[free-sklyarov] Linux update withholds security info on DMCA terror
Kenneth Burger
krburger at burger-family.org
Fri Nov 2 16:22:18 PST 2001
There's a problem with the idea that we should allow large corporations to
get away with this though. The only way to change the law is to challenge
it. Yes, sometimes it requires people to be put in a position they rather
would not be in, i.e. jail, which is why I'm not suggesting that Alan should
put himself in that position, but the fact of the matter is that there are
plenty of people who would be willing to do such and they should be allowed
to do so. The leader of the foundation should not prevent it from being
posted on the site, nor forbid it from being discussed. Like I said, if
people will send me the security flaws that were fixed I will post them.
If I get arrested, so be it. I'll be happy to know that at least the time I
spend in jail is for a good, just, and worthy cause. I'd rather do that
than rot my life away doing what I'm doing now anyways. There is such a
thing as the greater good you know, and sometimes you have to sacrifice to
obtain it. Freedom is the greater good and this is about freedom. The
freedom to speak without fear of imprisonment. The freedom to share
information is vital to the foundation of our country, and if America is to
be the beacon of freedom in the world, and we lose that freedom, then I will
be ashamed to call myself an American.
----- Original Message -----
From: "Jon O ." <jono at microshaft.org>
To: "Kenneth Burger" <krburger at burger-family.org>
Cc: "ascott" <ascott at tathata.org>; <free-sklyarov at zork.net>
Sent: Friday, November 02, 2001 6:29 PM
Subject: Re: [free-sklyarov] Linux update withholds security info on DMCA
terror
>
> Don't forget Kenneth, Alan resigned from his USENIX post very soon after
> Sklyarov was arrested. Other people are being threatened, having websites
> taken down, etc. I'm sure there is no real risk to Alan or anyone else. Or
> am I?
>
> Is Alan punishing Linux users and maintainers or are the corporations,
> government and others who support the law? Alan is merely attempting to
> protect linux, comply with and follow a law that is being thrown about in
the interest
> of corporate welfare and true R&D.
>
> He knows the DMCA is a pick and choose, selective enforcement type law.
> It's written that way. See a DMCA voilation and report it. Linux isn't
> going to get anyone claiming DMCA issues, but device drivers, kernel
> things, other applications which interface with a possibly hostile
> vendor may cause problems.
>
> You are aksing people to change their organisations based on the needs
> of these hostile vendors and a bad law. That's bogus. Linux kernel
> developers shouldn't have to worry about this type of crap and you
> shouldn't support and suggest it. They should not have to fear coming
> to the US and the fact that you don't see that scares me also.
>
>
>
>
>
> On 02-Nov-2001, Kenneth Burger wrote:
> > I didn't say he should step down from development. I said he should
step
> > down from his leadership position. Leaders should not be cowards.
There's
> > plenty of people who are qualified to lead this project who are not so
> > cowardly as to censor their own security fixes to prevent themselves
from
> > being jailed even though such a possibility is remote at best. I'm not
> > qualified because my dev skills suck as compared to the actual kernel
> > development team, but there are plenty of people on the team who do.
Alan's
> > not American, but he's still letting this get to him. Turn control over
to
> > someone else in Europe who will likely never set foot in the US.
> >
> > ----- Original Message -----
> > From: "ascott" <ascott at tathata.org>
> > To: <free-sklyarov at zork.net>
> > Sent: Friday, November 02, 2001 8:50 AM
> > Subject: Re: [free-sklyarov] Linux update withholds security info on
DMCA
> > terror
> >
> >
> > > Maybe we should tell Alan that he should not worry and, citing the
recent
> > > appeals court decision to "overturn the order that barred hundreds of
> > > people from publishing" DeCSS code, since it has been found to be an
> > > expression of speech
> > > (http://news.cnet.com/news/0-1005-200-7751876.html), that his security
> > > fixes, updates, conversations and documentation will be covered under
our
> > > country's First Ammendment to our Constitution which allows him to
share
> > > this info freely and protects this freedom specifically.
