can a random number be subject to a takedown?
A lot of sites have been getting DMCA takedowns for the HD-DVD processing key that got leaked recently. My question to the assembled: are cryptographic keys really subject to DMCA subject to takedown requests? I suspect they are not copyrightable under the criterion from the phone directory precedent. -- Perry E. Metzger[EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: can a random number be subject to a takedown?
My question to the assembled: are cryptographic keys really subject to DMCA subject to takedown requests? I suspect they are not copyrightable under the criterion from the phone directory precedent. A sample demand letter from the AACS Licensing Authority appears at: http://www.chillingeffects.org/notice.cgi?sID=03218 From what I can see, there is no claim that the key is copyrighted. Rather, the letter refers to the provisions of the DMCA which govern circumvention of technological protection measures. It demands that the key be taken down in order to avoid legal liability. This seems odd to me because my understanding of the DMCA's anti-circumvention provisions is that they are criminal rather than civil law. Violations would lead to charges from legal authority and not from a copyright owner. So it's not clear that AACSLA has any power to enforce these demands, other than trying to get some government agency involved. The letter specifically cites 17 USC 1201(a)2 and (b)1, which can be read here: http://cyber.law.harvard.edu/openlaw/DVD/1201.html#a2 Hal Finney - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: can a random number be subject to a takedown?
A lot of sites have been getting DMCA takedowns for the HD-DVD processing key that got leaked recently. My question to the assembled: are cryptographic keys really subject to DMCA subject to takedown requests? I suspect they are not copyrightable under the criterion from the phone directory precedent. I'm as far from being a copyright lowyer as most of you. http://www.dilbert.com/comics/pearls/archive/images/pearls2007042261849.jpg I suppose that we mean a randomly-generated number, rather than a random number. Then the production process would not be creative as expected for direct copyright and you'd be right that it can't be copyrighted. As far as the DMCA is concerned I think this is a paracopyright issue - the (alleged) significance of the number in relation to HD-DVD would make it a circumvention tool and therefore subject to takedowns. I don't know whether an alternative legitimate use is a defence, but you might have a job finding such a thing for a randomly-generated number (as opposed to something more structured like Netscape engineers are weenies.). - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: can a random number be subject to a takedown?
[EMAIL PROTECTED] (Hal Finney) writes: A sample demand letter from the AACS Licensing Authority appears at: http://www.chillingeffects.org/notice.cgi?sID=03218 From what I can see, there is no claim that the key is copyrighted. Rather, the letter refers to the provisions of the DMCA which govern circumvention of technological protection measures. It demands that the key be taken down in order to avoid legal liability. However, a 128 bit number is not a circumvention tool, any more than an explanation of how AACS can be attacked is a circumvention tool. A circumvention tool would have to be something like a program or a device that would permit circumvention, not mere description of one. Source code to a circumvention tool is probably a sticky issue, but the a 128 bit integer is not something you can then compile and get a hacking tool out of. Can one really consider publication of an integer to be circumvention? This seems odd to me because my understanding of the DMCA's anti-circumvention provisions is that they are criminal rather than civil law. Violations would lead to charges from legal authority and not from a copyright owner. So it's not clear that AACSLA has any power to enforce these demands, other than trying to get some government agency involved. That would indeed seem to be the case from me as well. Takedown notices are only for copyrighted material. This is not per se a standard takedown notice. -- Perry E. Metzger[EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
128 bit number T-shirt?
It would be amusing if the HD-DVD encryption key that has been the subject of the recent pseudo-takedown notices were to show up in a T-shirt for sale. Now that services like Cafe Press exist, someone could start selling such shirts almost as fast as they could put together a nice design for one. I sometimes filter commercial announcements, but I will happily forward the URL to a Cafe Press shop featuring such a shirt. -- Perry E. Metzger[EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: can a random number be subject to a takedown?
At 05:04 PM 5/1/2007 -0400, Perry E. Metzger wrote: [EMAIL PROTECTED] (Hal Finney) writes: A sample demand letter from the AACS Licensing Authority appears at: http://www.chillingeffects.org/notice.cgi?sID=03218 ... This seems odd to me because my understanding of the DMCA's anti-circumvention provisions is that they are criminal rather than civil law. Violations would lead to charges from legal authority and not from a copyright owner. So it's not clear that AACSLA has any power to enforce these demands, other than trying to get some government agency involved. That would indeed seem to be the case from me as well. Takedown notices are only for copyrighted material. This is not per se a standard takedown notice. It isn't a standard 17 USC 512(c)(3) takedown notice, it is a non-statutory notice advising Google of possible liability if the allegedly offending sites aren't taken down. Without getting into a lengthy discussion of whether this is a violation of the DMCA anti-circumvention provisions, alleged violations certainly can be pursued in civil court as well as criminal court. The semi-infamous 2600 case, involving the posting of DeCSS to many sites, was a civil case. Court of Appeals Opinion at http://www.eff.org/IP/Video/MPAA_DVD_cases/?f=20011128_ny_appeal_decision.html. James S. Tyre [EMAIL PROTECTED] Law Offices of James S. Tyre 310-839-4114/310-839-4602(fax) 10736 Jefferson Blvd., #512 Culver City, CA 90230-4969 Co-founder, The Censorware Project http://censorware.net Policy Fellow, Electronic Frontier Foundation http://www.eff.org - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: 128 bit number T-shirt?
