About
Community
Bad Ideas
Drugs
Ego
Erotica
Fringe
Society
Technology
Hack
Phreak
Broadcast Technology
Computer Technology
Cryptography
Science & Technology
Space, Astronomy, NASA
Telecommunications
The Internet: Technology of Freedom
Viruses
register | bbs | search | rss | faq | about
meet up | add to del.icio.us | digg it

National Security and Individual Freedoms: How the DMCA Threatens Both

by Richard Forno

National Security and Individual Freedoms: How the Digital Millenium Copyright Act (DMCA) Threatens Both

Richard Forno
[email protected]
18 July 2001

Article #2001-05

"In Germany, they first came for the Communists, and I didn't speak up because I wasn't a communist. Then they came for the Jews, and I didn't speak up because I wasn't a Jew. Then they came for the trade unionists, and I didn't speak up because I wasn't a trade unionist. Then they came for the homosexuals, and I didn't speak up because I wasn't a homosexual. Then they came for the Catholics, and I didn't speak up because I was a Protestant. Then they came for me, but by that time there was no one left to speak up." --- Martin Niemoller, Dachau, 1945

We must remain vigilant of similar 'creeping restrictions' in today's Information Age -- the threat is not from a dictatorship, but clever corporations and ignorant lawmakers and people. With deepest respect to Holocaust victims and survivors reflected in Niemoller's original quote, this following adaptation appropriately reflects the path our information society is moving closer to reality...

"In America, they first came for the hackers, and I didn't speak up because I wasn't a hacker. Then they came for DeCSS, and I didn't speak up because I didn't watch DVDs. Then they came for Napster and MP3, and I didn't speak up because I didn't listen to MP3s. Then they came for the cryptographers and I didn't speak up because I wasn't a cryptographer. Then they came for the researchers and the curious, and I didn't speak up because I wasn't a researcher and didn't question things. Then they came for me, but by that time there was no one left to speak up." --- Richard Forno, Washington, DC 2001

Remember the mid-90s cult movie Hackers, with the clueless Secret Service agent being manipulated by the corporate security/hacker-dude Plague? The Secret Service agent simply nodded and did whatever Plague asked or suggested - not for the good of society (what law enforcement's mission is) but rather, for the good of Plague, and to a lesser extent, the private commercial interests of Plague's employer.

With life once again reflecting art's predictions, the arrest of Russian programmer Dmitry Sklyarov at Defcon 9 this week demonstrates the dangerous path that the Wired Society is embarking down as it becomes further indentured to the Captains of Industry. For those that don't know, Dmitry was arrested by the FBI for creating and selling a product that cracks the weak security of Adobe EBooks, allegedly violating the Constitution-circumventing Digital Millennium Copyright Act (DMCA) of 1998. The DMCA is a piece of legislation rushed through Congress by the entertainment industry lobbyists to protect its monopoly on commercially-developed digital content, cartels, price-fixing, and maintaining its status quo as the single entity that can direct what should be popular or used by the consumer masses. Naturally, the software industry is using this law for its own purposes as well. Since Dmitry's arrest, a significant public outcry - including Boycott Adobe websites, legal defense funds, punditry and commentary -- has ensued.

You'll note that I use the term 'cartel' when referencing industry associations like the Motion Pictures Association of America (MPAA), the Recording Industry Association of America (RIAA), and the Software Industry Association (SIA). In legal terms, cartels are illegal entities of organizations that routinely engage in price-fixing, market-division, and other monopolistic actions to extort profit from trapped consumers. As you read on, I hope you'll agree this is a proper analogy for such organizations. If in doubt, you can check Webster's definition of 'cartel' here.

Once Hackers came out, I prayed that lawmakers and law enforcers were not that gullible, and that we could trust them to do the right thing. However, in recent years, my prayers went unanswered. We’ve got many clueless lawmakers and law enforcement folks working not for the public - those that elected them - but as marionettes for industry cartels seeking a strangehold on information.

