Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Software Government Technology Politics

Researchers Want Right to Bypass Protected Spyware 266

Dotnaught writes "Computer security researchers Professor Edward Felten and Alex Halderman have asked the U.S. Copyright Office for an exemption (pdf) to the Digital Millennium Copyright Act (DMCA) so that they can circumvent copy protection technology used to protect spyware. The DMCA currently makes it illegal to bypass digital locks almost regardless of what they protect or the user's intent. As noted by the Electronic Frontier Foundation, the Copyright Office theoretically grants exemptions, but in reality discourages anyone from asking. What's significant about the application submitted by Felten and Halderman is that they knew about the dangers posed by Sony's XCP DRM software a month before the news became public. But they delayed publication for fear of prosecution. During that time, many more consumers fell victim to the spyware propagated by Sony."
This discussion has been archived. No new comments can be posted.

Researchers Want Right to Bypass Protected Spyware

Comments Filter:
  • A horrible idea... (Score:5, Insightful)

    by ovit ( 246181 ) <dicroce@gm a i l . c om> on Friday December 02, 2005 @12:46PM (#14167008) Homepage
    This strikes me as a horrible idea.

    I fear that by building these loopholes, we will actually be legitamizing the DMCA as a whole... And we will be losing 1 more datapoint in our arguments against this monstrosity...
    • by Miros ( 734652 ) * on Friday December 02, 2005 @12:52PM (#14167069)
      I'm not so sure. Let's face it, we wont defeat the DMCA by continuing to say it's "illegitimate." I think what we need to do is work through its channels to set precedents, so we can build a case for how studying various mechanisms actually helps society more than it hurts it. I don't see any good new reasons to oppose the DMCA coming up if we continue to stonewall it. But if we use its own language to get a foot in the door, we stand a good chance of weakening its strangle hold on certain aspects of security research. (not to mention fair use)
      • Sorry but the DCMA has already stood up in court, and it will continue to do so. Best to fight for amendments and such, honestly not everything in the DCMA is wrong, but it could definatly use some work.
        • Sorry for the confusion, but i meant precedents in terms of approvals of exceptions, not, like, court cases. I think were both on the same page now. P.S. I agree with what you said completely.
      • by Urusai ( 865560 ) on Friday December 02, 2005 @01:42PM (#14167537)
        We can defeat the DMCA by moving all research to a democratic country. Hopefully, they'll take me with them.
        • by parodyca ( 890419 ) on Friday December 02, 2005 @04:05PM (#14168910) Homepage
          then it ever use to be.

          Who modded the parent as Flamebait? The US has moved far from it's democratic ideals. It may not be any China or North Korea, but it is a far sight less free and democratic then it ever use to be.

          To wit:
          1) DMCA
          2) Patriot Act
          3) Congressional gerrymandering.
          4) Copyright extentions and patent law broadening.
          5) Air travel ID requirements
      • I'm not so sure. Let's face it, we wont defeat the DMCA by continuing to say it's "illegitimate." I think what we need to do is work through its channels to set precedents, so we can build a case for how studying various mechanisms actually helps society more than it hurts it. I don't see any good new reasons to oppose the DMCA coming up if we continue to stonewall it. But if we use its own language to get a foot in the door, we stand a good chance of weakening its strangle hold on certain aspects of secur

    • by nine-times ( 778537 ) <nine.times@gmail.com> on Friday December 02, 2005 @01:58PM (#14167671) Homepage
      Well, IANAL, but the summary that, "The DMCA currently makes it illegal to bypass digital locks almost regardless of what they protect or the user's intent," seems to match what I understand about the DMCA. Now, if we can get enough loopholes in it that it becomes legal again to bypass digital locks and break encryption *for a good reason*, then I have no problem with the DMCA. I'm perfectly fine with people being legally forbidden from bypassing digital locks without any argument as to why they have a valid reason to do so.

      For example, if I encrypt my personal data on my hard drive, I think it should be generally illegal for you to break the encryption, just like it's generally illegal to break into my house. That's fair, right?

      The problem I have with the DMCA is the idea that it might allow someone to lock data that I believe I should have access to, and I have no legal recourse. For example, AFAIK, it's illegal to rip DVDs to your hard drive, even if you have no intention of violating copyrights. To my mind, that's like being forbidden from creating an alternate means of entry into my own house, rather than being forbidden from breaking into someone else's house.

