[OT] DMCA loop hole

[OT] DMCA loop hole

[James Simmons]

Sorry this is off topic but this was way to good :-) 

          Virus writers can use the DMCA in a perverse way. Because
   computer viruses are programs, they can be copyrighted just like a
   book, song, or movie. If a virus writer were to use encryption to hide
   the code of a virus, an anti-virus company could be forbidden by the
   DMCA to see how the virus works without first getting the permission
   of the virus writer. If they didn't, a virus writer could sue the
   anti-virus company under the DMCA!


-----------------------------------------------------------------------------
Crap can work. Given enough thrust pigs will fly, but it's not necessary a
good idea.                                 [ Alexander Viro on linux-kernel ]

Re: [OT] DMCA loop hole

[Alexander Viro]

On Tue, 31 Jul 2001, James Simmons wrote:

> Crap can work. Given enough thrust pigs will fly, but it's not necessary a
> good idea.                                 [ Alexander Viro on linux-kernel ]

Watch the attributions.

With sufficient thrust, pigs fly just fine.                       
However, this is not necessarily a good idea.
It is hard to be sure where they are going to land,
and it could be dangerous sitting under them as they fly overhead.       
        From RFC1925, R Callon, 1996.  

Re: [OT] DMCA loop hole

[James Simmons]

Thank you. I seen someone else with that sig. and I had to take it.

Re: [OT] DMCA loop hole

[Paul G. Allen]

James Simmons wrote:
> 
> Sorry this is off topic but this was way to good :-)
> 
>           Virus writers can use the DMCA in a perverse way. Because
>    computer viruses are programs, they can be copyrighted just like a
>    book, song, or movie. If a virus writer were to use encryption to hide
>    the code of a virus, an anti-virus company could be forbidden by the
>    DMCA to see how the virus works without first getting the permission
>    of the virus writer. If they didn't, a virus writer could sue the
>    anti-virus company under the DMCA!

I like this and I must forward it to all my network security colleagues.
It would serve the writers of DMCA right if they a) were victim to a
virus, trojan, or worm and b) were sued under the very law they created
for reverse engineering it and publicizing a fix.

PGA

Re: [OT] DMCA loop hole

[Helge Hafting]

James Simmons wrote:
> 
> Sorry this is off topic but this was way to good :-)
> 
>           Virus writers can use the DMCA in a perverse way. Because
>    computer viruses are programs, they can be copyrighted just like a
>    book, song, or movie. If a virus writer were to use encryption to hide
>    the code of a virus, an anti-virus company could be forbidden by the
>    DMCA to see how the virus works without first getting the permission
>    of the virus writer. If they didn't, a virus writer could sue the
>    anti-virus company under the DMCA!

They'd still be able to scan for it though - detecting the encrypted
string or the decryption algorithm.  

What if I copyright & encrypt a DeCSS program?  Nobody can sue
because they don't have permission to decrypt, and therefore
cannot prove that it actually _is_ a decss algorithm? :-)

Helge Hafting

Re: [OT] DMCA loop hole

[Anton Altaparmakov]

On Wed, 1 Aug 2001, Helge Hafting wrote:
> James Simmons wrote:
> > Sorry this is off topic but this was way to good :-)
> > 
> >           Virus writers can use the DMCA in a perverse way. Because
> >    computer viruses are programs, they can be copyrighted just like a
> >    book, song, or movie. If a virus writer were to use encryption to hide
> >    the code of a virus, an anti-virus company could be forbidden by the
> >    DMCA to see how the virus works without first getting the permission
> >    of the virus writer. If they didn't, a virus writer could sue the
> >    anti-virus company under the DMCA!
> 
> They'd still be able to scan for it though - detecting the encrypted
> string or the decryption algorithm.

