Follow Slashdot stories on Twitter


Forgot your password?
Censorship Your Rights Online

DMCA Forces Cox To Censor Changelog? 573

Ross Vandegrift writes: "Alan Cox released 2.2.20pre10 today, which includes security fixes. He is refusing to indicate what security holes have been fixed, as Unix-style permissions could be used as an anti-circumvention device. The thread starts here. " It'd be great if people could read the threads here and try to figure out what is going on. I'm a little lost, but it looks like he's being overzealous.
This discussion has been archived. No new comments can be posted.

DMCA Forces Cox To Censor Changelog?

Comments Filter:
  • by jlv ( 5619 ) on Monday October 22, 2001 @01:21PM (#2460604)
    Here's his key points in the thread (and the points that he was responding to)
    > > 2.2.20pre11

    > > o Security fixes
    > > | Details censored in accordance with the US DMCA
    > Care to elaborate?

    On a list that reaches US citizens - no. File permissions and userids may
    constitute and be used for rights management.

    > Are you saying that we can't divulge security problems in our own software
    > anymore for fear of being sued by affected parties?

    Not even affected parties - the government can do it too without anyone else
    and indeed even if their are contractual agreements between parties
    permitting the data to be released..

    I hope to have the security stuff up on a non US citizen accessible site in
    time for 2.2.20 final

    > Putting pressure on US people to have them influence their
    > legislation? Aka. every people have the rulers they deserve? Won't work
    > out.

    "Until they become conscious they will never rebel, and until after
    they have rebelled they cannot become conscious."

    > Seriously, are you kidding?

    The current interpretation of the DMCA is as lunatic as it sounds. With luck
    the Sklyarov case will see that overturned on constitutional grounds. Until
    then US citizens will have to guess about security issues.

    > This would then presumably lead to password protected access for US kernel
    > developers that need to know? And some kind of NDA?

    US kernel developers cannot be told. Period.

    > 'IANAL', and neither are you, are you sure this sillyness is necessary?

    Its based directly on legal opinion.

    I stopped reading at this point.
  • by Anonymous Coward on Monday October 22, 2001 @01:37PM (#2460716)
  • More here... (Score:2, Informative)

    by Anonymous Coward on Monday October 22, 2001 @02:02PM (#2460843)

    More info linked from here []...

    Includes links to more DMCA info, and some of Alan's thoughts on the matter

    Alan Cox [] being a major figure in the Linux world. He maintains the 2.2 stable series, as well as a 2.4.x-ac stable series. When Linus Torvalds moves on to the 2.5 Linux development series (soon), Alan will be fully in charge of the current stable 2.4 series.

  • by Mr Z ( 6791 ) on Monday October 22, 2001 @02:03PM (#2460854) Homepage Journal

    And if you read the thread, you'll see that Alan Cox's assertion is that UNIX-style permissions can be used for digital rights managment purposes. That is, they can be used as an access control to protect copyrighted works that are covered under the DMCA. Therefore, disclosing a security vulnerability which can subvert UNIX-style permissions is equivalent to describing how to circumvent an access-control device as described under the DMCA.

    I would guess that the specific DMCA clause that Alan's affected by is this one:

    • (2) No person shall manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof, that--

      • (A) is primarily designed or produced for the purpose of circumventing a technological measure that effectively controls access to a work protected under this title;

        (B) has only limited commercially significant purpose or use other than to circumvent a technological measure that effectively controls access to a work protected under this title; or

        (C) is marketed by that person or another acting in concert with that person with that person's knowledge for use in circumventing a technological measure that effectively controls access to a work protected under this title.

    It would seem Alan's conjecture is that describing a specific vulnerability in the Linux kernel that allows subverting some aspect of Linux's permission structure (which can be used as an access control device to a protected work) constitutes "traffic[king] in any technology [...] or part thereof" that would allow someone to circumvent the access control. Under the current interpretation of the law (re: Skylarov), detailing a security weakness in a product seems to (a) constitute such trafficking, and (b) seems to fit one of the three clauses 2(A), 2(B), or 2(C) above. (Notice they're connected by an 'or', so it's is necessary to fit only one of the three to be in violation of DMCA. I'm guessing the kernel information would fit 2(A).)

    I'm so proud to be an American, where at least I know I'm free[*]. :-P


    [*] For a suitably narrow definition of free.