      I guess what I'm saying is, if the US government wants to give stiffer penalties for copyright infringement if the act includes bypassing copy protection, that doesn't bother me. Insofar as the DMCA does that, I don't mind. It only starts bothering me if it's used to go after private individuals who bypass protection for the purpose of fair use.

      • It's been a while since I've read the DMCA, but I'd like to comment on some of your comments.

        For example, if I encrypt my personal data on my hard drive, I think it should be generally illegal for you to break the encryption, just like it's generally illegal to break into my house. That's fair, right?

        Yes, that's fair, and that's why it's illegal even without the DMCA. The trick is that most laws don't make methods illegal, they make actions illegal. Accessing your personal property without permission is illegal.

        The problem I have with the DMCA is the idea that it might allow someone to lock data that I believe I should have access to, and I have no legal recourse. For example, AFAIK, it's illegal to rip DVDs to your hard drive, even if you have no intention of violating copyrights. To my mind, that's like being forbidden from creating an alternate means of entry into my own house, rather than being forbidden from breaking into someone else's house.

        AFAIK, the DMCA says nothing about ripping DVDs; they can be easily imaged to a HDD. The trick is that you get into copyright trouble (DeCSS) when trying to convert them to a new format playable by software not originally designed to play the DVD. Also, the DMCA says nothing about region encoding. Your thoughts on the subject are still valid however.

        I guess what I'm saying is, if the US government wants to give stiffer penalties for copyright infringement if the act includes bypassing copy protection, that doesn't bother me. Insofar as the DMCA does that, I don't mind. It only starts bothering me if it's used to go after private individuals who bypass protection for the purpose of fair use.

        It bothers me -- methods should not create stiffer penalties; actions should. People get caught up in the "technology" used to commit pre-defined crimes, and forget that they are already crimes irrespective of how they were committed. We don't need an "Internet auction fraud" law, because we already have a perfectly usable fraud law that applies. If an old law no longer carries appropriate penalties for a crime, the old law needs to be revised.

        To sum up, everything illegal under the DMCA that should be illegal already was -- everything else is being overturned on a case-by-case basis, which is putting the onus on the innocent parties to prove they're innocent, instead of putting the onus on the prosecution to prove they're guilty. The DMCA is a "guilty until proven innocent" law.

    • Actually from a PR standpoint, this move shows the public the idiocy of the DMCA. Think about it. Preeminent researchers must jump through legal hoops in order to investigate a piece of friggin' spyware! And it isn't like they can get a blanket exemption to "investigate all spyware", because who determines what counts as spyware? Take, for example, Sony's DRM rootkit. Before the current brouhaha there was no way that Sony would allow an exemption for these researchers. In hindsight, this was precisel
  • by Beliskner ( 566513 ) on Friday December 02, 2005 @12:47PM (#14167018) Homepage
    I am grateful to live outside the United States when I see lawyers, judges and DMCA bureaucrats shackling reasonable fair use and fair experimentation research.
  • by Nom du Keyboard ( 633989 ) on Friday December 02, 2005 @12:48PM (#14167021)
    It's really sad that someone has to ask for this exemption. It should have been there from the beginning. Furthermore, I should be able without fear of prosecution to investigate anything on my computer that affects its operation for the purposes of removing it safely and completely without fear of prosecution.

    Just another reason why politicians shouldn't be writing laws concerning subjects they know nothing about.

    • by Anonymous Coward on Friday December 02, 2005 @12:55PM (#14167088)
      So... you're saying there should only be laws about sucking up, pandering, money grubbing, and backstabbing?
    • Well, be careful not to overstate the problem. While the language of the DMCA makes it clear that it is illegal to even do this type of investigation with your own computer, it's not reasonable to assume that they would prosecute you unless you published the information you obtained (indeed, how would they know?). This is not an issue of individual rights, but instead it is an issue of the overall welfare of a community and how it is hurt by stifling curiosity, communication, and collaboration in a very c
      • by Nom du Keyboard ( 633989 ) on Friday December 02, 2005 @01:01PM (#14167167)
        it's not reasonable to assume that they would prosecute you unless you published the information you obtained (indeed, how would they know?).

        By your interpretation, every single user would have to be a Computer Scientist able to diagnose and repair their own complex operating software, since no one could share their discoveries.