You just add a polymorphic decryption / encryption engine where you change
the encryption key every time you encrypt it. Also, morph the decription
code itself and you can't scan for it that easily without reverse
engineering it... For an added twist, encrypt it twice and put only a
minimal part of the first decryption algorithm in the unencrypted part of
the virus. Add to that some disassembler breaking code and you are off... 
Good that most viruses these days are written in Visual Basic rather than
assembler so they can't do any of that... (-: 

> What if I copyright & encrypt a DeCSS program?  Nobody can sue
> because they don't have permission to decrypt, and therefore
> cannot prove that it actually _is_ a decss algorithm? :-)

True, but if the program is actually useful in that people can use it to
do DeCSS like things then they would know it's a DeCSS like program
without seing the code and such a program would fall under DMCA. An
encrypted program which doesn't do anything unless you decrypt it by some
other program would not be very useful (ZIP/RAR/whatever can encrypt,
too...) but nobody could sue you for writing it either. (-; 

IANAL, etc,

	Anton (-:

-- 
Anton Altaparmakov <aia21 at cam.ac.uk> (replace at with @)
Linux NTFS maintainer / WWW: http://linux-ntfs.sf.net/
ICQ: 8561279 / WWW: http://www-stu.christs.cam.ac.uk/~aia21/

Re: [OT] DMCA loop hole

[Joshua Jore]

You know, I've heard this arguement a few times in various contexts and
it's bothered me everytime. If a virus was designed with specific
properties that hinder unauthorized copyright infringement then attempts
to circumvent the limitations would be an example of DMCA circumvention.

This misses the whole point that in order to deliver the second and more
important part of the virus requires the author to self-identify to the
US federal government and somehow get them to prosecute the offender. Now
at this point, how many of these authors aren't going to be immediately
charged with something heinous for the act of writting the offensive thing
in the first place? And do you seriously think you're going to convince
Ashcroft and company to prosecute Symantec for getting rid of a virus even
if it is DMCA 'protected'?

GAAAAA!

Josh

On Wed, 1 Aug 2001, Anton Altaparmakov wrote:

> On Wed, 1 Aug 2001, Helge Hafting wrote:
> > James Simmons wrote:
> > > Sorry this is off topic but this was way to good :-)
> > >
> > >           Virus writers can use the DMCA in a perverse way. Because
> > >    computer viruses are programs, they can be copyrighted just like a
> > >    book, song, or movie. If a virus writer were to use encryption to hide
> > >    the code of a virus, an anti-virus company could be forbidden by the
> > >    DMCA to see how the virus works without first getting the permission
> > >    of the virus writer. If they didn't, a virus writer could sue the
> > >    anti-virus company under the DMCA!
> >
> > They'd still be able to scan for it though - detecting the encrypted
> > string or the decryption algorithm.
>
> You just add a polymorphic decryption / encryption engine where you change
> the encryption key every time you encrypt it. Also, morph the decription
> code itself and you can't scan for it that easily without reverse
> engineering it... For an added twist, encrypt it twice and put only a
> minimal part of the first decryption algorithm in the unencrypted part of
> the virus. Add to that some disassembler breaking code and you are off...
> Good that most viruses these days are written in Visual Basic rather than
> assembler so they can't do any of that... (-:
>
> > What if I copyright & encrypt a DeCSS program?  Nobody can sue
> > because they don't have permission to decrypt, and therefore
> > cannot prove that it actually _is_ a decss algorithm? :-)
>
> True, but if the program is actually useful in that people can use it to
> do DeCSS like things then they would know it's a DeCSS like program
> without seing the code and such a program would fall under DMCA. An
> encrypted program which doesn't do anything unless you decrypt it by some
> other program would not be very useful (ZIP/RAR/whatever can encrypt,
> too...) but nobody could sue you for writing it either. (-;
>
> IANAL, etc,
>
> 	Anton (-:
>
> --
> Anton Altaparmakov <aia21 at cam.ac.uk> (replace at with @)
> Linux NTFS maintainer / WWW: http://linux-ntfs.sf.net/
> ICQ: 8561279 / WWW: http://www-stu.christs.cam.ac.uk/~aia21/
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at  http://www.tux.org/lkml/
>

Re: [OT] DMCA loop hole

[Helge Hafting]

Joshua Jore wrote:
> 
> You know, I've heard this arguement a few times in various contexts and
> it's bothered me everytime. If a virus was designed with specific
> properties that hinder unauthorized copyright infringement then attempts
> to circumvent the limitations would be an example of DMCA circumvention.
> 
> This misses the whole point that in order to deliver the second and more
> important part of the virus requires the author to self-identify to the
> US federal government and somehow get them to prosecute the offender. Now
> at this point, how many of these authors aren't going to be immediately
> charged with something heinous for the act of writting the offensive thing
> in the first place? 

Sure.  All it takes if someone want to hit a antivirus company then is
to
pay someone else to hold the copyright and take the blame for the virus
damage.
Possible, considering how people have paid others to do their jail time
for them.

