[free-sklyarov] Linux update withholds security info on DMCA terror

Kenneth Burger krburger at burger-family.org
Fri Nov 2 15:18:49 PST 2001


I didn't say he should step down from development.  I said he should step
down from his leadership position.  Leaders should not be cowards.  There's
plenty of people who are qualified to lead this project who are not so
cowardly as to censor their own security fixes to prevent themselves from
being jailed even though such a possibility is remote at best.  I'm not
qualified because my dev skills suck as compared to the actual kernel
development team, but there are plenty of people on the team who do.  Alan's
not American, but he's still letting this get to him.  Turn control over to
someone else in Europe who will likely never set foot in the US.

----- Original Message -----
From: "ascott" <ascott at tathata.org>
To: <free-sklyarov at zork.net>
Sent: Friday, November 02, 2001 8:50 AM
Subject: Re: [free-sklyarov] Linux update withholds security info on DMCA
terror


> Maybe we should tell Alan that he should not worry and, citing the recent
> appeals court decision to "overturn the order that barred hundreds of
> people from publishing" DeCSS code, since it has been found to be an
> expression of speech
> (http://news.cnet.com/news/0-1005-200-7751876.html), that his security
> fixes, updates, conversations and documentation will be covered under our
> country's First Ammendment to our Constitution which allows him to share
> this info freely and protects this freedom specifically.
>
> The last thing that I want to see is Alan Cox step down from kernel
> developement.  Surely, you jest.
>
> I hope that this recent turn of events for DeCSS help in Dmitry's case, as
> well.
>
> see
>
http://www.eff.org/IP/Video/DVDCCA_case/20011101_bunner_appellate_decision.h
tml
>
> Here's the crux.
>
> "Like the CSS decryption software, DeCSS is a writing composed of computer
> source code which describes an alternative method of decrypting
> CSSencrypted DVDs.  Regardless of who authored the program, DeCSS is a
> written expression of the author's ideas and information about decryption
> of DVDs without CSS. If the source code were "compiled" to create object
> code, we would agree that the resulting composition of zeroes and ones
> would not convey ideas. (See generally Junger v. Daley, supra, 209 F.3d at
> pp.482483.) That the source code is capable of such compilation, however,
> does not destroy the expressive nature of the source code itself. Thus, we
> conclude that the trial court's preliminary injunction barring Bunner from
> disclosing DeCSS can fairly be characterized as a prohibition of "pure"
> speech. "
>
> While I know this is not a complete win (or is it?  I'm not sure.), I feel
> that it is a major turning point toward possibly getting it right, none
> the less.  In fact, it may have been the first bit of good news I've read
> all month and I would certainly like to read more of it.
>
> Most Sincerely,
>
> -Andrew
>
>
> On Fri, 2 Nov 2001, Kenneth Burger wrote:
>
> > I read about this on Slashdot awhile ago.  My response to it will likely
> > piss several people off, but I feel it's necessary.  Alan Cox is either
> > using us as martyrs for his cause or he's a coward.  If it's the first
then
> > he's violated our trust and also everything open source stands for.  If
the
> > second, then he needs to get a law degree or at least learn something
about
> > the law as well as get a backbone.  I am publicly calling upon Alan Cox
to
> > step down as second in command for Linux kernel development.  His
political
> > agenda has clouded his views as a developer and I believe now is the
time
> > for him to pass the torch onto somebody who isn't a coward.  If he
continues
> > to withhold security updates from us I will boycott the Linux operating
> > system in response and I call upon other Americans to do the same.  Even
> > Microsoft and Novell release the details about their security updates.
The
> > security of my data is very important to me as an administrator and a
> > programmer.  Not releasing security update info takes away our ability
as
> > developers to look for related faults elsewhere in the source code which
> > others may have missed.  I wish it didn't have to come down to this, but
> > when I joined the open-source movement it was in the hope that I could
> > escape M$'s and other large companies political agendas.  This is
apparently
> > no longer the case.
> > ----- Original Message -----
> > From: "Vladimir Katalov" <vkatalov at elcomsoft.com>
> > To: <free-sklyarov at zork.net>
> > Sent: Friday, November 02, 2001 6:52 AM
> > Subject: [free-sklyarov] Linux update withholds security info on DMCA
