Arnold Reinhold writes:
If you read the language carefully, you will see that 1201g only permits *circumvention* as part of cryptographic research (and then only under limited circumstances). There is nothing in the law that allows publication of results.
Not true. Look closely at http://thomas.loc.gov/cgi-bin/query/z?c105:H.R.2281.ENR: (note that the final colon is part of the URL). 1201(a)(1)(A): No person shall circumvent a technological measure that effectively controls access to a work protected under this title. This is the basic provision which outlaws circumvention. 1201(g)(2): PERMISSIBLE ACTS OF ENCRYPTION RESEARCH- Notwithstanding the provisions of subsection (a)(1)(A), it is not a violation of that subsection for a person to circumvent a technological measure as applied to a copy, phonorecord, performance, or display of a published work in the course of an act of good faith encryption research if-- [Various provisions, including making a good faith effort to get permission] And this is the provision which allows encryption research even when that involves circumvention. Neither of these addresses publication. This is possibly covered in the following: 1201(a)(2): No person shall manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof, that-- (A) is primarily designed or produced for the purpose of circumventing a technological measure that effectively controls access to a work protected under this title; (B) has only limited commercially significant purpose or use other than to circumvent a technological measure that effectively controls access to a work protected under this title; or (C) is marketed by that person or another acting in concert with that person with that person's knowledge for use in circumventing a technological measure that effectively controls access to a work protected under this title. It is not at all clear that publishing a research result relating to a cryptographic problem in a copyright protecting technology would fall into any of these categories. First, such a publication is clearly not a "product, service, device, component, or part thereof". Conceivably it could be a "technology" although most cryptographic papers are a long way from an actual technology. Second, the primary purpose of such a publication is not to enable circumvention, but to advance the state of the art in science. Hence it is not covered by provision (a)(2)(A), and not by (B) or (C) either. Nevertheless if publication were to be interpreted as being covered by this provision, there is a further exception in 1201(g): 1201(g)(4): USE OF TECHNOLOGICAL MEANS FOR RESEARCH ACTIVITIES- Notwithstanding the provisions of subsection (a)(2), it is not a violation of that subsection for a person to-- (A) develop and employ technological means to circumvent a technological measure for the sole purpose of that person performing the acts of good faith encryption research described in paragraph (2); and (B) provide the technological means to another person with whom he or she is working collaboratively for the purpose of conducting the acts of good faith encryption research described in paragraph (2) or for the purpose of having that other person verify his or her acts of good faith encryption research described in paragraph (2). Again, this appears to be interpreted in the context of (A)(2) forbidding the actual construction of devices which are are developed, employed, and distributed. Even if we interpret (A)(2) to include cryptographic publications, however, the provision still applies. Note in particular the language in (B) which allows another person to verify the act of good faith encryption research. This is one of the main purposes of publication, to allow verification of the results by others. Hence publications which show cryptographic holes in deployed encryption systems are exempt. This provision also allows the distribution of circumvention software for legitimate research purposes. Note too the additional provision: 1201(c)(4): Nothing in this section shall enlarge or diminish any rights of free speech or the press for activities using consumer electronics, telecommunications, or computing products. Clearly publication of cryptographic results is a fundamental part of free speech and will not be infringed by the DMCA. Much of the hysteria regarding the DMCA's supposed ability to quash free speech by cryptographic researchers is being whipped up by opponents to the DMCA who are misrepresenting the DMCA in a calculated fashion in order to promote opposition. Consider two recent cases. Dmitry Sklyarov of Russia has been arrested for violating the DMCA. Many DMCA opponents initially claimed that he had been arrested for discussing problems in Adobe's ebook software. This claim was false and has been largely abandoned now, but it has served its pupose of giving the impression that DMCA will criminalize publication. Princeton Professor Edward Felten and his research team were prevented from presenting their results regarding flaws in SDMI at the Information Hiding Workshop, based on a letter from the Recording Industry Association of America which claimed that such publication would violate the DMCA. In this case, the RIAA was mistaken about the application of the DMCA, as the above analysis makes clear. In fact the RIAA takes that same position now, as seen in http://www.eff.org/Legal/Cases/Felten_v_RIAA/20010606_riaa_statement.html. The decision to pull out of the conference was made jointly by Felten, his team, and conference organizers. If they made the decision based on fears of the DMCA, their decision was mistaken. Again, anti-DMCA forces have used this case as an example of how the DMCA supposedly prevents free speech. In fact it is more an example of how the misinformation spread by DMCA opponents is preventing free speech. Had the true facts about the DMCA been widely known and disseminated, Felten et al would have presented their paper and the RIAA's letter would have been seen at the empty threat it was. (Yes, lawyers issue letters with empty threats and bluffs all the time. It's called the real world, folks.) There are many problems with the DMCA, but opponents will serve their cause best by being honest and straightforward about what the measure does and does not do. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com