WTH?? DMCA troubles.. sorta?


Subject: WTH?? DMCA troubles.. sorta?
From: James Gibson (twistedhammer@subdimension.com)
Date: Tue Oct 23 2001 - 00:30:05 AKDT


Dropped in on /. today , and ran across this little tidbit.. and I must
say I'm appalled. The slashdot lead-in reads:

"Alan Cox released 2.2.20pre10 today, which includes security fixes. He
is refusing to indicate what security holes have been fixed, as Unix-style
permissions could be used as an anti-circumvention device."

It then links to the linux-kernel list archive here:
http://marc.theaimsgroup.com/?l=linux-kernel&m=100374609914587&w=2

Following is some choice excerpts from the ensuing thread. As you will
see, Alan claims this is on direct legal advise... If AC isn't just
over-reacting (which I believe he is to a certain degree..) I can't help
but agree with the fellow that suggests that maybe it is time we left the
planet.. E-mail addresses have been removed to protect the guilty.

James Gibson

---Mail-1---
*List: linux-kernel
*Subject: Re: Linux 2.2.20pre10
*From: bert hubert
*Date: 2001-10-22 11:35:54

On Mon, Oct 22, 2001 at 12:30:02PM +0100, Alan Cox wrote:

> > > o Security fixes
> > > | Details censored in accordance with the US DMCA
> > > > Care to elaborate?
> On a list that reaches US citizens - no. File permissions and userids may
> constitute and be used for rights management.

I may be a bit simple today, but I still don't get it. In what way does the
DMCA (horrible as it is) apply to our own software, which we in know way
'reverse engineered'?

Are you saying that we can't divulge security problems in our own software
anymore for fear of being sued by affected parties?

Regards,

bert

---Mail-2---
*List: linux-kernel
*Subject: Re: Linux 2.2.20pre10
*From: bert hubert
*Date: 2001-10-22 12:08:45

On Mon, Oct 22, 2001 at 12:55:12PM +0100, Alan Cox wrote:
> > Are you saying that we can't divulge security problems in our own software
> > anymore for fear of being sued by affected parties?
> Not even affected parties - the government can do it too without anyone else
> and indeed even if their are contractual agreements between parties
> permitting the data to be released..

This is getting daft in a hurry.

> I hope to have the security stuff up on a non US citizen accessible site in
> time for 2.2.20 final

This would then presumably lead to password protected access for US kernel
developers that need to know? And some kind of NDA?

'IANAL', and neither are you, are you sure this sillyness is necessary?

Regards,

bert

---Mail-3---
*List: linux-kernel
*Subject: Re: Linux 2.2.20pre10
*From: bert hubert
*Date: 2001-10-22 12:25:05

On Mon, Oct 22, 2001 at 01:30:00PM +0100, Alan Cox wrote:
> > This would then presumably lead to password protected access for US kernel
> > developers that need to know? And some kind of NDA?
> US kernel developers cannot be told. Period.
(...)
> Its based directly on legal opinion.

Then I suggest we leave this planet.

---Mail-4---
*List: linux-kernel
*Subject: Re: Linux 2.2.20pre10
*From: Alan Cox
*Date: 2001-10-22 12:29:14

> Putting pressure on US people to have them influence their
> legislation? Aka. every people have the rulers they deserve? Won't work
> out.

   "Until they become conscious they will never rebel, and until after
    they have rebelled they cannot become conscious."

> Seriously, are you kidding?

The current interpretation of the DMCA is as lunatic as it sounds. With luck
the Sklyarov case will see that overturned on constitutional grounds. Until
then US citizens will have to guess about security issues.

Alan

--End-of-Mail



This archive was generated by hypermail 2a23 : Tue Oct 23 2001 - 00:25:02 AKDT