Researchers Want Right to Bypass Protected Spyware 266
Dotnaught writes "Computer security researchers Professor Edward Felten and Alex Halderman have asked the U.S. Copyright Office for an exemption (pdf) to the Digital Millennium Copyright Act (DMCA) so that they can circumvent copy protection technology used to protect spyware. The DMCA currently makes it illegal to bypass digital locks almost regardless of what they protect or the user's intent. As noted by the Electronic Frontier Foundation, the Copyright Office theoretically grants exemptions, but in reality discourages anyone from asking. What's significant about the application submitted by Felten and Halderman is that they knew about the dangers posed by Sony's XCP DRM software a month before the news became public. But they delayed publication for fear of prosecution. During that time, many more consumers fell victim to the spyware propagated by Sony."
A horrible idea... (Score:5, Insightful)
I fear that by building these loopholes, we will actually be legitamizing the DMCA as a whole... And we will be losing 1 more datapoint in our arguments against this monstrosity...
Re:A horrible idea... (Score:5, Interesting)
Re:A horrible idea... (Score:2)
Re:A horrible idea... (Score:2)
Re:A horrible idea... (Score:5, Insightful)
The US IS less democratic (Score:5, Insightful)
Who modded the parent as Flamebait? The US has moved far from it's democratic ideals. It may not be any China or North Korea, but it is a far sight less free and democratic then it ever use to be.
To wit:
1) DMCA
2) Patriot Act
3) Congressional gerrymandering.
4) Copyright extentions and patent law broadening.
5) Air travel ID requirements
Re:A horrible idea... (Score:2)
I'm not so sure. Let's face it, we wont defeat the DMCA by continuing to say it's "illegitimate." I think what we need to do is work through its channels to set precedents, so we can build a case for how studying various mechanisms actually helps society more than it hurts it. I don't see any good new reasons to oppose the DMCA coming up if we continue to stonewall it. But if we use its own language to get a foot in the door, we stand a good chance of weakening its strangle hold on certain aspects of secur
Re:A horrible idea... (Score:5, Insightful)
For example, if I encrypt my personal data on my hard drive, I think it should be generally illegal for you to break the encryption, just like it's generally illegal to break into my house. That's fair, right?
The problem I have with the DMCA is the idea that it might allow someone to lock data that I believe I should have access to, and I have no legal recourse. For example, AFAIK, it's illegal to rip DVDs to your hard drive, even if you have no intention of violating copyrights. To my mind, that's like being forbidden from creating an alternate means of entry into my own house, rather than being forbidden from breaking into someone else's house.
I guess what I'm saying is, if the US government wants to give stiffer penalties for copyright infringement if the act includes bypassing copy protection, that doesn't bother me. Insofar as the DMCA does that, I don't mind. It only starts bothering me if it's used to go after private individuals who bypass protection for the purpose of fair use.
Re:A horrible idea... (Score:5, Insightful)
For example, if I encrypt my personal data on my hard drive, I think it should be generally illegal for you to break the encryption, just like it's generally illegal to break into my house. That's fair, right?
Yes, that's fair, and that's why it's illegal even without the DMCA. The trick is that most laws don't make methods illegal, they make actions illegal. Accessing your personal property without permission is illegal.
The problem I have with the DMCA is the idea that it might allow someone to lock data that I believe I should have access to, and I have no legal recourse. For example, AFAIK, it's illegal to rip DVDs to your hard drive, even if you have no intention of violating copyrights. To my mind, that's like being forbidden from creating an alternate means of entry into my own house, rather than being forbidden from breaking into someone else's house.
AFAIK, the DMCA says nothing about ripping DVDs; they can be easily imaged to a HDD. The trick is that you get into copyright trouble (DeCSS) when trying to convert them to a new format playable by software not originally designed to play the DVD. Also, the DMCA says nothing about region encoding. Your thoughts on the subject are still valid however.
I guess what I'm saying is, if the US government wants to give stiffer penalties for copyright infringement if the act includes bypassing copy protection, that doesn't bother me. Insofar as the DMCA does that, I don't mind. It only starts bothering me if it's used to go after private individuals who bypass protection for the purpose of fair use.
It bothers me -- methods should not create stiffer penalties; actions should. People get caught up in the "technology" used to commit pre-defined crimes, and forget that they are already crimes irrespective of how they were committed. We don't need an "Internet auction fraud" law, because we already have a perfectly usable fraud law that applies. If an old law no longer carries appropriate penalties for a crime, the old law needs to be revised.