The antivirus comany might not be able to distribute the "illegal"
virus scanning software while tied up in court, letting the virus hit
hard.  Could be interesting to watch. :-/

Helge Hafting

Re: [very OT] DMCA loop hole

[Garett Spencley]

> And do you seriously think you're going to convince
> Ashcroft and company to prosecute Symantec for getting rid of a virus even
> if it is DMCA 'protected'?

Yeah what people keep forgetting is that DMCA is _federal_ law. There is
no suing. You can not sue someone because they violated the DMCA. Instead
you have to report them to the federal authorities and they take it into
their hands.

That's the reason Dmitri's still in jail. As much as Adobe feels
sorry for what they did to him (who knows if they actually do at all but
my point is it doesn't matter anyway), there are no charges that Adobe can
drop. It is a federal case, not a civil one.

So if you encrypted a virus it would be up to the federal authorities to
decide if cracking it was in violation of the DMCA. And since the
government has proved time and time again that they feel that they are
above the law (not just the U.S gov I should add, I'm Canadian and I get
the same crap from mine from time to time) there is very little chance
that they wouldn't throw your ass in jail and laugh at any blurb you gave
them about the DMCA.

But IANAL so I could be wrong....

-- 
Garett Spencley

I encourage you to encrypt e-mail sent to me using PGP
My public key is available on PGP key servers (http://keyservers.net)
Key fingerprint: 8062 1A46 9719 C929 578C BB4E 7799 EC1A AB12 D3B9

Re: [very OT] DMCA loop hole

[Justin Guyett]

On Wed, 1 Aug 2001, Garett Spencley wrote:

> That's the reason Dmitri's still in jail. As much as Adobe feels
> sorry for what they did to him (who knows if they actually do at all but
> my point is it doesn't matter anyway), there are no charges that Adobe can
> drop. It is a federal case, not a civil one.

it's the fed's case to win or lose, but if adobe hadn't yet given them a
sworn statement, they'd be sol, and might have to drop the case if adobe
wouldn't testify.


justin

Re: [OT] DMCA loop hole

[Paul G. Allen]

Joshua Jore wrote:
> 
> You know, I've heard this arguement a few times in various contexts and
> it's bothered me everytime. If a virus was designed with specific
> properties that hinder unauthorized copyright infringement then attempts
> to circumvent the limitations would be an example of DMCA circumvention.
> 
> This misses the whole point that in order to deliver the second and more
> important part of the virus requires the author to self-identify to the
> US federal government and somehow get them to prosecute the offender. Now
> at this point, how many of these authors aren't going to be immediately
> charged with something heinous for the act of writting the offensive thing
> in the first place? And do you seriously think you're going to convince
> Ashcroft and company to prosecute Symantec for getting rid of a virus even
> if it is DMCA 'protected'?
> 
> GAAAAA!
> 

It's very simple, and something like this is done all the time in the security industry by people who not only enjoy it, but who get paid to do it.

1)  Discover an exploit or a new way of using a known exploit.
2)  Write a trojan, virus, worm, etc. that takes advantage of the exploit.
3)* Report the exploit to the applicable compan(y/ies), Security Focus, etc. and provide the BINARY of your trojan, virus, or whatever so they can test the
exploit and find a fix.

* Usually people provide the source code as open software. In this case (for this argument) we release it as binary only and keep full rights.

No law was broken when the trojan, virus, etc. was written and no one can (technically) seek prosecution. Under DMCA (at least the way the writers of it have
used it), anyone attempting to reverse engineer your virus (or whatever) and provide an antigen, is liable to you and you can sue them.

To take another angle, those of us who actively look for exploits in software (because companies like M$ fail to do so themselves) risk being sued for doing so.
This makes jobs like mine EXTREMELY difficult because on the one hand I don't want my company using software that will allow Joe Cracker to take over our
machines, and on the other I don't want the company sued just because I did some necessary reverse engineering in order to prevent it (again, because the
software mfg. can't be trusted to do it themselves).

PGA

-- 
Paul G. Allen
UNIX Admin II/Programmer
Akamai Technologies, Inc.
www.akamai.com
Work: (858)909-3630
Cell: (858)395-5043

Re: [OT] DMCA loop hole

[Joseph Pingenot]

>From Paul G. Allen on Wednesday, 01 August, 2001:
>To take another angle, those of us who actively look for exploits in software (because companies like M$ fail to do so themselves) risk being sued for doing so.