> > >
> > > The last thing that I want to see is Alan Cox step down from kernel
> > > developement. Surely, you jest.
> > >
> > > I hope that this recent turn of events for DeCSS help in Dmitry's
case, as
> > > well.
> > >
> > > see
> > >
> >
http://www.eff.org/IP/Video/DVDCCA_case/20011101_bunner_appellate_decision.h
> > tml
> > >
> > > Here's the crux.
> > >
> > > "Like the CSS decryption software, DeCSS is a writing composed of
computer
> > > source code which describes an alternative method of decrypting
> > > CSSencrypted DVDs. Regardless of who authored the program, DeCSS is a
> > > written expression of the author's ideas and information about
decryption
> > > of DVDs without CSS. If the source code were "compiled" to create
object
> > > code, we would agree that the resulting composition of zeroes and ones
> > > would not convey ideas. (See generally Junger v. Daley, supra, 209
F.3d at
> > > pp.482483.) That the source code is capable of such compilation,
however,
> > > does not destroy the expressive nature of the source code itself.
Thus, we
> > > conclude that the trial court's preliminary injunction barring Bunner
from
> > > disclosing DeCSS can fairly be characterized as a prohibition of
"pure"
> > > speech. "
> > >
> > > While I know this is not a complete win (or is it? I'm not sure.), I
feel
> > > that it is a major turning point toward possibly getting it right,
none
> > > the less. In fact, it may have been the first bit of good news I've
read
> > > all month and I would certainly like to read more of it.
> > >
> > > Most Sincerely,
> > >
> > > -Andrew
> > >
> > >
> > > On Fri, 2 Nov 2001, Kenneth Burger wrote:
> > >
> > > > I read about this on Slashdot awhile ago. My response to it will
likely
> > > > piss several people off, but I feel it's necessary. Alan Cox is
either
> > > > using us as martyrs for his cause or he's a coward. If it's the
first
> > then
> > > > he's violated our trust and also everything open source stands for.
If
> > the
> > > > second, then he needs to get a law degree or at least learn
something
> > about
> > > > the law as well as get a backbone. I am publicly calling upon Alan
Cox
> > to
> > > > step down as second in command for Linux kernel development. His
> > political
> > > > agenda has clouded his views as a developer and I believe now is the
> > time
> > > > for him to pass the torch onto somebody who isn't a coward. If he
> > continues
> > > > to withhold security updates from us I will boycott the Linux
operating
> > > > system in response and I call upon other Americans to do the same.
Even
> > > > Microsoft and Novell release the details about their security
updates.
> > The
> > > > security of my data is very important to me as an administrator and
a
> > > > programmer. Not releasing security update info takes away our
ability
> > as
> > > > developers to look for related faults elsewhere in the source code
which
> > > > others may have missed. I wish it didn't have to come down to this,
but
> > > > when I joined the open-source movement it was in the hope that I
could
> > > > escape M$'s and other large companies political agendas. This is
> > apparently
> > > > no longer the case.
> > > > ----- Original Message -----
> > > > From: "Vladimir Katalov" <vkatalov at elcomsoft.com>
> > > > To: <free-sklyarov at zork.net>
> > > > Sent: Friday, November 02, 2001 6:52 AM
> > > > Subject: [free-sklyarov] Linux update withholds security info on
DMCA
> > terror
> > > >
> > > >
> > > > >
> > > > > http://www.theregister.co.uk/content/4/22536.html
> > > > > http://www.securityfocus.com/news/274
> > > > >
> > > > > Citing a controversial U.S. copyright law, a top Linux developer
> > > > > announced this week that Americans would not be given details
about
> > > > > the security fixes in an update to the open source operating
system, a
> > > > > first for a software development community that prides itself on
> > > > > transparency.
> > > > >
> > > > > An update to version 2.2 of the Linux kernel, an older version of
> > > > > Linux that's still in wide use, was released Monday, conspicuously
> > > > > shorn of information about a number of security holes patched in
the
> > > > > software.