To sum up, everything illegal under the DMCA that should be illegal already was -- everything else is being overturned on a case-by-case basis, which is putting the onus on the innocent parties to prove they're innocent, instead of putting the onus on the prosecution to prove they're guilty. The DMCA is a "guilty until proven innocent" law.
Re:A horrible idea... (Score:2, Interesting)
Corporations or the Government? (Score:3, Insightful)
Re:Not so fast (Score:5, Informative)
Actually the DMCA as well as its EUCD european counterpart are both implementations of the TRIPS [wto.org] international treaty which was brought to us by our loved and highly democratic World Trade Organization.
It also seems that EUCD is yet more restrictive than DMCA, actually the french implementation of EUCD, if adopted by the parliament at the end of the month, will simply make it illegal to publish free software [fsffrance.org].
It's more than time for all this nonsense to stop.
It's Really Sad That... (Score:5, Insightful)
Just another reason why politicians shouldn't be writing laws concerning subjects they know nothing about.
Re:It's Really Sad That... (Score:5, Funny)
Re:It's Really Sad That... (Score:3, Interesting)
Re:It's Really Sad That... (Score:5, Insightful)
By your interpretation, every single user would have to be a Computer Scientist able to diagnose and repair their own complex operating software, since no one could share their discoveries.
And since Viruses hide themselves, no anti-virus firm could market a product to remove them since that would be making use of illegal bypassing of the Virus's anti-circumvention provisions.
You see where this leads. Without the ability to share information on threats, the ability to remove and protect against them is essentially nullified. The DMCA is a damn horrible awful thing for consumers.
Re:It's Really Sad That... (Score:3, Interesting)
Re:It's Really Sad That... (Score:2)
A restriction that's not enforced or one that's in fact unenforceable is still a restriction.
Re:It's Really Sad That... (Score:2)
Re:It's Really Sad That... (Score:2)
Fine, I'll say it. It should be perfectly OK, ie. 100% legal and entirely without repurcussion whatsoever even upon discovery, for a private person to do whatever the hell they want to their own computer, so long as they're not actually hurting anyone, either physically or economically.
Re:It's Really Sad That... (Score:4, Insightful)
True - imagine a world where you couldn't share any information regarding any threat. See a person with dynamite strapped to them? Don't say anything, you could be sued for removing their coat to see the bomb. Car built with bad brakes? Don't say anything, you'll be prosecuted for removing the tire which protects the brakes.
Sharing information is the very cornerstone of freedom, and using the DMCA to control information is quite evil.
Re:It's Really Sad That... (Score:5, Insightful)
First of all, I don't like actions that are necessary for my safety to make me a "criminal", even in the theoretical (non-prosecutorial) sense.
Secondly, it reflects badly on a gov't to have a law that is unenforceable.
Re:It's Really Sad That... (Score:2)
Right. But if you're a researcher, publication is part of the job. Those people can't say, "well, I'm only at risk if I share my data." That's like a programmer thinking, "well, I'm only at risk if I add code to the repository."
Imagine if everyone at Adobe had to write Photoshop independently, owing to a law that prevented the sharing of source code. You have a hun
Re:It's Really Sad That... (Score:5, Insightful)
Exactly. The computer is the person's property. I don't understand how the owner doesn't retain full control over it.
But, I'm confused. Isn't reverse-engineering broad enough to cover researchers dissecting it?
If the day comes that anything with 'digital security' can't be looked at except by those who made it, we'll all be screwed. Hell, I should think you could go around putting a physical device on people's cars and houses that locks them -- and since it's got some digital components, it would be illegal for the owner to open them without running afoul of the DMCA.
No room for extortion there --- "You're not allowed to remove our lock from your car due to the DMCA, but for $1000 we'll remove it" -- what if the lock was placed illegally? (Or the software was installed surrepticiously in the case of spyware.)
This is completely irrational. If I go to a store and buy new windshield wipers, the merchant can't make it illegal for me to buy windshield wipers from someone else ever again.
At some point, the consumer needs the ability to terminate a contract when they no longer wish to do business with someone. Making it illegal to dissect/remove spyware would be like enforced vendor lock-in in the real world. You signed up once, now you have to be signed up in perpetuity??
