Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
Censorship Your Rights Online

DMCA Forces Cox To Censor Changelog? 573

Ross Vandegrift writes: "Alan Cox released 2.2.20pre10 today, which includes security fixes. He is refusing to indicate what security holes have been fixed, as Unix-style permissions could be used as an anti-circumvention device. The thread starts here. " It'd be great if people could read the threads here and try to figure out what is going on. I'm a little lost, but it looks like he's being overzealous.
This discussion has been archived. No new comments can be posted.

DMCA Forces Cox To Censor Changelog?

Comments Filter:
  • by fobbman ( 131816 ) on Monday October 22, 2001 @01:20PM (#2460595) Homepage
    Or maybe considering his past comments on not wanting to come to America anymore due to DMCA fears, he's just doing it to spark more debate. You know, get all the /. folks up in arms about the DMCA again and how it's keeping free information from being free. That'd be my guess, but YMMV.

  • by Phantasmagoria ( 1595 ) <> on Monday October 22, 2001 @01:25PM (#2460632)
    People. He's just using this humorous approach to show us how ridiculous the DMCA can be.
  • by eAndroid ( 71215 ) on Monday October 22, 2001 @01:27PM (#2460652) Homepage
    We can't bomb the RIAA et al so we'll have to resort to other methods of getting attention to have the DMCA reviewed. We could write letters until we are blue in the face but that isn't working.

    I'm not sure if Alan's actions will get the attention it needs but it is certainly a step in the right direction.
  • by guru_steve ( 205501 ) on Monday October 22, 2001 @01:31PM (#2460672)
    Correct me if i'm wrong, but doesn't the DMCA only apply in cases of devices meant to enforce copyright protection?
  • by Rik van Riel ( 4968 ) on Monday October 22, 2001 @01:32PM (#2460680) Homepage
    Indeed, the US outlawing something is one thing. That's their business, if it turns out to hurt them too much they can always revert the law. It's a democratic country, isn't it ?

    OTOH, the US outlawing something shouldn't mean that all these good things are suddenly no longer available to the rest of the world. We need a place to publish the things which are outlawed in the US, without getting prosecuted for publishing these things to the US.

    Such a site has been started (well, not quite, but we're busy getting it up and running) and we hope there will soon be a place to publish crypto research, security information and other useful tools which are not allowed in the US. The only small gotcha is that in order to publish it legally, some kind of access controll will have to be put in place so US citizens cannot get at the archive. Unfortunate, but so be it.

    The site? []

  • by alman ( 86957 ) on Monday October 22, 2001 @01:34PM (#2460690) Homepage
    What you seem to be forgetting is that the way the DMCA is written, they can *legally* go after him. The fact that they don't choose to is from my opinion just a matter of time.
  • by gorilla ( 36491 ) on Monday October 22, 2001 @01:34PM (#2460692)
    Is Dmitri not a legitimate programmer? I think he is. Dmtitri writes programs which are legal in his country. He has never written a program in the US which violates US law. What other test of legitimate is there?
  • by Kaa ( 21510 ) on Monday October 22, 2001 @01:34PM (#2460695) Homepage

    Alan needs to realize that, although the DMCA does have important and evil implications for the freedom to code and speak in the U.S., it would not be used against a legitimate programmer such as himself. The people who have been targeted by the DMCA have been crackers: people who defeat lame encryption schemes and distribute point-and-click software that allows the masses to pirate. Although I fully support 2600 and Dmitri in their efforts (I have been a security engineer and I appreciate the truly talented invididuals in the field), DeCSS and the PDF utility are simply not in the same class as the Linux kernel and the other software Cox has worked on. He is simply a non-target and he needs to stop pretending that the DMCA affects him.

    First they came for the Communists,
    and I didn't speak up,
    because I wasn't a Communist.
    Then they came for the Jews,
    and I didn't speak up,
    because I wasn't a Jew.
    Then they came for the Catholics,
    and I didn't speak up,
    because I was a Protestant.
    Then they came for me,
    and by that time there was no one
    left to speak up for me.

    by Rev. Martin Niemoller, 1945

  • by antientropic ( 447787 ) on Monday October 22, 2001 @01:34PM (#2460698)

    it would not be used against a legitimate programmer such as himself

    While it is unlikely that Alan would be arrested for fixing security bugs in the Linux kernel, he is quite right in saying that under the letter of the law, he might be. Even if you merely can be arrested for such an activity, then the DMCA is a bad law and must be repealed, or at least modified very substantially. So Alan should be applauded for taking a stand, even if (or exactly because!) that inconveniences some people temporarily.

