New RedHat Kernel Patch Illegal to Explain to U.S. Users 981
Russellkhan writes "The Register is running a story about a new RedHat kernel patch that cannot be explained to U.S. citizens or others in the U.S. because of DMCA restrictions. The illegal explanation is hosted at Thefreeworld.net, a site created specifically to deal with these DMCA issues."
Again? (Score:1, Interesting)
Maybe the Slashdot crew could try reading their own site once in a while.
Use the source? (Score:-1, Interesting)
RagManX
An Idea (Score:5, Interesting)
Does this mean that when MS decides to release a "security patch" for one of its releases, and explains why this patch is necessary and how it might be exploited, that they are in breach of the DMCA? Could someone sue MS for releasing details that are then used to build a worm? (CodeRed comes to mind...)
Just my $.02
What this means... (Score:4, Interesting)
Someone outside the US found a security flaw that allows exploitation of the sysetm.
Explaining how to circumvent security is against the DMCA.
Red Hat supplies a patch, but they cannot tell you exactly what it fixes, because that would be explaining how to circumvent security.
Ah the horrors of humanity!
DMCA is a success (Score:5, Interesting)
The media corporation must be really happy yo see this.
I doubt very much that the DMCA would apply to a description of a patch WITHOUT applying to the patch itself. If the patch is supposed to be legal under the DMCA, why would it's description would be illegal.
I believe that these guys try the wrong way to persuade others that the DMCA is bad.
More correctly, a human readable explaination... (Score:2, Interesting)
As far as I know, an explaination in the form of C source code is legal - it is an explaination in a human language that is not.
Contrast this to the fact that a description of DVD decryption in English is, as far as I know, legal, but in C is, as far as I know, illegal.
What about kernel source? (Score:4, Interesting)
But, what about the source? I can freely download the source for this patch, right? So, how does that NOT violate the DMCA? Lets say that obtaining the source for this patch were illegal... what conflict would this have with the GPL?
I fucking hate the DMCA... what a stupid piece of shit. It impedes free speach, which BTW is against the US Constitution, and it costs me money, because now I have to spend extra time researching a problem that is critical to the security of my business.
But whois thefreeworld.net? (Score:4, Interesting)
Linux MM, c/o Conectiva Inc.
R. Tocantins 89
Cristo Rei
80050430, Curitiba PR
BR
Created on: 07-AUG-01
Expires on: 07-AUG-06
Last Updated on: 07-AUG-01
Administrative Contact:
van Riel, Rik
Linux MM, c/o Conectiva Inc.
R. Tocantins 89
Cristo Rei
80050430, Curitiba PR
BR
+55 41 360 2600
Need a Website (Score:5, Interesting)
atto
Re:It happened with full support of the REPUBLICAN (Score:3, Interesting)
I must be in a different US than you, from my vantage point, there's no practical difference between Republicans and Democrats, only a difference in their rhetoric.
It's like this:
I walk up to you on the street and make you an offer. I'll give you a choice, do you want me to stab you in the right eye with a pencil, or the left eye. Make your choice, it's a free country! You too can make a difference!
Re:So what this means is... (Score:1, Interesting)
The gist... (Score:3, Interesting)
The gist of this security patch is to fix driver vulnerabilities. It fixes several of them, not one of them is exploitable by a remote user. They all require the hardware in question to be connected to exploit the driver vulnerability, and they all involve allowing people to write to kernel memory space. In other words... they could be used to nuke a linux box by a local user (why not just 3-finger salute, I know not), but the moment you reboot the problem is fixed anyway.
Missing the point? (Score:5, Interesting)
Q. Which kernel hacker does Red Hat employ, outside of the US?
A. Alan Cox.
Q. Why won't Alan Cox visit the US because "the chances of his arrest are none zero"?
A. Use of the DMCA to indict Sklyarov.
It seems much more likely that Alan Cox is, with Red Hat's full support, taking a very good swipe at some of the more ludicrous aspects of the DMCA. Basically, what they are implying that this could lead to is the situation where a major security flaw can be disclosed to the entire world, except for the US, because of the DMCA. The obvious upshot of that is that every man and his dog outside of the US could have access to the knowledge required to shaft servers in the US, and the sysadmins in the US can't do a thing about it because of the DMCA.
