Criminalizing crypto criticism

Declan McCullagh declan at well.com
Sat Jul 28 00:32:57 PDT 2001 

This is a reasonable post, based on my quick read of it.

The DMCA may be bad, but there are far worse things that Congress could do.

I may write a more detailed analysis tomorrow.

-Declan


On Sat, Jul 28, 2001 at 02:00:02AM -0000, lcs Mixmaster Remailer wrote:
> Arnold Reinhold writes:
> 
> > If you read the language carefully, you will see that 1201g only 
> > permits *circumvention* as part of cryptographic research (and then 
> > only under limited circumstances). There is nothing in the law that 
> > allows publication of results.
> 
> Not true.  Look closely at
> http://thomas.loc.gov/cgi-bin/query/z?c105:H.R.2281.ENR: (note that
> the final colon is part of the URL).
> 
> 1201(a)(1)(A):
>    No person shall circumvent a technological measure that effectively
>    controls access to a work protected under this title.
> 
> This is the basic provision which outlaws circumvention.
> 
> 1201(g)(2):
>    PERMISSIBLE ACTS OF ENCRYPTION RESEARCH- Notwithstanding the provisions
>    of subsection (a)(1)(A), it is not a violation of that subsection for
>    a person to circumvent a technological measure as applied to a copy,
>    phonorecord, performance, or display of a published work in the course
>    of an act of good faith encryption research if--
>       [Various provisions, including making a good faith effort to get
>        permission]
> 
> And this is the provision which allows encryption research even when that
> involves circumvention.
> 
> Neither of these addresses publication.  This is possibly covered in
> the following:
> 
> 1201(a)(2):
>    No person shall manufacture, import, offer to the public, provide,
>    or otherwise traffic in any technology, product, service, device,
>    component, or part thereof, that--
>       (A) is primarily designed or produced for the purpose of
>       circumventing a technological measure that effectively controls
>       access to a work protected under this title;
> 
>       (B) has only limited commercially significant purpose or use other
>       than to circumvent a technological measure that effectively controls
>       access to a work protected under this title; or
> 
>       (C) is marketed by that person or another acting in concert with
>       that person with that person's knowledge for use in circumventing
>       a technological measure that effectively controls access to a work
>       protected under this title.
> 
> It is not at all clear that publishing a research result relating to a
> cryptographic problem in a copyright protecting technology would fall
> into any of these categories.  First, such a publication is clearly not a
> "product, service, device, component, or part thereof".  Conceivably it
> could be a "technology" although most cryptographic papers are a long
> way from an actual technology.
> 
> Second, the primary purpose of such a publication is not to enable
> circumvention, but to advance the state of the art in science.  Hence it
> is not covered by provision (a)(2)(A), and not by (B) or (C) either.
> 
> Nevertheless if publication were to be interpreted as being covered by
> this provision, there is a further exception in 1201(g):
> 
> 1201(g)(4):
>    USE OF TECHNOLOGICAL MEANS FOR RESEARCH ACTIVITIES- Notwithstanding
>    the provisions of subsection (a)(2), it is not a violation of that
>    subsection for a person to--
> 
>       (A) develop and employ technological means to circumvent a
>       technological measure for the sole purpose of that person performing
>       the acts of good faith encryption research described in paragraph
>       (2); and
> 
>       (B) provide the technological means to another person with whom he
>       or she is working collaboratively for the purpose of conducting the
>       acts of good faith encryption research described in paragraph (2)
>       or for the purpose of having that other person verify his or her
>       acts of good faith encryption research described in paragraph (2).
> 
> Again, this appears to be interpreted in the context of (A)(2) forbidding
> the actual construction of devices which are are developed, employed,
> and distributed.  Even if we interpret (A)(2) to include cryptographic
> publications, however, the provision still applies.  Note in particular
> the language in (B) which allows another person to verify the act of
> good faith encryption research.  This is one of the main purposes of
> publication, to allow verification of the results by others.
> 
> Hence publications which show cryptographic holes in deployed encryption
> systems are exempt.  This provision also allows the distribution of
> circumvention software for legitimate research purposes.
> 
> Note too the additional provision:
> 
> 1201(c)(4):
>    Nothing in this section shall enlarge or diminish any rights of
>    free speech or the press for activities using consumer electronics,
>    telecommunications, or computing products.
> 
> Clearly publication of cryptographic results is a fundamental part of
> free speech and will not be infringed by the DMCA.
> 
> 
> Much of the hysteria regarding the DMCA's supposed ability to quash free
> speech by cryptographic researchers is being whipped up by opponents
> to the DMCA who are misrepresenting the DMCA in a calculated fashion in
> order to promote opposition.  Consider two recent cases.
> 
> Dmitry Sklyarov of Russia has been arrested for violating the DMCA.
> Many DMCA opponents initially claimed that he had been arrested for
> discussing problems in Adobe's ebook software.  This claim was false and
> has been largely abandoned now, but it has served its pupose of giving
> the impression that DMCA will criminalize publication.
> 
> Princeton Professor Edward Felten and his research team were prevented
> from presenting their results regarding flaws in SDMI at the Information
> Hiding Workshop, based on a letter from the Recording Industry Association
> of America which claimed that such publication would violate the DMCA.
> 
> In this case, the RIAA was mistaken about the application of the DMCA,
> as the above analysis makes clear.  In fact the RIAA takes that same
> position now, as seen in
> http://www.eff.org/Legal/Cases/Felten_v_RIAA/20010606_riaa_statement.html.
> The decision to pull out of the conference was made jointly by Felten,
> his team, and conference organizers.  If they made the decision based
> on fears of the DMCA, their decision was mistaken.
> 
> Again, anti-DMCA forces have used this case as an example of how the DMCA
> supposedly prevents free speech.  In fact it is more an example of how
> the misinformation spread by DMCA opponents is preventing free speech.
> Had the true facts about the DMCA been widely known and disseminated,
> Felten et al would have presented their paper and the RIAA's letter
> would have been seen at the empty threat it was.  (Yes, lawyers issue
> letters with empty threats and bluffs all the time.  It's called the
> real world, folks.)
> 
> There are many problems with the DMCA, but opponents will serve their
> cause best by being honest and straightforward about what the measure
> does and does not do.

More information about the cypherpunks-legacy mailing list