  • by larien ( 5608 ) on Monday October 22, 2001 @01:38PM (#2460719) Homepage Journal
    You gotta love the irony of a site being called "The free world" excluding US, the so-called "land of the free".

    As Bill Hicks said, "You are free... to do as we tell you". Right now, it seems that US "freedom" means the freedom to bribe (sorry, to fund...) senators et al to get your pet bills passed.

  • by zericm ( 21972 ) on Monday October 22, 2001 @01:52PM (#2460767) Homepage Journal
    Won't happen. From my experience, most of the folks on Slashdot tend to have a Libratarian slant to their polictics: no unions, business is good, goverment bad. That sort of thing.

    The problem is that most of the real world allies for a DMCA fight tend to be progressive in politics, with the ACLU being the most obvious example.
  • Civil Obedience (Score:5, Insightful)

    by Per Abrahamsen ( 1397 ) on Monday October 22, 2001 @01:57PM (#2460795) Homepage
    Imagine a law so stupid that civil obedience becomes an efficient way to fighting it...
  • by TheCarp ( 96830 ) <> on Monday October 22, 2001 @02:08PM (#2460889) Homepage
    I would half agree....

    I see alot of both libertarian and socialist slants actually. (which are very similar on some fronts - moreso than they want to admit - and vastly different on others)

    Who else here remembers when /. had statments from a bunch of the presidential candidates during the last election?

    I dunno about anyone else, but I found myself agreeing about as often and as strongly with the peice by the socialist party candidate as the libertarian one. (and very seldom with others).

    In fact on unions, buisness, and government, It seems there are alot of polar views here and few middle of the road ones.

  • by CmdrTroll ( 412504 ) on Monday October 22, 2001 @02:11PM (#2460907) Homepage
    Then I guess the moral of the story is, "don't live in America." Think about it:

    • You can be stopped, searched, and arrested [] anytime you're in public if a police officer doesn't like the way you look. If you're lucky, your case will get thrown out or the cop will be nice. Cops have the right to tear your car apart looking for drugs, and not pay for damage if they don't find any.
    • Civil forfeiture [] means that if you break any of the millions of anal, petty laws in the U.S., you can lose your house, your car, or any other property you own. Watch the first 20 minutes of Traffic to see how it works.
    • Software and media piracy can land you in prison for five years and subject you to up to $250,000 in fines, per violation. (Naturally this bill was signed by our Democratic friend, Bill Clinton). It's a steep penalty for something so trivial.
    • "Disorderly conduct" is a catch-all crime which can be used to arrest people for a reason of the officer's choosing. Ask any minority about it and you're certain to hear a few stories.
    • Many forms of sexual activity (such as oral or anal sex) are banned in several states. Most people in the country (besides the Slashdot crowd) are guilty of one or more of these offenses.
    • It is widely known that most powerful politicians can trigger an IRS audit on their political enemies.
    • The ATA has made it legal for authorities to detain foreign nationals indefinitely, without presenting evidence of a crime or making a formal arrest.

    The DMCA is only one of the many laws which make the USA into a police state. AC's intentions are good but he's got a lot more battles in front of him before the U.S. can be considered safe from authority abuse.


  • by the_2nd_coming ( 444906 ) on Monday October 22, 2001 @02:15PM (#2460936) Homepage
    alan needs to take a man's stand and publish the logs....Matin Luther King jr did this sort of thing.....Alan needs to do this sort of thing....if he gets arrested how can the DA deamonise him to the jury?

    DA: " He released information that broke the DMCA while trying to keep the Linux kernel secure!!!"

    defence:" the nature of OSS is to show all changes. the linux kernel does not contain any copyprotected material, however, because of a baddly writen law, making the operating system secure from intruders is now illegal....does that seem right?"
  • by rknop ( 240417 ) on Monday October 22, 2001 @02:18PM (#2460955) Homepage

    On a list that reaches US citizens - no. File permissions and userids may constitute and be used for rights management.

