Linux Today: Linux News On Internet Time.

Roundup: Professor Felten Presents his Paper, But the DMCA's Still With Us

Aug 16, 2001, 23:54 (8 Talkback[s])

It isn't, as the Industry Standard puts it, the sexiest story out there. It's a pretty big deal, all the same, that Professor Felten presented his paper on cracking SDMI at USENIX and didn't end up being hauled out of the room by the FBI. On the other hand, as this sampling of articles indicates, the Digital Millenium Copyright Act remains, and many still consider it problematic.

"Felten said at a press conference that he was happy to finally have a chance to present his findings, but that his legal struggles have discouraged other academic efforts in the area.

"There is a big cloud hanging over our continued research and we don't feel safe doing what we normally do," Felten said.

A RIAA spokesman said the trade group never intended to sue Felten, but declined to say whether it would take action against other academic research in the future."

"I am an independent cryptography consultant. Cryptography is the science and art of encryption, and an essential building block for computer security. It provides the basic functions for data confidentiality, authentication, integrity, and non-repudiation".

"I have had to decide not to publish my HDCP paper because it opens me up to liability under the US DMCA law, even though I live and work in the Netherlands".

"In any case, Felten's newfound right to publish didn't cut any ice in the case of Dmitry Sklyarov. He works for Elcomsoft, a Moscow firm that makes software to defeat the encryption of electronic books. Elcomsoft's product is perfectly legal in Russia, and nearly everywhere else on earth. But when Sklyarov came to Las Vegas to talk about it in July, the FBI slapped on the handcuffs. After two weeks in jail, a federal judge finally let Sklyarov post bail last week, but the FBI is holding his passport, in effect exiling Sklyarov from his homeland, his wife, and his two young children.

It's the sort of thing to make you think twice about hacking code. It's certainly had that effect on Niels Ferguson of Amsterdam. He thinks he's figured out a major weakness in software created by Intel Corp. to prevent the pirating of digital video recordings. But Ferguson has

decided to shut up about it. Actually, Ferguson shared his discovery with fellow geeks at a Dutch hackers' convention last weekend. And he's contacted Intel's crypto experts, who have expressed interest in his discovery. But Ferguson has refused to publish the details of his theory, or even to send an e-mail to Intel headquarters, because Intel is based in the United States."

"Someone thumbed his nose at copyright protection Wednesday without getting arrested, indicted or sued. Princeton professor Edward Felten and a grad student told security experts at a conference how to crack digital watermarks that are supposed to prevent copying.

Not the sexiest story out there, but for Felten, boring news is good news. After all, this is the talk Wired News called "entirely anticlimactic" because nobody got hauled off in handcuffs.

Felten went ahead with the presentation after the Recording Industry Association of America promised not to sue him over it; he'd put off revealing the details earlier this year after he received a nastygram from the music industry and other copyright fans. The RIAA said it never planned to sue Felten, according to the Washington Post. The Boston Globe's Hiawatha Bray said the music industry backed off because "Felten is a scientist, and the law makes an exception for scholarly researchers." Anyway, News.com reported that the talk was billed as the "presentation the RIAA does not want you to see." Not bad marketing for a paper the Post described as "a dry, technical analysis."

" "It was a public celebration of an academic's personal fight against the Digital Millennium Copyright Act -- the 1998 law that copyright holders are using as a legal bludgeon against security researchers.

It was also entirely anticlimactic.

No armed FBI agents appeared to drag Felten off in handcuffs, which is what happened to accused DMCA violator Dmitry Sklyarov after he visited Las Vegas, Nevada, for the Defcon hacker gathering."

"At a Wednesday morning press conference, Felten and Cohn said the team had the recording industry's blessing to present the paper, but they had no assurances that the Felten team or other scientists would be safe from other lawsuits for presenting the same information or other work based on the Felten research at a later date.

One college student asked the panelists whether he could be sued under the DMCA for summarizing the evening's events to his professor. Cohn and Peter Jaszi, an intellectual property professor at the American University law school, said that was unlikely, but if the student included a critique of the Felten team's methods, the student should "theoretically" be concerned because that might run afoul of the DMCA's prohibition on trafficking in anti-circumvention technologies, Jaszi said.

After the student asked if he could write software based on the Felten team presentation, the crowd of security experts collectively mumbled a warning. "Do you have my email?" electronic rights defender Cohn asked the student. "Then I think there is general consensus ... that you'd be in trouble."

Felten added: "I'd like to point out, 'Can I tell my advisor what I saw here?' doesn't have a simple answer."

The Association for Computing Machinery (ACM) filed a declaration in federal court today regarding the Felten v. DMCA lawsuit challenging the DMCA. Some sample quotes:

"Research in analysis (i.e., the evaluation of the strengths and weaknesses of computer systems) is essential to the development of effective security, both for works protected by copyright law and for information in general. Such research can progress only through the open publication and exchange of complete scientific results."

"ACM is also concerned that application of the DMCA to the presentation and publication of scientific papers could result in the departure from the U.S. of the information security community for conferences and publications."

"Virtually all conferences that discuss the security of digital information may be subject to threats under the DMCA because such conferences consider the strengths and weaknesses of various technological protection measures that could be applied, or are actually being applied, to protect copyrighted works."

Related Stories: