[10220] in cryptography@c2.net mail archive
1201 "effectively controls access" (was Re: password-cracking by journalists...)
daemon@ATHENA.MIT.EDU (Karsten M. Self)
Mon Jan 21 19:40:44 2002
Date: Mon, 21 Jan 2002 15:06:17 -0800
From: "Karsten M. Self" <kmself@ix.netcom.com>
To: cryptography@wasabisystems.com
Message-ID: <20020121150617.A27282@navel.introspect>
Mail-Followup-To: cryptography@wasabisystems.com
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="UPT3ojh+0CqEDtpF"
Content-Disposition: inline
In-Reply-To: <F504A8CEE925D411AF4A00508B8BE90A01E90BB0@exna07.securitydynamics.com>; from ptrei@rsasecurity.com on Mon, Jan 21, 2002 at 09:55:53AM -0500
--UPT3ojh+0CqEDtpF
Content-Type: multipart/mixed; boundary="8P1HSweYDcXXzwPJ"
Content-Disposition: inline
--8P1HSweYDcXXzwPJ
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
on Mon, Jan 21, 2002 at 09:55 AM -0500, Trei, Peter (ptrei@rsasecurity.com)=
wrote:
> > Karsten M. Self[SMTP:kmself@ix.netcom.com] writes:
> >=20
> > Note that my reading the language of 1201 doesn't requre that the work
> > being accessed be copyrighted (and in the case of Afghanistan, there is
> > a real question of copyright status), circumvention itself is
> > sufficient, regardless of status of the specific work accessed:
>=20
> > 17 USC 1201(a)(1)(A):
> > No person shall circumvent a technological measure that
> > effectively controls access to a work protected under
> > this title.
>=20
> I'm sure I'm picking nits here (and I praise God every day that
> I Am Not A L*wy*r), but what does 'effectively' mean? If it can be
> broken, was it effective? What level of work is required to make
> it an 'effective technological measure'? If the standard is 'anything,
> including rot13', then why is the word present in the rule at all?
>=20
> Technological measures can range from violating the CDROM
> standard and introducing deliberate errors to confuse some
> readers, all the way up to full real-time, online, 3-factor=20
> authentication.
>=20
> The inclusion of the word 'effectively' presumes the existance of=20
> 'ineffective' technological measures, which it would be no crime
> to circumvent. Where, then, is the distinction?=20
>=20
> I'm reminded of a humorous button I've seen at some SF
> conventions: "Anything not nailed down is legally mine. Anything
> I can pry up wasn't nailed down in the first place."
I'd taken some time to run 'round that logical circle myself. I believe
the NY 2600 case dealt with this issue. Kaplan, at least, wasn't
convinced. I've attached Wendy Seltzer's comments to the dvd-discuss
list.
Peace.
