At 01:13 PM 7/27/2001, Steven M. Bellovin wrote:
It's certainly not broad enough -- it protects "encryption" research, and the definition of "encryption" in the law is meant to cover just that, not "cryptography". And the good-faith effort to get permission is really an invitation to harrassment, since you don't have to actually get permission, merely seek it.
Hmmm. What would happen if every "legitimate" cryptography researcher routinely transmitted an announcement to every vendor of copy protection telling them that the researcher was going to be 'researching' the vendor's products? Research is such a wonderful term. I suppose I'm doing some sort of "cryptography research" just by looking at the bits that encode some sort of protected content. I must guiltily confess that I've been doing security long enough that I look with a skeptical eye at every "security implementation" I see, even if it's just a security camera or a string of barbed wire. There are probably enough "cryptography researchers" out there that even a large vendor won't feel tempted to harass them all proactively. Rick.