If you don't remember "Hackers", how about Ray Bradbury's sci-fi classic Fahrenheit 451? In this frightening vision of the future, firemen don't put out fires--they start them to burn books as the medium containing ideas and free thinking for the masses. Bradbury's cosmopolitan society maintains the appearance of happiness as the highest goal--a place where trivial information is good, and knowledge and ideas are bad - reality television, 'Millionaire' and the entertainment industry come to mind as real-world examples. In Farenheit 451, a book-burning Thought-Police Fire Captain, best describes it as such -"Give the people contests they win by remembering the words to more popular songs.... Don't give them slippery stuff like philosophy or sociology to tie things up with. That way lies melancholy..." Throughout the book, however, a growing number of educated counter-culturists rebel against the system by hoarding and exchanging books, ideas, and information among themselves in an effort to establish the 'truth' about their society. The bottom line is that Farenheit 451's society was told to "maintain the status quo" and simply accept whatever they were presented by their leadership - "don't think, we'll do that for you..." Ideas and free thinking were contraband in Farenheit 451's dark society, and thanks to DMCA, is rapidly becoming so in ours as well.

This article discusses some of the perspectives and problems with DMCA and puts that in perspective with some rapidly-approaching threats to the individual and consumer public at large as the Wired Society becomes ever more engrossed, ensnared and ultimately dependent on technology and the corporations behind it. The tool? A concept called "intellectual property protection." Also bear in mind that under DMCA, both individual freedoms and national security are threatened by the interests of wealthy corporations...something that the media fails to report on.

DMCA - A FEDERALLY-FUNDED LITIGATION ASSISTANCE PROGRAM (AKA "CORPORATE WELFARE")

Dmitry was arrested for violating DMCA - for developing and selling a product designed to circumvent Adobe EBook's security measures. His Defcon 9 talk (and Powerpoint slides) was a technical discussion on how weak EBook security was - using easily-cracked algorithms and a weak encoding system.

One DefCon attendee noted that "Sklyarov's mistake was trying to sell the software, and not just giving it away. Had he been giving it away all along it could fall under freedom of speech -- but since he was peddling his warez for profit the line between speech and product was quite clear." In discussing the technical merits of the arrest, or the intention of the arrest, he added that the eBook "secrets" does not even come close to encryption and is nothing more then a Mickey-Mouse data scrambling method. (While I certainly endorse his research and findings, why he'd even come to the US to speak -knowing that his product and actions were in violation of US law - boggles my mind!)

Adobe's EBook security is marketed as a secure feature of its product. Anything contrary to that marketing claim - whether true or not - threatens the market influence (or dominance) of the vendor and threatens corporate profits. Hence, corporations immediately invoke intellectual property claims to protect their now-vulnerable positions whenever someone makes a verifyable public claim. We saw that with how MPAA reacted to the DeCSS code, and we see it now with Adobe's EBook being cracked. (Sort of like Captain Kirk ordering 'shields up'as the Klingons attack.)

What's often ignored by the media and pundits is that the corporations and industries responsible for DMCA don't have unlimited litigation budgets to protect their assets. As a result, they prefer to save their money for use on cases with a high probability of a financial gain to offset their legal expenses. Using DMCA as a sort of a US federal litigant welfare program, they receive free support of the federal government, turning US taxpayer assets - federal agents, attornies, and para-legals - into de facto temporary help for the company, hired to fill the position of "Copyright Cops" as part of the "Corporate Censorship Brigade."

Under DMCA, both the entertainment industry and software vendors use federal law enforcement agents as a federally-funded extension of their corporate legal office. Think about it - most of the folks doing research on encryption and software controls are academics and students with little money to win from a court case. Its not like Microsoft is cracking Adobe's software, where Adobe could stand to win a ton of money and get some major press coverage. With DMCA in place, corporations don't have to pay exorbitant outside counsel fees to investigate litigate such cases when they can use the government's for free under DMCA!

A side benefit of DMCA for corporations is that by censoring objective analysis of potential security problems with commercial software, it allows insecure, buggy products to be considered trusted and reliable by the computing public that knows no better. This has the unintentional side-effect benefit of building the technical support and help desk community and perpetuate product upgrades from one buggy version to another. Also - and sort of amusing - while companies invoke DMCA to silence technical discussion and vulnerability analysis of its products by third parties not under company nondisclosure agreements, a side consequence of DMCA-generated lawsuits is the adverse publicity a company receives when conducting such actions, plus the publicity of a product vulnerability that the company would rather have kept quiet! How popular did MP3 and Napster become once RIAA sued Napster? How many more people downloaded, posted, discussed, and used DeCSS once MPAA sued 2600 Magazine? Most recently, how many people found out that Adobe PDF security isn't as strong as the company claims? Wouldn't MPAA, RIAA, Adobe, and other vendors like it if nobody knew about DeCSS, Napster, or Elcomsoft? You bet. But you reap what you sow.

