[free-sklyarov] Fwd: SECURITY ADVISOR: Network protection commentary from InfoWorld.com, Thursday

Edmund A. Hintz ed at hintz.org
Thu Aug 9 09:55:29 PDT 2001 

Infoworld has a daily security commentary/soapbox, todays subject may be 
of interest to a few folks on this list... ;-)


---------------- Begin Forwarded Message ----------------

========================================================
SECURITY ADVISOR                           InfoWorld.com
========================================================

Thursday, August 9, 2001	

Network protection commentary by:       P.J. Connolly  

Advertising Sponsor - - - - - - - - - - - - - - - - - - 
FREE SECURITY GUIDE: Don't expose your company's deepest
secrets. Get all the in-depth knowledge you need to secure
your enterprise with NetIQ's FREE step-by-step security
guide - "Selecting The Right  Security Solution"- at:
http://www.netiq.com/sponsor/default.asp?263
Read it now before it's too late. NetIQ's security solutions
not only identify intruders, but ensure that threats don't
ever become incidents. NetIQ. Making your world secure
today. Making the world secure tomorrow.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - 

CRYPTO LAW MISGUIDED

Posted at August 3, 2001 01:01 PM PST Pacific


RUSSIAN DEVELOPER Dmitry Sklyarov is now a guest of the
FBI, having been charged with violation of the DMCA
(Digital Millennium Copyright Act). The feds and Adobe
Systems are unhappy because Sklyarov
reverse-engineered the encryption scheme used in
Adobe's eBooks technology. This may be perfectly legal
in Russia, but here it's a felony.

If Sklyarov had just written a paper and put together
some PowerPoint slides for a presentation, things
would be a lot simpler. Can you say "First Amendment"?
But press reports claim that Sklyarov came to a
convention in Las Vegas with 500 demo copies of his
decryption program. That's a problem -- 500 of
anything is enough evidence to prove a distribution
charge. Although the demo version will process only
about a quarter of an eBook -- and his employer
ElcomSoft is keeping the full version under wraps --
Sklyarov will get deported if he's lucky, and jail if
he's not.

If I were running Adobe, I'd have hired Sklyarov
because he grasps encryption better than anyone at
Adobe. The company chose instead to get heavy, hoping
that nobody would notice the eBook scheme's
shortcomings. This backfired when, faced with an
ill-concealed rebellion among its own employees, Adobe
management caved and is now calling for Sklyarov's release.

This circus underscores a fundamental flaw in the DMCA:
that any "reverse engineering" of an encryption scheme
is illegal. It doesn't matter what your motive is; if
you're not authorized by the owner to tinker, you're a
criminal. This flies in the face of centuries of
engineering progress that came about because someone
made improvements to somebody else's work. It's time
to put a provision into the DMCA that should have been
in the original bill: one that allows for legitimate
discussion and research. Send this column to your
representatives and senators, because as the law
stands right now, Thomas Edison would get life.

A secure infrastructure for e-commerce cannot be
created if the mere act of finding and publicizing
holes in security schemes is a crime. A "reasonable
behavior" test would have exonerated recent victims of
the DMCA such as Princeton's Edward Felten, who with
others entered the recording industry's contest to
crack its latest "uncrackable" watermarking scheme.
Yet he was threatened with a lawsuit this spring for
succeeding and for publishing his results.

It's not hard to identify malicious behavior; judges
and juries do that every day. If e-commerce is going
to succeed, it has to be secure; and if it's going to
be secure, it has to be tested. I'd rather that
testing take place at the hands of some mild-mannered
academics scrambling for tenure than by some digital
pirate less interested in getting rich than in
listening to free music, or discrediting my business.

P.J. Connolly (pj_connolly at infoworld.com) covers
security for the Test Center. Get this column free via
e-mail each week. Sign up at http://www.iwsubscribe.com/newsletters.



- - - - - - - - - - - - - - - - - - - - - - - - - - - - 

MORE SECURITY ADVISOR                                   
For a complete archive of his InfoWorld columns visit   
http://www2.infoworld.com/cgi/component/columnarchive.wbs?column=swatch

INFOWORLD OPINIONS
Weekly commentary from the most trusted voices in 
IT at: http://www.infoworld.com/community/t_opinions.html

To join, or start, a discussion on this or any IT-related
topic, please visit our InfoWorld forums at 
http://forums.infoworld.com. Here you can interact and 
exchange ideas with InfoWorld staff and other readers.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - 
QUOTE OF THE DAY:

"What we are doing now I compare to the government's 'Best
of Breed' approach of the 1990s but with a little Viagra
added in."

--Mark Forman, director of IT and e-government within the
Bush administration's Office of Management and Budget,
explains to InfoWorld Senior Editor Jennifer Jones how the
current fed-wide IT revamp enhances an earlier policy.

http://iwsun4.infoworld.com/articles/hn/xml/01/08/03/010803hnforman.xml?080
9thse


- - - - - - - - - - - - - - - - - - - - - - - - - - - - 

SUBSCRIBE
To subscribe to any of InfoWorld's e-mail newsletters,
tell your friends and colleagues to go to:
http://www.iwsubscribe.com/newsletters/

To subscribe to InfoWorld.com, or InfoWorld Print,
or both, go to http://www.iwsubscribe.com

UNSUBSCRIBE
If you want to unsubscribe from InfoWorld's Newsletters,
go to http://iwsubscribe.com/newsletters/unsubscribe/

CHANGE E-MAIL
If you want to change the e-mail address where
you are receiving InfoWorld newsletters, go to
http://iwsubscribe.com/newsletters/adchange/

- - - - - - - - - - - - - - - - - - - - - - - - - - - - 

Must-Have Info for Can-Do Companies
Even in the new economy, small and medium-sized 
companies are the little engines that can and do power 
the economy. And they could no sooner do without 
information technology, and the savvy to use it wisely and 
well, than the Fortune 500. If that sounds like you and your
organization, InfoWorld's Small-Medium Business Report 
newsletter is your must-read weekly digest of technology 
and management stories you need to read. Subscribe now at
http://www.iwsubscribe.com/newsletters/

Advertising Sponsor - - - - - - - - - - - - - - - - - - 
FREE SECURITY GUIDE: Don't expose your company's deepest
secrets. Get all the in-depth knowledge you need to secure
your enterprise with NetIQ's FREE step-by-step security
guide - "Selecting The Right  Security Solution"- at:
http://www.netiq.com/sponsor/default.asp?263
Read it now before it's too late. NetIQ's security solutions
not only identify intruders, but ensure that threats don't
ever become incidents. NetIQ. Making your world secure
today. Making the world secure tomorrow.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - 

Copyright 2001 InfoWorld Media Group Inc.


----------------- End Forwarded Message -----------------


Peace,
------------------------------------------------------------------------
Edmund A. Hintz              **|**     "You may say I'm a dreamer,
Mac Techie, Linux Geek,     *  |  *      But I'm not the only one...
Mac/Linux Consultant       *  /|\  *     I hope someday you'll join us,
<ed at hintz.org>              */ | \*      And the world will live as one.
'78 Westy                    *****      Imagine."
                     http://www.hintz.org
------------------------------------------------------------------------

More information about the Free-sklyarov mailing list