Alan wrote:
On Friday 27 July 2001 11:13, Steven M. Bellovin wrote:
In message <20010727015656.A22910@cluebot.com>, Declan McCullagh writes:
One of those -- and you can thank groups like ACM for this, if my legislative memory is correct -- explicitly permits encryption research. You can argue fairly persuasively that it's not broad enough, and certainly 2600 found in the DeCSS case that the judge wasn't convinced by their arguments, but at least it's a shield of sorts. See below.
It's certainly not broad enough -- it protects "encryption" research, and the definition of "encryption" in the law is meant to cover just that, not "cryptography". And the good-faith effort to get permission is really an invitation to harrassment, since you don't have to actually get permission, merely seek it.
Even worse is if the "encryption" is in bad faith to begin with. (i.e. They know it is broken and/or worthless, but don't want the general public to find out.)
Imagine some of the usual snake-oil cryto-schemes applied to copyrighted material. Then imagine that they use the same bunch of lawyers as the Scientologists.
This could work out to be a great money-making scam! Invent a bogus copy protection scheme. Con a bunch of suckers to buy it for their products. Sue anyone who breaks it or tries to expose you as a fraud for damages.
I mean if they can go after people for breaking things that use ROT-13 (eBooks) and 22 bit encryption (or whatever CSS actually uses), then you can go after just about anyone who threatens your business model.
I guess we *do* have the best government money can buy. We just were not the ones writing the checks...
The fundamental problem is that crypto for rights protection doesn't work in general, and certainly can't work where the decryption technology has to be in the hands of the person you are trying to protect it from. Criticising the DMCA because it protects weak crypto seems to me to be the wrong angle - it doesn't matter whether the crypto is weak or strong, it can be broken. The important thing is that we should continue to be able to demonstrate that fact. Rights management can only be done by legal and social means, not technological ones. Cheers, Ben. -- http://www.apache-ssl.org/ben.html "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff