an algorithm? Math? What exactly are the limits of a 'script kiddie'?
Oh, please, let's not get into specious crap. I'm totally familiar with the concept that "source code" is considered by some to be a gray area.
To me, the distinction is relatively clear. Source code is what enables someone to do X whether or not they understand X. You don't have to understand the weaknesses in a cryptosystem to correct a few syntax errors, figure out what standard libraries to include, or do a conversion between different forms of the source with a perl script. I mean, the code could *help* you understand it, if you were inclined to read it for content -- but if you can get it working without understanding what it does, it probably violates the law.
Translate this semantic debate into "bomb-making instructions." There are various forms of the recipes for making a bomb, ranging from a very high-level description to a highly-detailed recipe that nearly any moron could follow. At which point is the description illegal under the Feinstein type of proposal? And where does Felten fit into this spectrum? Felten and his co-workers say they were threatened with a DMCA suit (civil, I presume) if they went ahead and presented their research. (The recording industry claims they had no plans to sue...) The language of the DMCA, which several people have been debating here for the past week or so, certainly suggests that Felten and Co. could have been sued, even prosecuted criminally, under the DMCA. This is my reading. To get back to the "high level" (source code) vs. "low level" (executable) point, there is no meaningful difference between the two. Just a mapping, via either "knowledge" or a "compiler." If detailed bomb-making instructions are banned, then the law will have to "back up" into more general instructions and then back further. The critical point is that Congress is now in the business of criminalizing mere speech. mere research. Whether one quibbles about whether hackers "understand" the instructions on how to bypass crypto protections, or whether bombz d00dz "understand" the chemistry and physics of their bombs, the new outlawing of crypto instructions and bomb-making instructions is the issue. --Tim May -- Timothy C. May tcmay@got.net Corralitos, California Political: Co-founder Cypherpunks/crypto anarchy/Cyphernomicon Technical: physics/soft errors/Smalltalk/Squeak/agents/games/Go Personal: b.1951/UCSB/Intel '74-'86/retired/investor/motorcycles/guns