        And since Viruses hide themselves, no anti-virus firm could market a product to remove them since that would be making use of illegal bypassing of the Virus's anti-circumvention provisions.

        You see where this leads. Without the ability to share information on threats, the ability to remove and protect against them is essentially nullified. The DMCA is a damn horrible awful thing for consumers.

        • You are totally misinterpreting what I'm saying. I'm not arguing that people should not be allowed to share information. Indeed, i feel that sharing of information is the most important thing humans do. Instead, what i'm discussing is a completely differnt point: how able or allowed you as an individual are to do your own investigations on your own computer on your own time with your own software, which, i argue, is not at all restricted now because it's simply impossible to police. When you break a DRM
          • That's like saying it would be perfectly OK if the government made it illegal for me to be naked in my own home, because they'd never be able to enforce the law.

            A restriction that's not enforced or one that's in fact unenforceable is still a restriction.

            • There's a huge difference between "unenforceable" and "OK". Nobody in this subthread has said that it's OK.
              • There's a huge difference between "unenforceable" and "OK". Nobody in this subthread has said that it's OK.

                Fine, I'll say it. It should be perfectly OK, ie. 100% legal and entirely without repurcussion whatsoever even upon discovery, for a private person to do whatever the hell they want to their own computer, so long as they're not actually hurting anyone, either physically or economically.

        • You see where this leads. Without the ability to share information on threats, the ability to remove and protect against them is essentially nullified. The DMCA is a damn horrible awful thing for consumers.

          True - imagine a world where you couldn't share any information regarding any threat. See a person with dynamite strapped to them? Don't say anything, you could be sued for removing their coat to see the bomb. Car built with bad brakes? Don't say anything, you'll be prosecuted for removing the tire which protects the brakes.

          Sharing information is the very cornerstone of freedom, and using the DMCA to control information is quite evil.

      • by ZachPruckowski ( 918562 ) <zachary.pruckowski@gmail.com> on Friday December 02, 2005 @01:12PM (#14167261)
        Well, be careful not to overstate the problem. While the language of the DMCA makes it clear that it is illegal to even do this type of investigation with your own computer, it's not reasonable to assume that they would prosecute you unless you published the information you obtained (indeed, how would they know?)

        First of all, I don't like actions that are necessary for my safety to make me a "criminal", even in the theoretical (non-prosecutorial) sense.

        Secondly, it reflects badly on a gov't to have a law that is unenforceable.
      • it's not reasonable to assume that they would prosecute you unless you published the information you obtained (indeed, how would they know?).

        Right. But if you're a researcher, publication is part of the job. Those people can't say, "well, I'm only at risk if I share my data." That's like a programmer thinking, "well, I'm only at risk if I add code to the repository."

        Imagine if everyone at Adobe had to write Photoshop independently, owing to a law that prevented the sharing of source code. You have a hun

    • by gstoddart ( 321705 ) on Friday December 02, 2005 @01:15PM (#14167279) Homepage
      It's really sad that someone has to ask for this exemption. It should have been there from the beginning. Furthermore, I should be able without fear of prosecution to investigate anything on my computer that affects its operation for the purposes of removing it safely and completely without fear of prosecution.

      Exactly. The computer is the person's property. I don't understand how the owner doesn't retain full control over it.

      But, I'm confused. Isn't reverse-engineering broad enough to cover researchers dissecting it?

      If the day comes that anything with 'digital security' can't be looked at except by those who made it, we'll all be screwed. Hell, I should think you could go around putting a physical device on people's cars and houses that locks them -- and since it's got some digital components, it would be illegal for the owner to open them without running afoul of the DMCA.

      No room for extortion there --- "You're not allowed to remove our lock from your car due to the DMCA, but for $1000 we'll remove it" -- what if the lock was placed illegally? (Or the software was installed surrepticiously in the case of spyware.)

      This is completely irrational. If I go to a store and buy new windshield wipers, the merchant can't make it illegal for me to buy windshield wipers from someone else ever again.

