Re: can a random number be subject to a takedown?
Hal Finney wrote: My question to the assembled: are cryptographic keys really subject to DMCA subject to takedown requests? I suspect they are not copyrightable under the criterion from the phone directory precedent. A sample demand letter from the AACS Licensing Authority appears at: http://www.chillingeffects.org/notice.cgi?sID=03218 From what I can see, there is no claim that the key is copyrighted. Rather, the letter refers to the provisions of the DMCA which govern circumvention of technological protection measures. It demands that the key be taken down in order to avoid legal liability. This seems odd to me because my understanding of the DMCA's anti-circumvention provisions is that they are criminal rather than civil law. Violations would lead to charges from legal authority and not from a copyright owner. So it's not clear that AACSLA has any power to enforce these demands, other than trying to get some government agency involved. The letter specifically cites 17 USC 1201(a)2 and (b)1, which can be read here: http://cyber.law.harvard.edu/openlaw/DVD/1201.html#a2 From an explanation of the justification for the take down notices: http://www.out-law.com/page-8022 Fred von Lohman, an attorney at the Electronic Frontier Foundation, said in his blog that sites which carry the code or links to it are unlikely to be able to use a traditional defence of 'safe harbor'. While no court has ruled on the issue, AACS will almost certainly argue that the DMCA safe harbors do not protect online service providers who host or link to the key, he said. The DMCA safe harbors apply to liabilities arising from 'infringement of copyright.' Several courts have suggested that trafficking in circumvention tools is not 'copyright infringement,' but a separate violation of a 'para-copyright' provision. The AACS takedown letter is not claiming that the key is copyrightable, but rather that it is (or is a component of) a circumvention technology, said von Lohman. The DMCA does not require that a circumvention technology be, itself, copyrightable to enjoy protection. One would think that the recent SCOTUS findings in Microsoft v. ATT would demonstrate that intangibiles such as software (and perhaps large integers) were not components or parts thereof, unless in place in a device: http://www.webster.com/cgi-bin/dictionary?sourceid=Mozilla-searchva=device f : a piece of equipment or a mechanism designed to serve a special purpose or perform a special function an electronic device From http://cyber.law.harvard.edu/openlaw/DVD/1201.html#a2 17 USC 1201: (b) Additional Violations. - (1) No person shall manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof, that - o (A) is primarily designed or produced for the purpose of circumventing protection afforded by a technological measure that effectively protects a right of a copyright owner under this title in a work or a portion thereof; o (B) has only limited commercially significant purpose or use other than to circumvent protection afforded by a technological measure that effectively protects a right of a copyright owner under this title in a work or a portion thereof; or o (C) is marketed by that person or another acting in concert with that person with that person's knowledge for use in circumventing protection afforded by a technological measure that effectively protects a right of a copyright owner under this title in a work or a portion thereof. I'd strongly suspect that most if not all of the 2 million hits would not reveal another acting in concert with that person's knowledge. While this instance is not indicative of a trend to the lawyer equivalent of judicial activism, I don't see any protection under the DMCA against distributing the Processing Keys as what appears to be a political statement (which could be held to be protected speech). (IANAL) Freds blog entry: http://www.eff.org/deeplinks/archives/005229.php - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
RE: can a random number be subject to a takedown?
On 01 May 2007 22:33, Jon Callas wrote: On May 1, 2007, at 12:53 PM, Perry E. Metzger wrote: unsigned char* guess_key(void) { unsigned char key[] = {0x0a, 0xFa, 0x12, 0x03, 0xD9, 0x42, 0x57, 0xC6, 0x9E, 0x75, 0xE4, 0x5C, 0x64, 0x57, 0x89, 0xC1}; return key; } (Or it would if I'd put the actual AACS key in there.) Heh, that's a bit like the old issue of whether you can publish an OTP that has certain interesting properties when used to en/decrypt some other public domain information. See also http://preview.tinyurl.com/3dcse6 http://preview.tinyurl.com/2d3hm3 http://preview.tinyurl.com/2ey2mj for more variations on this theme. Wonder if you can issue a take-down notice for a 301 redirect? cheers, DaveK -- Can't think of a witty .sigline today - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
can a random number be subject to a takedown?
A lot of sites have been getting DMCA takedowns for the HD-DVD processing key that got leaked recently. My question to the assembled: are cryptographic keys really subject to DMCA subject to takedown requests? I suspect they are not copyrightable under the criterion from the phone directory precedent. -- Perry E. Metzger[EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: can a random number be subject to a takedown?
My question to the assembled: are cryptographic keys really subject to DMCA subject to takedown requests? I suspect they are not copyrightable under the criterion from the phone directory precedent. A sample demand letter from the AACS Licensing Authority appears at: http://www.chillingeffects.org/notice.cgi?sID=03218 From what I can see, there is no claim that the key is copyrighted. Rather, the letter refers to the provisions of the DMCA which govern circumvention of technological protection measures. It demands that the key be taken down in order to avoid legal liability. This seems odd to me because my understanding of the DMCA's anti-circumvention provisions is that they are criminal rather than civil law. Violations would lead to charges from legal authority and not from a copyright owner. So it's not clear that AACSLA has any power to enforce these demands, other than trying to get some government agency involved. The letter specifically cites 17 USC 1201(a)2 and (b)1, which can be read here: http://cyber.law.harvard.edu/openlaw/DVD/1201.html#a2 Hal Finney - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: can a random number be subject to a takedown?
