It isn't, as the Industry Standard puts it, the sexiest story
out there. It's a pretty big deal, all the same, that Professor
Felten presented his paper on cracking SDMI at USENIX and didn't
end up being hauled out of the room by the FBI. On the other hand,
as this sampling of articles indicates, the Digital Millenium
Copyright Act remains, and many still consider it problematic.
"Felten said at a press conference that he was happy to
finally have a chance to present his findings, but that his legal
struggles have discouraged other academic efforts in the area.
"There is a big cloud hanging over our continued research and we
don't feel safe doing what we normally do," Felten said.
A RIAA spokesman said the trade group never intended to sue
Felten, but declined to say whether it would take action against
other academic research in the future."
"I am an independent cryptography consultant. Cryptography is
the science and art of encryption, and an essential building block
for computer security. It provides the basic functions for data
confidentiality, authentication, integrity, and
non-repudiation".
"I have had to decide not to publish my HDCP paper because it
opens me up to liability under the US DMCA law, even though I live
and work in the Netherlands".
"In any case, Felten's newfound right to publish didn't
cut any ice in the case of Dmitry Sklyarov. He works for Elcomsoft,
a Moscow firm that makes software to defeat the encryption of
electronic books. Elcomsoft's product is perfectly legal in Russia,
and nearly everywhere else on earth. But when Sklyarov came to Las
Vegas to talk about it in July, the FBI slapped on the handcuffs.
After two weeks in jail, a federal judge finally let Sklyarov post
bail last week, but the FBI is holding his passport, in effect
exiling Sklyarov from his homeland, his wife, and his two young
children.
It's the sort of thing to make you think twice about hacking
code. It's certainly had that effect on Niels Ferguson of
Amsterdam. He thinks he's figured out a major weakness in software
created by Intel Corp. to prevent the pirating of digital video
recordings. But Ferguson has
decided to shut up about it. Actually, Ferguson shared his
discovery with fellow geeks at a Dutch hackers' convention last
weekend. And he's contacted Intel's crypto experts, who have
expressed interest in his discovery. But Ferguson has refused to
publish the details of his theory, or even to send an e-mail to
Intel headquarters, because Intel is based in the United
States."
"Someone thumbed his nose at copyright protection
Wednesday without getting arrested, indicted or sued. Princeton
professor Edward Felten and a grad student told security experts at
a conference how to crack digital watermarks that are supposed to
prevent copying.
Not the sexiest story out there, but for Felten, boring news is
good news. After all, this is the talk Wired News called "entirely
anticlimactic" because nobody got hauled off in handcuffs.
Felten went ahead with the presentation after the Recording
Industry Association of America promised not to sue him over it;
he'd put off revealing the details earlier this year after he
received a nastygram from the music industry and other copyright
fans. The RIAA said it never planned to sue Felten, according to
the Washington Post. The Boston Globe's Hiawatha Bray said the
music industry backed off because "Felten is a scientist, and the
law makes an exception for scholarly researchers." Anyway, News.com
reported that the talk was billed as the "presentation the RIAA
does not want you to see." Not bad marketing for a paper the Post
described as "a dry, technical analysis."
" "It was a public celebration of an academic's
personal fight against the Digital Millennium Copyright Act -- the
1998 law that copyright holders are using as a legal bludgeon
against security researchers.
It was also entirely anticlimactic.
No armed FBI agents appeared to drag Felten off in handcuffs,
which is what happened to accused DMCA violator Dmitry Sklyarov
after he visited Las Vegas, Nevada, for the Defcon hacker
gathering."
"At a Wednesday morning press conference, Felten and
Cohn said the team had the recording industry's blessing to present
the paper, but they had no assurances that the Felten team or other
scientists would be safe from other lawsuits for presenting the
same information or other work based on the Felten research at a
later date.
One college student asked the panelists whether he could be sued
under the DMCA for summarizing the evening's events to his
professor. Cohn and Peter Jaszi, an intellectual property professor
at the American University law school, said that was unlikely, but
if the student included a critique of the Felten team's methods,
the student should "theoretically" be concerned because that might
run afoul of the DMCA's prohibition on trafficking in
anti-circumvention technologies, Jaszi said.
After the student asked if he could write software based on the
Felten team presentation, the crowd of security experts
collectively mumbled a warning. "Do you have my email?" electronic
rights defender Cohn asked the student. "Then I think there is
general consensus ... that you'd be in trouble."
Felten added: "I'd like to point out, 'Can I tell my advisor
what I saw here?' doesn't have a simple answer."
The Association for Computing Machinery (ACM) filed a
declaration in federal court today regarding the Felten v. DMCA
lawsuit challenging the DMCA. Some sample quotes:
"Research in analysis (i.e., the evaluation of the strengths and
weaknesses of computer systems) is essential to the development of
effective security, both for works protected by copyright law and
for information in general. Such research can progress only through
the open publication and exchange of complete scientific
results."
"ACM is also concerned that application of the DMCA to the
presentation and publication of scientific papers could result in
the departure from the U.S. of the information security community
for conferences and publications."
"Virtually all conferences that discuss the security of digital
information may be subject to threats under the DMCA because such
conferences consider the strengths and weaknesses of various
technological protection measures that could be applied, or are
actually being applied, to protect copyrighted works."