      At some point, the consumer needs the ability to terminate a contract when they no longer wish to do business with someone. Making it illegal to dissect/remove spyware would be like enforced vendor lock-in in the real world. You signed up once, now you have to be signed up in perpetuity??
      • someone needs to make a bunch of boots for cars that have some sort of encryption (rot13?) that would make it illegal to remove and then just start booting senators cars.
    • Comment removed (Score:5, Insightful)

      by account_deleted ( 4530225 ) on Friday December 02, 2005 @01:15PM (#14167285)
      Comment removed based on user account deletion
    • Hold on a sec. The politicians didn't write those laws, they only passed them. Shouldn't have of course, but don't blame them for writing the laws. The industry wrote those laws, then lobbied relentlessly to get them passed. When politicians don't know enough about something to have an informed opinion, they seek out expert advice. Unfortunately, access costs money, and once again, it's the industry that has the money and the knowledge to pave the way for "experts", but of course only experts who suppo
    • What's significant about the application submitted by Felten and Halderman is that they knew about the dangers posed by Sony's XCP DRM software a month before the news became public. But they delayed publication for fear of prosecution. During that time, many more consumers fell victim to the spyware propagated by Sony.

      Even after reading the article (most of it is a compilation of old complaints about the DMCA), this sounds like good, old-fashion FUD. Nothing in the DMCA says Felton et al. couldn't say

  • by Thunderstruck ( 210399 ) on Friday December 02, 2005 @12:50PM (#14167041)
    I'm glad to see this. Up to now I thought the only thing the U.S. Copyright office did was register the official names of stars in cooperation with some official sounding international registry about which I know very little.

    (sic)
  • Hindsight (Score:4, Insightful)

    by theRhinoceros ( 201323 ) on Friday December 02, 2005 @12:50PM (#14167042)
    Part of me wishes Sony had not withdrawn their software voluntarily and had put up a legal fight, such that the courts could have struck down parts of the law as unconstitutional and or invalid. An appeal to the US Copyright office has less legal weight and force of precedence, IMO.
    • Re:Hindsight (Score:4, Insightful)

      by Miros ( 734652 ) * on Friday December 02, 2005 @12:58PM (#14167117)
      Sure, but that wouldn't make any sense. Defending their actions would cost more money than they hoped to recover by thwarting piracy. By retracting the software, they enable themselves to do it again (but more carefully) without having to pay for the right to do so (expensive court case).
      • Re:Hindsight (Score:3, Insightful)

        by shotfeel ( 235240 )
        A agree with the latter part of your statement, but the first part makes a big assumption -that DRM is about thwarting piracty. IMO its not. Its about controlling content after the sale. For proof I can offer only:

        Conjecture : The RIAA and MPAA know DRM schemes will be broken, thus don't rely on them to protect their revenue stream.

        Observation : The MPAA already has more control over your DVD player than you do. I've already run across a couple DVDs that won't even allow me to bypass the trailers at the beg
    • Part of me wishes Sony had not withdrawn their software voluntarily and had put up a legal fight, such that the courts could have struck down parts of the law as unconstitutional and or invalid.

      Sony wouldn't have had a DMCA fight by continuing to ship the software. That's not illegal under the DMCA, nor are they being sued under its provisions.

      The researchers who determined how it worked, and how to workaround and/or remove it would have had to carry the burden of the fight if Sony charged them with vi

  • by davidwr ( 791652 ) on Friday December 02, 2005 @12:50PM (#14167044) Homepage Journal
    What's significant about the application submitted by Felten and Halderman is that they knew about the dangers posed by Sony's XCP DRM software a month before the news became public. But they delayed publication for fear of prosecution. During that time, many more consumers fell victim to the spyware propagated by Sony.

    This story deserves the Slashdot Censorship Icon [slashdot.org].

    I wonder of the victims can go after the copyright office for contributory neglegence? Probably not but it's fun to think about.

    Darn, looks like I missed "first post" by --><-- that much.
    • The statement that they "delayed publication for fear of prosecution" is somewhat misleading, though. What they actually did was consult with their lawyers; the difference here is that they were still intent on publishing their findings and simply wanted to cover themselves with regard to legal issues, whereas "delayed [...] for fear of prosecution" seems to imply that while they wanted to publish, they didn't and (and that's the crucial difference) didn't *plan* to.