Hrm.  Very good point.  However, under most EULA's I've seen, reverse
  engineering is already a no-no.

>This makes jobs like mine EXTREMELY difficult because on the one hand I don't want my company using software that will allow Joe Cracker to take over our
>machines, and on the other I don't want the company sued just because I did some necessary reverse engineering in order to prevent it (again, because the
>software mfg. can't be trusted to do it themselves).

I don't see why it makes your job any harder.  Sounds like a very
  good argument for Open Source and/or Free Software.  :)

                              -Joseph

-- 
Joseph==============================================jap3003@ksu.edu
"IBM were providing source code in the 1960's under similar terms. 
VMS source code was available under limited licenses to customers 
from the beginning. Microsoft are catching up with 1960."
   --Alan Cox,  http://www2.usermagnet.com/cox/index.html

Re: [OT] DMCA loop hole

[Alan Cox]

> >From Paul G. Allen on Wednesday, 01 August, 2001:
> >To take another angle, those of us who actively look for exploits in software (because companies like M$ fail to do so themselves) risk being sued for doing so.
> 
> Hrm.  Very good point.  However, under most EULA's I've seen, reverse
>   engineering is already a no-no.

Most EULA's are not legal contracts. In civilised countries the right to
disassemble is enshrined in law (ironically it comes in Europe from trying
to keep car manufacturers from running monopolistic scams not from the
software people doing the same)

In the USA its a lot less clear. You can find laws explicitly claiming both,
and since US law is primarily about who has loads of money, its a bit
irrelevant

Alan

Re: [OT] DMCA loop hole

[Joseph Pingenot]

>From Alan Cox on Friday, 03 August, 2001:
>> >From Paul G. Allen on Wednesday, 01 August, 2001:
>> >To take another angle, those of us who actively look for exploits in software (because companies like M$ fail to do so themselves) risk being sued for doing so.
>> Hrm.  Very good point.  However, under most EULA's I've seen, reverse
>>   engineering is already a no-no.
>Most EULA's are not legal contracts. In civilised countries the right to
>disassemble is enshrined in law (ironically it comes in Europe from trying
>to keep car manufacturers from running monopolistic scams not from the
>software people doing the same)

Very true.  However (I can only vouch for the USA, but I suspect it's
  a similar situation elsewhere) the company with Loads o' Cash can keep
  those of use with Loads o' Debt cowed and tied up in red tape and lawsuits
  until we cry uncle.

>In the USA its a lot less clear. You can find laws explicitly claiming both,
>and since US law is primarily about who has loads of money, its a bit
>irrelevant

Heh.  Criticism accepted.  Maybe one of the prerequisites for running for
  office should be Free Software / Open Source development.  :)  Seriously,
  though, anyone listening interested in running for office?  Maybe we should
  start the Free Software Party.

                              -Joseph
-- 
Joseph==============================================jap3003@ksu.edu
"IBM were providing source code in the 1960's under similar terms. 
VMS source code was available under limited licenses to customers 
from the beginning. Microsoft are catching up with 1960."
   --Alan Cox,  http://www2.usermagnet.com/cox/index.html

Re: [OT] DMCA loop hole

[Jakob Østergaard]

On Fri, Aug 03, 2001 at 05:16:58PM -0500, Joseph Pingenot wrote:
...
> >In the USA its a lot less clear. You can find laws explicitly claiming both,
> >and since US law is primarily about who has loads of money, its a bit
> >irrelevant
> 
> Heh.  Criticism accepted.  Maybe one of the prerequisites for running for
>   office should be Free Software / Open Source development.  :)  Seriously,
>   though, anyone listening interested in running for office?  Maybe we should
>   start the Free Software Party.

No please, not seriously   ;)

This was actually the april's fool's joke this year, from SSLUG (Skaane
Sjaelland Linux User Group) (http://www.sslug.dk/).

People are too different politically - one common cause (which is probably not
common at all - poeple are here for many different reasons!) won't cut it.