terror
> >
> >
> > >
> > > http://www.theregister.co.uk/content/4/22536.html
> > > http://www.securityfocus.com/news/274
> > >
> > > Citing a controversial U.S. copyright law, a top Linux developer
> > > announced this week that Americans would not be given details about
> > > the security fixes in an update to the open source operating system, a
> > > first for a software development community that prides itself on
> > > transparency.
> > >
> > > An update to version 2.2 of the Linux kernel, an older version of
> > > Linux that's still in wide use, was released Monday, conspicuously
> > > shorn of information about a number of security holes patched in the
> > > software.
> > >
> > > In an email to a Linux developer's mailing list, U.K.-based Linux guru
> > > Alan Cox wrote that the self-censorship was necessary to avoid running
> > > afoul of the U.S. Digital Millennium Copyright Act (DMCA), a law that
> > > makes it a crime to create or distribute software "primarily designed"
> > > to circumvent a copy protection scheme.
> > >
> > > Cox controls the 2.2 release, and is generally considered Linux's
> > > second-in-command after creator Linus Torvalds.
> > >
> > > The DMCA has been under fire from computer programmers and electronic
> > > civil libertarians who argue that it is an unconstitutional
> > > impingement on speech, and interferes with consumers' traditional
> > > right to make personal copies of books, movies and music that they've
> > > purchased.
> > >
> > > In July, the first criminal prosecution under the Act kicked-off with
> > > FBI agents arresting Dmitry Sklyarov, a Russian computer programmer
> > > who was visiting the U.S. to give a talk at a security conference.
> > > Sklyarov is the author of a computer program that cracks the copy
> > > protection scheme used by Adobe Systems' eBook software.
> > >
> > > "With luck, the Sklyarov case will see that overturned on
constitutional
> > grounds," Cox wrote on the list. "Until then U.S. citizens will have to
> > guess about security issues."
> > >
> > > America Boycotted
> > > But U.S. Linux developers and users suspect Cox of using them to carry
> > > a political message.
> > >
> > > "My personal belief is that certain people are using this as an excuse
> > > to draw attention to the dangers inherent in the DMCA," says
> > > Birmingham system administrator Wayne Brown. "I'm sympathetic to their
> > > efforts, but not at all happy that people who need access to this
> > > information will be denied just to make a point... It seems to me to
> > > be contrary to the whole spirit of free software development."
> > >
> > > "I still think this is an extremist view of the DMCA," wrote U.S.
> > > Linux developer Tom Sightler, in a post to the developer's list. "I
> > > don't see where it keeps you from posting information about security
> > > fixes to your own code."
> > >
> > > Cox didn't respond to a reporter's inquiry, but on the mailing list,
> > > he wrote that the new closed policy was necessary because Linux's
> > > standard security features may be used for "rights management" of
> > > copyrighted work. He declined to elaborate further "on a list that
> > > reaches U.S. citizens."
> > >
> > > The programmer plans to post Linux security information exclusively on
> > > a Web site that will block access from the U.S.
> > >
> > > Despite Cox's fears, describing security holes or patches in Linux
> > > doesn't violate the DMCA, because the information isn't primarily
> > > designed for the purpose of circumvention, says attorney Jennifer
> > > Granick, director of the Stanford Law School's Law and Technology
> > > Clinic.
> > >
> > > "He seems to be assuming that the DMCA prohibits discussion about any
> > > kind of security, and that's not what it does," says Granick. "The
> > > DMCA is bad, but it's not that bad."
> > >
> > > "Part of the problem with the DMCA is it doesn't make intuitive sense
> > > to people who are practicing in this field, so even after reading the
> > > statute, people don't understand exactly what they are or aren't
> > > allowed to do," says Granick.
> > >
> > >
> > > _______________________________________________
> > > free-sklyarov mailing list
> > > free-sklyarov at zork.net
> > > http://zork.net/mailman/listinfo/free-sklyarov
> > >
> >
> >
> > _______________________________________________
> > free-sklyarov mailing list
> > free-sklyarov at zork.net
> > http://zork.net/mailman/listinfo/free-sklyarov
> >
>
>
> _______________________________________________
> free-sklyarov mailing list
> free-sklyarov at zork.net
> http://zork.net/mailman/listinfo/free-sklyarov
>





More information about the Free-sklyarov mailing list