The words "hoist", "own" and "petard" spring to mind. ;)
Re:DMCA == Bible? (Score:2, Interesting)
Your comparison is lousy, and not even close to how the DMCA works. Stick to good anaologies, rather than opinions. You'll go far.
Broadcast-2000 (Score:2, Interesting)
why are the bcast sources on this list?
Re:I'd comment, but (Score:1, Interesting)
It is the *license* of the patch . . . (Score:3, Interesting)
*Redhat* is not the refuser here, they are simply bound by the terms of the author's *license.*
Now, let's do a little deductive work here while we're about it, shall we?
This isn't a "Linux" patch, it's "Redhat" patch. And what *Redhat* kernel developer has already shown a propensity for making socio-political statements with the license terms of his kernel patches regarding the DMCA?
Anyone care to go waaaaaaaaaay out on a limb and "guess" just who might have had a hand in this?
I'll give you three guesses, but if you don't get it in one you haven't been paying attention.
KFG
The point, why is it illegal (Score:3, Interesting)
The point isn't even that anyone would be charged under the DMCA, but that under the language of the law, they could be. The underlying point is that disclosing security vulnerabilities and keeping current with their announcements are extremely common activities for any security professional doing his/her job.
That said, the whole exercise seems a bit lame and the article more or less says that straight out after leading in with a bit of sarcasm. It's not even the dumbest part of this law, but that's another story already beaten to death on /.
Re:Oh no... (Score:2, Interesting)
Re:Again? (Score:5, Interesting)
Cox didnt publish details (ie - what the bug was or how to exploit it) because he believed it violated DMCA - as somewhere out there someone could be using UNIX file permissions as a "copy protection device," and the details to exploit it would be "circumventing a copy protection scheme." IIRC, Cox is not a US citizen, but he has to travel to the US a lot, and didnt want to lose that ability by publishing the exploit.
These stories (Cox's above and this current issue) are perfect examples of things to send over to that committee collecting comments on the DMCA. Here are software authors who are scared to publish vulnerability details about their own products!
Re:One day... (Score:3, Interesting)
So, when the election comes around in the near future, DON'T VOTE FOR ANYBODY CURRENTLY IN THE CONGRESS!! This is how we as a people communicate our discontent with the actions of our current Congress. Honestly, if we keep voting these same losers into the congress, but dislike the laws they make, then we're weak as a people and deserve to have our freedoms impounded for being complacent. Freedom is a privelage that requires maintenance.
(First order of business, challenge the DMCA)
Re:This is just FUD. No, necessary evil. (Score:5, Interesting)
Don't you know how the U.S. legal system works? Let me explain:
If I spank my kid in public, the DA (District Attorney) will go back to my H.S. classmates and former employers and show that I generally disrespect authority, maybe was a bully, have a short temper, and that the incident was the latest in a string of inhumane behavior and child abuse that dates back at least 10 years.
My defense attorney, will argue that I was never disciplined for any such actions, never in a fight that is on record, and never visited by the local Social Worker (Except for our first child, which came before we were married - and is std procedure). I currently am active in my childrens lives, have defied 'conventional wisdom' by marrying my 'HS swetheart', having a kid before we were married, and staying married 8 years and having 2 more kids. S/He would also pull in a shrink to counter any past 'anger' issues due to the fact that my mom wasn't "all there".
All for what really was a spanking. (No, this didn't happen to me, but WI has tried to jail teen fathers - who try to do the right thing and be a father - for rape. So it's not impossible.)
The DMCA exists because lawmakers were convinced that the economy was going to fall because of piracy and free-flowing information. The only way to combat this in the U.S. is NOT by being rational - it's by meeting and exceeding the original irrational ideas, in an opposite way, that brought this beast into existance in the first place.
DMCA? The begining of the end... (Score:3, Interesting)
By restricting anything which may compromise poorly designed products U. S. will slightly stop any significant research and development, so as americans have to buy Japan electronics, they will have to buy encryption technology from Europe, communications equipment from Israel and software from Eastern Europe and Russia.
More laws will emerge to prevent techology companies moving out, restricting U. S. citizens to work abroad. Canada will have to require visas from americans, because they will seek asylum in there. British and Canadian controls will be set on american international airports to prevent asylum seekers to enter both countries. Amnesty International will be terminated and reopened in Paris.