    By that theory, telling somebody how to set the root password on their Linux machine constitutes trafficking in circumvention technology.

    There are two conclusions from this. One, Alan is being stupid and overzealous, even if he did find a lawyer who told him that posting information about the security fixes could violate the DMCA. Two, the DMCA is a stupid and ridiculous law, and the full level of its stupidity (and the stupidity of our lawmakers and law enforcers) is being demostrated by the DeCSS, Felton, and Sklyarov cases. I am embarassed to be a citizen of a country that has such a law (although it will take the SSSCA to force me to flee the country as a political defector, the DMCA isn't enough to push me that far).

    The DMCA has got to go, but I fear I see no way in the world that we'll ever be able to get rid of it short of it being declared unconstitutional, or short of extreme campaign finance reform that remakes Congress into representatives of their constituents.


  • by pubjames ( 468013 ) on Monday October 22, 2001 @02:20PM (#2460962)

    Firstly, he's a Brit. They have a sense of humour which is sometimes very subtle and is usually based on 'irony' (as in the saying something different to what you mean, rather than the more American 'Alanis Morissette' use of the word). Some Americans take ironic statements at face value, as is often seen on Slashdot.

    Secondly, he's a clever guy. He's being stubborn about this to make a point. If he wasn't stubborn about it, the point wouldn't be made. He is acting correctly according to an unjust law to highlight the danger of it.

    He is not being 'dumb' or deliberately annoying, he's highlighting the potential effects of a worrying development in the American legal which could have significant negative impact on all Open Source software developers.
  • by Anonymous Coward on Monday October 22, 2001 @02:21PM (#2460966)
    Does this mean that soon the source code to the linux kernel will not be available in the united states? From what Ive observed, the main argument in the DeCSS case was that source code itself is a form of communication among programmers and is protected under the first ammendment. Can I not just find out what changes were made, and figure out what the vulnerability was by reading the source code?

    Would that make diff and vi circumvention devices?

    I do beleive that Alan is being overzealous, but do agree that *something* must be done about this and quickly. Unfortunately, I am not in a position of to do much more than wear a Free Dimitry T-shirt. IMHO what Alan has done is illogical. Perhaps the better thing to do would be to cut the US from the linux source code all together.

    Now THAT would raise a stink.
  • by haplo21112 ( 184264 ) <[moc.anhtipe] [ta] [olpah]> on Monday October 22, 2001 @02:32PM (#2461037) Homepage
    I used to be proud to be a Citizen of US. But it seems everyday that the "land of the Free" becomes a little less free. This is beginning to reach insane proportions. Everyday we seem to pass more and more laws that are seemingly(to me anyway) directly in conflict with Our Constitution. Our politicans don't listen to us anymore. I am disgusted...and much so i can't even think of words to express my rage at what is being done to this great nation. Our laws were ment to protect our citizens, and ensure the right to "life, liberty and the persuit of happiness" I feel as if I have none of these lately.

    --"The refuses to bend, he refuses to fall, he's always at home with his back to the wall" --Bill Joel- Angry Young Man.
  • by monkeydo ( 173558 ) on Monday October 22, 2001 @02:35PM (#2461062) Homepage
    You aren't comparing the Skylarov case to the Betamax case are you, because if you are that's stupid.

    digital copying != analog copying
    copying != timeshifting
    Betamax did not break any encrytion and there was no DMCA at the time.

    In the Betamx case the decision reflected the fact that "timeshifting" is not a violation, and VCR's have substantial non-infringing uses. The decision did not give VCR owners permission to start copying copyrighted works.

    Dimitry wrote and sold software that was designed to violate copyrights. Even without the DMCA the ebooks license specifies you may not make copies and contrary to Slashlore there is no indescriminant "Fair Use Right" that allows this behavior. Had Sony marketed the Betamax as a method of illegal copying protected material they likely would have lost their case as well.

