Politech mailing list archives

Previous By Date Next
Previous By Thread Next

FC: DMCA restricts police forensics tools, cryptanalysis research?

From: Declan McCullagh <declan () well com>
Date: Sat, 25 Aug 2001 18:41:56 -0400
The below message is from today's RISKS Digest (http://www.csl.sri.com/users/risko/risksinfo.html).
The DMCA (sec. 1201) says in part "no person shall manufacture, import, offer to the public, provide, or otherwise traffic" in anything that "is primarily designed or produced for the purpose of circumventing a technological measure that effectively controls access to a work protected under this title." Anyone care to speculate about whether that applies to Fred's product? (http://thomas.loc.gov/cgi-bin/query/z?c105:H.R.2281.ENR:)
While the DMCA may well be an awful law, one thing I've never understood is why many folks seem to think it bans publishing your research into security flaws and so on. The RIAA/SDMI threats against Ed Felten & co were spurious. There are two prongs to the DMCA: Don't bypass copy protection schemes, and don't sell stuff that automates that process. Nowhere does the law say "don't tell others what you learned." Even if circumventing (for profit) is a felony, telling people how they could theoretically break the law is generally legal, right? (http://www.loompanics.com/Articles/HitManLawsuit.htm) 

-Declan

**********

Date: Fri, 17 Aug 2001 15:47:51 -0700 (PDT)
From: Fred Cohen <fc () all net>
Subject: Re: Avoiding prosecution of the DMCA (Ferguson, RISKS-21.60)

The DMCA has also had effects on my forensic analysis products.  Because the
current copyright law makes anything that is put into tangible form
copyright unless made otherwise by the author (or by law), things like
criminal records are copyright.

This means that if the criminal tries to protect their material - for
example by hiding it using steganography, encrypting it, or by putting
it on a computer with a password to prevent unauthorized access - then
that work is protected by the DMCA (after all, the password on Windows
systems is effective protection unless you try to circumvent it).

Because the primary purpose of most of my forensic analysis tools is to
reveal things that are protected from revelation, and because the DMCA
makes it illegal to distribute such a device, I have been forced (based
on the recent arrests and other threats against authors of such things)
to withdraw my forensic products from the market.

I should note that companies like Access Data who sell products that are
explicitly designed for undoing encryption, etc.  are almost certainly in
violation of the DMCA.  While the FBI might not arrest them now because they
sell to the FBI (and other in law enforcement - as did I), this does not
mean that the FBI cannot arrest them at any time and charge them with a
felony.  Indeed, sale to law enforcement is not legal, even though law
enforcement can, on its own, build and use such tools.

The effects on research and education are even more interesting.  For
example, I am having a discussion with my university now about canceling
courses on forensics and cryptanalysis because in these courses we teach
people how to get around protection of this sort and may provide the
capabilities to do so in so teaching.  The DMCA has, I believe, made this
illegal - and if you are teaching such a course next semester, you might
think about the issues as well.  On the research side, I don't work on
research I cannot publish, so I am canceling the aspects of my research
that go into these areas.

Fred Cohen              Fred Cohen & Associates.........tel/fax:925-454-0171
fc () all net           The University of New Haven.....http://www.unhca.com/
http://all.net/         Sandia National Laboratories....tel:925-294-2087




-------------------------------------------------------------------------
POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if you include this notice.
Declan McCullagh's photographs are at http://www.mccullagh.org/
To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
-------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: