[free-sklyarov] Linux update withholds security info on DMCA terror

Kenneth Burger krburger at burger-family.org
Fri Nov 2 16:22:02 PST 2001


----- Original Message -----
From: "Jon O ." <jono at microshaft.org>
To: "Kenneth Burger" <krburger at burger-family.org>
Cc: "ascott" <ascott at tathata.org>; <free-sklyarov at zork.net>
Sent: Friday, November 02, 2001 6:29 PM
Subject: Re: [free-sklyarov] Linux update withholds security info on DMCA
terror


>
> Don't forget Kenneth, Alan resigned from his USENIX post very soon after
> Sklyarov was arrested. Other people are being threatened, having websites
> taken down, etc. I'm sure there is no real risk to Alan or anyone else. Or
> am I?
>
> Is Alan punishing Linux users and maintainers or are the corporations,
> government and others who support the law? Alan is merely attempting to
> protect linux, comply with and follow a law that is being thrown about in
the interest
> of corporate welfare and true R&D.
>
> He knows the DMCA is a pick and choose, selective enforcement type law.
> It's written that way. See a DMCA voilation and report it. Linux isn't
> going to get anyone claiming DMCA issues, but device drivers, kernel
> things, other applications which interface with a possibly hostile
> vendor may cause problems.
>
> You are aksing people to change their organisations based on the needs
> of these hostile vendors and a bad law. That's bogus. Linux kernel
> developers shouldn't have to worry about this type of crap and you
> shouldn't support and suggest it. They should not have to fear coming
> to the US and the fact that you don't see that scares me also.
>
>
>
>
>
> On 02-Nov-2001, Kenneth Burger wrote:
> > I didn't say he should step down from development.  I said he should
step
> > down from his leadership position.  Leaders should not be cowards.
There's
> > plenty of people who are qualified to lead this project who are not so
> > cowardly as to censor their own security fixes to prevent themselves
from
> > being jailed even though such a possibility is remote at best.  I'm not
> > qualified because my dev skills suck as compared to the actual kernel
> > development team, but there are plenty of people on the team who do.
Alan's
> > not American, but he's still letting this get to him.  Turn control over
to
> > someone else in Europe who will likely never set foot in the US.
> >
> > ----- Original Message -----
> > From: "ascott" <ascott at tathata.org>
> > To: <free-sklyarov at zork.net>
> > Sent: Friday, November 02, 2001 8:50 AM
> > Subject: Re: [free-sklyarov] Linux update withholds security info on
DMCA
> > terror
> >
> >
> > > Maybe we should tell Alan that he should not worry and, citing the
recent
> > > appeals court decision to "overturn the order that barred hundreds of
> > > people from publishing" DeCSS code, since it has been found to be an
> > > expression of speech
> > > (http://news.cnet.com/news/0-1005-200-7751876.html), that his security
> > > fixes, updates, conversations and documentation will be covered under
our
> > > country's First Ammendment to our Constitution which allows him to
share
> > > this info freely and protects this freedom specifically.
> > >
> > > The last thing that I want to see is Alan Cox step down from kernel
> > > developement.  Surely, you jest.
> > >
> > > I hope that this recent turn of events for DeCSS help in Dmitry's
case, as
> > > well.
> > >
> > > see
> > >
> >
http://www.eff.org/IP/Video/DVDCCA_case/20011101_bunner_appellate_decision.h
> > tml
> > >
> > > Here's the crux.
> > >
> > > "Like the CSS decryption software, DeCSS is a writing composed of
computer
> > > source code which describes an alternative method of decrypting
> > > CSSencrypted DVDs.  Regardless of who authored the program, DeCSS is a
> > > written expression of the author's ideas and information about
decryption
> > > of DVDs without CSS. If the source code were "compiled" to create
object
> > > code, we would agree that the resulting composition of zeroes and ones
> > > would not convey ideas. (See generally Junger v. Daley, supra, 209
F.3d at
> > > pp.482483.) That the source code is capable of such compilation,
however,
> > > does not destroy the expressive nature of the source code itself.
Thus, we
> > > conclude that the trial court's preliminary injunction barring Bunner
from
> > > disclosing DeCSS can fairly be characterized as a prohibition of
"pure"
> > > speech. "
> > >
> > > While I know this is not a complete win (or is it?  I'm not sure.), I
feel
> > > that it is a major turning point toward possibly getting it right,
none
> > > the less.  In fact, it may have been the first bit of good news I've
read
> > > all month and I would certainly like to read more of it.
> > >
> > > Most Sincerely,
> > >
> > > -Andrew
> > >
> > >
> > > On Fri, 2 Nov 2001, Kenneth Burger wrote:
> > >
> > > > I read about this on Slashdot awhile ago.  My response to it will
likely
> > > > piss several people off, but I feel it's necessary.  Alan Cox is
either
> > > > using us as martyrs for his cause or he's a coward.  If it's the
first
> > then
> > > > he's violated our trust and also everything open source stands for.
If
> > the
> > > > second, then he needs to get a law degree or at least learn
something
> > about
> > > > the law as well as get a backbone.  I am publicly calling upon Alan
Cox
> > to
> > > > step down as second in command for Linux kernel development.  His
> > political
> > > > agenda has clouded his views as a developer and I believe now is the
> > time
> > > > for him to pass the torch onto somebody who isn't a coward.  If he
> > continues
> > > > to withhold security updates from us I will boycott the Linux
operating
> > > > system in response and I call upon other Americans to do the same.
Even
> > > > Microsoft and Novell release the details about their security
updates.
> > The
> > > > security of my data is very important to me as an administrator and
a
> > > > programmer.  Not releasing security update info takes away our
ability
> > as
