DMCA Forces Cox To Censor Changelog?

Ross Vandegrift writes: "Alan Cox released 2.2.20pre10 today, which includes security fixes. He is refusing to indicate what security holes have been fixed, as Unix-style permissions could be used as an anti-circumvention device. The thread starts here. " It'd be great if people could read the threads here and try to figure out what is going on. I'm a little lost, but it looks like he's being overzealous.

Re:Maybe he's joking?

[fobbman]

Or maybe considering his past comments on not wanting to come to America anymore due to DMCA fears, he's just doing it to spark more debate. You know, get all the /. folks up in arms about the DMCA again and how it's keeping free information from being free. That'd be my guess, but YMMV.

People! He's Joking!

[Phantasmagoria]

People. He's just using this humorous approach to show us how ridiculous the DMCA can be.

Actions Speak Louder

[eAndroid]

We can't bomb the RIAA et al so we'll have to resort to other methods of getting attention to have the DMCA reviewed. We could write letters until we are blue in the face but that isn't working.

I'm not sure if Alan's actions will get the attention it needs but it is certainly a step in the right direction.

Does DMCA apply here?

[guru_steve]

Correct me if i'm wrong, but doesn't the DMCA only apply in cases of devices meant to enforce copyright protection?

Thefreeworld.net Re:Overzealous, eh?

[Rik van Riel]

Indeed, the US outlawing something is one thing. That's their business, if it turns out to hurt them too much they can always revert the law. It's a democratic country, isn't it ?

OTOH, the US outlawing something shouldn't mean that all these good things are suddenly no longer available to the rest of the world. We need a place to publish the things which are outlawed in the US, without getting prosecuted for publishing these things to the US.

Such a site has been started (well, not quite, but we're busy getting it up and running) and we hope there will soon be a place to publish crypto research, security information and other useful tools which are not allowed in the US. The only small gotcha is that in order to publish it legally, some kind of access controll will have to be put in place so US citizens cannot get at the archive. Unfortunate, but so be it.

The site? http://thefreeworld.net/ [thefreeworld.net]

Re:Using the Linux community as pawns

[alman]

What you seem to be forgetting is that the way the DMCA is written, they can *legally* go after him. The fact that they don't choose to is from my opinion just a matter of time.

Re:Using the Linux community as pawns

[gorilla]

Is Dmitri not a legitimate programmer? I think he is. Dmtitri writes programs which are legal in his country. He has never written a program in the US which violates US law. What other test of legitimate is there?

Re:Using the Linux community as pawns

[Kaa]

Alan needs to realize that, although the DMCA does have important and evil implications for the freedom to code and speak in the U.S., it would not be used against a legitimate programmer such as himself. The people who have been targeted by the DMCA have been crackers: people who defeat lame encryption schemes and distribute point-and-click software that allows the masses to pirate. Although I fully support 2600 and Dmitri in their efforts (I have been a security engineer and I appreciate the truly talented invididuals in the field), DeCSS and the PDF utility are simply not in the same class as the Linux kernel and the other software Cox has worked on. He is simply a non-target and he needs to stop pretending that the DMCA affects him.

First they came for the Communists,
and I didn't speak up,
because I wasn't a Communist.
Then they came for the Jews,
and I didn't speak up,
because I wasn't a Jew.
Then they came for the Catholics,
and I didn't speak up,
because I was a Protestant.
Then they came for me,
and by that time there was no one
left to speak up for me.

by Rev. Martin Niemoller, 1945

Re:Using the Linux community as pawns

[antientropic]

it would not be used against a legitimate programmer such as himself

While it is unlikely that Alan would be arrested for fixing security bugs in the Linux kernel, he is quite right in saying that under the letter of the law, he might be. Even if you merely can be arrested for such an activity, then the DMCA is a bad law and must be repealed, or at least modified very substantially. So Alan should be applauded for taking a stand, even if (or exactly because!) that inconveniences some people temporarily.

Re:Thefreeworld.net Re:Overzealous, eh?

[larien]

You gotta love the irony of a site being called "The free world" excluding US, the so-called "land of the free".

As Bill Hicks said, "You are free... to do as we tell you". Right now, it seems that US "freedom" means the freedom to bribe (sorry, to fund...) senators et al to get your pet bills passed.

Re:Overzealous, eh?

[zericm]

Won't happen. From my experience, most of the folks on Slashdot tend to have a Libratarian slant to their polictics: no unions, business is good, goverment bad. That sort of thing.

The problem is that most of the real world allies for a DMCA fight tend to be progressive in politics, with the ACLU being the most obvious example.

Civil Obedience

[Per Abrahamsen]

Imagine a law so stupid that civil obedience becomes an efficient way to fighting it...