> > > > >
> > > > > In an email to a Linux developer's mailing list, U.K.-based Linux
guru
> > > > > Alan Cox wrote that the self-censorship was necessary to avoid
running
> > > > > afoul of the U.S. Digital Millennium Copyright Act (DMCA), a law
that
> > > > > makes it a crime to create or distribute software "primarily
designed"
> > > > > to circumvent a copy protection scheme.
> > > > >
> > > > > Cox controls the 2.2 release, and is generally considered Linux's
> > > > > second-in-command after creator Linus Torvalds.
> > > > >
> > > > > The DMCA has been under fire from computer programmers and
electronic
> > > > > civil libertarians who argue that it is an unconstitutional
> > > > > impingement on speech, and interferes with consumers' traditional
> > > > > right to make personal copies of books, movies and music that
they've
> > > > > purchased.
> > > > >
> > > > > In July, the first criminal prosecution under the Act kicked-off
with
> > > > > FBI agents arresting Dmitry Sklyarov, a Russian computer
programmer
> > > > > who was visiting the U.S. to give a talk at a security conference.
> > > > > Sklyarov is the author of a computer program that cracks the copy
> > > > > protection scheme used by Adobe Systems' eBook software.
> > > > >
> > > > > "With luck, the Sklyarov case will see that overturned on
> > constitutional
> > > > grounds," Cox wrote on the list. "Until then U.S. citizens will have
to
> > > > guess about security issues."
> > > > >
> > > > > America Boycotted
> > > > > But U.S. Linux developers and users suspect Cox of using them to
carry
> > > > > a political message.
> > > > >
> > > > > "My personal belief is that certain people are using this as an
excuse
> > > > > to draw attention to the dangers inherent in the DMCA," says
> > > > > Birmingham system administrator Wayne Brown. "I'm sympathetic to
their
> > > > > efforts, but not at all happy that people who need access to this
> > > > > information will be denied just to make a point... It seems to me
to
> > > > > be contrary to the whole spirit of free software development."
> > > > >
> > > > > "I still think this is an extremist view of the DMCA," wrote U.S.
> > > > > Linux developer Tom Sightler, in a post to the developer's list.
"I
> > > > > don't see where it keeps you from posting information about
security
> > > > > fixes to your own code."
> > > > >
> > > > > Cox didn't respond to a reporter's inquiry, but on the mailing
list,
> > > > > he wrote that the new closed policy was necessary because Linux's
> > > > > standard security features may be used for "rights management" of
> > > > > copyrighted work. He declined to elaborate further "on a list that
> > > > > reaches U.S. citizens."
> > > > >
> > > > > The programmer plans to post Linux security information
exclusively on
> > > > > a Web site that will block access from the U.S.
> > > > >
> > > > > Despite Cox's fears, describing security holes or patches in Linux
> > > > > doesn't violate the DMCA, because the information isn't primarily
> > > > > designed for the purpose of circumvention, says attorney Jennifer
> > > > > Granick, director of the Stanford Law School's Law and Technology
> > > > > Clinic.
> > > > >
> > > > > "He seems to be assuming that the DMCA prohibits discussion about
any
> > > > > kind of security, and that's not what it does," says Granick. "The
> > > > > DMCA is bad, but it's not that bad."
> > > > >
> > > > > "Part of the problem with the DMCA is it doesn't make intuitive se
nse
> > > > > to people who are practicing in this field, so even after reading
the
> > > > > statute, people don't understand exactly what they are or aren't
> > > > > allowed to do," says Granick.
