Effective and ineffective technological measures

Paul Onions Paul_Onions at siliconinfusion.com
Mon Jul 30 07:34:20 EDT 2001


Dave Archer wrote:
> ...
>
> However, if the intention of the IP owner was to use ROT13 to make
> unauthorized viewing of the data subject to the DMCA, then it 
> is effective.
> 
> This may seem somewhat silly, but access does not need to be 
> controlled by making unauthorized viewing difficult, it can also be 
> controlled by making unauthorized viewing (and/or assistance with such)
> a criminal act.

Indeed, my reading of the following extract defining 'encryption research'
in the DMCA seems to indicate that it is easier to prosecute someone for
exposing a vulnarability in a weak system than for a stronger system.

  `(1) DEFINITIONS- For purposes of this subsection--

  `(A) the term `encryption research' means activities necessary to
  identify and analyze flaws and vulnerabilities of encryption
  technologies applied to copyrighted works, if these activities are
  conducted to advance the state of knowledge in the field of encryption
  technology or to assist in the development of encryption products; and

  `(B) the term `encryption technology' means the scrambling and
  descrambling of information using mathematical formulas or algorithms.

The reasoning being that exposing a vulnerability in a weak system will not
'advance the state of knowledge in the field of encryption technology'.
e.g. telling the world that product X uses ROT13 is of no interest to the
cryptographic community. So an individual (not engaged in developing
encryption products) exposing a 'ROT13 product' does not qualify for the
encryption research exemption.

So a technically savvy person stating the technically obvious had better
be careful!

Is this a reasonable interpretation? (I have only read exerts of the act
that have been posted here and there, so am missing much information :-)

Paul(o)




---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com




More information about the cryptography mailing list