password-cracking by journalists...

[Arnold G. Reinhold]

At 4:12 PM -0500 1/18/02, Will Rodger wrote:
>>This law has LOTS of unintended consequences.  That is why many 
>>people find it so disturbing.  For example, as I read it, and I am 
>>*not* a lawyer, someone who offered file decryption services for 
>>hire to people who have a right to the data, e.g. the owner lost 
>>the password, or a disgruntled employee left with the password, or 
>>a parent wants to see what was stored on their child's hard drive, 
>>could still be charged with committing a felony.
>
>If it's your copyright, it's still yours. The law recognizes that.

You can presumably write your own programs to decrypt your own files. 
But if you provide that service to someone else you could run afoul 
of the law as I read it. The DMCA prohibits trafficking in technology 
that can be used to circumvent technological protection measures. 
There is no language requiring proof than anyone's copyright was 
violated.  Traffic for hire and it's a felony.

Now a prosecutor probably wouldn't pursue the case of a cryptographer 
who decoded messages on behalf of parents of some kid involved in 
drugs or sex abuse. But what if the cryptographer was told that and 
the data turned out to be someone else's? Or if the kid was e-mailing 
a counselor about abuse by his parents? Or the government really 
didn't like the cryptographer because of his political views?

There is also the argument that Congress only intended to cover tools 
for breaking content protections schemes like CSS and never intended 
to cover general cryptanalysis.   You might win with that argument in 
court (I think you should), but expect a 7 digit legal bill.  And if 
you lose, we'll put up a "Free Will" web site.


>>As for the legal situation before the DMCA,  the Supreme Court 
>>issued a ruling last year in a case, Barniki v. Volper,  of a 
>>journalist who broadcast a tape he received of an illegally 
>>intercepted cell phone conversation between two labor organizers. 
>>The court ruled that the broadcast was permissible.
>
>The journalist received the information from a source gratis. That's 
>different from paying for stolen goods, hiring someone to eavesdrop, 
>or breaking the law yourself. The First Amendment covers a lot, in 
>this case.

Correct. The Barniki opinion pointed out that the journalists were 
not responsible for the interception.  But journalists receive 
purloined data from whistle-blowers all the time. Suppose in the 
future it was one of those e-mail messages with a cryptographically 
enforced expiration date? A journalist who broke that system might be 
sued under DMCA.  That possibility might not frighten the WSJ, but 
what about smaller news organizations?

>
>> So the stolen property argument you give might not hold. The 
>>change wrought by the DMCA is that it makes trafficking in the 
>>tools needed to get at encrypted data, regardless whether one has a 
>>right to (there is an exemption for law enforcement) unlawful.
>
>There's language governing that in the statute. Trafficking in tools 
>specifically designed to break a given form of copy protection is 
>one thing. The continued availability of legal tools for 
>cryptanalysis and legitimate password cracking is another. As bad as 
>the DMCA is, it's not _that_ bad.
>
>Will

I've read the statute very carefully and I never found such language. 
(You can read my analysis at 
http://world.std.com/~reinhold/DeCSSamicusbrief.html) It's certainly 
possible that I overlooked something. Perhaps you could cite the 
language you are referring to?


Arnold Reinhold



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com