password-cracking by journalists...
Arnold G. Reinhold
reinhold at world.std.com
Sun Jan 20 09:27:13 EST 2002
At 4:12 PM -0500 1/18/02, Will Rodger wrote:
>>This law has LOTS of unintended consequences. That is why many
>>people find it so disturbing. For example, as I read it, and I am
>>*not* a lawyer, someone who offered file decryption services for
>>hire to people who have a right to the data, e.g. the owner lost
>>the password, or a disgruntled employee left with the password, or
>>a parent wants to see what was stored on their child's hard drive,
>>could still be charged with committing a felony.
>
>If it's your copyright, it's still yours. The law recognizes that.
You can presumably write your own programs to decrypt your own files.
But if you provide that service to someone else you could run afoul
of the law as I read it. The DMCA prohibits trafficking in technology
that can be used to circumvent technological protection measures.
There is no language requiring proof than anyone's copyright was
violated. Traffic for hire and it's a felony.
Now a prosecutor probably wouldn't pursue the case of a cryptographer
who decoded messages on behalf of parents of some kid involved in
drugs or sex abuse. But what if the cryptographer was told that and
the data turned out to be someone else's? Or if the kid was e-mailing
a counselor about abuse by his parents? Or the government really
didn't like the cryptographer because of his political views?
There is also the argument that Congress only intended to cover tools
for breaking content protections schemes like CSS and never intended
to cover general cryptanalysis. You might win with that argument in
court (I think you should), but expect a 7 digit legal bill. And if
you lose, we'll put up a "Free Will" web site.
>>As for the legal situation before the DMCA, the Supreme Court
>>issued a ruling last year in a case, Barniki v. Volper, of a
>>journalist who broadcast a tape he received of an illegally
>>intercepted cell phone conversation between two labor organizers.
>>The court ruled that the broadcast was permissible.
>
>The journalist received the information from a source gratis. That's
>different from paying for stolen goods, hiring someone to eavesdrop,
>or breaking the law yourself. The First Amendment covers a lot, in
>this case.
Correct. The Barniki opinion pointed out that the journalists were
not responsible for the interception. But journalists receive
purloined data from whistle-blowers all the time. Suppose in the
future it was one of those e-mail messages with a cryptographically
enforced expiration date? A journalist who broke that system might be
sued under DMCA. That possibility might not frighten the WSJ, but
what about smaller news organizations?
>
>> So the stolen property argument you give might not hold. The
>>change wrought by the DMCA is that it makes trafficking in the
>>tools needed to get at encrypted data, regardless whether one has a
>>right to (there is an exemption for law enforcement) unlawful.
>
>There's language governing that in the statute. Trafficking in tools
>specifically designed to break a given form of copy protection is
>one thing. The continued availability of legal tools for
>cryptanalysis and legitimate password cracking is another. As bad as
>the DMCA is, it's not _that_ bad.
>
>Will
I've read the statute very carefully and I never found such language.
(You can read my analysis at
http://world.std.com/~reinhold/DeCSSamicusbrief.html) It's certainly
possible that I overlooked something. Perhaps you could cite the
language you are referring to?
Arnold Reinhold
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list