Corporations are in the business of making money, and if they can rush a product to market first, or get money from customers through any manner possible, they will. Rather than take the time to double-check that what is marketed is actually the case (such as robust security in EBooks), vendors would prefer to be first to market and either fix the reported bugs or -more likely - litigate the vulnerability away under DMCA later on.

"Under the DMCA," Jay Dyson, Senior Security Consultant for Treachery Unlimited, sadly comments, "we are now in a situation wherein those who point out that the Emperor's New Clothes are nonexistent are the ones who will be punished; not the self-proclaimed "tailor" of such illusory raiment."

Chris Wysopal of @stake Security agrees with this sad-but-true observation. Corporations have figured out that it's far cheaper to call in the FBI then do good security design and testing which is real hard and requires scarce expertise. The reality is that such technical controls nearly never work as intended, and the vendors' comfortable fallback position is DMCA - a handout from Uncle Sam - that uses federal dollars and government programs to legitimize a vulnerable product and provide 'embarassment protection' for its vendor under the guise of enforcing DMCA as a federal law.

Rather than litigate and attempt to censor an idea into oblivion (something that is hard to do in the United States, and nearly impossible to do in cyberspace) Wysopal and others (including me) would rather see companies take added responsibility for their products after their release. Companies would need to insure their products Wysopal hopes. Insurance companies would do due diligence to weigh their risk....Crappy products would be very expensive to insure and well designed product cheaper. Can you imagine how much an insurance company would lose if Microsoft IIS was covered on one of its policies? Do you have any idea how much Microsoft's annual premiums for insuring that product would cost??

It's because of this that we're seeing the corporate endorsement of private, exhorbitant-fee-based commercial vulnerability analysis projects by CERT, TruSecure, and other organizations. Such organizations use sensational statements to scare organizations into 'clamming up' and only sharing vulnerability data with colleagues paying substantial money to join a private Big-Business-Only cabal. If information disclosure can be kept to a minimum, their thinking goes, the world is a safer place. Forget security through obscurity, this is preaching security through ignorance! If the only folks that know about vulnerabilities are the 'bad guys' everyone is at risk!

That's why total-disclosure, freely-available discussions of technology security is crucial - otherwise, we are forced into the anti-consumer position of believing and trusting everything a vendor claims, regardless of its accuracy, since only a selected few know the "truth" about the real product and service vulnerabilities. The folks that analyze and publish in this total-disclosure environment scare the bejezus out of the corporations that would just as soon cover them up. These researchers are the true guardians of information protection, reliability, and security by forcing vendors to examine and address publicly-known problems -- and must not be censored because they oppose the status quo and threaten the perceived legitimacy and truths of corporate marketing. WHAT THIS MEANS

The Wired Society is placed at-risk when researchers are prohibited from examining and conducting peer review of those technologies and services intended to run our society. By using DMCA and its related dictatorial methods (enacted as a form of federally-funded corporate welfare) to censor the objective, uncontrolled peer analysis and review of such items, corporations are essentially asking the public to trust them with their technological safety and livelihood. Not only is this hypocrisy, but just as in the real world, dictatorial regimes are never trustworthy or oriented to the little people. Neither will they be in cyberspace.

In this regard, DMCA is a threat to national security, particularly as pertains to information resources. Information on technical vulnerabilities can never be squelched - people are human, and they do think for themselves (most of them.) Witholding or restricting vulnerability analysis is 'in-the-box' thinking...unfortunately, the 'bad guys' think 'outside-the-box' and will win every time unless the 'good guys' thinking changes. Heck, some folks even 'bring their own boxes!'

The continued reliance on DMCA as a corporate crutch should provide the basis of serious concern for the American taxpaying public, who are not only paying for this federal welfare program, but stand to have their constitutionally- protected freedoms continually eroded to support corporate needs. CORPORATIONS - THE NEW LAWMAKERS

Creating, modifying, and interpreting US law - particularly the Constitution - seems to be a new pastime of corporations. The power and freedom, it seems, has moved from the halls of Congress to the boardrooms and executive suites of corporations and industry cartels to determine what constitutes free speech(parody, satire, or academic research) as mandated in the US Constitution. Unfortunately, as mentioned above, the US government is currently choosing to emulate the Roman Emperor Nero, fiddling on the sidelines while the constitutional protections of its citizens are burned by the interests of California-based corporate Visigoths.