Military power will be supplied by foreign components and foes will know their weaknesses better than U. S. The more 9/11 will arrive and U. S. will try to respond with military actions. U. N. will become angry about it.
Americans will still fly to space, but only to repair ISS or put in new communication equipment for Japan/Europe corporations. I am really looking forward to Intel HQ and R&D in Europe or Canada, while moving production plants to U. S., rather than Mexico, because of workforce price.
Japan will legally buy Hawaii. Russia with Japan will be complaining about american fishermen overcoming legally agreed quotas on fish in northern Pacific.
Networks of other countries will have the similar border with U. S. like China has with whole world - just because no one using any data tramsmission could not be sure if it will not be attacked by legal (in U. S.) attack at the network.
Why? Because few people wanted to keep high margins on movies...
--
paja
Re:Sound familiar? (Score:1, Interesting)
Judging from the comments, that is fine with me. No C programmer cares if I disagree with them because I know nothing of the C language. At least I refrain from spreading falsehoods based on my own ignorance of C programming.
There conditions are hardly comfortable. You're also "being slow about" giving them any kind of trial or legal representation. Also, as others have pointed out, the US is very keen not to call them POWs as that would give them rights which they are determined not to allow. What I would ask is what kind of noises would be coming out of the US if American citizens were being held in similar conditions, with no trial in a middle east country? They should, very rightly, be outraged.
Try getting their status straight and then realize that we are treating them properly. They are not under arrest, they are combatant detainees. We can hold them as long as hostilities persist. Again, try learning something of this before declairing things "illegal" that are well within the bounds of the Laws of War.
As for "one of the FEW nations that follows the Laws of War and Peace", I'd like to point out that the US has demanded (and unfortunately, gotten) concessions that no US military personnel can be tried for war crimes on UN missions.
Incorrect again. We are not bound by that "International Kangaroo Court", we are still bound by the Laws of War and our military is still bound by the UCMJ (look that up too).
This effectively gives US soldiers carte blanche to rape, pillage and burn in a manner that would make the atrocities in the Balkans seems like a Sunday School picnic with no chance of war crimes charges ever being laid. They may get some kind of court martial or charges laid in the US court or they may not. There would be no recourse for an aggrieved party in the Internation Courts.
Self contradicting while using wholly inaccurate assertions is bad form.
As mentioned above they are covered by the UCMJ. All acts you mentioned are violations under the UCMJ that carry quite severe punishments. We have a history of actually prosecuting our own people under the UCMJ to the fullest extent. The "some kind of court[sic] martial or charges laid in the US court" is, in fact, a US Military court and is not quite the same as a civilian court. Hardly what you state or infer. However, the defendants do get lawyers taken from the same pool as the prosicution. Unless you are against the accused having a right to ADIQUATE counsel then perhaps you can bark up another tree before you join your brothers and sisters in Bali.
The more I hear about the US in recent times, the more I despair about a nation that claims to be the home of Democracy.
Republic.
I have my own rant [riddoch.org] about another such incident, which you're free to read.
I have read quite enough from you. Please excuse me if I skip it.
Re:Sound familiar? (Score:3, Interesting)
"Incorrect Again". Hrm, the BBC disagrees [bbc.co.uk]. "The United Nations Security Council has voted unanimously to exempt US peacekeepers from prosecution by the new war crimes court".
As for the UCMJ, yes, OK, soldiers could be tried under that. However, if an order comes from on high (e.g. a general, or even the president), is a trial really going to happen? I guess the examples of rape & pillage were bad, but what about orders to assassinate someone? Or napalm a village (not that the US has ever done that before...)?
Republic/Democracy? Whatever. The fact is that the US tends to like to believe it's the home of democracy.
Re:uh, GPL? (Score:3, Interesting)
The *patch* is the work of the author and has nothing to do with the code otherwise under the GPL. You're thinking along the MS lines that the GPL is somehow a "virus" that infects your propriatary code. Stop it.
You also seem to be laboring under some sort of misconception that the GPL somehow can confer legality/illegality. It's perfectly possible to write GPLed code under one jurisdiction that may be illegal under another and thus may be freely distributable in, say, the US, but not in, say, China. Or in this case China, but not the US.
The licese has been posted here on
Read it and think about it.
KFG
Re:RH Reasoning (Score:2, Interesting)
The reason that Red Hat is publishing the documentation in that way that it is is because to do otherwise would be to break the copyright on the document. Which would put them in violation of a copyright.