      That's how I'd read it, at least, and tha
    • Comment removed based on user account deletion
  • by despe666 ( 802244 ) on Friday December 02, 2005 @12:51PM (#14167052)
    It would have taken a lot of gall from Sony to sue anyone who would blow the whistle on their rootkit. Their public image has been damaged enough as it is with the rootkit scandal to damage it even more with a stupid lawsuit.
    • by MightyMartian ( 840721 ) on Friday December 02, 2005 @01:00PM (#14167143) Journal
      Look at Sony's first response when it was revealed what they were putting on people's computers. I'll wager Sony would have sued. Remember, these guys have no ethics whatsoever. They'd sell their own mother if they thought they could get away with. It seems, however, that the corporate whores in Congress won't be doing anything to assure that this stunt leads to jail time and substantial fines for those who thought up the stunt. That sort of treatment is only for little girls, old men and mothers who get accused of pirating. When a big corporation does it, that's okay, because Congressmen are getting whores, cash and vacations. Perhaps that's the solution. Taxpayers should build up bribe accounts so that when they need to protect themselves from ludicrous laws, they can hand it to the whore that represents them so that maybe he won't sell them down the river for a financial blow job.
      • Taxpayers should build up bribe accounts so that when they need to protect themselves from ludicrous laws, they can hand it to the whore that represents them so that maybe he won't sell them down the river for a financial blow job.

        You might be kidding, but I've been thinking about the same lines. Votes don't count anymore. Instead, just pool money and pay off politicians. Sort of like a PAC, but where everyone gets involved instead of just the hardcore supporters. Plus it has the advantage of being able

        • Well, it was partially tongue in cheek, but that even a slight bit of satire seems to recommend itself is pretty educational as to how far down the tubes we think the political system is going. But when a law basically shields a company who installs software that makes thousands of computers vulnerable, while raising the spectre of litigation for those who could warn the public, the only other possibility is that legislators are mentally retarded. In either case anyone who voted for this law as it stands
    • I have long felt that this whole Sony thing could have easily gone the other way. If Sony had landed on sysinternals for removing the rootkit and DRM in the first place, exactly what the danger to consumers was may not have fully leaked out. We'd still see the problem, but it could have been that Sony could have stopped the general public from getting the CDs. In fact, I know a lot of people now who have no idea about this.
    • They may have dared if they didn't understand what was going on.

      Occasionally an otherwise good company will go after an innocent person they mistook for a hacker. It is sometimes very hard for people in charge to enough technical perspective to distinguish good guys from bad guys. And there are widely varying views of who the good guys are.

      8 years ago, an employee of a watermarking company entered a forum for watermark researchers and called us all thieves. He was very angry that people were developi

  • It's like guns (Score:5, Insightful)

    by Red Flayer ( 890720 ) on Friday December 02, 2005 @12:51PM (#14167057) Journal
    In the US, it is legal (with restrictions) to own a gun. It is not legal to go out and randomly pop a cap in someone's behind. The tool, or mechanism, is legal, but the act is not.

    Contrast that to the restrictions being argued against. The tool, circumvention of copy protection technology, is illegal. The act, distributing copies in violation of copyright, is also illegal.

    Why is circumventing copy protection illegal? Because the **AA want it to be.

    Say I want to rent a bike for the day. I license the use of the bike, and am provided with a bike lock. Is it illegal for me to pick that lock? Even if you go by the **AAs' ridiculous licensing theory, it still doesn't make sense to have circumventing copy protection be illegal.
    • I have a DVD with public domain content on it (Private Snafu cartoons, if you care). The tool to circumvent the copy protection of the disc is illegal, yet the underlying content is free to copy.

      To use your analogy, it is as if it were legal to shoot people, but guns (the tools) were illegal.
      • Why the hell was the disc authored with CSS encryption then?

        DVD players will play unencrypted discs just fine. I do it all the time with home movies.
        • quantum bit (225091)

          Did you hear your little brother was born the other day? Quantum Byte was born weighing in at 8 bits and 0 ounces.

          And won't it be exciting to own a DVD player that can shake a robot finger at you for playing DVDs without CSS encryption?
    • I see your point, but is it a good idea for people to analogize software to guns?

      If you want to convince laypeople that a debugger is a perfectly benign piece of software that is of no danger to anyone, you would probably want to avoid saying, "see, it's like a gun...."

