Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl-Sensitive Sunglasses
 
PerlMonks  

(ichimunki) Re x 3: Security, is it to much to ask?

by ichimunki (Priest)
on Jul 18, 2001 at 20:21 UTC ( [id://97729]=note: print w/replies, xml ) Need Help??


in reply to Re: (ichimunki)Re: Security, is it to much to ask?
in thread Security, is it to much to ask?

First (and noting that tachyon is from Australia where the laws are probably a bit different), now that you've discussed publicly how to reverse engineer a script from the binary produced by the AS product, I don't need to be the owner of the original script. You've just shared with the world how to break an encryption scheme. This is one of the things forbidden by the DMCA and is exactly what is getting various Russians (visiting the USA) and 2600 publishers in trouble. Luckily for Perl Monks, PM is not on ActiveState's sh*tlist (and probably just barely on their radar) and it is doubtful that AS would be so boneheaded to go reporting PM to the authorities over this-- unlike Adobe their reputation could be seriously harmed by such a thing.

Second, there are plenty of purposes which are foreseeable for breaking the encryption on a DVD which are not illegal. Examples include: archiving, personal use sampling (say I wanted to make a compilation of my favorite scenes from the movies), Fair Use sampling (for academic works on movies or reviews), watching DVDs on computers or players for which there is no existing player software, watching DVDs using Free Software as opposed to $40 per license software. All of these uses are legally allowed, but technically impossible due to the encryption scheme. They would become technically posssible if it were legal to crack the encryption scheme.

This whole discussion points up why the DMCA is a bad law-- in the USA we can't discuss how to recover our own scripts without cracking someone else's encryption scheme, which is forbidden. Personally, I enjoyed seeing how this was done and filed the whole matter under "Why trying to obscure the source of Perl scripts is a big waste of time" with a cross-reference to "Avoid Active State add-ons to Perl" :)

Replies are listed 'Best First'.
Re: (ichimunki) Re x 3: Security, is it to much to ask?
by tachyon (Chancellor) on Jul 19, 2001 at 04:58 UTC

    Not being a lawyer and having only read the summary of the DCMA here it seems that it is not as bad as suggested. Here is the relevant section:

    DMCA Exceptions

    Finally, the prohibitions contained in section 1201 are subject to a number of exceptions. One is an exception to the operation of the entire section, for law enforcement, intelligence and other governmental activities. (Section 1201(e)). The others relate to section 1201(a), the provision dealing with the category of technological measures that control access to works. The broadest of these exceptions, section 1201(a)(1)(B)-(E), establishes an ongoing administrative rule-making proceeding to evaluate the impact of the prohibition against the act of circumventing such access-control measures. This conduct prohibition does not take effect for two years. Once it does, it is subject to an exception for users of a work which is in a particular class of works if they are or are likely to be adversely affected by virtue of the prohibition in making noninfringing uses. The applicability of the exemption is determined through a periodic rulemaking by the Librarian of Congress, on the recommendation of the Register of Copyrights, who is to consult with the Assistant Secretary of Commerce for Communications and Information.

    The six additional exceptions are as follows:

    1. Nonprofit library, archive and educational institution exception (section 1201(d)). The prohibition on the act of circumvention of access control measures is subject to an exception that permits nonprofit libraries, archives and educational institutions to circumvent solely for the purpose of making a good faith determination as to whether they wish to obtain authorized access to the work.

    2. Reverse engineering (section 1201(f)). This exception permits circumvention, and the development of technological means for such circumvention, by a person who has lawfully obtained a right to use a copy of a computer program for the sole purpose of identifying and analyzing elements of the program necessary to achieve interoperability with other programs, to the extent that such acts are permitted under copyright law.

    3. Encryption research (section 1201(g)). An exception for encryption research permits circumvention of access control measures, and thedevelopment of the technological means to do so, in order to identify flaws and vulnerabilities of encryption technologies.

    4. Protection of minors (section 1201(h)). This exception allows a court applying the prohibition to a component or part to consider the necessity for its incorporation in technology that prevents access of minors to material on the Internet.

    5. Personal privacy (section 1201(i)). This exception permits circumven-tion when the technological measure, or the work it protects, is capable of collecting or disseminating personally identifying information about the online activities of a natural person.

    6. Security testing (section 1201(j)). This exception permits circumven-tion of access control measures, and the development of technological means for such circumvention, for the purpose of testing the security of a computer, computer system or computer network, with the authorization of its owner or operator.

    It would seem that what was done is permitted under clauses 2,3 and 6.

    cheers

    tachyon

    s&&rsenoyhcatreve&&&s&n.+t&"$'$`$\"$\&"&ee&&y&srve&&d&&print

      Since (1) does not specify 501(c)3 certification of nonprofit status, I would think that we might qualify under that, as well (caveat: I am not a lawyer either). Perlmonks, to the best of my knowledge is not run to make money, and we are an archive of sorts, as well as an institution (among ourselves) for education (or perhaps many of us need to be institutionalized). I think it could be considered fair under the terms of (1) for us to evaluate the strength of the encryption to determine whether we think it is worthwhile for our use.

      Just a thought ... my case here would probably never stand up in court.
      Ack. I should have just left this one alone, and I apologize for even discussing this past a cursory mention, you're probably right (although I'd interpret the above as allowing pretty much any discussion, including DeCSS). I'm just going to try and stick to Perl from now on. The DMCA and other sociopolitical issues wear me out and do me no good. I've already planned to stick to freely usable media and Free Software in the future, so hopefully I'll start to recover and mellow out. :)

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://97729]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others avoiding work at the Monastery: (4)
As of 2024-03-29 09:37 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found