RE: Short note on new Laws

[ICMan <shane () tor securecomputing com>]

Looking over the bill, it does appear at first glance that security tools 
and such would be suspect.  However, I thought I saw a clause about the 
limitation of liability if the manufacture, use, blah, blah of such 
technology was required for livelihood.  Also, the manufacture of such 
products, if used personally, and only for the purposes of working 
contracts where the data owner (Copyright Holder) has requested the service 
and is willing to pay for said service should provide a legal loophole big 
enough to drive a truck through.  If you make the tool yourself, and only 
use it on people who request the service, then the tool is not for 
circumventing copy protection.  There is no copy protection on information 
you have been asked to copy.

Also, only cryptanalysis tools seem to fit the category.  A hacking tool is 
for liberating information that is on public sites.  Although the 
information there is protected, it is not COPY protected per se.  A 
different set of rules should apply with scanning tools.  (Although a good 
prosecutor may be able to make this rule stick.  You'd need a good defense 
attourny.)

The biggest problem of this bill is that it does not take into account 
tools created for the express purpose of TESTING copy protection 
technology.  Are they restricted?  They amount to the same thing.  Perhaps 
this is the loophole.  "Er... your Honour, the tool in question was NOT 
made for the purpose of circumventing copy protection technology, it was 
made to test the effectiveness of such technology.  Yeah, and I would like 
to call my first witness... my wife.  Morgan Fairchild.  Yeah."

The legal system may eventually figure out how to make all this stuff work, 
but there will be many Kevin Mitnick's before the dust settles.

ICMan

-----Original Message-----
From:   Rick Smith [SMTP:rick_smith () securecomputing com]
Sent:   Monday, 29 June, 1998 1:55 PM
To:     Stout, Bill; Firewall-wizards
Subject:        Re: Short note on new Laws

At 08:11 PM 6/26/98 -0400, Stout, Bill wrote:
> You legal types on this security list tell me if this is true:
>
> ---Digital Millennium Act of 1998 ---
> (Passed Senate, in House for review) see http://thomas.loc.gov/, search
> for 'Digital Millennium Act'.
>
> Makes many security tools, services or discussions (even this list)
> illegal ...

So this would make "Internet Cryptography" an illegal book, I suppose.
Personally I doubt they could make it stick in court. However, this might
force the issue of whether or not software is protected speech or something
else. This has interesting implications on export controls.

I'd be interested to know how this relates to the legal notion of "burglary
tools," which are things you buy at the hardware store, and apparently are
only illegal when used under suspicious circumstances (whatever that 
means).

> Makes firewalls (or firewall at ISPs) illegal ...

It sounds like the law is trying to turn ISPs into arms-length carriers of
bits. I wonder if this would make it illegal to an ISP to selectively offer
newsgroups, or if it obligates them to carry all of USENET or none of it.

Law is such a ham-handed way of doing these things.

Rick.
smith () securecomputing com