A lot of sites have been getting DMCA takedowns for the HD-DVD processing key that got leaked recently. My question to the assembled: are cryptographic keys really subject to DMCA subject to takedown requests? I suspect they are not copyrightable under the criterion from the phone directory precedent. I'm as far from being a copyright lowyer as most of you. http://www.dilbert.com/comics/pearls/archive/images/pearls2007042261849.jpg I suppose that we mean a randomly-generated number, rather than a random number. Then the production process would not be creative as expected for direct copyright and you'd be right that it can't be copyrighted. As far as the DMCA is concerned I think this is a paracopyright issue - the (alleged) significance of the number in relation to HD-DVD would make it a circumvention tool and therefore subject to takedowns. I don't know whether an alternative legitimate use is a defence, but you might have a job finding such a thing for a randomly-generated number (as opposed to something more structured like Netscape engineers are weenies.). - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: can a random number be subject to a takedown?
[EMAIL PROTECTED] (Hal Finney) writes: A sample demand letter from the AACS Licensing Authority appears at: http://www.chillingeffects.org/notice.cgi?sID=03218 From what I can see, there is no claim that the key is copyrighted. Rather, the letter refers to the provisions of the DMCA which govern circumvention of technological protection measures. It demands that the key be taken down in order to avoid legal liability. However, a 128 bit number is not a circumvention tool, any more than an explanation of how AACS can be attacked is a circumvention tool. A circumvention tool would have to be something like a program or a device that would permit circumvention, not mere description of one. Source code to a circumvention tool is probably a sticky issue, but the a 128 bit integer is not something you can then compile and get a hacking tool out of. Can one really consider publication of an integer to be circumvention? This seems odd to me because my understanding of the DMCA's anti-circumvention provisions is that they are criminal rather than civil law. Violations would lead to charges from legal authority and not from a copyright owner. So it's not clear that AACSLA has any power to enforce these demands, other than trying to get some government agency involved. That would indeed seem to be the case from me as well. Takedown notices are only for copyrighted material. This is not per se a standard takedown notice. -- Perry E. Metzger[EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: can a random number be subject to a takedown?
At 05:04 PM 5/1/2007 -0400, Perry E. Metzger wrote: [EMAIL PROTECTED] (Hal Finney) writes: A sample demand letter from the AACS Licensing Authority appears at: http://www.chillingeffects.org/notice.cgi?sID=03218 ... This seems odd to me because my understanding of the DMCA's anti-circumvention provisions is that they are criminal rather than civil law. Violations would lead to charges from legal authority and not from a copyright owner. So it's not clear that AACSLA has any power to enforce these demands, other than trying to get some government agency involved. That would indeed seem to be the case from me as well. Takedown notices are only for copyrighted material. This is not per se a standard takedown notice. It isn't a standard 17 USC 512(c)(3) takedown notice, it is a non-statutory notice advising Google of possible liability if the allegedly offending sites aren't taken down. Without getting into a lengthy discussion of whether this is a violation of the DMCA anti-circumvention provisions, alleged violations certainly can be pursued in civil court as well as criminal court. The semi-infamous 2600 case, involving the posting of DeCSS to many sites, was a civil case. Court of Appeals Opinion at http://www.eff.org/IP/Video/MPAA_DVD_cases/?f=20011128_ny_appeal_decision.html. James S. Tyre [EMAIL PROTECTED] Law Offices of James S. Tyre 310-839-4114/310-839-4602(fax) 10736 Jefferson Blvd., #512 Culver City, CA 90230-4969 Co-founder, The Censorware Project http://censorware.net Policy Fellow, Electronic Frontier Foundation http://www.eff.org - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: can a random number be subject to a takedown?
On May 1, 2007, at 12:53 PM, Perry E. Metzger wrote: A lot of sites have been getting DMCA takedowns for the HD-DVD processing key that got leaked recently. My question to the assembled: are cryptographic keys really subject to DMCA subject to takedown requests? I suspect they are not copyrightable under the criterion from the phone directory precedent. My tongue is slightly in my cheek as I say this: once a random number is known, it's not random any more. An idealized property of random numbers like keys is that there be no algorithm for producing it that is better than guessing. I can presently guess this key with probability greater than 2^-128 using this algorithm in a C-like pseudocode: unsigned char* guess_key(void) { unsigned char key[] = {0x0a, 0xFa, 0x12, 0x03, 0xD9, 0x42, 0x57, 0xC6, 0x9E, 0x75, 0xE4, 0x5C, 0x64, 0x57, 0x89, 0xC1}; return key; } (Or it would if I'd put the actual AACS key in there.) The question is if a *specific* key can be taken down. This is open to argument, because the DMCA only applies to things that are copyrightable, and one can argue that keys are not copyrightable convincingly. (Sketch of argument: if keys were copyrightable then I could copyright a list of all keys. I can't copyright a database, or even a phone book, so the notion that I could copyright a list of all numbers in the set [0..N] is absurd.) As far as anti-circumvention goes, keys themselves can't be used for circumvention. Assuming that the above were the AACS key, I couldn't use it to circumvent because I don't know the right protocol to use. Consider another scenario: one can use a brick to smash a window, but possessing a brick does not mean you've broken windows. If I have a proper key, but no software, I am not capable of circumventing. Likewise, if I had software that could do the crypto, but no key, I'm not capable. It is only if I have both the software and the key that I have something that *might* be a circumvention device. Even things that might be circumvention devices are not always. The test in the DMCA is if its primary purpose is for circumvention. This is why debuggers are not circumvention devices. It is only when you use the potential circumvention device to circumvent that you've done the equivalent of throwing the brick through the window. Jon - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]