[Reader-list] Re: Sklyarov arraignment has serious implications
Arun Mehta
arunmehtain at yahoo.com
Fri Aug 31 14:13:42 IST 2001
I would like, at national level, an examination of India's policy on
intellectual property. There was a time, when we, pretty much alone in the
world, were fighting against extending the concept of IP to processes,
where really what was being patented was information, not a product. It is
widely believed, that all this was at the instigation of the Indian drug
industry, that did make money from copying foreign drug designs.
However, the issues we raised then, and got no support for, were good ones.
Some of those are coming up again as part of the Aids controversy in Africa
and South America. Others are raising similar questions in the IT arena.
Just when the Indian position finally could get international support, our
own approach seems to be one of total withdrawal from our earlier position.
How did this happen?
I think Sarai, a univ or one of the LUGs could do worse than to organise a
2-day workshop, with presentations on the current positions and historical
perspectives from all the concerned industry and social sectors, producing
a paper at the end that puts forth what we consider to be a sensible IP
policy for India.
At 8/30/2001, Dr. Raj Mehta wrote:
>I think this is going to take both court and political pressure
>to get it changed. I explained this "head in the sand" aspect
>of security when the Mellenium Copyright Act passed with that
>absolutely asanine provision embedded in it. Of course the banning
>of certain bandwidths and decoding of broadcasts was the first step
>and it's entrenched, likely with all too much precedent to support
>it as well.
>
>With Microsoft in the lead - as I've explained how it affects OfficeXP,
>and ultimately all of the dot-net product line -- there are enormous
>funds potentially arrayed in support of the "law".
>
>I honestly don't think that the population of the United States is
>wise enough to understand the problem, enmasse. Certainly there are
>voices crying out, and need to be. The actual strategy needed is
>to make this MORE EXPENSIVE to the SFPA members to have enforced than
>it would be to get it revoked. Frankly, I haven't seen that answer
>yet, but it would appear to be the only long-term answer.
>
>As for this first "sacrificial lamb" on the alter of "We want your
>business - literally - in our pocket", I really don't have an answer,
>either. I hold out a lot of hope for the EFF legal team. The UN is
>already as close to getting kicked out of NYC as it has ever been, so UN
>"Human Rights" arguments aren't going to carry any weight.
>
>Here are some comments about creation of circumvention devices and reverse
>engineering in context to the MCA:
>
> 1. The "copy protection" provisions against reverse engineering
> in the MCA are the equivalent of making it illegal to point
> out to anyone that when your neighbor draws a photo of a lock
> and tapes it to his front door, that he hasn't truly secured
> his house. As long as we take it back to software, and he
> declares it to be part of his "copy protection scheme", however
> ineffective the security of it is, and however ELSE it is
> misrepresented as providing security (even in other uses within
> the same software), it is illegal to speak of it, or even
> discover it, and CERTAINLY illegal to exploit it.
>
> This is what's going on in this "test case" and poor Mr. Sklyarov
> is an inflation of the old ITAR, but this time DRIVEN by shoddy
> business, rather than shoddy government.
>
> 2. Remember, there dosn't have to be any security actually involved.
> It's moved out of the technical realm, and into the economic and
> law realm.
>
> Here's an example:
>
> You remember the ROT-13 encoding, commonly used for fun on FidoNet
> and even still, on the internet, once in a while.
>
> A B C D E F G H I J K L M a b c d e f g h i j k l m
> | | | | | | | | | | | | | | | | | | | | | | | | | |
> N O P Q R S T U V Q X Y Z n o p q r s t u v w x y z
>
> merely replace each character in the original with the corresponding
> one, and you've done "ROT-13" encoding of the data. The security
> stands against casual raeding by SOME people - and that only.
>
> Suppose I write an E-Mail program, and sell it as a program
> for exchanging 'secure e-mail', but based on simple ROT-13
> encoding of the messages. If I also use that ROT-13 to store
> a user password, then I can declare the whole code body that
> does the ROT-13 to be part of the copy protection.
>
> At that point, it is illegal under the MCA for anyone to
> "reverse engineer" that copy protection. Since it is declared
> to be a copy protection scheme. Others also cannot make
> compatible software. If I can get suckers^H^H^H^H^H^H^H the
> public to buy it, and use it, it is now illegal for anyone to
> "discover" that ROT-13 is not secure - to announce that - to
> build other software that is compatible with it.... (e.g.
> Sklyarov's software).
>
> 3. Microsoft has had a steady move to defining all formats in XML.
> They have been almost industry leaders in XML, and especially
> in XSL (Styleheets in XML). Even their HTML generated, e.g.
> by Word98 is broken without the externally referenced stylesheet
> files, which are referenced with a local-hard-drive file://
> URL - NOT a publically accessible over-the-net URL.
>
> Both XML and XSL are intended to be used to define file formats.
> All Microsoft has to do with dot-net, is insure that the XSL
> and XML "keys" sit on their website or other networked facilities,
> or even distribute them WITH the "leased" software, and have
> those be the ONLY way that you can get at your data.
>
> By divorcing their traditional sneakiness from anti-trust
> actions, and making them part of that MCA protected "Copy
> Protection Scheme", they have swung the law over to their
> side to re-enforce their traditional monopolistic lock.