      I support the consitutional right to bear arms. But if someone told me that an obscure item I don't understand is "like a gun," I would draw certain false conclusions about its purpose and safety. I would disagree with its banning but u

    • Frankly, I want to see their own arguement used against them. The MPAA argued MGM v Grokster, I think, that if technology is used for an illegal intent then the maker is responsable. I want to see the same arguement used against RIAA -- in this case, I want to see Sony BMG taken down with it. Sure, they didn't _intend_ that Virii and other Malware be used, but they argued for that rope. And they supported the MPAA in that lynching. So now that Sony finds itself at the gallows, I for one, am not feeling the
  • It's about time (Score:5, Interesting)

    by sarlos ( 903082 ) on Friday December 02, 2005 @12:52PM (#14167065)
    As someone who has worked in sensitive research areas, I have to say it is about time this came up. There were many times in college when we could not tell our sponsors straight out what we were doing because technically it was illegal. We were doing legitimate research, but because of how poorly written the DMCA is, we could have gotten in hot water because of what we were doing.

    What makes it even worse... our sponsor was the Department of Defense. I can not give any specific details becaus of a NDA, so you will have to take my word on it, but what we were doing was of great value to our serving men and women. This is something that is most definitely sorely needed.
    • In other words, you cannot tell us what you did for the DoD due to the NDA, but then neither can you tell the DoD what you did for them. The secrets will die with you, brother!

      Interesting... It would be laughable in some other context, but I feel your pain.
      • by sarlos ( 903082 )
        This is so true. There have been times I had no other choice but to laugh about it or cry over it. People just don't think about the cases where there is a real need to get around this stuff. Oh! Piracy is bad! Stop anything that looks like piracy!

        *grinds teeth*
      • In other words, you cannot tell us what you did for the DoD due to the NDA, but then neither can you tell the DoD what you did for them. The secrets will die with you, brother!

        And the sad thing, is you could be doing legal request at the behest of a government agency, but due to another government agency it would be illegal to discuss it with agency #1.

        How screwed is that?
  • Scotch Tape (Score:5, Interesting)

    by DownWithTheMan ( 797237 ) on Friday December 02, 2005 @12:54PM (#14167085)
    At the very least I hope Sony is fair when they sue people under the DMCA and that they sue Scotch tape manufacturer 3m... I mean you can use Scotch tape to circumvent copyright protection on Sony CDs and isn't that a violation of the DMCA even though Scotch tape has many legal uses...
  • by Renraku ( 518261 ) on Friday December 02, 2005 @12:56PM (#14167100) Homepage
    If a company ever tried to bring charges against me because I released a fix to their crippleware/malware/spyware/lameware to neuter it or remove it completely, I would be citing 'home defense' laws.

    They brought their property, on to yours, with the intent to cripple or hinder use of your equipment, without adequately informing you and without your express permission. In my world, this is the same as home invasion. Just the same as a fat man standing over your computer yelling at you or fucking with your machine's innards when you weren't looking.

    Its absolutely retarded that this is even LEGAL. The only reason they haven't been able to apply the DMCA to car innards is because they know that the person OWNS that piece of equipment, and putting in measures to defeat it would be taken apart in all of ten minutes. And spread the information. Eventually it would lead to bad press, as a useless piece of metal would be trying to keep you from having access TO YOUR OWN car. Same thing with computers and software..but people don't think they're as important as things meatside.
    • If a company ever tried to bring charges against me because I released a fix to their crippleware/malware/spyware/lameware

      I'm tired of these hypothetical situations. Your answer is: get an RPG and go their headquarters and fire a few grenades into their lobby. Then go from floor to floor wasting them all until you get to the CEO. Then disembowel him with a carving knife. Lawsuit this, lawsuit that. Shoot them, shoot them all.
    • Kaspersky notes significant penetration of US military networks (among others) by Sony spyware that was certainly installed without authorization there, that opens security holes in those systems, and that regularly "phones home." (Snooping on how that latter behavior affects DNS servers is how they made this discovery.)

      That is clearly a violation of the National Security parts of the Federal Computer Fraud and Abuse Act, which calls for ten-year jail terms for those offenses (instead of "only" five years

    • I'm not sure if it's relevant to your point, but cars do have magically protected boxes in them.

      The only way to get all the information out of your car's computer is to either find a dealership to do the looky-loo, or buy several thousand dollars worth of software to read the ECU/EMS.

