Interesting People mailing list archives
more on The second sincerest form of flattery
From: David Farber <dave () farber net>
Date: Thu, 20 Jan 2005 19:36:11 -0500
------ Forwarded Message From: "Dr. A. Michael Berman" <amberman () csupomona edu> Date: Thu, 20 Jan 2005 16:34:45 -0800 To: <dave () farber net> Subject: RE: [IP] The second sincerest form of flattery I'm glad to hear that Penn has handled this case appropriately. According to copyright law, a University does not have to act like an ISP when it receives a DMCA takedown request the applies to materials posted by a faculty member (as opposed to most others served by the institution). There is explicit "safe harbor" language in the regulations that states that the institution is not responsible for the infringing material posted by a faculty member, and therefore the faculty member should deal directly with the claimant without intervention from the institution. Specifically: Special Rules Regarding Liability of Nonprofit Educational Institutions Section 512(e) determines when the actions or knowledge of a faculty member or graduate student employee who is performing a teaching or research function may affect the eligibility of a nonprofit educational institution for one of the four limitations on liability. As to the limitations for transitory communications or system caching, the faculty member or student shall be considered a "person other than the provider," so as to avoid disqualifying the institution from eligibility. As to the other limitations, the knowledge or awareness of the faculty member or student will not be attributed to the institution. The following conditions must be met: ! the faculty member or graduate student's infringing activities do not involve providing online access to course materials that were required or recommended during the past three years; ! the institution has not received more than two notifications over the past three years that the faculty member or graduate student was infringing; and ! the institution provides all of its users with informational materials describing and promoting compliance with copyright law. This language can be found at http://www.copyright.gov/legislation/dmca.pdf on p. 13.
-----Original Message----- From: owner-ip () v2 listbox com [mailto:owner-ip () v2 listbox com] On
Behalf
Of David Farber Sent: Thursday, January 20, 2005 3:02 AM To: Ip Subject: [IP] The second sincerest form of flattery ------ Forwarded Message From: Matt Blaze <mab () crypto com> Date: Wed, 19 Jan 2005 20:53:58 -0500 To: David Farber <dave () farber net> Subject: The second sincerest form of flattery One of my research interests is applying the principles of "human-scale" security (such as mechanical locks and alarm systems) to computer science. Although human-scale systems are almost always imperfect, their failure mechanisms are often much more gradual and more predictable than their information systems counterparts, and I believe that by better understanding why this is we might be able to build computer systems that behave in similar ways. Several particularly interesting illustrations of the phenomenon of gradual and predictable security failure can be found in safes and vaults. I'm working on a survey paper, tentatively entitled "Safecracking for the computer scientist," that I hope will stimulate other researchers to think along similar lines. Last month I finished a first draft and put it on my web site. (For those who've not seen it, it's at http://www.crypto.com/papers/safelocks.pdf ) Although the paper is only of rather narrow interest, a couple of weeks ago the wildly popular "Slashdot" news site discovered and linked to the draft; somewhere around 50,000 people downloaded the (large) pdf file that weekend. My web server survived Slashdot's attention, but I was somewhat taken aback by what happened next. A couple of years ago I wrote a paper about weaknesses in the keyspaces of master-keyed mechanical locks (it marked the beginning of my understanding of the similarities between information and physical security). Some locksmiths were outraged that I would publish a paper "revealing" security vulnerabilities in what they believed to be a closed field. See http://www.crypto.com/papers/kiss.html for details, but to make a long story short, some locksmiths do not approve of disclosing vulnerabilities in locks to the "general public," on the grounds that open discussion aids the bad guys more than it helps the good guys. (I don't agree -- and the scientific method's requirement for open scrutiny and debate does not provide an exemption when the subject involves security -- but that's another story for another time.) Perhaps predictably, there has been a similar reaction to my recent draft on safe locks. Shortly after Slashdot linked to the paper, one or more locksmithing trade groups discovered it as well . The response of some locksmiths to the draft has been at least as negative as it was to my master keying paper. I've received quite a bit of uncomplimentary email from locksmiths, and I'm told that locksmithing message boards have recently been abuzz with messages about what a scoundrel I must be to again have written such an "unethical" and "irresponsible" paper. Ironically, the theme of my safecracking survey is that while safes aren't perfect, they largely meet their requirements, and indeed, computer security would do well to emulate their security principles. Nothing in my paper (and indeed, no techniques of which I'm aware) allow one to quickly open decent quality safes. The paper's conclusion is that even if one is fluent in the (not very) secrets of the safecracking trade, the measurable security of even relatively modest safes allows them to be used quite effectively for their intended applications (especially as part of larger security system that complement the safes' limitations). I certainly don't think it would have been unethical to have published an analysis that reached a different conclusion, of course, but my paper as written could hardly be considered an attack against the safe industry or its products. As with the reaction to my master keying paper, many of the complaints I've received are self-contradictory and emotionally charged, often invoking "homeland security" in unspecified but ominous ways. I've developed a thick skin against this sort of thing, and I try not to take it personally (although it's a bit disturbing to have so many people so angry with me over my work). It's rather like being accused of witchcraft; many of the complainers don't seem to be seeking a reasoned debate but are instead venting a broder range of unspoken frustrations that go well beyond either me or my papers. There is simply no effective way to debate on these terms against an angry mob. In any case, some locksmiths are apparently trying to organize a letter writing campaign aimed at various officials at my university, and I'm told that my department chair, my dean, the provost, and the head of campus security have each received (a handful of) letters complaining about me. While Penn's support for the basic principles of academic freedom would protect me even if these officials agreed that my paper was somehow inappropriate, some of the letter writers seem to have unwittingly stumbled upon a weapon that could potentially be very effective (in other contexts) at silencing Internet-based debate. They have accused me of copyright infringement. My paper is heavily illustrated with photographs of safe locks and their components. Several letters have (accurately) pointed out that these photographs are protected by copyright and that by distributing my paper I'm also distributing copyrighted material. This, I must admit, is entirely correct. But I created every one of the images myself, in my own studio, and with my own materials, cameras and computers. I arranged the subjects, lit them, and photographed them. The results are copyrighted, to be sure, but I hold the copyrights. Fortunately, my university is not in the habit of removing the online papers of its faculty without checking with us first, and my paper has remained on my web site unmolested by these spurious copyright claims. But it occurs to me that, given the relevant provisions of the DMCA, a more timid ISP might have reacted quite differently, choosing instead to take down the controversial content until I could prove (or at least assert) that I have the rights to the images in question. This could take days or even weeks, depending on the level of proof demanded. Such a tactic could be a very effective way to harass or suppress authors of contraversial material, and, if done with the sort of vague wording used in the letters about me, would appear to leave the author with no recourse against anybody. The letter writers didn't actually claim copyright, but simply raised the issue. An ISP (had it over-reacted) could plausibly claim that they were simply protecting their interests in quickly taking the questionable material offline. I suspect that, in my case, the organizers of the letter-writing campaign were not dishonestly attempting to exploit the DMCA, but instead genuinely assumed that I had copied my images from some commercial source. A friend suggested that I should take this as a compliment; after all, if imitation is the sincerest form of flattery, perhaps being accused of copyright infringement is the second sincerest. Matt Blaze 19 January 2004 ------ End of Forwarded Message ------------------------------------- You are subscribed as amberman () csupomona edu To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting- people/
------ End of Forwarded Message ------------------------------------- You are subscribed as interesting-people () lists elistx com To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- more on The second sincerest form of flattery David Farber (Jan 20)