-- 
................................................................
:   jakob@unthought.net   : And I see the elder races,         :
:.........................: putrid forms of man                :
:   Jakob Østergaard      : See him rise and claim the earth,  :
:        OZ9ABN           : his downfall is at hand.           :
:.........................:............{Konkhra}...............:

Re: [OT] DMCA loop hole

[nick]

Yeah it is.  EULA has become totally valid and should be upheld by any
courts who come across one.  (In the US at least.  I don't know the
situation outside the US).  One of the recent bills/acts/whatever made
this change.
	Nick

On Fri, 3 Aug 2001, Alan Cox wrote:

> > >From Paul G. Allen on Wednesday, 01 August, 2001:
> > >To take another angle, those of us who actively look for exploits in software (because companies like M$ fail to do so themselves) risk being sued for doing so.
> > 
> > Hrm.  Very good point.  However, under most EULA's I've seen, reverse
> >   engineering is already a no-no.
> 
> Most EULA's are not legal contracts. In civilised countries the right to
> disassemble is enshrined in law (ironically it comes in Europe from trying
> to keep car manufacturers from running monopolistic scams not from the
> software people doing the same)
> 
> In the USA its a lot less clear. You can find laws explicitly claiming both,
> and since US law is primarily about who has loads of money, its a bit
> irrelevant
> 
> Alan
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at  http://www.tux.org/lkml/
> 

Re: [OT] DMCA loop hole

[Alan Shutko]

<nick@snowman.net> writes:

> Yeah it is.  EULA has become totally valid and should be upheld by any
> courts who come across one.  (In the US at least.  I don't know the
> situation outside the US).  One of the recent bills/acts/whatever made
> this change.

You're thinking of UCITA, which is adopted on a state-by-state basis,
and has not been adopted by all states.  AIUI, at least.

-- 
Alan Shutko <ats@acm.org> - In a variety of flavors!
Microwaves frizz your heir.

Re: [OT] DMCA loop hole

[Paul G. Allen]

Alan Shutko wrote:
> 
> <nick@snowman.net> writes:
> 
> > Yeah it is.  EULA has become totally valid and should be upheld by any
> > courts who come across one.  (In the US at least.  I don't know the
> > situation outside the US).  One of the recent bills/acts/whatever made
> > this change.
> 
> You're thinking of UCITA, which is adopted on a state-by-state basis,
> and has not been adopted by all states.  AIUI, at least.
> 

Some states have even enacted laws AGAINST UCITA.

Good for them.

PGA

-- 
Paul G. Allen
UNIX Admin II/Programmer
Akamai Technologies, Inc.
www.akamai.com
Work: (858)909-3630
Cell: (858)395-5043

Re: [OT] DMCA loop hole

[Mike Harrold]

> 
> Yeah it is.  EULA has become totally valid and should be upheld by any
> courts who come across one.  (In the US at least.  I don't know the
> situation outside the US).  One of the recent bills/acts/whatever made
> this change.
> 	Nick

I believe you refer to UCITA which is a STATE bill, not a federal bill.
All 50 states are passing/sitting-on versions of this bill. I believe
Virginia is the only state that has passed the bill AND is enforcing
it. Others have "delayed" it's effective date.

However, MANY states are passing/debating subsequent bills that NULLIFY
other states' UCITA bills, because the flaws in the UCITA bills are
becoming more apparent.

Regards,

/Mike

> 
> On Fri, 3 Aug 2001, Alan Cox wrote:
> 
> > > >From Paul G. Allen on Wednesday, 01 August, 2001:
> > > >To take another angle, those of us who actively look for exploits in software (because companies like M$ fail to do so themselves) risk being sued for doing so.
> > > 
> > > Hrm.  Very good point.  However, under most EULA's I've seen, reverse
> > >   engineering is already a no-no.
> > 
> > Most EULA's are not legal contracts. In civilised countries the right to
> > disassemble is enshrined in law (ironically it comes in Europe from trying
> > to keep car manufacturers from running monopolistic scams not from the
> > software people doing the same)
> > 
> > In the USA its a lot less clear. You can find laws explicitly claiming both,
> > and since US law is primarily about who has loads of money, its a bit
> > irrelevant
> > 
> > Alan
> > -
> > To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> > the body of a message to majordomo@vger.kernel.org
> > More majordomo info at  http://vger.kernel.org/majordomo-info.html
> > Please read the FAQ at  http://www.tux.org/lkml/
> > 
> 
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at  http://www.tux.org/lkml/
> 

Re: [OT] DMCA loop hole

[Dan Hollis]

On Fri, 3 Aug 2001, Mike Harrold wrote:
> I believe you refer to UCITA which is a STATE bill, not a federal bill.
> All 50 states are passing/sitting-on versions of this bill. I believe
> Virginia is the only state that has passed the bill AND is enforcing
> it. Others have "delayed" it's effective date.