      The auto mfgs have been sitting on the communication protocols for years. They're slowly giving out their secrets, but only because Congress said so. Tuners have been reverse engineering the ECU's in cars for years.

      Preventing h

  • by Anonymous Coward
    How can it be moral or ethical to prevent someone from examining how something they use and integrate into their computer? A person should have the right to know what they are buying, renting, or using when they pay for it. They should know exactly what a computer program is doing, especially when the computer is also used to buy items online and check health care stuff. I expect to know what I am buying whether it's a a hamburger (does it have something I am allergic to? Is it prepared safe ?), a paper pla
  • by Surt ( 22457 )
    Because as far as I know, anything being protected by copy protection might be spyware. So if they pass this, anyone can argue away cracking anything!
  • Reasonable Action (Score:2, Insightful)

    by massivefoot ( 922746 )
    Does anyone know if similar laws to the DMCA exist is the UK? I'd be seriously worried if they do. I'm of the opinion that you have a right to bypass any technology used to protect spyware. It's a pretty deceitful form of software, it's effectively carrying out surviellence against you, you should be able to respond to it.
  • Comment removed (Score:3, Insightful)

    by account_deleted ( 4530225 ) on Friday December 02, 2005 @01:02PM (#14167174)
    Comment removed based on user account deletion
    • I think a better analogy might be to ask whether the landlord does or should have a right to evict you if you commit a crime on or using the rented property. As an example, imagine that instead of decorating with hideous furniture, you decorated with a meth lab.
      • Yeah, but you own your computer. You're not renting it from the music/movie/software publishers.

        If you rent a washer/dryer, that doesn't give Maytag the right to enter your home and inspect it (or inspect your other appliances -- the Sony rootkit inserts itself between the driver and the OS so it can see ALL discs, not just Sony's).

        Media companies are even worse off because you buy something from them ONCE. It's not a rental agreement.
  • by sabre307 ( 451605 ) on Friday December 02, 2005 @01:02PM (#14167176) Homepage
    So does this mean that if I go out and copyright a new computer virus with the USPTO, I can sue the federal government and the anti-virus manufacturers when they crack open my code to figure out how to stop the virus from damaging computers? I would love to see someone try that one. It would almost be worth going to jail for a while if I could patent a nice new form of self-propogating worm, then upload it onto the servers of the *AA. Then, when they figure out how to stop the worm, I can sue them for millions because the only way they can figure out how to stop it is to circumvent my copyright protection and reverse engineer my application. I might spend a while in jail, but I would probably have a smile on my face the whole time!!!!!
    • Since you can't copyright anything with the USPTO, the answer to your question is no.

      You're also seriously deluded if you think you can sue someone under the DMCA or any other law for taking actions that stopped illegal activities you were knowingly committing, and didn't cause you any harm in the process.

  • by Richard_J_N ( 631241 ) on Friday December 02, 2005 @01:04PM (#14167196)
    Given that all these technological measures only break Windows because of Autorun, why doesn't MS issue a patch to disable it.
    All that would be required is a simple popup when you insert a CD: "This disc appears to be an audio disc. Do you want to play it as normal, or would you like to install the program that is on the disc".
    • There should just be a general warning, "Do you wish to allow execution of software on this CD?" for all CDs that try to autorun... with games/programs/etc, the answer is probably yes, but seeing that on a music CD, or a DVD should set off some alarms in people. Maybe even have a list of known CDs somewhere, so that you can click a 'always do this action for this CD' box or something, sort of like what they do with file types.
    • I'd like to see "autorun" treated like "autoplay" for disks of ALL types:

      If you go to the properties page of your CD drive, you will see an "autoplay" tab. For each type of non-data disk, you can select an option.

      Add an option for two additional type:
      * Disks that automatically run a program

      with the options:
      * Enable autorun
      * Disable autorun and treat CD as another type of CD
      * Do nothing
      * Prompt for choice
  • Comment removed (Score:3, Insightful)

    by account_deleted ( 4530225 ) on Friday December 02, 2005 @01:08PM (#14167231)
    Comment removed based on user account deletion
    • From my experience, I would estimate their loss of sales from boycotts at around 5 to 10%. Working in computer support for a high school, my most common solution to a DRMed CD or downloaded music (which the teachers assumed could be used like a normal CD) was to download a copy off of P2P (using my home connection connected via ssh - the school connection has HTTP quite heavily censored and many ports are blocked and the bandwidth is too choked for very agressive downloading) and burn them a redbook complia
    • It's as simple as implementing new security standards and specs, testing them with the cooperation of the security community, setting a worldwide/nationwide rollout date, then requiring everyone's software to support them as of that date. Think "Attention (ebay|Yahoo|Google|MSN) Users: After JULY 23, 2007, you must have upgraded your Web browser to support the new HardenedHTTP specification. Browsers which support this include: Mozilla Firefox 2.0, Netscape 8.1, Opera 9.01, or Internet Explorer 8 Beta."