  • by Simon Brooke ( 45012 ) <> on Monday October 22, 2001 @02:12PM (#2460915) Homepage Journal
    I don't think he's joking at all. I think he's dead serious, and I think he's absolutely right to be. European programmers can no longer travel to the United States without risking being arrested for doing things which are perfectly legal where they did them (and in 95% of the rest of the world). Until you guys get this sorted, you have to face up to the fact that the rest of us can't safely share stuff with you.
  • Re:Redhat lawyers (Score:3, Informative)

    by Dimensio ( 311070 ) <darkstar.iglou@com> on Monday October 22, 2001 @02:21PM (#2460970)
    No, it was correctly identified as Ex Post Facto. Statute of Limitations refers to the amount of time that may pass between the comission of a crime and the prosecution, however the law must have been in place at the time of the "incident" or no prosecution can take place.

    I'm not sure how trying to retroactively remove the statute of limitations and retroactively declaring computer crimes as acts of terrorism will fly with the courts -- it could be argued that Ex Post Facto protects people from being branded as terrorists because their actions were not legally "acts of terrorism" when they occured. Not that Ashcroft seems to care about the Constitution one way or the other right now.
  • by Anonymous Coward on Monday October 22, 2001 @02:25PM (#2460996)
    No -- The U.S. IS NOT a democracy -- sorry to tell you this, the U.S. is a Constitutional Republic -- fine line? Nope -- when was the last time you (if you are in america) voted on a specific federal issue?

    You havn't -- you elected a representative. Hence, the US is a republic.

    That said, a lot of this stuff could end quickly --- vote libertarian.
  • by garett_spencley ( 193892 ) on Monday October 22, 2001 @02:58PM (#2461173) Journal
    Indeed, the US outlawing something is one thing. That's their business, if it turns out to hurt them too much they can always revert the law. It's a democratic country, isn't it ?

    'Fraid not. The U.S is not a democracy. It's a Republic. And it's very rapidly turning into a Corporate Republic.

    Voting and all this democracy talk is just masturbation. If people's votes actually mattered then you'd have much higher voter turnouts. If you could actually vote for your party instead of an "electoral college" then maybe you'd be closer to democracy as well.

    And the most important distinction between a republic and a democracy is that you can't vote on laws and bills. Only the government can. In a true democracy 51% of the public can piss on the other 49%. But in the U.S the government pisses on everyone.

  • by haplo21112 ( 184264 ) <haplo@epi t h n a .com> on Monday October 22, 2001 @03:25PM (#2461423) Homepage
    1. I vote in Every single election
    2. I realize that despite what has occured this is still by far one of the better places to live.
    3. I shouldn't have to hire a lawyer to fight my own govenments stupidity, I am a poor working guy with barely enough money to keep the heat on in the winter at times. I it shouldn't take $$$ to change laws, it should take desire. I have tons of that and write letters to congressman till my fingers ache, and get replys that basically add up too "Thats the way it is and I am not gonna do anything about it, sorry but thanks for your thoughts" I have one from MA-Sentor John Kerry, I can transcribe it if you would really like.
    4. For what its worth monitoring the populous for doing stupid illegal things doesn't even bother me, as I do my best to act within the law. Our representivies passing laws that the people never get a say in, or are many times not even aware are happening, annoys me!
  • Cox or Theo... (Score:1, Informative)

    by Anonymous Coward on Monday October 22, 2001 @06:01PM (#2462560)
    Cox of Theo...
    Cox of Theo...
    Cox of Theo...

    I'll take Theo. At least his decisions are pragmatic at worst, logical at best, and always in the better interest of OpenBSD.

    Alan Cox needs to take a chill pill, as posting security fixes for Linux is a far cry from reverse-engineering a secure document format, with the intention of redistribution of said 'secure-document-buster'...

    anyways... Uh huh, you know it is... []
  • by Anonymous Coward on Monday October 22, 2001 @08:03PM (#2463139)
    In a true democracy 51% of the public can piss on the other 49%.

    Er, no. That's what the doctrine of separation of powers is about; the will of the majority should prevail in most cases but if that is at the expense of a minority that minority's rights can be defended by appeals to the judiciary. It's the rule of law. What you're talking about is mob rule, not democracy.

