On Fri, 24 Nov 2006, Beni Cherniavsky wrote:
Frankly, the Americans deserve to suffer from their recent stupid laws. Soon they will outlaw any can openers whose serial number doesn't match the number on the can :-).
Worse, the Copyright Office had to make a special waiver for blind people to be able to have reading software read DVDs for them (the software needs to break CSS for it). The waiver is for two years only .. by then they are expected to have regained eyesight or emigrated ?!
Seriously though, you exaggerate the scope of the DMCA. It does not forbid reverse engineering in itself. Just studying a protocol and publishing a book describing it (the first half of "clean room" reverse engineering) is still a completely legal way to discover trade secrets. If you step beyond describing and analyze the protocol for weaknesses, things become a bit murky. What the DMCA forbids is "circumvention of access control measures" and distribution of "devices" that can be used for circumvention. Almost anything can be argued to contain an "access control measure" and software is considered a "device" for this purpose. When
Really ? Let's see. The people who duplicated the ink 'protection' chips on Lexmark ink cartridges did not duplicate the chips proper, they duplicated the protocol. In other words they gained access to the 'file format' (or 'wire format' in this case). They were sued by Lexmark and won, but they won on a consumer rights issue that was considered to override the DMCA in this case.
Another: my MP3 player breaks down, I suspect it's a chip fuse. I spend a few days finding it, I put a new one in, it works, and then I try to sell this fuse to others (since I had to buy 100 to get 1) via website. The makers sue me (this story is fictitious) since I 'broke the DMCA' to reverse engineer the device and discover the part value because 'the fuse spec was not written on it' (true, but that's because it's too tiny to print on) and 'the parts were not marked on the board' (true, usually for production cost reasons). The 'modchips' used to make Playstations and DVD players cross-region compatible are in the same category f.ex.
True story: similar things have occured in the US over medical products which were designed for single use and were refurbished by someone else (certified, sterilised etc) for reuse. This was not even something life-threatening, it was essentially a high tech garbage bin (used for surgical sharps disposal afair). The refurbishing saved the users money. The makers sued them over the DMCA. I do not remember the outcome. There were more like this.
What they seem to be wanting is to move a consumer economy towards an enforced consummation economy.
So you are right, pretty soon you will have to report to the police and pay your fines if you use your disposable Gilette razor more than the allowed number of times (isn't this what the little green-blue stripe does already ? <grin>).
applicable this can lead to a very sad situation where even distribution of source code can put you in jail :-(. However, Samba is not in the role of DeCSS - it doesn't circumvent any access control: you still have to provide the same password you provide with Windows. Without a clear use case for cracking Windows networks with Samba, I don't see how the DMCA could apply.
The problem is the PROTOCOL just like the FAT32 patent applies to a 'file format' as far as *nix is concerned (remember disk images are just files in *nix), just like in the Lexmark case it was the 'wire protocol'.
The ironic conclusion is that the DMCA only threatens implementations of of badly insecure protocols :-).
The DMCA *favors* insecure protocols (like CSS). Because the makers believe that legal recourse is better than encryption. Considering the technical ineptitude the protocol makers have shown so far, when trying to come up with something secure, one can understand this. Well, almost. The result is that inept 'encryption' protocols are foisted upon the public and then public money is used to run the courts when the makers sue each other or private individuals for breaking them (sometimes with childish ease).
What one cannot understand is how this shifting of responsabilities from engineers to lawyers has crossed the barrier represented by the country borders of the US. One wonders about what kind of drugs other countries were on when they adopted the system from there (this is related to riaa etc lawsuits outside the borders of the US).
The Sony/BMG rootkit on music CDs took a few weeks to be discovered (and raised a memorable stink), deCSS took less than a few months and the net is full of fake cards and codes for dish receivers. Maybe they have decided that it is cheaper to pay lawyers than engineers (big mistake imho, engineers are known to run on coffee and Slashdot alone, while lawyers only run on money).
It would be interesting to know, for example, how many engineers could have been paid for how many years by Lexmark to make a secure protocol for the ink chips, in the perspective of the lawsuit they had (and lost). I'd expect a few (engineers and years). An engineer costs less than about 800,000$/year. That lawsuit must have been in the double digit millions of $ when it was settled, and this is just the tip of the iceberg. And unlike an engineer, the courts cannot be paid with options on the company stock.
Peter (NAL) ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