Ironic dontcha think.
In Massachusetss the new law is null and void. So. (Score:3, Interesting)
use a Massachusetts based location ot get it out.
DMCA does not forbid reading/posting by definition (Score:5, Interesting)
Re:how can a changelog be a circumvention device? (Score:2, Interesting)
They are simply trying to make a point: that the DMCA is stupid, and you have to do stupid things to be in compliance with it. By the way, the application of the DMCA in this scenario is not that the changelog is a circumvention device to the Linux kernel. The issue is that Linux can be(and I imagine is) used effectively *AS* a copy protection product, and the information in the changelog could be interpreted as a way of circumventing the protections.
And as far as Red Hat losing respect in the business community: I doubt it. Any business which is enlightened enough to adopt free software at all will already understand the nuances of copyright issues (they will have had to have investigated the GPL and BSD licences), and will not be scared away by this.
You're lucky, we can't vote them out (Score:2, Interesting)
The people of Missouri had enough and decided they would rid themselves of this corrupt political hack once and for all.
Unfortunately for the people of Missouri, the fellow that was running against the incumbant Senator died a month before the election, with no time for the Democrats to nominate another.
The people of Missouri voted the corpse in, and in a landslide no less.
The same election brought a new President, and George W. Bush appointed the ex-Senator Ashcroft to the position of Attorney General.
"Will of the people" my ass. This November I vote straight Libertarian. Meanwhile, you Canadian fellows are lucky, living in a representative democracy instead of a sleazy, plutocratic autarchy.
Re:Sound familiar? (Score:5, Interesting)
Among the prisoners being held in Guantanamo are a dozen Kuwaitis. While some are likely to be bad guys, at least five appear to be there by mistake [ninemsn.com.au], apparently humanitarian workers trying to help with the Afgan refugee problem who got swept up in the dragnet.
Now it's possible that they aren't telling the truth, but they are just sitting there rotting with no chance to make a case, not even to a military tribunal. The scariest quote in the article I link to above is
There are supposed to be two categories of people that can be captured in war: a POW, or an illegal combatant. The former is entitled to the protections of the Geneva Convention, and the latter, as an accused criminal, is entitled to the rights of an accused criminal. Instead, a third category has been invented, or rather, copied from the South American generals of the 1970s: suspected "enemies of the state" who simply disappear.
Re:Ok then, can someone explain (Score:2, Interesting)
Re:HR 2281 (otherwise known as DMCA) details... (Score:4, Interesting)
I found the dates that the DMCA was introduced and what not, and near the bottom it mentions that there was a voice vote. Now if this is the actual vote by the Senate on the bill or not, its hard to say, as I don't understand it much, but I did not see any other links or anything that described a roll call, or any sort of formal vote..
Here [loc.gov] is where I was looking at.
Re:Missing the point? (Score:2, Interesting)
Which exactly contradicts the type of reasoning that restricted export of 128 bit encryption to the potential enemies of the US (like the UK, we know those evil bastards were up to no good with that tecnology - joke).
You can't improve security without the ability to disclose fully potential vulnerabilities, openly and without fear of reprisal from a government too technically ignorant to understand what they just passed as law.
Good one US congress...
Disgusting (Score:1, Interesting)
Re:Sound familiar? (Score:3, Interesting)
It also seems that you're advocating "guilty until proven innocent" and *no* right for the accused to face a court of law.
Exactly what country do you think you're from anyway?
Re:I'd comment, but (Score:5, Interesting)
The DMCA made it illegal to discuss techniques that allowed users to bypass digital security, and because of the broad wording of the bill, it may be illegal to discuss such vulnerabilities at all. In this case, it is not because the author in question says you can't read the description of the problem; the DMCA says that he can't tell you what the problem is because you might then use that information to bypass security restrictions.
Re:Security holes have NOTHING to do with the DMCA (Score:3, Interesting)
Consider the following:
Assume Microsoft Palladium has shipped.
Assume a major remote exploit bug/hole allowing one to bypass the "trusted computing environment" is discovered in this new OS.
Assume the steps required to reproduce the bug allow one to bypass the DRM built into the OS.
If you posted either an exploit or a description of the bug you could be charged with violating the anti-circumvention section of the DMCA.
