[free-sklyarov] A reply from amyg@publishers.org

[Julian T. J. Midgley]

Please note that in my response below, I chose deliberately to ignore my
belief that it is practically impossible to create a perfectly secure
copyright protection mechanism.

---------- Forwarded message ----------
Date: Fri, 27 Jul 2001 16:10:09 +0100 (BST)
From: Julian T. J. Midgley <jtjm at xenoclast.org>
To: Amy Gwiazdowski <amyg at publishers.org>
Subject: Your analogy with encryption mechanisms

>
> In response to those who attempt to justify circumventing, or trafficking in
> devices that circumvent, encryption and other technological measures that
> protect copyright in the digital environment,  AAP urges them to carefully
> consider how their arguments would apply to precisely the same activities in
> connection with encryption and other technological measures used to protect
> privacy in that same environment.

Dear Ms Gwiazdowski,

I am afraid you choose a very poor analogy indeed.  As those who work in
the computer security community are very well aware, it is standard
practice to encourage people to analyse and attempt to circumvent
encryption algorithms.  Careful peer review is the only way to ensure that
an encryption algorithm is in fact secure.

On those occasions (and there have been many of them), when researchers,
crackers or others have discovered bugs in encryption algorithms that
allow them to be circumvented, it is usual practice for the bugs to be
announced publically, in order that:

a) Those using the algorithm know that it is not secure, and that they
should therefore no longer trust it.

b) Those who created the algorithm can revisit it, and improve it such
that the bug no longer exists.

In some cases, those who announce the bug in the algorithm also publish
code that can be used to circumvent it.  To the best of my knowledge, no
one has ever been arrested for writing such code, nor would security
researchers wish anyone to be.  I am not even aware of a law under which
such a person could possibly be arrested (even if they were to sell their
encryption circumvention mechanism for profit).

If those who announce weaknesses in cryptographic protocols and algorithms
to the world were to be subject to trial and imprisonment in the same way
that those who announce weaknesses in copyright protection mechanisms can
be, then I can guarantee that we would have nothing but weak and buggy
encryption technology.

Similarly, as someone considering publishing books in electronic format, I
should like to know that there are free and open forums for the discussion
of bugs in copyright protection mechanisms, so that when I choose to
publish a book, I can use a product that is known to be secure.  If
instead, those who discuss the flaws in copyright protection mechanisms
stand to be imprisoned for so doing (or are threatened with legal action
as Professor Felten was in the SDMI case), then it is virtually certain
that none of the protection mechanisms on the market will be secure.

Furthermore the DMCA threatens the right to fair-use of copyrighted
material by allowing publishers to use copyright protection mechanisms
that prevent fair use, and forbidding others from creating software that
enables fair use of those documents.

The AAP's stance on the DMCA harms the authors of electronic books, rather
than assisting them, and I look forward to the AAP revising its opinions
(I hope also that the AAP will cease to imply that its view is that of its
members, since several of these members have now publically stated their
opposition to the DMCA, as you must be aware).

Regards,

Julian Midgley

-- 
Julian T. J. Midgley BA (Cantab)        http://www.xenoclast.org
Cambridge, England.                       PGP Key ID: 0xBCC7863F