Re:Overzealous, eh?

[TheCarp]

I would half agree....

I see alot of both libertarian and socialist slants actually. (which are very similar on some fronts - moreso than they want to admit - and vastly different on others)

Who else here remembers when /. had statments from a bunch of the presidential candidates during the last election?

I dunno about anyone else, but I found myself agreeing about as often and as strongly with the peice by the socialist party candidate as the libertarian one. (and very seldom with others).

In fact on unions, buisness, and government, It seems there are alot of polar views here and few middle of the road ones.

-Steve

Re:Using the Linux community as pawns

[CmdrTroll]

Then I guess the moral of the story is, "don't live in America." Think about it:

• You can be stopped, searched, and arrested [expertlaw.com] anytime you're in public if a police officer doesn't like the way you look. If you're lucky, your case will get thrown out or the cop will be nice. Cops have the right to tear your car apart looking for drugs, and not pay for damage if they don't find any.
• Civil forfeiture [fear.org] means that if you break any of the millions of anal, petty laws in the U.S., you can lose your house, your car, or any other property you own. Watch the first 20 minutes of Traffic to see how it works.
• Software and media piracy can land you in prison for five years and subject you to up to $250,000 in fines, per violation. (Naturally this bill was signed by our Democratic friend, Bill Clinton). It's a steep penalty for something so trivial.
• "Disorderly conduct" is a catch-all crime which can be used to arrest people for a reason of the officer's choosing. Ask any minority about it and you're certain to hear a few stories.
• Many forms of sexual activity (such as oral or anal sex) are banned in several states. Most people in the country (besides the Slashdot crowd) are guilty of one or more of these offenses.
• It is widely known that most powerful politicians can trigger an IRS audit on their political enemies.
• The ATA has made it legal for authorities to detain foreign nationals indefinitely, without presenting evidence of a crime or making a formal arrest.

The DMCA is only one of the many laws which make the USA into a police state. AC's intentions are good but he's got a lot more battles in front of him before the U.S. can be considered safe from authority abuse.

-CT

Re:Using the Linux community as pawns

[the_2nd_coming]

alan needs to take a man's stand and publish the logs....Matin Luther King jr did this sort of thing.....Alan needs to do this sort of thing....if he gets arrested how can the DA deamonise him to the jury?

DA: " He released information that broke the DMCA while trying to keep the Linux kernel secure!!!"

defence:" the nature of OSS is to show all changes. the linux kernel does not contain any copyprotected material, however, because of a baddly writen law, making the operating system secure from intruders is now illegal....does that seem right?"

Re:he's just trying to "make a point"

[rknop]

On a list that reaches US citizens - no. File permissions and userids may constitute and be used for rights management.

By that theory, telling somebody how to set the root password on their Linux machine constitutes trafficking in circumvention technology.

There are two conclusions from this. One, Alan is being stupid and overzealous, even if he did find a lawyer who told him that posting information about the security fixes could violate the DMCA. Two, the DMCA is a stupid and ridiculous law, and the full level of its stupidity (and the stupidity of our lawmakers and law enforcers) is being demostrated by the DeCSS, Felton, and Sklyarov cases. I am embarassed to be a citizen of a country that has such a law (although it will take the SSSCA to force me to flee the country as a political defector, the DMCA isn't enough to push me that far).

The DMCA has got to go, but I fear I see no way in the world that we'll ever be able to get rid of it short of it being declared unconstitutional, or short of extreme campaign finance reform that remakes Congress into representatives of their constituents.

-Rob

Things to realise about Alan Cox

[pubjames]

Firstly, he's a Brit. They have a sense of humour which is sometimes very subtle and is usually based on 'irony' (as in the saying something different to what you mean, rather than the more American 'Alanis Morissette' use of the word). Some Americans take ironic statements at face value, as is often seen on Slashdot.

Secondly, he's a clever guy. He's being stubborn about this to make a point. If he wasn't stubborn about it, the point wouldn't be made. He is acting correctly according to an unjust law to highlight the danger of it.

He is not being 'dumb' or deliberately annoying, he's highlighting the potential effects of a worrying development in the American legal which could have significant negative impact on all Open Source software developers.

use the source, luke

[Anonymous Coward]

Does this mean that soon the source code to the linux kernel will not be available in the united states? From what Ive observed, the main argument in the DeCSS case was that source code itself is a form of communication among programmers and is protected under the first ammendment. Can I not just find out what changes were made, and figure out what the vulnerability was by reading the source code?

Would that make diff and vi circumvention devices?

I do beleive that Alan is being overzealous, but do agree that *something* must be done about this and quickly. Unfortunately, I am not in a position of to do much more than wear a Free Dimitry T-shirt. IMHO what Alan has done is illogical. Perhaps the better thing to do would be to cut the US from the linux source code all together.