Now assume someone has a "trusted computing" patch for linux that uses digital signatures for security. Remember this can also be used for DRM.
Bug allowing trusted computing subsystem to be bypassed is found.
Someone posts patch for this bug, by it's very nature the patch contains enough information to exploit the hole.
This also would be violating the anti-circumvention provisions of the DMCA.
If you think perhaps this is an overly broad reading of the law and nobody would really ever be prosecuted for violating the DMCA in this way. Remember DAs who have decided a perp is evil and must be guilty of something will find something to nail you on. Usually a law with overly broad language that was aimed at an entirely different problem. Some favorites are RICO, federal wire-fraud statutes, tax evasion, anti-conspiracy statues, computer crime laws, and coming soon to a courtroom near you the DMCA.
Clarifications (Score:2, Interesting)
It is not the author of the information that needs to use the tool to gain unauthorized access to a copyrighted work. Do you think they had to prove that Dmitry Sklyarov accessed copyrighted information through the use of the tool he helped create? No. Did they prove that 2600 used DeCSS at all? No.
If it is possible that someone else could use the information you publish or the tools you create to gain unauthorized access to a copyrighted work, you are in potential danger of prosecution. Yes, prosecution is not guaranteed, and in this case it seems remote, but why should anyone have to take that risk? These people chose not to take that risk and used the opportunity to point out one absurdity of US law.
The statement that security information cannot be interpreted as a means of circumvention is more than a bit naive. 2600 posted a link to software that someone else had written that someone else could have possibly used to gain unauthorized access to content on a DVD they purchased. They got sued under the DMCA, and it was a strong enough case to win. Describing a security flaw in order to justify the necessity of an associated patch is also nearly identical to the talk Dmitry gave that landed him in prison.
Comparing DeCSS to this situation is tricky. In the DeCSS case, source code was ruled to not be speech. The source code to DeCSS was deemed to be useful for circumventing CSS in order to gain access to a copyrighted work. English descriptions of the code were not useful for circumventing CSS, though they could arguably be used to achieve the same result.
With detailed security information and the associated patch, we can draw a parallel to DeCSS source and the English descriptions, respectively. Though this seems counter-intuitive, this correlation represents the risk that is being avoided in this situation. The patch itself fixes a security vulnerability and is not useful for gaining access to a copyrighted work. So, even though it is code like DeCSS, the primary purpose of each contrast sharply. However, whereas descriptions of DeCSS were much less useful for gaining access to a copyrighted work, descriptions of a security patch are much more useful than the patch itself.
So, for software intended to break security, one could argue that the tool is more useful than descriptions of it to achieve that goal. For software intended to patch security, however, it is quite the opposite. The description of the tool is what can potentially be used to break security, thus this is the piece shielded from American eyes.
has anyone asked the obvious question (Score:2, Interesting)
Re:I'd comment, but (Score:3, Interesting)
I would think that the Skylarov case would be the ultimate example of what is wrong with the DMCA and the DOJ in general. Adobe did everyone (except Skylarov himself) a huge favor by starting this mess. Forget about hypotheticals, drop the "this could become illegal"s. We've got a case that shows just how wrong this law is.
Refusing to grant a visa is the best way the feds have to avoid committing an atrocity here. He'll be convicted in absentia, but they'll never ask for extradition- you can't request extradition for someone that you denied entry to.
Washington gets their conviction without actually having to jail him- just some bureaucratic snafu over at State, you know. The DMCA is validated (?) by the conviction. Washington is spared the embarassment of jailing him, and we still have this travesty to point to.
Everyone wins except Skylarov, and he gets to stop losing. The State Dept. turned him down for a visa, and he doesn't have to apply for another. He can't come to the US again, but I'd imagine he isn't so hot on that idea anyway.
Re:Oh no... (Score:1, Interesting)
I would definitely play it, even just as a form of political protest.
Re:No! Read the DMCA! (Score:3, Interesting)
I'm claiming that this scenario would surely require more than just a misunderstanding of technology, but also a serious misunderstanding of the DMCA.
In any case, the fact that technology is misunderstood in the courts is all the more reason to avoid being alarmist and confusing in how we (as people who DO understand technology) portray the DMCA. Do you think it helps anyone's understanding of technology for Cox to be claiming that sercurity holes have something to do technological measures for controlling access to copyrighted works?