[10225] in cryptography@c2.net mail archive
Re: password-cracking by journalists...
daemon@ATHENA.MIT.EDU (Alan Barrett)
Tue Jan 22 10:25:57 2002
Date: Tue, 22 Jan 2002 11:25:49 +0200
From: Alan Barrett <apb@cequrux.com>
To: cryptography@wasabisystems.com
Message-ID: <20020122092549.GC2534@apb.cequrux.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <F504A8CEE925D411AF4A00508B8BE90A01E90BB0@exna07.securitydynamics.com>
On Mon, 21 Jan 2002, Peter Trei wrote:
> > 17 USC 1201(a)(1)(A):
> > No person shall circumvent a technological measure that
> > effectively controls access to a work protected under
> > this title.
>
> I'm sure I'm picking nits here (and I praise God every day that
> I Am Not A L*wy*r), but what does 'effectively' mean? If it can be
> broken, was it effective? What level of work is required to make
> it an 'effective technological measure'? If the standard is 'anything,
> including rot13', then why is the word present in the rule at all?
When I last brought this up (29 to 30 July 2001, Subject: Effective
and ineffective technological measures), people posted references to
two slightly different sections that try to define what "effectively
protects" and "effectively controls" means:
1201(b)(2)(B): a technological measure ''effectively protects a right of
a copyright owner under this title'' if the measure, in the ordinary
course of its operation, prevents, restricts, or otherwise limits
the exercise of a right of a copyright owner under this title.
1201(a)(3)(B): a technological measure ''effectively controls access to
a work'' if the measure, in the ordinary course of its operation,
requires the application of information, or a process or a
treatment, with the authority of the copyright owner, to gain access
to the work.'
The key phrase seems to be "in the ordinary course of its operation".
If you publish the fact that you use rot<n> to protect your copyrighted
material, but keep secret the fact that n = 13, then the ordinary course
of operation of the decryption process requires the application of
this secret value, so the process "effectively controls access" and
"effectively protects". The fact that somebody can guess the secret
value would seem to have no bearing on whether rot<n> "effectively" does
anything.
--apb (Alan Barrett)
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