Now THAT would raise a stink.

Disgusted to be an American

[haplo21112]

I used to be proud to be a Citizen of US. But it seems everyday that the "land of the Free" becomes a little less free. This is beginning to reach insane proportions. Everyday we seem to pass more and more laws that are seemingly(to me anyway) directly in conflict with Our Constitution. Our politicans don't listen to us anymore. I am disgusted...and angry...so much so i can't even think of words to express my rage at what is being done to this great nation. Our laws were ment to protect our citizens, and ensure the right to "life, liberty and the persuit of happiness" I feel as if I have none of these lately.

--"The refuses to bend, he refuses to fall, he's always at home with his back to the wall" --Bill Joel- Angry Young Man.

Re:Using the Linux community as pawns

[monkeydo]

You aren't comparing the Skylarov case to the Betamax case are you, because if you are that's stupid.

digital copying != analog copying
copying != timeshifting
Betamax did not break any encrytion and there was no DMCA at the time.

In the Betamx case the decision reflected the fact that "timeshifting" is not a violation, and VCR's have substantial non-infringing uses. The decision did not give VCR owners permission to start copying copyrighted works.

Dimitry wrote and sold software that was designed to violate copyrights. Even without the DMCA the ebooks license specifies you may not make copies and contrary to Slashlore there is no indescriminant "Fair Use Right" that allows this behavior. Had Sony marketed the Betamax as a method of illegal copying protected material they likely would have lost their case as well.

Re:Overzealous, eh?

[ichimunki]

The difference between a Socialist Linux Zealot and a Libertarian Linux Zealot is this: the SLZ would nationalize Microsoft and open their source code for all to use-- and hopefully port the valuable pieces to Linux (eliminates all competition), the LLZ blames the consumers who refuse to make intelligent use of their free markets and figures that if they get screwed by MS on an ongoing basis that they deserve it. And it's hard not to agree with both of them. *grin*

Re:Overzealous, eh?

[Cardhore]

Basically, the DMCA is terrorism.

Work to Rule

[Wesley Everest]

Actually, this is an example of Work to Rule [iww.org]. It's a tactic often used in the workplace to win against a boss. Unionized workers often use the strategy when laws or contracts forbid strikes and other activities, but even non-unionized workers often use it to effectively protest (and eliminate) ridiculous rules.

While this current example won't take down the DMCA, the idea is that the DMCA will hurt U.S. corporations in the long run. Specifically, it will hurt the vast majority of corporations that don't get any benefits from the DMCA. We can only hope that these corporations give bigger bribes than the record and movie corporations.

Re:Disgusted to be an American

[cluge]

You can go live in the UK and get your nice unhappy face photographed a thousand times a day. You could go live in the UK where certain books are banned because ??(Add inane reason here). You can go live in the UK where the ability to protect yourself with a firearm has been taken away by the good Government.

Every country (and I've been to quite a few) has limitations on peoples freedom somehow. As a modern society we are fast approaching big brother if we aren't careful (UK has had big brother for a while hasn't it?).

Instead of being "Disgusted" perhaps you should pay an attorney to help "wage the war". You know we still have the ability to change the law and it has yet to be constitutionally tested. With all the "open source" companies out there I'm suprised there hasn't been a class action lawsuit for damages to the "open source product" caused by the RIAA.

Oh yeah, and next time there is an election, vote.

Re:just making a point

[VivianC]

I would have to disagree that he is "letting them win." This appears to be one step of a brilliant plan to get the DMCA thrown out. This change-log can now be introduced in court as an example of the DMCA "chilling" free speech. The EFF should be collecting huge piles of examples to introduce as exhibits in DMCA cases.

Now another good step would be to find an employee of a large company (Microsoft would be nice) who writes about a bug or exploit in their company's product and have them arrested for publishing a circumvention device. Anyone wanna go through the XP Beta groups and try to find an exploit that wasn't fixed and was discovered by a Microsoft employee? If Microsoft or any major company turns their money and legal teams against this law, it will fall faster than a dot com stock.

Simply, real examples of the "chilling effect" need to be documented for the Dimitry trial and other trials that will happen. These will go much further in getting the law overturned than messages to our Congressmen.

Reason behind this.

[rew]

I'm a little lost, but it looks like he's being overzealous.

I don't think so. Alan is trying to prove a point. That point being: The US is being rediculous with that DMCA.

There WAS a bug, there is no longer. Publishing the bug means you're providing people with a "circumvention device" (on the older kernels). The DMCA forbids that.

