Effective and ineffective technological measures

Dave Archer at pobox.com dmarcher at pobox.com
Sun Jul 29 15:00:31 EDT 2001 

on 7/29/01 5:20 AM, Alan Barrett at apb at cequrux.com wrote:
> The DMCA said:
>> 1201(a)(1)(A):
>> No person shall circumvent a technological measure that effectively
>> controls access to a work protected under this title.
> 
> What does "effectively" mean here?
> 
> If it has its plain english meaning, then one could argue that ROT13,
> CSS (and anything else that can easily be broken) are *ineffective*
> technological measures[...]
> 
> Or does the clause really mean "No person shall circumvent a
> technological measure that *purports to control* access to a work
> protected under this title"?
> 

Depending on what plain english meaning your prosecutor wants to use, you
can end up with an interesting result here.  The meaning I see in my
dictionary says "Having an expected or intended effect."  Thus, it goes to
expectations and intentions.

If the intention of the IP owner was to use ROT13 to make it difficult for
unauthorized users to view the data, it would generally be agreed this was
ineffective.

However, if the intention of the IP owner was to use ROT13 to make
unauthorized viewing of the data subject to the DMCA, then it is effective.

This may seem somewhat silly, but access does not need to be controlled by
making unauthorized viewing difficult, it can also be controlled by making
unauthorized viewing (and/or assistance with such) a criminal act.  Perhaps
it helps to think of the new war on piracy in terms of the war on drugs (aka
controlled substances):

>From the Controlled Substances Act (CSA) 21 USCS Section 802:
>(5) The term "control" means to add a drug or other substance, or immediate
>precursor, to a schedule under part B of this title, whether by transfer from
>another schedule or otherwise.

If you apply this sense of "control" with DMCA, instead of there being a
list of "controlled IPs", there's a virtual list where an IP owner just
needs to add some (any!) technological measure (aka ROT13) to get on the
list to be protected by DMCA.

Again, using the CSA to explain the DMCA may seem silly, but try to look at
it from the perspectives of government prosecutors and judges.  They've been
working with the CSA for some time now and think in those terms.  It's human
nature to try and apply what you're already familiar with to something new.

There's a striking number of parallels between the CSA and the DMCA and I
suggest reading them both together to get a sense of what the DMCA will mean
in reality.  Why, the CSA even begins with an acknowledgement of "fair use"
almost as if they mention it to get it out of the way before they completely
ignore it in practice.

Dave




---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list