| It would be amusing if the HD-DVD encryption key that has been the | subject of the recent pseudo-takedown notices were to show up in a | T-shirt for sale. | | Now that services like Cafe Press exist, someone could start selling | such shirts almost as fast as they could put together a nice design | for one. Even more amusing: It's now possible to get stamps produced from your own picture. Imagine sending letters in response to such notices with such a stamp on the envelope -- Jerry | I sometimes filter commercial announcements, but I will happily | forward the URL to a Cafe Press shop featuring such a shirt. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: can a random number be subject to a takedown?
On May 1, 2007, at 12:53 PM, Perry E. Metzger wrote:
A lot of sites have been getting DMCA takedowns for the HD-DVD
processing key that got leaked recently.
My question to the assembled: are cryptographic keys really subject to
DMCA subject to takedown requests? I suspect they are not
copyrightable under the criterion from the phone directory
precedent.
My tongue is slightly in my cheek as I say this: once a random number
is known, it's not random any more. An idealized property of random
numbers like keys is that there be no algorithm for producing it that
is better than guessing. I can presently guess this key with
probability greater than 2^-128 using this algorithm in a C-like
pseudocode:
unsigned char* guess_key(void)
{
unsigned
char key[] = {0x0a, 0xFa, 0x12, 0x03,
0xD9, 0x42, 0x57, 0xC6,
0x9E, 0x75, 0xE4, 0x5C,
0x64, 0x57, 0x89, 0xC1};
return key;
}
(Or it would if I'd put the actual AACS key in there.)
The question is if a *specific* key can be taken down. This is open
to argument, because the DMCA only applies to things that are
copyrightable, and one can argue that keys are not copyrightable
convincingly. (Sketch of argument: if keys were copyrightable then I
could copyright a list of all keys. I can't copyright a database, or
even a phone book, so the notion that I could copyright a list of all
numbers in the set [0..N] is absurd.)
As far as anti-circumvention goes, keys themselves can't be used for
circumvention. Assuming that the above were the AACS key, I couldn't
use it to circumvent because I don't know the right protocol to use.
Consider another scenario: one can use a brick to smash a window, but
possessing a brick does not mean you've broken windows. If I have a
proper key, but no software, I am not capable of circumventing.
Likewise, if I had software that could do the crypto, but no key, I'm
not capable. It is only if I have both the software and the key that
I have something that *might* be a circumvention device. Even things
that might be circumvention devices are not always. The test in the
DMCA is if its primary purpose is for circumvention. This is why
debuggers are not circumvention devices. It is only when you use the
potential circumvention device to circumvent that you've done the
equivalent of throwing the brick through the window.
Jon
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: 128 bit number T-shirt?
[Moderator's note: Manually forwarded because of a software glitch. --Perry] From: Gary Ellison [EMAIL PROTECTED] Subject: Re: 128 bit number T-shirt? To: Perry E. Metzger [EMAIL PROTECTED] CC: cryptography@metzdowd.com Date: Tue, 01 May 2007 17:30:10 -0700 Your wish has been granted http://www.cafepress.com/09f9 Perry E. Metzger wrote: It would be amusing if the HD-DVD encryption key that has been the subject of the recent pseudo-takedown notices were to show up in a T-shirt for sale. Now that services like Cafe Press exist, someone could start selling such shirts almost as fast as they could put together a nice design for one. I sometimes filter commercial announcements, but I will happily forward the URL to a Cafe Press shop featuring such a shirt. -- ! - Harpo Marx - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: 128 bit number T-shirt?
At Tue, 01 May 2007 20:59:42 -0400, Perry E. Metzger wrote: [Moderator's note: Manually forwarded because of a software glitch. --Perry] From: Gary Ellison [EMAIL PROTECTED] Subject: Re: 128 bit number T-shirt? To: Perry E. Metzger [EMAIL PROTECTED] CC: cryptography@metzdowd.com Date: Tue, 01 May 2007 17:30:10 -0700 Your wish has been granted http://www.cafepress.com/09f9 I'm not sure if you're the one who made it, but can you make a black version too, please ? I would buy it, for sure. P.S.: This is not because I'm a metalhead, just because I like black tshirts... ;-) - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: 128 bit number T-shirt?
Paul Hoffman [EMAIL PROTECTED] writes: Your wish has been granted http://www.cafepress.com/09f9 This would be a lot more popular if the t-shirt and mug said something a bit more fetching above the hex such as Ask me about HD-DVD. I'd like one with Wearing an integer is not circumvention. on the back or some such. :) Perry - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