> > > > >
> > > > >
> > > > > _______________________________________________
> > > > > free-sklyarov mailing list
> > > > > free-sklyarov at zork.net
> > > > > http://zork.net/mailman/listinfo/free-sklyarov
> > > > >
> > > >
> > > >
> > > > _______________________________________________
> > > > free-sklyarov mailing list
> > > > free-sklyarov at zork.net
> > > > http://zork.net/mailman/listinfo/free-sklyarov
> > > >
> > >
> > >
> > > _______________________________________________
> > > free-sklyarov mailing list
> > > free-sklyarov at zork.net
> > > http://zork.net/mailman/listinfo/free-sklyarov
> > >
> >
> >
> > _______________________________________________
> > free-sklyarov mailing list
> > free-sklyarov at zork.net
> > http://zork.net/mailman/listinfo/free-sklyarov
>
> _______________________________________________
> free-sklyarov mailing list
> free-sklyarov at zork.net
> http://zork.net/mailman/listinfo/free-sklyarov
>
----- Original Message -----
From: "Jon O ." <jono at microshaft.org>
To: "Kenneth Burger" <krburger at burger-family.org>
Cc: "ascott" <ascott at tathata.org>; <free-sklyarov at zork.net>
Sent: Friday, November 02, 2001 6:29 PM
Subject: Re: [free-sklyarov] Linux update withholds security info on DMCA
terror
>
> Don't forget Kenneth, Alan resigned from his USENIX post very soon after
> Sklyarov was arrested. Other people are being threatened, having websites
> taken down, etc. I'm sure there is no real risk to Alan or anyone else. Or
> am I?
>
> Is Alan punishing Linux users and maintainers or are the corporations,
> government and others who support the law? Alan is merely attempting to
> protect linux, comply with and follow a law that is being thrown about in
the interest
> of corporate welfare and true R&D.
>
> He knows the DMCA is a pick and choose, selective enforcement type law.
> It's written that way. See a DMCA voilation and report it. Linux isn't
> going to get anyone claiming DMCA issues, but device drivers, kernel
> things, other applications which interface with a possibly hostile
> vendor may cause problems.
>
> You are aksing people to change their organisations based on the needs
> of these hostile vendors and a bad law. That's bogus. Linux kernel
> developers shouldn't have to worry about this type of crap and you
> shouldn't support and suggest it. They should not have to fear coming
> to the US and the fact that you don't see that scares me also.
>
>
>
>
>
> On 02-Nov-2001, Kenneth Burger wrote:
> > I didn't say he should step down from development. I said he should
step
> > down from his leadership position. Leaders should not be cowards.
There's
> > plenty of people who are qualified to lead this project who are not so
> > cowardly as to censor their own security fixes to prevent themselves
from
> > being jailed even though such a possibility is remote at best. I'm not
> > qualified because my dev skills suck as compared to the actual kernel
> > development team, but there are plenty of people on the team who do.
Alan's
> > not American, but he's still letting this get to him. Turn control over
to
> > someone else in Europe who will likely never set foot in the US.
> >
> > ----- Original Message -----
> > From: "ascott" <ascott at tathata.org>
> > To: <free-sklyarov at zork.net>
> > Sent: Friday, November 02, 2001 8:50 AM
> > Subject: Re: [free-sklyarov] Linux update withholds security info on
DMCA
> > terror
> >
> >
> > > Maybe we should tell Alan that he should not worry and, citing the
recent
> > > appeals court decision to "overturn the order that barred hundreds of
> > > people from publishing" DeCSS code, since it has been found to be an
> > > expression of speech
> > > (http://news.cnet.com/news/0-1005-200-7751876.html), that his security
> > > fixes, updates, conversations and documentation will be covered under
our
> > > country's First Ammendment to our Constitution which allows him to
share
> > > this info freely and protects this freedom specifically.
> > >
> > > The last thing that I want to see is Alan Cox step down from kernel
> > > developement. Surely, you jest.
> > >
> > > I hope that this recent turn of events for DeCSS help in Dmitry's
case, as
> > > well.
> > >
> > > see
> > >
> >
http://www.eff.org/IP/Video/DVDCCA_case/20011101_bunner_appellate_decision.h
> > tml
> > >
> > > Here's the crux.