Many consumers do not know that DMCA enables a company to shut down any website in the world simply by invoking the DMCA. Forget about a court order and US Marshals showing up to seize property, a letter from any corporate lawyer mentioning DMCA is enough. The law is carefully crafted to protect ISP and web hosting sites from any responsibility in a DMCA matter provided they pull the plug on their customer's site that is allegedly violating DMCA. Should the ISP or web host chose not to shut the site down, it's treated as an accessory to the transgressing site, and subject to criminal and civil punishment. Naturally, most website hosts will shut a site down to save their own hides. We see this all the time, from the MPAA threatening Cryptome.Org with posting public court records in the 2600 Magazine case to Adobe threatening ElcomSoft's ISP when it discovered Dmitry's product for sale. DMCA has created an expanded set of de facto Copyright Cops- corporate attornies and marketing weenies - who are most certainly not sworn law enforcement officers...but think they are!

Keeping in mind the latest news involving Adobe, let's quickly examine a few of the many examples of applying DMCA's goofiness and how it threatens the American Way of Life as established by consitutional protections and laws:

In early June 2001, MasterCard's legal wonks threatened Attrition.Org with big trouble if Attrition didn't remove several parodies of their popular Priceless marketing campaign. Weeks later, the Electronic Frontier Foundation appropriately responded to legal threats served to it on behalf of Barney Dinosaur, for mirroring a parody document floating in the computer underground for years called "150 Ways To Kill The Purple Dinosaur." These are perfect examples of American citizens exercising their First Amendment rights regarding free speech and parody or satire of public figures and organizations.

Professor Ed Felton's SDMI research paper - and ensuing RIAA lawsuit - is the prime example of DMCA being a runaway freight train and a bad, if not an unconstitutional law. In short, Felton's findings in an industry-sponsored analysis of music protection protocols terrified the music cartels who sued under DMCA, claiming Felton's academic work was illegal and promoted circumventing technology controls under DMCA. Ultimately, Felton didn't present the paper at a college conference, and instead counter-sued RIAA for infringing on his rights as a citizen and an academic. In early July 2001, RIAA sought to dismiss their original suit, but Felton is refusing to drop his counter-suit. Have you heard of T13? SDMI specifications will give copyright owners complete control over the public's use of music files through usage rules. A record company can set these rules to allow a file to play and be copied infinitely or to not allow reproduction at all. The latest "feature" the industry wants to install in your computer is the ability to lock audiovisual files to a specific drive. If, for example, you want to make a backup of your music collection, the copy prevention technology can render that backup useless. The files would in fact be copied onto your backup storage medium, however, the restored files may only play from the original hard drive which was previously-known by your media player. Also, if your 'main' media drive fails, and you restore your PC to a new hard drive, your music library won't work, since the backed-up files are 'linked' to the drive that you swapped out!

Ever wonder why Tivo has no video-out connection? Let's not forget the collusion between production companies (studios) and distribution providers (e.g., cable companies and hardware vendors) over implementing copy controls for everyone, everywhere, around the clock, including through the soon-to-be-standardized HD television signal. Even the federal government promotes stringent copy controls on television signals. Without going into details, we're rapidly reaching a point where corporations will determine what, where, when, how, and for how long consumers can use entertainment products such as books, movies, and music. For example, using a Digital VCR means that a videotape you record in on your living room's Digital VCR won't be watchable on your Digital VCR upstairs - or at a friend's house - since the video tape and the content are tied and fingerprinted to the living room device registered to you. There is a significant debate regarding these controls and the federal laws governing the 'fair use' of copyrighted materials. Hollywood's belief is that anyone with the ability (e.g., a 'video out' connection on a Tivo) can and will become a pirate and leech its profits. Most consumers and lobbyists believe Hollywood's efforts should be focussed on organized piracy efforts, and not presume everyone is guilty of pirating until proven in a court of law.

These are some of the many attempts that corporations and industry cartels attempt to use a federal law (DMCA) to impinge on the fundamental first amendment rights of Americans. That has nothing to do with pirating and copyright infringement, even on a small scale - there are existing laws regarding fair use of copyrighted materials, such as for school projects, libraries, and personal use. Rather, these cases have everything to do with industry-generated and Congressionally-mandated prohibitions so draconian and extreme that anything to the contrary results in litigation, lawsuits, and the capitulation of the 'little people' to the desires and power of large enterprises.

