[free-sklyarov] FW: Draft Bill on privacy/security -- requires certified security technologies in all devices]]
Jon O .
jono at microshaft.org
Sun Sep 9 21:20:35 PDT 2001
----- Forwarded message -----
To: it_union at lists.microshaft.org
Cc: dmca_discuss at lists.microshaft.org
Reply-To: "jono at networkcommand.com" <jono at microshaft.org>
Subject: [DMCA_discuss] Draft Bill on privacy/security -- requires certified security technologies in all devices]
Date: Sun, 9 Sep 2001 21:16:15 -0700
I just sent the email below to bugtraq, I'm not sure if the moderator will allow it, but
we'll see.
Anyway, as for what this law could do...I see it like the ID they were trying to
put on all Pentium III chips, but much, much worse.
See below. I didn't spell it out in this email to bugtraq, but here are some things
that need to be examined.
1. Companies make flawed, insecure software. There is no "Underwriters Labs" to
make sure they are not spying on you, stealing personal info or just putting
you at risk of a hack. That is why security and the research and pusuit of
it by anyone and everyone must be encouraged.
2. Researchers/engineers/hackers find vulnerbilities and publish them. The companies
then fix the holes and make stronger (hopefully) software. This law would
stop that because by researching a vulnerability you would also be tampering with
the "certified security technologies." There may be exemptions in this law, but
like the DMCA they probably won't work or be worth anything.
3. The law could do bad things to Open Source. Open Source is the opposite of
this type of law. It allows tweaking of code for *anything*, thereby again
removal of the "certified security technologies" would be very simple. Therefore,
Open Source/Linux/BSD would eat it.
4. Read this:
The Right to Read: Richard M. Stallman
http://www.gnu.org/philosophy/right-to-read.html
Take note about how the activities of the students are reported to Central Licensing.
Compare the Central Licensing idea with this:
SSSCA SECTION 102:
"An interactive computer service shall store and transmit with integrity any
security measure associated with certified security technologies that is used
in connection with copyrighted material or other protected content such service
transmits or stores."
Yes, please pick your jaw back up off the floor.
The very fact that they are even proposing this means we are in *VERY*
Big Trouble.
Now, I just quickly skimmed over the proposed bill so I could be way off,
also I am not a lawyer. Anyway, feel free to pass this mail to anyone
and correct me where I may be misunderstanding something.
----- Forwarded message -----
Date: Sun, 9 Sep 2001 15:01:40 -0700
To: bugtraq at securityfocus.com
Subject: Draft Bill on privacy/security -- requires certified security technologies in all devices
Bugtraq:
I know some of the recent issues surrounding certain laws (DMCA) and copyright
"enhancements" are a departure from certain pretenses of this list. However,
as you probably already have found they are very relevant to our field and
may even begin influencing our work.
There is a new draft Bill created by Senator Hollings (SC) which would require
"certified security technologies" approved by the federal government in all
new "interactive digital devices." Of course this is all being done under the
pretense of protecting companies from piracy, etc.
The draft Bill is being called The Security Systems Standards and Certification Act
(SSSCA)
Here are some quotes of the exact verbage (quoted under fair use):
SEC. 101. PROHIBITION OF CERTAIN DEVICES
(a) IN GENERAL.--It is unlawful to manufacture, import, offer to the public,
provide or otherwise traffic in any interactive digital device that does not
include and utilize certified security technologies that adhere to the security
systems standards adopted under section 104.
...
SEC. 102. PRESERVATION OF THE INTEGRITY OF SECURITY.
An interactive computer service shall store and transmit with integrity any
security measure associated with certified security technologies that is used
in connection with copyrighted material or other protected content such service
transmits or stores.
As a bugtraq reader I'm sure you can understand the implications of this
type of law. Your PC has become a copyright enforcement tool and these
provisions above may have implications for Open Source development activities.
The bill itself can be reviewed here:
http://cryptome.org/sssca.htm
More information can be found here:
http://216.110.42.179/docs/hollings.090701.html
http://www.anti-dmca.org
Thanks,
Jon
________________________________
Mathematicians speak in Symbols.
Deaf people speak with their Hands.
Programmers speak in Code.
----- End forwarded message -----
_______________________________________________
------------------------
http://www.anti-dmca.org
------------------------
DMCA_discuss mailing list
DMCA_discuss at lists.microshaft.org
http://lists.microshaft.org/mailman/listinfo/dmca_discuss
----- End forwarded message -----
More information about the Free-sklyarov
mailing list