> > > > developers to look for related faults elsewhere in the source code
which
> > > > others may have missed.  I wish it didn't have to come down to this,
but
> > > > when I joined the open-source movement it was in the hope that I
could
> > > > escape M$'s and other large companies political agendas.  This is
> > apparently
> > > > no longer the case.
> > > > ----- Original Message -----
> > > > From: "Vladimir Katalov" <vkatalov at elcomsoft.com>
> > > > To: <free-sklyarov at zork.net>
> > > > Sent: Friday, November 02, 2001 6:52 AM
> > > > Subject: [free-sklyarov] Linux update withholds security info on
DMCA
> > terror
> > > >
> > > >
> > > > >
> > > > > http://www.theregister.co.uk/content/4/22536.html
> > > > > http://www.securityfocus.com/news/274
> > > > >
> > > > > Citing a controversial U.S. copyright law, a top Linux developer
> > > > > announced this week that Americans would not be given details
about
> > > > > the security fixes in an update to the open source operating
system, a
> > > > > first for a software development community that prides itself on
> > > > > transparency.
> > > > >
> > > > > An update to version 2.2 of the Linux kernel, an older version of
> > > > > Linux that's still in wide use, was released Monday, conspicuously
> > > > > shorn of information about a number of security holes patched in
the
> > > > > software.
> > > > >
> > > > > In an email to a Linux developer's mailing list, U.K.-based Linux
guru
> > > > > Alan Cox wrote that the self-censorship was necessary to avoid
running
> > > > > afoul of the U.S. Digital Millennium Copyright Act (DMCA), a law
that
> > > > > makes it a crime to create or distribute software "primarily
designed"
> > > > > to circumvent a copy protection scheme.
> > > > >
> > > > > Cox controls the 2.2 release, and is generally considered Linux's
> > > > > second-in-command after creator Linus Torvalds.
> > > > >
> > > > > The DMCA has been under fire from computer programmers and
electronic
> > > > > civil libertarians who argue that it is an unconstitutional
> > > > > impingement on speech, and interferes with consumers' traditional
> > > > > right to make personal copies of books, movies and music that
they've
> > > > > purchased.
> > > > >
> > > > > In July, the first criminal prosecution under the Act kicked-off
with
> > > > > FBI agents arresting Dmitry Sklyarov, a Russian computer
programmer
> > > > > who was visiting the U.S. to give a talk at a security conference.
> > > > > Sklyarov is the author of a computer program that cracks the copy
> > > > > protection scheme used by Adobe Systems' eBook software.
> > > > >
> > > > > "With luck, the Sklyarov case will see that overturned on
> > constitutional
> > > > grounds," Cox wrote on the list. "Until then U.S. citizens will have
to
> > > > guess about security issues."
> > > > >
> > > > > America Boycotted
> > > > > But U.S. Linux developers and users suspect Cox of using them to
carry
> > > > > a political message.
> > > > >
> > > > > "My personal belief is that certain people are using this as an
excuse
> > > > > to draw attention to the dangers inherent in the DMCA," says
> > > > > Birmingham system administrator Wayne Brown. "I'm sympathetic to
their
> > > > > efforts, but not at all happy that people who need access to this
> > > > > information will be denied just to make a point... It seems to me
to
> > > > > be contrary to the whole spirit of free software development."
> > > > >
> > > > > "I still think this is an extremist view of the DMCA," wrote U.S.
> > > > > Linux developer Tom Sightler, in a post to the developer's list.
"I
> > > > > don't see where it keeps you from posting information about
security
> > > > > fixes to your own code."
> > > > >
> > > > > Cox didn't respond to a reporter's inquiry, but on the mailing
list,
> > > > > he wrote that the new closed policy was necessary because Linux's
> > > > > standard security features may be used for "rights management" of
> > > > > copyrighted work. He declined to elaborate further "on a list that
> > > > > reaches U.S. citizens."
> > > > >
> > > > > The programmer plans to post Linux security information
exclusively on
> > > > > a Web site that will block access from the U.S.
> > > > >
> > > > > Despite Cox's fears, describing security holes or patches in Linux
> > > > > doesn't violate the DMCA, because the information isn't primarily
> > > > > designed for the purpose of circumvention, says attorney Jennifer
> > > > > Granick, director of the Stanford Law School's Law and Technology
> > > > > Clinic.
> > > > >
> > > > > "He seems to be assuming that the DMCA prohibits discussion about
any
> > > > > kind of security, and that's not what it does," says Granick. "The
> > > > > DMCA is bad, but it's not that bad."
> > > > >
> > > > > "Part of the problem with the DMCA is it doesn't make intuitive
sense
> > > > > to people who are practicing in this field, so even after reading
the
> > > > > statute, people don't understand exactly what they are or aren't
> > > > > allowed to do," says Granick.
> > > > >
> > > > >
> > > > > _______________________________________________
> > > > > free-sklyarov mailing list
> > > > > free-sklyarov at zork.net
> > > > > http://zork.net/mailman/listinfo/free-sklyarov
> > > > >
> > > >
> > > >
> > > > _______________________________________________
> > > > free-sklyarov mailing list
> > > > free-sklyarov at zork.net
> > > > http://zork.net/mailman/listinfo/free-sklyarov
> > > >
> > >
> > >
> > > _______________________________________________
> > > free-sklyarov mailing list
> > > free-sklyarov at zork.net
> > > http://zork.net/mailman/listinfo/free-sklyarov
> > >
> >
> >
> > _______________________________________________
> > free-sklyarov mailing list
> > free-sklyarov at zork.net
> > http://zork.net/mailman/listinfo/free-sklyarov
>
> _______________________________________________
> free-sklyarov mailing list
> free-sklyarov at zork.net
> http://zork.net/mailman/listinfo/free-sklyarov
>





More information about the Free-sklyarov mailing list