Re:It's Really Sad That... (Score:3, Insightful)
Re:It's Really Sad That... (Score:2)
Re:It's Really Sad That... (Score:5, Insightful)
Just another reason why politicians shouldn't be writing laws concerning subjects they know nothing about.
Actually, you should have said "just another reason why politicians shouldn't be enacting laws that were written by lobbyists". It's a bit unfair to demand that Congresscritters will be experts in all subjects.
But on a related topic -- why isn't there a CTO (Congressional Technology Office)? There's the Congressional Budget Office -- which is (allegedly) a non partisan office that exists to advise Congress on budgetary issues. They are the ones releasing the figures about Social Security that disagree wildly with what the White House would have us believe.
So why shouldn't there be a CTO? It's unreasonable to expect that all Congresscritters can be knowledgeable techies. They should have a non partisan agency to advise them about these issues -- then perhaps stuff like this wouldn't be overlooked.
Comment removed (Score:5, Informative)
Re:It's Really Sad That... (Score:3)
Re:It's Really Sad That... (Score:2)
Even after reading the article (most of it is a compilation of old complaints about the DMCA), this sounds like good, old-fashion FUD. Nothing in the DMCA says Felton et al. couldn't say
Re:It's Really Sad That...Bad Because? (Score:3, Insightful)
And this would be bad because...?
Glad to see it! (Score:3, Funny)
(sic)
Re:Glad to see it! (Score:2)
Hindsight (Score:4, Insightful)
Re:Hindsight (Score:4, Insightful)
Re:Hindsight (Score:3, Insightful)
Conjecture : The RIAA and MPAA know DRM schemes will be broken, thus don't rely on them to protect their revenue stream.
Observation : The MPAA already has more control over your DVD player than you do. I've already run across a couple DVDs that won't even allow me to bypass the trailers at the beg
Re:Hindsight - wrong way around (Score:3, Insightful)
Sony wouldn't have had a DMCA fight by continuing to ship the software. That's not illegal under the DMCA, nor are they being sued under its provisions.
The researchers who determined how it worked, and how to workaround and/or remove it would have had to carry the burden of the fight if Sony charged them with vi
This story should've had the censorship icon (Score:4, Interesting)
This story deserves the Slashdot Censorship Icon [slashdot.org].
I wonder of the victims can go after the copyright office for contributory neglegence? Probably not but it's fun to think about.
Darn, looks like I missed "first post" by --><-- that much.
Re:This story should've had the censorship icon (Score:2)
That's how I'd read it, at least, and tha
Re: (Score:2)
Would they have dared? (Score:5, Insightful)
Re:Would they have dared? (Score:5, Insightful)
Re:Would they have dared? (Score:2, Interesting)
You might be kidding, but I've been thinking about the same lines. Votes don't count anymore. Instead, just pool money and pay off politicians. Sort of like a PAC, but where everyone gets involved instead of just the hardcore supporters. Plus it has the advantage of being able
Re:Would they have dared? (Score:2)
Re:Would they have dared? (Score:2)
Re:Would they have dared? (Score:2)
Occasionally an otherwise good company will go after an innocent person they mistook for a hacker. It is sometimes very hard for people in charge to enough technical perspective to distinguish good guys from bad guys. And there are widely varying views of who the good guys are.
8 years ago, an employee of a watermarking company entered a forum for watermark researchers and called us all thieves. He was very angry that people were developi
It's like guns (Score:5, Insightful)
Contrast that to the restrictions being argued against. The tool, circumvention of copy protection technology, is illegal. The act, distributing copies in violation of copyright, is also illegal.
Why is circumventing copy protection illegal? Because the **AA want it to be.
Say I want to rent a bike for the day. I license the use of the bike, and am provided with a bike lock. Is it illegal for me to pick that lock? Even if you go by the **AAs' ridiculous licensing theory, it still doesn't make sense to have circumventing copy protection be illegal.
It's worse than that. (Score:2)
To use your analogy, it is as if it were legal to shoot people, but guns (the tools) were illegal.
Re:It's worse than that. (Score:2)
DVD players will play unencrypted discs just fine. I do it all the time with home movies.
Re:It's worse than that. OT (Score:2)
Did you hear your little brother was born the other day? Quantum Byte was born weighing in at 8 bits and 0 ounces.
And won't it be exciting to own a DVD player that can shake a robot finger at you for playing DVDs without CSS encryption?