--=20
Karsten M. Self <kmself@ix.netcom.com> http://kmself.home.netcom.com/
What part of "Gestalt" don't you understand? Home of the brave
http://gestalt-system.sourceforge.net/ Land of the free
We freed Dmitry! Boycott Adobe! Repeal the DMCA! http://www.freesklyarov.org
Geek for Hire http://kmself.home.netcom.com/resume.html
--8P1HSweYDcXXzwPJ
Content-Type: message/rfc822
Content-Disposition: inline
>From karsten Wed Feb 7 11:08:08 2001
Received: from localhost ([127.0.0.1] ident=karsten)
by navel with esmtp (Exim 3.22 #1 (Debian))
id 14QZwl-00087i-00
for <karsten@localhost>; Wed, 07 Feb 2001 11:08:07 -0800
Received: from popd.ix.netcom.com [199.174.33.7]
by localhost with POP3 (fetchmail-5.5.3)
for karsten@localhost (single-drop); Wed, 07 Feb 2001 11:08:07 -0800 (PST)
Received: from eon.law.harvard.edu ([140.247.216.179])
by mail06.dfw.mindspring.net (Mindspring/Netcom Mail Service) with ESMTP id t83751.ttn.33qs88a
Wed, 7 Feb 2001 14:06:09 -0500 (EST)
Received: from localhost (mail@localhost)
by eon.law.harvard.edu (8.8.7/8.8.7) with SMTP id OAA11151;
Wed, 7 Feb 2001 14:01:22 -0500
Received: by eon.law.harvard.edu (bulk_mailer v1.5); Wed, 7 Feb 2001 19:01:21 +0000
Received: (from majordomo@localhost)
by eon.law.harvard.edu (8.8.7/8.8.7) id NAA10954
for dvd-discuss-outgoing; Wed, 7 Feb 2001 13:59:56 -0500
Received: from hulaw5.law.harvard.edu (hulaw5.law.harvard.edu [140.247.200.68])
by eon.law.harvard.edu (8.8.7/8.8.7) with ESMTP id NAA10950
for <dvd-discuss@eon.law.harvard.edu>; Wed, 7 Feb 2001 13:59:54 -0500
Received: from seltzerw ([204.243.92.112])
by hulaw5.law.harvard.edu (8.9.3 (PHNE_21697)/8.9.3) with ESMTP id OAA25892
for <dvd-discuss@eon.law.harvard.edu>; Wed, 7 Feb 2001 14:04:08 -0500 (EST)
Message-Id: <4.2.2.20010207121742.02e6f540@pop.bellatlantic.net>
X-Sender: wseltzer@pop.bellatlantic.net
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.2
Date: Wed, 07 Feb 2001 14:03:42 -0500
To: dvd-discuss@eon.law.harvard.edu
From: Wendy Seltzer <wendy@seltzer.com>
Subject: Re: [dvd-discuss] The other side's arguments
In-Reply-To: <20010207180346.E12617@lemuria.org>
References: <OF96FECDE1.4761F087-ON882569EC.005C1F50@aero.org>
<OF96FECDE1.4761F087-ON882569EC.005C1F50@aero.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-dvd-discuss@eon.law.harvard.edu
Reply-To: dvd-discuss@eon.law.harvard.edu
At 06:03 PM 2/7/01 +0100, Tom wrote:
>On Wed, Feb 07, 2001 at 08:53:35AM -0800, Michael.A.Rolenz@aero.org wrote:
> > #3 is the most dangerous. My professional opinion is that the creators of
> > CSS are incompetent and could have benefited from reading some of the IEEE
> > journals and Sol Golomb's book. It is fortunate that they were. Triple DES
> > would have really complicated the matter especially if the key were
> > embedded in an ASIC that took cipher text in and spit out plaintext out.
>
>do we have an uncontested expert statement in evidence that CSS is, in
>fact, pretty crappy?
It doesn't matter.
Kaplan's interpretation of ''effectively controls access to a work'' may
have been the only sound part of his opinion -- replace with 'has the
effect of controlling access' not 'stands up to attack'. The whole point
of Section 1201 is that the TPM is backed by law, not strong
encryption. CSS could have a hole the size of Texas and still import
1201's hellfire against those who "broke" it -- hence the need to break 1201.
Anything we say about how weak CSS is will most likely be misinterpreted as
a flawed claim that it's "ineffective," so I'd stay away from that line.
--Wendy
Wendy Seltzer -- wendy@seltzer.com
Fellow, Berkman Center for Internet & Society at Harvard Law School
http://cyber.law.harvard.edu/seltzer.html
--8P1HSweYDcXXzwPJ--
--UPT3ojh+0CqEDtpF
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE8TJ7pOEeIn1XyubARAjh+AJ0ZOmnryHpv67IkJIUcTcz50fJlhACfUV/l
dk2y4ddJMDosQIgK/lSgNiw=
=Whst
-----END PGP SIGNATURE-----
--UPT3ojh+0CqEDtpF--
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