Alan is being rediculous with a purpose. The more people realize that this DMCA is rediculous the more they will be inclined to complain to their senators or whatever means those Americans have to influence their politicians.

Roger.

Re:Using the Linux community as pawns

[VivianC]

What was said:

DA: " He released information that broke the DMCA while trying to keep the Linux kernel secure!!!"

defence:" the nature of OSS is to show all changes. the linux kernel does not contain any copyprotected material, however, because of a baddly writen law, making the operating system secure from intruders is now illegal....does that seem right?"

What the jury understands:

DA: This foreign computer programer told other programers how to break into computer systems.

Slashdot Defense: Blah blah non-American blah blah hacker blah blah bad government blah blah fix computer blah blah.

Jury: The defense made no sense. He must be guilty!

Re:Reason behind this.

[rew]

And the REST of the world must suffer because some american law (which has no jurisdiction OUTSIDE america) exists?

Normal countries state somewhere in their laws that their laws don't apply outside their borders. Somehow the USA is different.

We KNOW that they arrested that russian guy because he did something (violate DMCA) outside the American borders.

If the Americans are desparate enough, they'll come and get you, jurisdiction or not. Otherwise they might let it rest until you set foot on their soil.

Now tell me again, that Alan need not be afraid of American law.

Roger.

The reasons

[Godeke]

Thinking this through, the DMCA says that you may not publish information that leads to the circumvention of any content security device. Cox has decided that file permissions constitute a content security device (which they do, but normally in a difference sense than the DMCA is applied).

To be honest, going by the letter of the law, this makes some sense. By publishing the flaw's details, earlier kernals are open to exploitation via the flaws, thus unsecuring the content currently protected by the file permissions.

Stupid, yes - but a realistic reading of the letter of the law, if not the intent. But then when did intent matter in law?

Re:Thefreeworld.net Re:Overzealous, eh?

[mpe]

sorry to tell you this, the U.S. is a Constitutional Republic

How much of the US constitution needs to have been voided before that bit goes?

Alan Cox works for Red Hat.

[Anonymous Coward]

Red Hat has perhaps more to lose from too-stringent definitions of the DMCA, or from the enactment of the SSSCA, than any other corporate entity in the United States.

Alan notes that he is acting on legal advice, and does not elaborate.

Perhaps it stands to reason that this is not merely Alan's radical position, but a tool that will aid an incipient Red Hat fight against the DMCA/SSSCA.

If Red Hat wants to fight the DMCA, they must first be able to reasonably claim that the DMCA makes it prohibitively difficult for them to do business.

Think about it. It'll come to you.

--ever wonder why anonymous cowards post anonymously?

unclean hands

[renehollan]

Perhaps, but you can't use the law as a shield when you have done something illegal, i.e. "an exploit". You are said to have "unclean hands", and can not seek redress from the courts.

For example, if I enter into a contract to, oh, sell you illicit drugs, and I provide the drugs, and you don't pay, I can not seek redress from the courts. In this case, if someone produced code designed to harm or otherwise compromise a computer system, I seriously doubt they could cry "copyright infringement" if someone explained how to render such an exploit ineffective.

Though, given the bizarre and insane state of current U.S. legislation, I would still be wary of such a silly charge sticking.

Of course I am not a lawyer, so don't take this as legal advice.

Re:Reason behind this.

[mpe]

And the REST of the world must suffer because some american law (which has no jurisdiction OUTSIDE america) exists?

They harrassed an Norwegian, kidnapped a Russian over this law. A good reason for the rest of the world to take notice...

There's more to it

[gotan]

He not only tries to make a point, but he has valid reasons for fearing to be dragged into an US court. Maybe it wouldn't make much sense for the US to sue him, nevertheless he is avoiding to act against the letter of US-law, and that is what is held against you when you end up in court: Neither your intentions, nor the intentions of the law, but the letter of the law.

If any of the patches or future patches even touch the handling of DVD-Players, or future FUCK-ware (Futile Unnecessary Control Keping Hard/Software) he'd better present, what US-lawyers consider a clean west to avoid being dragged through courts until hell freezes over because some corporation is then likely to use the DMCA as a lever and make a public example of him.

Since Skylarov this law has become a very real threat to non-US-citizens.

Denying US-Access to Security lists

[gotan]

Security lists should be even more aware of DMCA legislation. When dealing with US-based businesses security experts should demand an outside US contact-address to send the report to, as well as a document stating that the information will not be divulged to US citizens or residents.

Posting the report to a Site accessible from USA gives anyone who wants the means to sue to their liking, and the only reason Microsoft didn't already sue bug-reporters into submissive silence is the cry of outrage to be expected after such a move. But we'll probably soon see that nevertheless with their hacked Mediaformat.