Re:It's like guns (Score:2)
If you want to convince laypeople that a debugger is a perfectly benign piece of software that is of no danger to anyone, you would probably want to avoid saying, "see, it's like a gun...."
I support the consitutional right to bear arms. But if someone told me that an obscure item I don't understand is "like a gun," I would draw certain false conclusions about its purpose and safety. I would disagree with its banning but u
Re:It's like guns (Score:2)
Re:It's like guns (Score:2)
Circumvention of the copy protection is a tool by which people can illegally distribute copyrighted works... maybe it's not the best metaphor, but I think it makes sense.
Re:It's like guns (Score:2)
Heavens YES!! Obviously this violates the laws against lock-picking. However, it is a public health risk to have dead animals in your yard. So basically you're expected to torch the animals (and part or all of your house) and then rebuild.
It's about time (Score:5, Interesting)
What makes it even worse... our sponsor was the Department of Defense. I can not give any specific details becaus of a NDA, so you will have to take my word on it, but what we were doing was of great value to our serving men and women. This is something that is most definitely sorely needed.
So NDA to everyone? (Score:3, Interesting)
Interesting... It would be laughable in some other context, but I feel your pain.
Re:So NDA to everyone? (Score:2, Interesting)
*grinds teeth*
Re:So NDA to everyone? (Score:2)
And the sad thing, is you could be doing legal request at the behest of a government agency, but due to another government agency it would be illegal to discuss it with agency #1.
How screwed is that?
Scotch Tape (Score:5, Interesting)
Reverse Engineering / Removal (Score:5, Insightful)
They brought their property, on to yours, with the intent to cripple or hinder use of your equipment, without adequately informing you and without your express permission. In my world, this is the same as home invasion. Just the same as a fat man standing over your computer yelling at you or fucking with your machine's innards when you weren't looking.
Its absolutely retarded that this is even LEGAL. The only reason they haven't been able to apply the DMCA to car innards is because they know that the person OWNS that piece of equipment, and putting in measures to defeat it would be taken apart in all of ten minutes. And spread the information. Eventually it would lead to bad press, as a useless piece of metal would be trying to keep you from having access TO YOUR OWN car. Same thing with computers and software..but people don't think they're as important as things meatside.
Re:Reverse Engineering / Removal (Score:2)
I'm tired of these hypothetical situations. Your answer is: get an RPG and go their headquarters and fire a few grenades into their lobby. Then go from floor to floor wasting them all until you get to the CEO. Then disembowel him with a carving knife. Lawsuit this, lawsuit that. Shoot them, shoot them all.
Re:Reverse Engineering / Removal (Score:2)
That is clearly a violation of the National Security parts of the Federal Computer Fraud and Abuse Act, which calls for ten-year jail terms for those offenses (instead of "only" five years
Re:Reverse Engineering / Removal (Score:2)
The only way to get all the information out of your car's computer is to either find a dealership to do the looky-loo, or buy several thousand dollars worth of software to read the ECU/EMS.
The auto mfgs have been sitting on the communication protocols for years. They're slowly giving out their secrets, but only because Congress said so. Tuners have been reverse engineering the ECU's in cars for years.
Prohibition of curiosity (Score:2, Insightful)
Great! (Score:2)
Reasonable Action (Score:2, Insightful)
Re:Reasonable Action (Score:2)
My computer is my property. (Score:3, Insightful)
So . . . why do software manufacturers (including malware manufacturers) have a right to dictate what I will do with my hardware. Certainly, if I start making bootlegged copies of software/data available I can see where I have abnegated the implicit agreement between myself and the software vendor (damaging the apartment), but so long as such transgressions remain securely within the bounds of my equipment they should have no right to complain (I furnished the apartment with the most hideous furniture in existence, but the apartment remains undamaged).
Re:My computer is my property. (Score:2)
Re:My computer is my property. (Score:2)
If you rent a washer/dryer, that doesn't give Maytag the right to enter your home and inspect it (or inspect your other appliances -- the Sony rootkit inserts itself between the driver and the OS so it can see ALL discs, not just Sony's).
Media companies are even worse off because you buy something from them ONCE. It's not a rental agreement.
This is getting ridiculous (Score:5, Interesting)
Re:This is getting ridiculous (Score:2)
You're also seriously deluded if you think you can sue someone under the DMCA or any other law for taking actions that stopped illegal activities you were knowingly committing, and didn't cause you any harm in the process.