AFAIK UCITA has been outright *rejected* in Iowa, and they are in fact
pushing through legislation to totally nullify UCITA for Iowa residents
who do transactions across state lines.

Several other states are following Iowa's lead.

So much for the "Uniform" part of UCITA, eh?

-Dan

-- 
[-] Omae no subete no kichi wa ore no mono da. [-]

Re: [OT] DMCA loop hole

[Paul G. Allen]

Joseph Pingenot wrote:
> 
> >From Paul G. Allen on Wednesday, 01 August, 2001:
> >To take another angle, those of us who actively look for exploits in software (because companies like M$ fail to do so themselves) risk being sued for doing so.
> 
> Hrm.  Very good point.  However, under most EULA's I've seen, reverse
>   engineering is already a no-no.

Under copyright law, under fair use, once I purchase something - ANYTHING - I can use it however I damn well please as long as it's for my own use, for
educational purposes, and I do not make a profit or significantly cut into the copyright holders profit. Copyright law outweighs EULA's, so along came so-called
"license agreements", harware to circumvent our fair use, and DMCA.

> 
> >This makes jobs like mine EXTREMELY difficult because on the one hand I don't want my company using software that will allow Joe Cracker to take over our
> >machines, and on the other I don't want the company sued just because I did some necessary reverse engineering in order to prevent it (again, because the
> >software mfg. can't be trusted to do it themselves).
> 

The one and only reason (that I know of, but don't take my word for it as gospel, since I am only an admin/programmer/setwork security person) we use Windows is
because there is no support for Windows Media on anything other than Win-Tel (Windows on Intel) platforms. Most of our reliable servers are Red Hat Linux (and
we have over 11,000 servers across the 'net), including Real Media servers, ftp servers, and web servers. (One of the reasons I am now getting involved with the
kernel is because we use Linux so much.)

Also note that even though Linux is Open Source, much of the other software that we (and other companies) have to use is not, so much of it still falls under
this DMCA BS.

PGA

-- 
Paul G. Allen
UNIX Admin II/Programmer
Akamai Technologies, Inc.
www.akamai.com
Work: (858)909-3630
Cell: (858)395-5043

Re: [OT] DMCA loop hole

[Rik van Riel]

On Fri, 3 Aug 2001, Paul G. Allen wrote:

> Under copyright law, under fair use, once I purchase something -
> ANYTHING - I can use it however I damn well please as long as it's for
> my own use, for educational purposes, and I do not make a profit or
> significantly cut into the copyright holders profit. Copyright law
> outweighs EULA's, so along came so-called "license agreements",
> harware to circumvent our fair use, and DMCA.

Actually, the DMCA _is_ the copyright law workaround ;)

cheers,

Rik
--
Virtual memory is like a game you can't win;
However, without VM there's truly nothing to lose...

http://www.surriel.com/		http://distro.conectiva.com/

Send all your spam to aardvark@nl.linux.org (spam digging piggy)

Re: [OT] DMCA loop hole

[Pavel Machek]

Hi!

> You know, I've heard this arguement a few times in various contexts and
> it's bothered me everytime. If a virus was designed with specific
> properties that hinder unauthorized copyright infringement then attempts
> to circumvent the limitations would be an example of DMCA circumvention.
> 
> This misses the whole point that in order to deliver the second and more
> important part of the virus requires the author to self-identify to the
> US federal government and somehow get them to prosecute the offender. Now

Writing virus is not illegal (its just fine for educational purposes). Letting
it into wild probably is. So maybe author _could_ identify to government if
*he* did not sent virus in the wild.
								Pavel
-- 
Philips Velo 1: 1"x4"x8", 300gram, 60, 12MB, 40bogomips, linux, mutt,
details at http://atrey.karlin.mff.cuni.cz/~pavel/velo/index.html.

Re: [OT] DMCA loop hole

[Joshua b. Jore]

I'd beg to differ with you on that. The way I've heard it is that writing
viruses is not legal in the US. Some of you aren't here so you have your
own laws but then you aren't bound by the DMCA. I recall that was the
impetus for this thread in the first place.

I'll just have to beg off and say that I've understood it that
'educational' are as illegal as say, something you meant to release into
the wide world.