    Of course in practice, as someone once put it, "you don't buy justice, you rent it..."
  • by benjamindees ( 441808 ) on Tuesday October 23, 2001 @12:35AM (#2464276) Homepage
    There are several important legal issues to be aware of in this case:

    One, the distinction between Civil and Criminal law, and

    Two, the distinction between Statutory and Common law, and

    Three, the distinction between Federal and State law.

    As most people haven't the foggiest idea what the first four terms mean, and as most Political Scientists and Lawyers exist solely to explain the requirements of a Soverign's wishes upon his subjects, these terms have become muddled into a duality in which Statutory and Criminal are almost synonymous and Civil and Common are equally synonymous. This is extremely confusing, as the terms have almost nothing to do with each other.

    Why has this happened? In the Constitution, the United States was created as a government with sole jurisdiction over specific areas, and limited jurisdiction over acts committed between and among the several States. This meant that the Federal government was not given free reign to create laws that prohibit acts solely within a State or that do not fall under the categories of Interstate Commerce, Treason, etc., as in a Democracy.

    What do the terms actually mean? I have almost no idea. Well, I have some idea. I'll try to explain. Statutory refers to laws that are formally codified and obeyed by a loose prior agreement, as opposed to Common law, in which laws are not written, but understood, and everyone is held subject to them, such as the Golden Rule or the Ten Commandments. It is generally accepted that Statutory laws are in most ways superior to Common laws, although this may not be the case. Civil laws are similar to Statutory laws in that they are predicated upon some form of prior agreement to be enforced, specifically the formation of a Corporation for the means of conducting commerce. Civil law is like a club in which your business can join, or not, and it gets certain benefits, but it is expected to play by the rules. Criminal laws are not predicated upon prior agreement, but upon the commission of some overt act, thereby violating the public sphere and affecting others (presumably in a negatory fashion).

    Whereas, States can create both Civil and Criminal laws in Statutory and Common form, the US was limited to creating Statutory laws only that were either 1) Criminal or Civil within areas of sole jurisdiction, or 2) Civil only (commercial) between and among the several states, or 3) Criminal in very limited scope within the states, with treason almost necessitating commiting acts within the sole jurisdiction of the US.

    The fact is that this law is a Federal Civil Statute, because the Federal government is not granted jurisdiction to make Criminal Statutes, except in places of its sole jurisdiction (eg. D.C., ports, forts, etc.). A hundred years ago, this would have meant that said Statute is not enforcable against a person unless he is:

    1) engaged in interstate commerce, commerce NOT being defined as anything that crosses State lines. Commerce very simply requires the passing of goods or services from one place to another in exchange for other goods and services, or money; hence the Civil requirement.


    2) a Citizen of the United States, not to be confused with a citizen or resident of any of the several States; hence the Statutory requirement.

    Whoever said that an individual would not be targeted by this law is technically correct, yet with the loose language and obvious misunderstanding of their charge by our lawmakers, the Statute seems to affect everyone.

    A Corporation, however, is not an individual. It is quite the opposite. It does not retain rights from the government, in fact it's entire existence is dependent upon the government, State or Federal. Thus, Corporations are the true subjects of Civil law. Yet the Federal government still does not gain jurisdiction until the actions in question cross state lines. Intrastate commerce is still the sole jurisdiction of the States.

    This is the sad effect of 70 years of liberal democracy. People (lawmakers, even) think the United States is a Democracy. People think the Interstate Commerce Clause grants the United States free reign over citizens of the States of the Union. People think they are subject to Federal laws because they buy a Twinkie at the local 7-11 that came from outside their State. Judges and lawmakers also seem to think that a person giving something away (not really even something, but speech: data) for free is commerce, simply because it could maybe be worth something to someone. Napster was the beginning of the end.
  • by Tom ( 822 ) on Tuesday October 23, 2001 @06:33AM (#2464918) Homepage Journal
    He's absolutely, definitely *not* joking.

    I'm the "german guy" Rik mentioned in one of the replies (for those who read the mail exchange), and I had to pass on a speaker opportunity (read: serious money plus possible benefits such as building contacts in a multi-billion industry) for fear of becoming a 2nd Slyarov.

    This is real. DMCA is real, and the DeCSS trial has been costing me real money and time.

e-credibility: the non-guaranteeable likelihood that the electronic data you're seeing is genuine rather than somebody's made-up crap. - Karl Lehenbauer