Criminalizing crypto criticism + 802.11b access

Declan McCullagh declan at well.com
Fri Jul 27 09:30:53 PDT 2001


Like I said, I'm not defending the DMCA. I was merely correcting
the fellow who didn't know the exemption (of sorts) existed.

-Declan


On Fri, Jul 27, 2001 at 09:18:38AM -0700, mmotyka at lsil.com wrote:
> Declan,
> 
> It's pretty bad.
> 
> The exemption (2) only applies if the intent is to advance the state of
> the art in general or in the development of products. The means to
> negate the exemption look like they're deeply embedded in the code.
> 
> (2)(A) is certainly easy to meet - woohoo.
> (2)(B) is not too bad unless someone decides 
>        that your intent goes beyond pure research
>    (3)(A) makes it easier to call the intent 
>           impure, especially if the dissemination
>           is general rather than confined to the 
>           guild
>    (3)(B) is another thin end of the wedge to get
>           a guild system up and running
>    (3)(C) is not too bad unless it is determined
>           that partial disclosure might indicate 
>           a non-research intent
>    (4)(A) is redundant
>    (4)(B) looks like it can be used to severely
>           restrict dissemination to anyone not
>           closely associated with the researcher
>           
> 
> All in all it's pretty shitty because it looks ( to a non-lawyer ) like
> it defines the exemptions in such a way as to make it easy to prosectute
> a person who decides to follow their curiosity and distributes widely.
> What the fuck is a "legitimate course of study?" Whatever congress and
> your local prosecutor say it is, right? The carpetbaggers are in
> control.
> 
> Rapid, broad, anonymous publishing is the only way to fight it.
> 
> Re: the Starbucks/MS Wallet access points - big surprise. Who here
> expected the ideal gateway for anonymity to be handed to us on a silver
> plater?
> 
> Wilde was right and life is looking very much like a Gibson novel.
> 
> Mike
> 
> 
> On Thu, Jul 26, 2001 at 10:53:02PM -0400, David Jablon wrote:
> > With these great new laws, there is no longer any risk of being legally
> > criticised for using even the most glaringly flawed cryptography -- just use it
> > for Copy Protection, and TADA!  Negative criticism magically disappears.
> > Almost by definition.
> > 
> > Flaws can only be exposed by those who won't show their work,
> > or from anonymous sources, who nobody will trust without confirmation [...]
> [...]
> > We seem to be entering the twilight zone -- the end of an exciting,
> > but brief era -- of public cryptography.
> 
> The DMCA may be bad, but it's not *that* bad. It contains a broad
> prohibition against circumvention ("No person shall circumvent a
> technological measure that effectively controls access") and then has
> a bunch of exceptions.
> 
> One of those -- and you can thank groups like ACM for this, if my
> legislative memory is correct -- explicitly permits encryption
> research. You can argue fairly persuasively that it's not broad
> enough, and certainly 2600 found in the DeCSS case that the judge
> wasn't convinced by their arguments, but at least it's a shield of
> sorts. See below.
> 
> -Declan
> 
> PS: Some background on Sklyarov case:
> http://www.politechbot.com/cgi-bin/politech.cgi?name=sklyarov
> 
> PPS: Note you only get the exemption if you make "a good faith effort
> to obtain authorization before the circumvention." Gotta love
> Congress, eh?
> 
> 
> 
> http://thomas.loc.gov/cgi-bin/query/z?c105:H.R.2281.ENR:
> 
> `(g) ENCRYPTION RESEARCH-
> 
> `(1) DEFINITIONS- For purposes of this subsection--
> 
> `(A) the term `encryption research' means activities necessary to
> identify and analyze flaws and vulnerabilities of encryption
> technologies applied to copyrighted works, if these activities are
> conducted to advance the state of knowledge in the field of encryption
> technology or to assist in the development of encryption products; and
> 
> `(B) the term `encryption technology' means the scrambling and
> descrambling of information using mathematical formulas or algorithms.
> 
> `(2) PERMISSIBLE ACTS OF ENCRYPTION RESEARCH- Notwithstanding the
> provisions of subsection (a)(1)(A), it is not a violation of that
> subsection for a person to circumvent a technological measure as
> applied to a copy, phonorecord, performance, or display of a published
> work in the course of an act of good faith encryption research if--
> 
> `(A) the person lawfully obtained the encrypted copy, phonorecord,
> performance, or display of the published work;
> 
> `(B) such act is necessary to conduct such encryption research;
> 
> `(C) the person made a good faith effort to obtain authorization
> before the circumvention; and
> 
> `(D) such act does not constitute infringement under this title or a
> violation of applicable law other than this section, including section
> 1030 of title 18 and those provisions of title 18 amended by the
> Computer Fraud and Abuse Act of 1986.
> 
> `(3) FACTORS IN DETERMINING EXEMPTION- In determining whether a person
> qualifies for the exemption under paragraph (2), the factors to be
> considered shall include--
> 
> `(A) whether the information derived from the encryption research was
> disseminated, and if so, whether it was disseminated in a manner
> reasonably calculated to advance the state of knowledge or development
> of encryption technology, versus whether it was disseminated in a
> manner that facilitates infringement under this title or a violation
> of applicable law other than this section, including a violation of
> privacy or breach of security;
> 
> `(B) whether the person is engaged in a legitimate course of study, is
> employed, or is appropriately trained or experienced, in the field of
> encryption technology; and
> 
> `(C) whether the person provides the copyright owner of the work to
> which the technological measure is applied with notice of the findings
> and documentation of the research, and the time when such notice is
> provided.
> 
> `(4) USE OF TECHNOLOGICAL MEANS FOR RESEARCH ACTIVITIES-
> Notwithstanding the provisions of subsection (a)(2), it is not a
> violation of that subsection for a person to--
> 
> `(A) develop and employ technological means to circumvent a
> technological measure for the sole purpose of that person performing
> the acts of good faith encryption research described in paragraph (2);
> and
> 
> `(B) provide the technological means to another person with whom he or
> she is working collaboratively for the purpose of conducting the acts
> of good faith encryption research described in paragraph (2) or for
> the purpose of having that other person verify his or her acts of good
> faith encryption research described in paragraph (2).





More information about the cypherpunks-legacy mailing list