Why doesn't MS patch autorun? (Score:3, Interesting)
All that would be required is a simple popup when you insert a CD: "This disc appears to be an audio disc. Do you want to play it as normal, or would you like to install the program that is on the disc".
Re:Why doesn't MS patch autorun? (Score:2, Insightful)
Re:Why doesn't MS patch autorun? (Score:2)
Even better, prompt for all (Score:3, Interesting)
If you go to the properties page of your CD drive, you will see an "autoplay" tab. For each type of non-data disk, you can select an option.
Add an option for two additional type:
* Disks that automatically run a program
with the options:
* Enable autorun
* Disable autorun and treat CD as another type of CD
* Do nothing
* Prompt for choice
Comment removed (Score:3, Insightful)
Re:Good. Freakin'. Luck. (Score:2)
Another cluectomy victim (Score:2)
S
Re:Good. Freakin'. Luck. (Score:2)
It doesn't require much looking. Based on what I know of the several thousand years of recorded history, that's not a solvable problem. Improving the technology is an approach more likely to reduce the Spam in my inbox. That this suggested solution is crap does not prove all such approaches are crap... although the existance of the form response strongly implies most of the obvious ones are. =)
Circumvent the law! (Score:2)
Let me get this straight... (Score:4, Interesting)
Is it just me, or is the US government getting too stupid for its britches??
Re:Let me get this straight... (Score:5, Interesting)
If you discover spyware is on your system, and your state has laws against that, you may pursue a suit against the spyware vendor.
If the spyware is protected by anti-circumvention devices, you are not permitted to remove it yourself.
Ergo, include removal as part of your recompense for damages in the suit. Sony will need to provide for the removal of the spyware, and at its discretion could give you permission to remove the spyware using a 3rd party tool.
US Govt At Your Service! (Score:2, Funny)
U.S. Copyright Office: "No problem. That'll be $10,000,000; small, non-sequential bills, please."
Idea for killing DMCA (Score:3, Funny)
In your next trojan horse and virus releases, implement some sort of DRM which will make it illegal for anyone to remove the utilities. You can then prosecute Symantec, etc. citing DMCA violations. This will show just how evil the DMCA really is.
Slashdot is alone in this.. (Score:2, Insightful)
My suspicions are that "keeping it quiet" is a tendancy being brought about by a select group of lawyers that work quite possibly in the entertainment industry, and are looking to covet their bank accounts and the future deposits thereof.
I mean;.. we all kno
Exemptions (Score:3, Interesting)
Unconstitutional (Score:2)
10th amendment: The powers not delegated to the United States by the Constitution, nor prohibited by it to the States, are reserved to the States respectively, or to the people.
And in fact, your
Re:Unconstitutional (Score:2)
bureaucracy (Score:2)
That makes it sound so sinister. Isn't this the real purpose of any bureaucracy? To limit peoples access to things to which they are theoretically entitled, without having to prevent their access entirely. The same thing could be said about insurance policies, or any kind of social services offered by the US government, or retailer return policies.
Re:what tools! (Score:3, Insightful)
At Nuremburg the court held that if you know something is wrong/evil you are obligated to not do it no matter what your superior officers tell you to do.
Re:what tools! (Score:3, Insightful)
I assume you have plenty of money to fight frivolous lawsuits filed against you when you heroically denounce evil deeds, right? For the rest of us, when the law muzzles us, we tend to shut up because otherwise we'd go broke. Sad but that's how it is, and I suspect you'd probably do the same despite all your Slashdot bravado.
Re:what tools! Nope (Score:4, Insightful)
Nope. At Nurenberg they were on trial because they'd definitely done SOMETHING! They were not guilty of acts of ommission, like forgetting to tell you that they'd installed DRM software onto your computer BEFORE presenting you with an EULA and asking if you wanted to allow them to install software on your computer.
Re:what tools! (Score:3, Insightful)
Re:what tools! (Score:2, Insightful)
I for one welcome... (Score:3, Funny)
Re:what tools! (Score:3, Informative)
Wow, Godwin's Law [jargon.net] in the FP. You lose!
Re:Thank you, voters! (Score:2)
Re:Thank you, voters! (Score:2)
Re:Pros And Cons (Score:3, Insightful)