>
>
>SCENARIO:
>
> San-Jose, California Dec 21, 2003. -- Fourteen respondants today
> were convicted of violation of the Mellenium Copyright Act, their
> XML and XSL files confiscated, and they were ordered to pay an
> undisclosed out-of-court settlement to Microsoft (MSFT). The XML
> and XSL files defined the format that their own data was stored in.
> But, in July 2002, Microsoft had announced that those very files,
> when dynamically produced by its Office-XP and successor products,
> were the core of its "Copy Protection" which protects them from having
> companies terminate their leases of the software, while still being
> able to get at their business records.
>
> While these XML and XSL files are merely readable text descriptions
> of the data, because they are considered part of the "Copy Protection"
> of the entire XP line, they may not be reproduced, read, copied
> nor recreated, under the provisions of the MCA. Plesee Mr. Gates,
> don't sue me for disclosing that they're just text files! I'm
> counting on my "freedom of the press" rights to protect me but,
> my stating it, after that declaration of July 2002, makes it as
> much a violation as those respondants actually PRODUCING the
> files.
>
>SCENARIO:
>
> Philadelphia - Jan 7, 2004 -- The well known and respected security
> firm known as "L0pht Heavy Industries" was handed over to Microsoft
> today -- in effect. The damages awarded to Microsoft (MSFT) for
> L0pht's continuing to point out flaws in Microsoft's software exceeded
> the net worth (and possibly the gross assets) of the security company.
> Microsoft proved their case in district court, that many of these
> flaws actually exist in code that Microsoft has considered to be
> part of their "Copy Protection Scheme". It is well known, after
> last months convictions in San Jose, that reverse-engineering any
> such provisions is a violation of the MCA, and publishing the
> results of such findings is a 2nd violation.
>
>raj
>
>
>
>At 02:34 PM 8/30/01 -0500, Udhay Shankar N wrote:
>> From LWN:
>>
>>http://lwn.net/2001/0830/
>>
>><quote>
>>
>>The U.S. government, clearly, is serious about this prosecution.
>>Somebody, somewhere, wants to put an immediate and forceful stop to the
>>creation of "circumvention devices" and the exposure of third-rate
>>encryption schemes. The raising of the stakes may be an attempt to
>>intimidate Mr. Sklyarov into pleading guilty to a lesser charge, or
>>perhaps the government wishes to make an example of him that nobody can
>>ignore. One way or another, we are now seeing the degree of repression
>>that the U.S. is willing to apply to ensure that certain kinds of
>>software are not written.
>>
>>It is time for the free software community worldwide to get serious as
>>well. This is a threat we can not ignore. If this prosecution is
>>successful, we will certainly see an increasing number of attempts to
>>control, with force, how we can use our computers and what software we
>>can write.
>>
>>It takes very little imagination to picture a future where the
>>general-purpose computer has been replaced by a "trusted computing
>>platform" and systems which do not "seal data within domains" are treated
>>as "circumvention devices." At what point, exactly, does Linux become an
>>illegal device under the DMCA? In a world where programmers face 25-year
>>sentences for code that was legal where they wrote it, this vision should
>>not be seen as overly paranoid.
>>
>>It is time to get serious. How can that be done?
>>
>>
>> * Write code. The wide distribution of PGP years ago had a profound
>> effect on attempts to restrict cryptographic software. Free software is
>> difficult to control; there is no easy target like the one Elcomsoft
>> provided with its proprietary offerings. The more code that is out
>> there, the freer we all will be.
>>
>> * Attend protests. Many will be happening on August 30, of course, to
>> mark the arraignment. But we will have to make ourselves seen and heard
>> for a long time thereafter. See the event calendar on the
>> FreeSklyarov.org site for the definitive list of events.
>>
>> * Pressure the political system. U.S. citizens should be writing to
>> their congressional representatives asking them to apply pressure for
>> Dmitry Sklyarov's release, and to push for a repeal of the DMCA. Web
>> pages exist to help you find your House and Senate representatives. Note
>> that snail mail tends to be more effective than email.
>>
>> Those of you outside the U.S. can raise awareness within your
>> governments, and work to ensure that DMCA-like legislation is not passed
>> in your country. DMCAish laws have been proposed in numerous countries;
>> now is the time to show where such laws lead. The DMCA should not be
>> allowed to infect countries beyond the U.S.
>>
>> * Tell people about what is going on. Write letters to the local
>> newspaper. The Sklyarov case remains unknown to much of the
>> non-technical population; that needs to change.
>>
>> * Contribute money. A legal defense fund has been set up to help pay
>> Dmitry's expenses. The EFF is also expending considerable resources on
>> this case (and others), and could benefit from your membership.
>>
>>It is also time to consider pulling Adobe's name back into this whole
>>affair. It is Adobe that started this particular prosecution; the company
>>should not, at this point, be able to get out with one simple joint press
>>release with the EFF. Adobe started this thing; it should help end it.
>>
>>The free software community is faced with a challenge that is far more
>>daunting than that of creating a top-quality, free operating system. Most
>>of us are well out of our competence and comfort when dealing with this
>>sort of oppressive politics. But this issue is going to come to us,
>>whether we choose to address it or not. We can win this fight; even in
>>the U.S., justice can usually be made to prevail. But it is going to take
>>an effort beyond just putting "free Sklyarov" in our .signature files.
>>
>></quote>
More information about the reader-list
mailing list