Joshua Jore
Minneapolis Ward 3, precinct 10

"The irony of this man being imprisoned in the United States and longing
to return to once-Communist Russia so he can regain his right to free
speach is simply staggering."

On Sat, 11 Aug 2001, Pavel Machek wrote:

> Hi!
>
> > You know, I've heard this arguement a few times in various contexts and
> > it's bothered me everytime. If a virus was designed with specific
> > properties that hinder unauthorized copyright infringement then attempts
> > to circumvent the limitations would be an example of DMCA circumvention.
> >
> > This misses the whole point that in order to deliver the second and more
> > important part of the virus requires the author to self-identify to the
> > US federal government and somehow get them to prosecute the offender. Now
>
> Writing virus is not illegal (its just fine for educational purposes). Letting
> it into wild probably is. So maybe author _could_ identify to government if
> *he* did not sent virus in the wild.
> 								Pavel
> --
> Philips Velo 1: 1"x4"x8", 300gram, 60, 12MB, 40bogomips, linux, mutt,
> details at http://atrey.karlin.mff.cuni.cz/~pavel/velo/index.html.
>
>

Re: [OT] DMCA loop hole

[Helge Hafting]

"Joshua b. Jore" wrote:
> 
> I'd beg to differ with you on that. The way I've heard it is that writing
> viruses is not legal in the US. Some of you aren't here so you have your
> own laws but then you aren't bound by the DMCA. I recall that was the
> impetus for this thread in the first place.
> 
> I'll just have to beg off and say that I've understood it that
> 'educational' are as illegal as say, something you meant to release into
> the wide world.
> 
How is making a virus any different from making any other weapon, like
a gun?  Using it against someone might of course be illegal.

There are certainly valid reasons for making viruses.  For example
in order to test (and develop) antivirus software that 
automatically detect new viruses without being told about them first.

Oh, and surely someone can invent an excuse for using a virus
offensively
too.  "I need this to defend my site from cyber-terrorists..."  

Helge Hafting

Re: [OT] DMCA loop hole

[Jan-Benedict Glaw]

On Tue, 2001-08-14 14:36:41 +0200, Helge Hafting <helgehaf@idb.hist.no>
wrote in message <3B791B59.5F5F4113@idb.hist.no>:
> "Joshua b. Jore" wrote:
> How is making a virus any different from making any other weapon, like
> a gun?  Using it against someone might of course be illegal.

Well... It's quite different in some points:
	- building some kind of weapon means hand-working on
	  "real" iron.
	- programming a virus is just altering bits.
	- Nobody will claim building an arbitrary warpon is some
	  kind of art ("I've always seen a weapon within this
	  block of iron. I've only cut off some peaces to
	  let it appear")
	- Many programmers will in fact have others to see their
	  work as art. Esp., if it's kind of difficult work.

Another effect is that firing a weapon means real movement of
material whereas "firing" a virus is "just" altering bits. For
humans, this is a big difference. I (speaking for me) would feel
quite more guilty firing a weapon than firing a virus...

> There are certainly valid reasons for making viruses.  For example
> in order to test (and develop) antivirus software that 
> automatically detect new viruses without being told about them first.

There are even more uses of viruses: a major one is to show
up security flaws. As of today, we've reached (in some countries)
a state of stagnation (sp?):

	- You think you found some kind of security weakness
	- You're not allowed to do further investigation because
	  you mustn't do reverse engineering
	- You're asked to report that bug. Then, you may wait
	  for the next update soming some months later (which
	  may cost you some $$). However, what so you do if
	  your software you've just found a security relevant bug
	  in isn't licensed? You can't report the bug. (Which
	  is why I use Linux at al.)

Then, you've got 2 possibilities: Either the leak is fixed before
some maliculous people write a virus for, or you hope (or write it
yourself) that a virus will occur on this topic. Reason: if it's
a really bad virus, people will fasten their work on your bug and
you'll get your patch learlier.

> Oh, and surely someone can invent an excuse for using a virus
> offensively
> too.  "I need this to defend my site from cyber-terrorists..."  

Come on, don't fiddle with the bullshit. Software (both, commercial
as well as GPLed) lives and goes through evolution. Weak species
(those with bugs and security flaws) will die out, stronger ones
(stronger against virus attacks) will survive. By sending out
viruses, you put more preassure on the weak species.

