Re: Comment on DMCA, Security, and Vuln Reporting]

[Declan McCullagh <declan () well com>]

[I subscribe to bugtraq but haven't seen Glenn's message appear. It did go 
out to vuln-dev, and someone forwarded the message to me. I'm not on 
vuln-dev; feel free to forward this to the list.]

"Wolf, Glenn" <glenn.wolf () we-inc com> wrote:
> In light of the fact that 2600 was successfully sued over merely linking to
> DeCSS source code under the DMCA (and losing a subsequent appeal), and
> especially since News.com mentioned that fact in their article, I'm
> absolutely AMAZED that they would do just that, linking directly to exploit
> code in three separate places in the article!!!  Oh, and HP is apparently a
> corporate sponsor of News.com (by the ad banners that pop up on their site).
> I wonder how THIS will play out...

I'm the author of the CNET News.com article, though I do not speak for my 
employer. Three points:

* 2600 was sued for *posting* the DeCSS.exe utility, not for linking to it:
http://www.eff.org/IP/Video/MPAA_DVD_cases/20000114_ny_mpaa_complaint.html
> Defendant Eric Corley a/k/a Emmanuel Goldstein also posted DeCSS on his 
> Internet web site...

* The judge in the case crafted a rule limiting but not banning linking:
http://www.eff.org/IP/Video/MPAA_DVD_cases/20000830_ny_amended_opinion.pdf
> there may be no injunction against, nor liability for, linking to a site 
> containing circumvention technology, the offering of which is unlawful 
> under the DMCA, absent clear and convincing evidence that [lots of details]

* When I was at Wired News, we joined an amicus brief in the 2600 case that 
said journalists should have the right to link to controversial material 
such as DeCSS.exe:
http://www.politechbot.com/docs/linking-amicus.012601.html

-Declan