> > >
> > > "Like the CSS decryption software, DeCSS is a writing composed of
computer
> > > source code which describes an alternative method of decrypting
> > > CSSencrypted DVDs. Regardless of who authored the program, DeCSS is a
> > > written expression of the author's ideas and information about
decryption
> > > of DVDs without CSS. If the source code were "compiled" to create
object
> > > code, we would agree that the resulting composition of zeroes and ones
> > > would not convey ideas. (See generally Junger v. Daley, supra, 209
F.3d at
> > > pp.482483.) That the source code is capable of such compilation,
however,
> > > does not destroy the expressive nature of the source code itself.
Thus, we
> > > conclude that the trial court's preliminary injunction barring Bunner
from
> > > disclosing DeCSS can fairly be characterized as a prohibition of
"pure"
> > > speech. "
> > >
> > > While I know this is not a complete win (or is it? I'm not sure.), I
feel
> > > that it is a major turning point toward possibly getting it right,
none
> > > the less. In fact, it may have been the first bit of good news I've
read
> > > all month and I would certainly like to read more of it.
> > >
> > > Most Sincerely,
> > >
> > > -Andrew
> > >
> > >
> > > On Fri, 2 Nov 2001, Kenneth Burger wrote:
> > >
> > > > I read about this on Slashdot awhile ago. My response to it will
likely
> > > > piss several people off, but I feel it's necessary. Alan Cox is
either
> > > > using us as martyrs for his cause or he's a coward. If it's the
first
> > then
> > > > he's violated our trust and also everything open source stands for.
If
> > the
> > > > second, then he needs to get a law degree or at least learn
something
> > about
> > > > the law as well as get a backbone. I am publicly calling upon Alan
Cox
> > to
> > > > step down as second in command for Linux kernel development. His
> > political
> > > > agenda has clouded his views as a developer and I believe now is the
> > time
> > > > for him to pass the torch onto somebody who isn't a coward. If he
> > continues
> > > > to withhold security updates from us I will boycott the Linux
operating
> > > > system in response and I call upon other Americans to do the same.
Even
> > > > Microsoft and Novell release the details about their security
updates.
> > The
> > > > security of my data is very important to me as an administrator and
a
> > > > programmer. Not releasing security update info takes away our
ability
> > as
> > > > developers to look for related faults elsewhere in the source code
which
> > > > others may have missed. I wish it didn't have to come down to this,
but
> > > > when I joined the open-source movement it was in the hope that I
could
> > > > escape M$'s and other large companies political agendas. This is
> > apparently
> > > > no longer the case.
> > > > ----- Original Message -----
> > > > From: "Vladimir Katalov" <vkatalov at elcomsoft.com>
> > > > To: <free-sklyarov at zork.net>
> > > > Sent: Friday, November 02, 2001 6:52 AM
> > > > Subject: [free-sklyarov] Linux update withholds security info on
DMCA
> > terror
> > > >
> > > >
> > > > >
> > > > > http://www.theregister.co.uk/content/4/22536.html
> > > > > http://www.securityfocus.com/news/274
> > > > >
> > > > > Citing a controversial U.S. copyright law, a top Linux developer
> > > > > announced this week that Americans would not be given details
about
> > > > > the security fixes in an update to the open source operating
system, a
> > > > > first for a software development community that prides itself on
> > > > > transparency.
> > > > >
> > > > > An update to version 2.2 of the Linux kernel, an older version of
> > > > > Linux that's still in wide use, was released Monday, conspicuously
> > > > > shorn of information about a number of security holes patched in
the
> > > > > software.
> > > > >
> > > > > In an email to a Linux developer's mailing list, U.K.-based Linux
guru
> > > > > Alan Cox wrote that the self-censorship was necessary to avoid
running
> > > > > afoul of the U.S. Digital Millennium Copyright Act (DMCA), a law
that
> > > > > makes it a crime to create or distribute software "primarily
designed"
> > > > > to circumvent a copy protection scheme.
> > > > >
> > > > > Cox controls the 2.2 release, and is generally considered Linux's
> > > > > second-in-command after creator Linus Torvalds.