Shari Steele, EFF's Executive Director, noted recently that "For artists, the Internet means control. Control over how their works get distributed, control over how they are compensated, and control over the future uses of their works. Right now, when a recording artist signs a contract with a major studio, she gives up her copyright in her own work in order to get her work heard or viewed. This model is no longer necessary. Artists can arrange their own distribution networks-or distribute their works themselves. They are no longer forced to give up their ownership rights in order to be promoted....No wonder why the MPAA and RIAA are so concerned about the Internet. The old models, which gave the studios all the control, aren't necessary any more. But rather than redefining themselves and coming up with creative ways of ensuring their place in this digital world, they've mounted an all-out legal attack against anyone advancing new models."

The fear of industry cartels is not the mass piracy of their products (a minor economic loss in their grand scheme, given how corrupt the entertainment cartels are) but their terror at seeing the balance of power shift from the corporation to the consumer and artist. If an emerging artist can't negotiate a contract with Recording Company X, he can turn to any number of smaller companies and reach the consumer directly, completely bypassing the Recording Industry Cartels for production and promotion of their work, thus driving down production and distribution costs to practically nothing. The cartel's interest in maintaining digital copyright controls thru DMCA is a last-ditch effort to maintain its monopoly and enforce an artificial scarcity of products in the consumer marketplace. However, as security and cryptography experts such as Bruce Scheier, CTO of Counterpane Labs, note, copy protection schemes are a losing battle for industry and a waste of time. WHAT THIS MEANS

What really terrifies the entertainment industry is that it is now public knowledge that consumers have power over what and how they can be entertained. Napster and the MP3 revolution demonstrated to the world that consumers could be empowered to select what they wanted to see, view, read, or use, and not have to settle for what industry deemed appropriate, or wanted to promote in an given year, as well as gave artists a voice to complain about how unfairly they were treated by the recording industry. The DeCSS case highlighted the weakness of Hollywood's copy controls and also enabled consumers to watch DVDs on computer platform that Hollywood did not consider 'mainstream' (e.g., profitable or exploitable) and subsequently ignored. Also important to note is that the average person is more in-tune with information technology than ever before, and that knowledge poses a serious threat to the industry stranglehold over the individual's preferences and recreational desires.

The mere fact that the potential exists for someone to illegally copy a CD, movie, or book does not automatically mean that such will occur. However, such knee-jerk reactions legitimized under DMCA are the equivalent of considering the individual guilty until proven guiltier, not by an elected official or court of law, but by the findings and opinions of the unelected captains of industry cartels.

CONCLUSIONS

The individual - people and consumers - are at the mercy of the unelected interests of the corporation and its attendant cartels. It's time for people to realize that continued blind acceptance of the latest and greatest technology and services offered by the corporations and accepting them as the de facto leaders of the information world comes at a very high price...individuality and your freedom to think and chose your own destiny, interests, and pursuits. Under DMCA, both individual freedoms and national security are threatened by the interests of wealthy corporations.

In the Western world, information cannot simply be litigated or regulated into oblivion. A military may classify military secrets, but anyone with a clue and appropriate background can probably piece together much of it through common sense and diligent research. Corporations are in the same boat. There will always be the revolutionary that will question and challenge the status quo....what could be construed as the out-of-the-box thinker or the "hacker mindset."

As mentioned earlier, the creative arts - books and movies - are chillingly accurate in their predictions about the future. Whether it's a twenty-something researcher or brilliant Princeton professor, information - like an idea - is fluid and not easily contained. All we need to reflect on is human history to know this is an established truism in the world.

That's why democracy flourishes, totalitarianism fails, and the human spirit endures.... Copyright © 2001

Permission is granted to quote, reprint or redistribute provided the text is not altered, and the author and infowarrior.org is credited.

 
To the best of our knowledge, the text on this page may be freely reproduced and distributed.
If you have any questions about this, please check out our Copyright Policy.

 

totse.com certificate signatures
 
 
About | Advertise | Bad Ideas | Community | Contact Us | Copyright Policy | Drugs | Ego | Erotica
FAQ | Fringe | Link to totse.com | Search | Society | Submissions | Technology
Hot Topics
Split Hard Drive???
computer crashed
Intel's Q6600
Unlock My Phone
opening a .iso file without writing it?
best laptops
Closed Captioning Decoders
sharing broadband
 
Sponsored Links
 
Ads presented by the
AdBrite Ad Network

 

TSHIRT HELL T-SHIRTS