  • by ichimunki ( 194887 ) on Monday October 22, 2001 @02:36PM (#2461069)
    The difference between a Socialist Linux Zealot and a Libertarian Linux Zealot is this: the SLZ would nationalize Microsoft and open their source code for all to use-- and hopefully port the valuable pieces to Linux (eliminates all competition), the LLZ blames the consumers who refuse to make intelligent use of their free markets and figures that if they get screwed by MS on an ongoing basis that they deserve it. And it's hard not to agree with both of them. *grin*
  • by Cardhore ( 216574 ) on Monday October 22, 2001 @02:36PM (#2461073) Homepage Journal
    Basically, the DMCA is terrorism.
  • Work to Rule (Score:2, Insightful)

    by Wesley Everest ( 446824 ) on Monday October 22, 2001 @02:54PM (#2461146)
    Actually, this is an example of Work to Rule []. It's a tactic often used in the workplace to win against a boss. Unionized workers often use the strategy when laws or contracts forbid strikes and other activities, but even non-unionized workers often use it to effectively protest (and eliminate) ridiculous rules.

    While this current example won't take down the DMCA, the idea is that the DMCA will hurt U.S. corporations in the long run. Specifically, it will hurt the vast majority of corporations that don't get any benefits from the DMCA. We can only hope that these corporations give bigger bribes than the record and movie corporations.
  • by cluge ( 114877 ) on Monday October 22, 2001 @03:02PM (#2461201) Homepage
    You can go live in the UK and get your nice unhappy face photographed a thousand times a day. You could go live in the UK where certain books are banned because ??(Add inane reason here). You can go live in the UK where the ability to protect yourself with a firearm has been taken away by the good Government.

    Every country (and I've been to quite a few) has limitations on peoples freedom somehow. As a modern society we are fast approaching big brother if we aren't careful (UK has had big brother for a while hasn't it?).

    Instead of being "Disgusted" perhaps you should pay an attorney to help "wage the war". You know we still have the ability to change the law and it has yet to be constitutionally tested. With all the "open source" companies out there I'm suprised there hasn't been a class action lawsuit for damages to the "open source product" caused by the RIAA.

    Oh yeah, and next time there is an election, vote.

  • by VivianC ( 206472 ) <> on Monday October 22, 2001 @03:28PM (#2461449) Homepage Journal
    I would have to disagree that he is "letting them win." This appears to be one step of a brilliant plan to get the DMCA thrown out. This change-log can now be introduced in court as an example of the DMCA "chilling" free speech. The EFF should be collecting huge piles of examples to introduce as exhibits in DMCA cases.

    Now another good step would be to find an employee of a large company (Microsoft would be nice) who writes about a bug or exploit in their company's product and have them arrested for publishing a circumvention device. Anyone wanna go through the XP Beta groups and try to find an exploit that wasn't fixed and was discovered by a Microsoft employee? If Microsoft or any major company turns their money and legal teams against this law, it will fall faster than a dot com stock.

    Simply, real examples of the "chilling effect" need to be documented for the Dimitry trial and other trials that will happen. These will go much further in getting the law overturned than messages to our Congressmen.
  • by rew ( 6140 ) <> on Monday October 22, 2001 @03:33PM (#2461490) Homepage
    I'm a little lost, but it looks like he's being overzealous.

    I don't think so. Alan is trying to prove a point. That point being: The US is being rediculous with that DMCA.

    There WAS a bug, there is no longer. Publishing the bug means you're providing people with a "circumvention device" (on the older kernels). The DMCA forbids that.

    Alan is being rediculous with a purpose. The more people realize that this DMCA is rediculous the more they will be inclined to complain to their senators or whatever means those Americans have to influence their politicians.

  • What was said:

    DA: " He released information that broke the DMCA while trying to keep the Linux kernel secure!!!"

    defence:" the nature of OSS is to show all changes. the linux kernel does not contain any copyprotected material, however, because of a baddly writen law, making the operating system secure from intruders is now illegal....does that seem right?"

    What the jury understands:

    DA: This foreign computer programer told other programers how to break into computer systems.

    Slashdot Defense: Blah blah non-American blah blah hacker blah blah bad government blah blah fix computer blah blah.

    Jury: The defense made no sense. He must be guilty!

  • by rew ( 6140 ) <> on Monday October 22, 2001 @04:15PM (#2461907) Homepage
    And the REST of the world must suffer because some american law (which has no jurisdiction OUTSIDE america) exists?

    Normal countries state somewhere in their laws that their laws don't apply outside their borders. Somehow the USA is different.

    We KNOW that they arrested that russian guy because he did something (violate DMCA) outside the American borders.