> > > > >
> > > > > The DMCA has been under fire from computer programmers and
electronic
> > > > > civil libertarians who argue that it is an unconstitutional
> > > > > impingement on speech, and interferes with consumers' traditional
> > > > > right to make personal copies of books, movies and music that
they've
> > > > > purchased.
> > > > >
> > > > > In July, the first criminal prosecution under the Act kicked-off
with
> > > > > FBI agents arresting Dmitry Sklyarov, a Russian computer
programmer
> > > > > who was visiting the U.S. to give a talk at a security conference.
> > > > > Sklyarov is the author of a computer program that cracks the copy
> > > > > protection scheme used by Adobe Systems' eBook software.
> > > > >
> > > > > "With luck, the Sklyarov case will see that overturned on
> > constitutional
> > > > grounds," Cox wrote on the list. "Until then U.S. citizens will have
to
> > > > guess about security issues."
> > > > >
> > > > > America Boycotted
> > > > > But U.S. Linux developers and users suspect Cox of using them to
carry
> > > > > a political message.
> > > > >
> > > > > "My personal belief is that certain people are using this as an
excuse
> > > > > to draw attention to the dangers inherent in the DMCA," says
> > > > > Birmingham system administrator Wayne Brown. "I'm sympathetic to
their
> > > > > efforts, but not at all happy that people who need access to this
> > > > > information will be denied just to make a point... It seems to me
to
> > > > > be contrary to the whole spirit of free software development."
> > > > >
> > > > > "I still think this is an extremist view of the DMCA," wrote U.S.
> > > > > Linux developer Tom Sightler, in a post to the developer's list.
"I
> > > > > don't see where it keeps you from posting information about
security
> > > > > fixes to your own code."
> > > > >
> > > > > Cox didn't respond to a reporter's inquiry, but on the mailing
list,
> > > > > he wrote that the new closed policy was necessary because Linux's
> > > > > standard security features may be used for "rights management" of
> > > > > copyrighted work. He declined to elaborate further "on a list that
> > > > > reaches U.S. citizens."
> > > > >
> > > > > The programmer plans to post Linux security information
exclusively on
> > > > > a Web site that will block access from the U.S.
> > > > >
> > > > > Despite Cox's fears, describing security holes or patches in Linux
> > > > > doesn't violate the DMCA, because the information isn't primarily
> > > > > designed for the purpose of circumvention, says attorney Jennifer
> > > > > Granick, director of the Stanford Law School's Law and Technology
> > > > > Clinic.
> > > > >
> > > > > "He seems to be assuming that the DMCA prohibits discussion about
any
> > > > > kind of security, and that's not what it does," says Granick. "The
> > > > > DMCA is bad, but it's not that bad."
> > > > >
> > > > > "Part of the problem with the DMCA is it doesn't make intuitive
sense
> > > > > to people who are practicing in this field, so even after reading
the
> > > > > statute, people don't understand exactly what they are or aren't
> > > > > allowed to do," says Granick.
> > > > >
> > > > >
> > > > > _______________________________________________
> > > > > free-sklyarov mailing list
> > > > > free-sklyarov at zork.net
> > > > > http://zork.net/mailman/listinfo/free-sklyarov
> > > > >
> > > >
> > > >
> > > > _______________________________________________
> > > > free-sklyarov mailing list
> > > > free-sklyarov at zork.net
> > > > http://zork.net/mailman/listinfo/free-sklyarov
> > > >
> > >
> > >
> > > _______________________________________________
> > > free-sklyarov mailing list
> > > free-sklyarov at zork.net
> > > http://zork.net/mailman/listinfo/free-sklyarov
> > >
> >
> >
> > _______________________________________________
> > free-sklyarov mailing list
> > free-sklyarov at zork.net
> > http://zork.net/mailman/listinfo/free-sklyarov
>
> _______________________________________________
> free-sklyarov mailing list
> free-sklyarov at zork.net
> http://zork.net/mailman/listinfo/free-sklyarov
>
More information about the Free-sklyarov
mailing list