Peter wrote: > Really ? Let's see. The people who duplicated the ink 'protection' > chips on Lexmark ink cartridges did not duplicate the chips proper, > they duplicated the protocol. In other words they gained access to the > 'file format' (or 'wire format' in this case). They were sued by > Lexmark and won, but they won on a consumer rights issue that was > considered to override the DMCA in this case. No. They won because the Judge thought that the DMCA was never intended for preventing competitors from entering a market. That is, actually, a very important point. It's true that the true problem with the DMCA is the threat of litigation, and not the actual "what the court will say". > Another: my MP3 player breaks down, I suspect it's a chip fuse. I > spend a few days finding it, I put a new one in, it works, and then I > try to sell this fuse to others (since I had to buy 100 to get 1) via > website. The makers sue me (this story is fictitious) since I 'broke > the DMCA' to reverse engineer the device and discover the part value > because 'the fuse spec was not written on it' (true, but that's > because it's too tiny to print on) and 'the parts were not marked on > the board' (true, usually for production cost reasons). I'll repeat the prominent fact in your description, if I may: > this story is fictitious A fictitious story can neither strengthen nor weaken a statement. It's fictitious. > The 'modchips' used to make Playstations and DVD players cross-region > compatible are in the same category f.ex. No. The mod-chips have a specific aim of circumventing mechanisms designed for access control to copyrighted work. That is forbidden by the DMCA with this specific wording, something your example doesn't. I'm not saying it's bad, I'm just saying that this kind of FUD tends to backfire, increasing the chilling effect.
The DMCA has enough points about it itself that are bad, no need to invent more. > True story: .. > The makers sued them over the DMCA. I do not remember the outcome. Yes, this does goes to show that the DMCA is problematic in creating cases where corporates can find an easy law to sue by, whether you are truly violating the DMCA or not. Again, not very relevant to this discussion. >> applicable this can lead to a very sad situation where even >> distribution of source code can put you in jail :-(. However, Samba >> is not in the role of DeCSS - it doesn't circumvent any access >> control: you still have to provide the same password you provide with >> Windows. Without a clear use case for cracking Windows networks with >> Samba, I don't see how the DMCA could apply. Even with it, the DMCA still doesn't apply. The only place where the DMCA applies is if you rev-eng the protocol for the purpose of finding flaws, and then it says you are allowed to do it, but anything you find is the property of the copyright holder (i.e. - you cannot publish). As far as I know, it does not specifically forbid rev-enging for other purposes, but does not permit them either. > The problem is the PROTOCOL just like the FAT32 patent applies to a > 'file format' as far as *nix is concerned (remember disk images are > just files in *nix), just like in the Lexmark case it was the 'wire > protocol'. Aside from the Lexmark case (which, as you correctly stated, was thrown out) none of the other have any bearing on the DMCA. They are patent issues. A problem, undoubtedly, but not DMCA related in any way. >> The ironic conclusion is that the DMCA only threatens implementations >> of of badly insecure protocols :-). No, it does not. While it allows rev-enging of the protocols, it gives the copyright author conclusive control over the findings. That's hardly a threat. > The DMCA *favors* insecure protocols (like CSS). Because the makers > believe that legal recourse is better than encryption. These are two completely different types of security. > What one cannot understand is how this shifting of responsabilities > from engineers to lawyers has crossed the barrier represented by the > country borders of the US. One wonders about what kind of drugs other > countries were on when they adopted the system from there (this is > related to riaa etc lawsuits outside the borders of the US). Those are not DMCA based. > The Sony/BMG rootkit on music CDs took a few weeks to be discovered > (and raised a memorable stink), deCSS took less than a few months and > the net is full of fake cards and codes for dish receivers. Maybe they > have decided that it is cheaper to pay lawyers than engineers (big > mistake imho, engineers are known to run on coffee and Slashdot alone, > while lawyers only run on money). No. The aim CSS was after achieving is unachievable. It is not possible to give you a device that contains a key and still assume the key will not reach your hands. No amount of better encryption would have solved that. It is a good question what would have happened had the encryption not been vulnerable to "known plaintext", which is how the makers of DeCSS got over 100 other keys, but I doubt it would have changed the ultimate outcome by much. > It would be interesting to know, for example, how many engineers could > have been paid for how many years by Lexmark to make a secure protocol > for the ink chips, in the perspective of the lawsuit they had (and > lost). I'd expect a few (engineers and years). An engineer costs less > than about 800,000$/year. That lawsuit must have been in the double > digit millions of $ when it was settled, and this is just the tip of > the iceberg. And unlike an engineer, the courts cannot be paid with > options on the company stock. Again, the real issue is that the lock-in you suggest is technically impossible. > Peter (NAL) Shachar (DNUSA) -- Shachar Shemesh Lingnu Open Source Consulting ltd. Have you backed up today's work? http://www.lingnu.com/backup.html ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