    If the Americans are desparate enough, they'll come and get you, jurisdiction or not. Otherwise they might let it rest until you set foot on their soil.

    Now tell me again, that Alan need not be afraid of American law.

  • The reasons (Score:2, Insightful)

    by Godeke ( 32895 ) on Monday October 22, 2001 @04:20PM (#2461954)

    Thinking this through, the DMCA says that you may not publish information that leads to the circumvention of any content security device. Cox has decided that file permissions constitute a content security device (which they do, but normally in a difference sense than the DMCA is applied).

    To be honest, going by the letter of the law, this makes some sense. By publishing the flaw's details, earlier kernals are open to exploitation via the flaws, thus unsecuring the content currently protected by the file permissions.

    Stupid, yes - but a realistic reading of the letter of the law, if not the intent. But then when did intent matter in law?

  • by mpe ( 36238 ) on Monday October 22, 2001 @05:14PM (#2462284)
    sorry to tell you this, the U.S. is a Constitutional Republic

    How much of the US constitution needs to have been voided before that bit goes?
  • by Anonymous Coward on Monday October 22, 2001 @05:24PM (#2462347)
    Red Hat has perhaps more to lose from too-stringent definitions of the DMCA, or from the enactment of the SSSCA, than any other corporate entity in the United States.

    Alan notes that he is acting on legal advice, and does not elaborate.

    Perhaps it stands to reason that this is not merely Alan's radical position, but a tool that will aid an incipient Red Hat fight against the DMCA/SSSCA.

    If Red Hat wants to fight the DMCA, they must first be able to reasonably claim that the DMCA makes it prohibitively difficult for them to do business.

    Think about it. It'll come to you.

    --ever wonder why anonymous cowards post anonymously?
  • unclean hands (Score:2, Insightful)

    by renehollan ( 138013 ) <> on Monday October 22, 2001 @05:25PM (#2462353) Homepage Journal
    Perhaps, but you can't use the law as a shield when you have done something illegal, i.e. "an exploit". You are said to have "unclean hands", and can not seek redress from the courts.

    For example, if I enter into a contract to, oh, sell you illicit drugs, and I provide the drugs, and you don't pay, I can not seek redress from the courts. In this case, if someone produced code designed to harm or otherwise compromise a computer system, I seriously doubt they could cry "copyright infringement" if someone explained how to render such an exploit ineffective.

    Though, given the bizarre and insane state of current U.S. legislation, I would still be wary of such a silly charge sticking.

    Of course I am not a lawyer, so don't take this as legal advice.

  • by mpe ( 36238 ) on Monday October 22, 2001 @05:56PM (#2462531)
    And the REST of the world must suffer because some american law (which has no jurisdiction OUTSIDE america) exists?

    They harrassed an Norwegian, kidnapped a Russian over this law. A good reason for the rest of the world to take notice...
  • There's more to it (Score:3, Insightful)

    by gotan ( 60103 ) on Monday October 22, 2001 @09:16PM (#2463639) Homepage
    He not only tries to make a point, but he has valid reasons for fearing to be dragged into an US court. Maybe it wouldn't make much sense for the US to sue him, nevertheless he is avoiding to act against the letter of US-law, and that is what is held against you when you end up in court: Neither your intentions, nor the intentions of the law, but the letter of the law.

    If any of the patches or future patches even touch the handling of DVD-Players, or future FUCK-ware (Futile Unnecessary Control Keping Hard/Software) he'd better present, what US-lawyers consider a clean west to avoid being dragged through courts until hell freezes over because some corporation is then likely to use the DMCA as a lever and make a public example of him.

    Since Skylarov this law has become a very real threat to non-US-citizens.
  • by gotan ( 60103 ) on Monday October 22, 2001 @09:27PM (#2463703) Homepage
    Security lists should be even more aware of DMCA legislation. When dealing with US-based businesses security experts should demand an outside US contact-address to send the report to, as well as a document stating that the information will not be divulged to US citizens or residents.

    Posting the report to a Site accessible from USA gives anyone who wants the means to sue to their liking, and the only reason Microsoft didn't already sue bug-reporters into submissive silence is the cry of outrage to be expected after such a move. But we'll probably soon see that nevertheless with their hacked Mediaformat.

Nothing is finished until the paperwork is done.