Looking at today's software world, you'll find thousands fo programs
doing more-or-less the same. However, all of them need to be cared
about. Putting preassure on this system will help minorities
to better grow because it's easier to care about short programs
than about monoliths (like famous word progrssing programs and so
on).

OTOH, this suggests to keep really near to up-to-date software. I
like that, too. Looking for bugs in *old* versions is boring.
The concept of only working on HEAD sounds better to me...

So my result: I'm not that much against viruses. People using
computers shoul know what they do. Then, they'll never (or not
that often) get hit by a virus. I've never really had trouble
with them:-)

MfG, JBG

-- 
Jan-Benedict Glaw . jbglaw@lug-owl.de . +49-172-7608481

Re: [OT] DMCA loop hole

[Richard B. Johnson]

On Tue, 14 Aug 2001, Helge Hafting wrote:

> "Joshua b. Jore" wrote:
> > 
> > I'd beg to differ with you on that. The way I've heard it is that writing
> > viruses is not legal in the US. Some of you aren't here so you have your
> > own laws but then you aren't bound by the DMCA. I recall that was the
> > impetus for this thread in the first place.
> > 
> > I'll just have to beg off and say that I've understood it that
> > 'educational' are as illegal as say, something you meant to release into
> > the wide world.
> > 
> How is making a virus any different from making any other weapon, like
> a gun?  Using it against someone might of course be illegal.
> 
> There are certainly valid reasons for making viruses.  For example
> in order to test (and develop) antivirus software that 
> automatically detect new viruses without being told about them first.
> 
> Oh, and surely someone can invent an excuse for using a virus
> offensively
> too.  "I need this to defend my site from cyber-terrorists..."  
> 
> Helge Hafting
> -


There really has to be laws that are created by persons
who have no direct interest in the matter being regulated.

Everybody knows that you can't "trust" politicians. However,
you can't really "trust" any particular group because their
perspectives will always be filtered by their education and
occupation.

As an example, do you think that scientists should be allowed
to make decisions that can affect the lives of others?

Case in point; In the forties, just before the first Atom
Bomb explosion, there were roughly 60 percent of the
Engineers and Physicists at Los Alamos who thought that
the bomb would actually work. Of those 60 percent, an
equal percentage thought that once the explosion started
it would continue forever, destroying the earth, the
solar-system, and possibly this entire corner of the
Milky-Way Galaxy. This was long before "supernova" was
a buzz-word, and before anybody understood the placement
of iron in the periodic table.

So, they blew it up anyway, just to see.

That's why there are laws in the United States about making
computer code designed for "destructive" purposes. If
Software Engineers had their way, there would be no such
laws because they would consider this a "learning experience",
justified, as in the Los Alamos example.

Once a technology has matured to the stage where ordinary
persons rely upon it for their well-being, there has to be some
regulation to protect the well-being of the general population
from those who would continue to "experiment".

This regulation works. For example, the FAA doesn't allow pilots
to experiment with flight dynamics when an aircraft has been
placed into revenue service, even though it may be "perfectly safe"
to perform slow rolls and other acrobatic maneuvers in transport
aircraft. In the same manner, once computers are placed into
revenue service, even qualified, hackers are not allowed to
experiment upon those computers.

You can, however, experiment in an isolated laboratory environment.
However, should one knowingly allow such "dangerous" experiments
to be released from such a laboratory environment, they may
be guilty of one of several felonies in the United States.


Cheers,
Dick Johnson

Penguin : Linux version 2.4.1 on an i686 machine (799.53 BogoMips).

    I was going to compile a list of innovations that could be
    attributed to Microsoft. Once I realized that Ctrl-Alt-Del
    was handled in the BIOS, I found that there aren't any.

Re: [OT] DMCA loop hole

[Paul G. Allen]

"Joshua b. Jore" wrote:
> 
> I'd beg to differ with you on that. The way I've heard it is that writing
> viruses is not legal in the US. Some of you aren't here so you have your
> own laws but then you aren't bound by the DMCA. I recall that was the
> impetus for this thread in the first place.
> 
> I'll just have to beg off and say that I've understood it that
> 'educational' are as illegal as say, something you meant to release into
> the wide world.
> 

Show me the written US law that says it is illegal for me to write a computer virus.

PGA

-- 
Paul G. Allen
UNIX Admin II/Programmer
Akamai Technologies, Inc.
www.akamai.com
Work: (858)909-3630
Cell: (858)395-5043