      S

  • Just don't publish from the USA.
  • by masdog ( 794316 ) <masdog@g[ ]l.com ['mai' in gap]> on Friday December 02, 2005 @01:17PM (#14167301)
    Alright, I'm a little confused here. We have laws on the book which prevent breaking into computers and installing "spyware" without the user knowing about it, but if that "spyware" is encrypted/hidden/copy protected in any way, it is also illegal to remove it??

    Is it just me, or is the US government getting too stupid for its britches??
    • by Surt ( 22457 ) on Friday December 02, 2005 @01:30PM (#14167418) Homepage Journal
      The process is clear as defined by current law:

      If you discover spyware is on your system, and your state has laws against that, you may pursue a suit against the spyware vendor.

      If the spyware is protected by anti-circumvention devices, you are not permitted to remove it yourself.

      Ergo, include removal as part of your recompense for damages in the suit. Sony will need to provide for the removal of the spyware, and at its discretion could give you permission to remove the spyware using a 3rd party tool.
  • Researchers: "Give us the right to bypass protected spyware!"

    U.S. Copyright Office: "No problem. That'll be $10,000,000; small, non-sequential bills, please."
  • by kimvette ( 919543 ) on Friday December 02, 2005 @01:21PM (#14167340) Homepage Journal
    Hey script kiddies and virus creators (I know at least SOME slashdotters are. Come on, admit it, you're out there!), want to help kill DMCA?

    In your next trojan horse and virus releases, implement some sort of DRM which will make it illegal for anyone to remove the utilities. You can then prosecute Symantec, etc. citing DMCA violations. This will show just how evil the DMCA really is.
  • I generally do not see much of any coverage relating to the issues surrounding the DCMA and all the hoopla coming from it. Seems like all of the news about it is on Slashdot or the Register. Why are the big news outfits not publishing anything on this???

    My suspicions are that "keeping it quiet" is a tendancy being brought about by a select group of lawyers that work quite possibly in the entertainment industry, and are looking to covet their bank accounts and the future deposits thereof.

    I mean;.. we all kno
  • Exemptions (Score:3, Interesting)

    by gr8_phk ( 621180 ) on Friday December 02, 2005 @01:27PM (#14167389)
    Laws that require a bunch of exemptions need to be revisited. It's just like when software gets too many nested conditionals - you know the logic needs to be cleaned up or scrapped. Has anyone ever tried to apply complexity measures to portions of the law?
  • Under what article or amendment to the constitution is the federal government explicitly given the power to restrict what can or cannot be done to bits contained on a disk owned by a researcher? If the federal government is not explicitly given such a power the law should be declared unconstitutional by the courts.

    10th amendment: The powers not delegated to the United States by the Constitution, nor prohibited by it to the States, are reserved to the States respectively, or to the people.

    And in fact, your
    • Presumably, they have the power from Article I, Section 8, Clause 8 (or according to some, Clause 3, though I disagree with that). As for rights, having them isn't the same as having them guaranteed. Furthermore, provided that due process (see the 5th Amendment, since we're discussing the federal government here) is satisfied, you can be deprived of that right. Of course, the current stance of the courts is that copyright doesn't infringe on the rights of the people to begin with, but rather works in coope
  • "As noted by the Electronic Frontier Foundation, the Copyright Office theoretically grants exemptions, but in reality discourages anyone from asking."

    That makes it sound so sinister. Isn't this the real purpose of any bureaucracy? To limit peoples access to things to which they are theoretically entitled, without having to prevent their access entirely. The same thing could be said about insurance policies, or any kind of social services offered by the US government, or retailer return policies.

Our OS who art in CPU, UNIX be thy name. Thy programs run, thy syscalls done, In kernel as it is in user!

Working...