Crypto instructions = Bomb-making instructions
Tim May
tcmay at got.net
Tue Jul 31 11:30:16 PDT 2001
At 9:09 AM -0700 7/30/01, Ray Dillinger wrote:
>On Sat, 28 Jul 2001, David Honig wrote:
>
>>>Not a problem -- as long as what you're making available to the
>>>public at DefCon is not a program that script kiddies can download
>>>and use to break stuff.
>>
>>What's a 'program' in the above sentence? Is source a program? Source
>>without the main() and #includes? Source with an intentionally missing ';'?
>>Precise english description of an algorithm? Math? What exactly
>>are the limits of a 'script kiddie'?
>
>Oh, please, let's not get into specious crap. I'm totally familiar
>with the concept that "source code" is considered by some to be a
>gray area.
>
>To me, the distinction is relatively clear. Source code is what
>enables someone to do X whether or not they understand X. You don't
>have to understand the weaknesses in a cryptosystem to correct a
>few syntax errors, figure out what standard libraries to include,
>or do a conversion between different forms of the source with a
>perl script. I mean, the code could *help* you understand it, if
>you were inclined to read it for content -- but if you can get it
>working without understanding what it does, it probably violates
>the law.
Translate this semantic debate into "bomb-making instructions." There
are various forms of the recipes for making a bomb, ranging from a
very high-level description to a highly-detailed recipe that nearly
any moron could follow. At which point is the description illegal
under the Feinstein type of proposal?
And where does Felten fit into this spectrum? Felten and his
co-workers say they were threatened with a DMCA suit (civil, I
presume) if they went ahead and presented their research. (The
recording industry claims they had no plans to sue...)
The language of the DMCA, which several people have been debating
here for the past week or so, certainly suggests that Felten and Co.
could have been sued, even prosecuted criminally, under the DMCA.
This is my reading.
To get back to the "high level" (source code) vs. "low level"
(executable) point, there is no meaningful difference between the
two. Just a mapping, via either "knowledge" or a "compiler." If
detailed bomb-making instructions are banned, then the law will have
to "back up" into more general instructions and then back further.
The critical point is that Congress is now in the business of
criminalizing mere speech. mere research. Whether one quibbles about
whether hackers "understand" the instructions on how to bypass crypto
protections, or whether bombz d00dz "understand" the chemistry and
physics of their bombs, the new outlawing of crypto instructions and
bomb-making instructions is the issue.
--Tim May
--
Timothy C. May tcmay at got.net Corralitos, California
Political: Co-founder Cypherpunks/crypto anarchy/Cyphernomicon
Technical: physics/soft errors/Smalltalk/Squeak/agents/games/Go
Personal: b.1951/UCSB/Intel '74-'86/retired/investor/motorcycles/guns
More information about the cypherpunks-legacy
mailing list