password-cracking by journalists...

Trei, Peter ptrei at rsasecurity.com
Mon Jan 21 09:55:53 EST 2002


> Karsten M. Self[SMTP:kmself at ix.netcom.com] writes:
> 
> Note that my reading the language of 1201 doesn't requre that the work
> being accessed be copyrighted (and in the case of Afghanistan, there is
> a real question of copyright status), circumvention itself is
> sufficient, regardless of status of the specific work accessed:

>    17 USC 1201(a)(1)(A):
>    No person shall circumvent a technological measure that
>    effectively controls access to a work protected under
>    this title.

I'm sure I'm picking nits here (and I praise God every day that
I Am Not A L*wy*r), but what does 'effectively' mean? If it can be
broken, was it effective? What level of work is required to make
it an 'effective technological measure'? If the standard is 'anything,
including rot13', then why is the word present in the rule at all?

Technological measures can range from violating the CDROM
standard and introducing deliberate errors to confuse some
readers, all the way up to full real-time, online, 3-factor 
authentication.

The inclusion of the word 'effectively' presumes the existance of 
'ineffective' technological measures, which it would be no crime
to circumvent. Where, then, is the distinction? 

I'm reminded of a humorous button I've seen at some SF
conventions: "Anything not nailed down is legally mine. Anything
I can pry up wasn't nailed down in the first place."

Peter Trei





---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com




More information about the cryptography mailing list