[clug] Consume But Don't Try Programming [was viva la DMCA? [was: Against US-AU FTA Intellectual Property Clauses]]

Darren Freeman daz111 at rsphysse.anu.edu.au
Mon Apr 12 06:08:35 GMT 2004


On Mon, 2004-04-12 at 12:51, Jepri wrote:
> Ian McCulloch wrote:
> >>I put a home movie on my website, and encrypt it with CSS. I can give 
> >>the decrypt key to my friends and not to you, and you are just going to 
> >>have to wear that.  You have no right to view my movie, if I don't give 
> >>you access.
> > 
> > 
> > So, you are OK with my right do download it, but you think I have no right 
> > to decrypt it?  What is so special about CSS that makes it different from, 
> > say, ROT13, or even Navajo?
> > http://emoglen.law.columbia.edu/my_pubs/yu-encrypt.html
> 
> Well, CSS is more effective than ROT-13.  If I chose a different key to 
> the DVD players, it would take you quite a few hours to break it.  What

Not only does it take seconds on a modern PC, but the key itself is
totally unnecessary. Modern Linux DVD players don't contain a key (since
these keys might incite legal action for copyright infringement or
whatever) but they just decrypt the DVD as they go without the key.

As I understand it, there is a master key owned by whoever, the CCA
being a possibility. Then there are lower keys used by the different
players to decrypt DVDs. Each player has its own key. The player key
allows you to find out what the key is for the given DVD you are
playing. This key can vary across the disc but having a player key
allows you to always know what it is. Modern Linux DVD players sidestep
the issue because the disc key can be discovered in just a few lines of
code.

It's like having a shopping mall which only lets people in if they have
a store card. Only somebody figured out that wearing blue would let them
in too. Now many more people are purchasing from the store, by wearing
blue. The store isn't happy, since they miss out on the interest charges
that come with a store card, but due to antidiscrimination laws, they
can't refuse you. They were in fact themselves trying to subvert the law
with the special doorlocks. Are we to ban the colour blue because
somebody made crappy doorlocks?

>  justification would you have, during those hours, for what you are doing?

"I need to do this in order to watch the file. Such is the problem of
using a dodgy format that requires me to wait hours before viewing."

> > It would be a different situation of course if you required some 
> > authentication mechanism to actually download the file.  Cracking that 
> > would be somewhat analagous to breaking into your house and copying your 
> > personal documents.
> > 
> > But the situation you are describing is equivalent to you putting a big 
> > billboard in your front yard with an encrypted message on it, with a note 
> > attached saying "If you decrypt and read this message without 
> > authorization I will come after you and sue you".  Indeed, it sounds like 
> > you want to be able to do that even if there is no such note attached.
> 
> Yup, definately.  Encrypting something is an access control, and you are 
> circumventing it.

Fortunately we don't yet have to go to gaol for this, and I for one
would like to keep it this way. Otherwise people who are good at reading
encrypted text are going to be persecuted left right and centre.
Especially the kid from Mercury Rising.

> I'm not to happy about using real world analogies in this debate.  It's 
> too easy to make a bad analogy.

Or too easy to see through them and realise the truth - that software is
not like a physical object, that encryption is not like a lock and key,
and that you are not willing to accept this.

> In your analogy, the key to my house is like the password to my 
> computer.  Getting into my house or my computer without the key is 
> illegial.

That's correct - and so it should be.

> Actually getting into my house with the key is illegial as well.  See? 
> Bad analogy.

No it works fine. If you don't have my permission to have a key, and you
get in with a skeleton key, lockpicking set, stolen key, copied key,
hammer and chisel, or whatever, it's still illegal. Because I didn't
invite you into my house. Same with a computer server. Doesn't matter
how you do it, if I don't allow you on my computer, and I make this
known to you by password protecting it, it doesn't matter how you get in
it's still illegal.

However if I rent a house from you, and you lock the door for whatever
reason without serving an eviction notice according to the law, then I
can climb in through the window. I can do that every day until I stop
renting, even if I just go along with this instead of asking why you
locked it. You see, I've paid good money for the right to live in your
house, and cheap tricks won't keep me out.

> In my analogy, the key to my house is like the encryption key to my 
> files.  Getting into my house or my files without the key is illegial, 
> or soon will be.

However if your house says "open inspection" and your lock is busted, I
don't care how sure you were you locked your house, I'm coming in for my
inspection. And I will apologise if you were in the shower. But I'm not
a criminal.

> Why is it that breaking into my computer makes you a criminal, but 
> breaking into my encrypted files makes you Mr. Awesome?

Because you already gave me your files - in encrypted form. I'm Mr.
Awesome because I read what you gave me, and you're Mr. Stupid because
you didn't know your encryption didn't work. If you give me a loaded gun
with a cork plug in the end, and say "I dares ya to shoot me with it",
and I pull out the cork, you're going to look a little silly. You should
keep your gun to yourself if you're so afraid of me using it.

> There is a common attitude in the computer world that "if I can do it, I 
> should be allowed to do it".  Typified by those people who break into 
> systems and then go "I was just looking, I didn't hurt anything.  You 
> should be thankful to me".

It is fairly common. And truth be known, if I can read your encrypted
message WHICH YOU GAVE TO ME KNOWINGLY, then nuts to you because I
haven't done anything wrong. What those people do for their spare time
is irrelevant to the issue.

> Pretend that I also encrypt my files with PGP.  Now if someone broke in 
> to my computer, they couldn't read my files.  So why not skip the 
> password access control, and just encrypt everything?  Then our little 
> hackers can "possess" all my files, but they can't access them.

And you would again feel like an utter dipshit when they use a quantum
computer to crack it 50 years from now, or use all the xboxes on the
planet five years from now, or you leave your key lying on scrap paper
on the ground one day. Giving free access to your encrypted data is
asking for trouble, and if you need somebody to explain it to you again
and again then you aren't fit to use a computer.

> Zimmerman released a program called "Pretty Good Privacy".  If you break 
> my PGP key, you break my privacy.  You shouldn't be rewarded for that, 
> you should be punished.

He was punished might I add. He released crypography into the world that
was too good for the FBI to break.

If you tell your friend that your teacher smells bad, in Pig Latin, and
they know Pig Latin, then you deserve to be punished for stupidity as
well as the act of calling your teacher stinky. I should not be punished
for telling you that your teacher knows Pig Latin, or for teaching your
teacher to understand Pig Latin.

> > Just out of curiosity, which act do you think should be the illegal one, 
> > the act of decrypting the text, or the act of actually reading it?
> 
> I think it is consistent for me to say "both".  It wouldn't be your 
> fault if your friend decrypted it and then showed it to you without 
> warning you where it came from.  Any he clearly isn't hurting anyone if 
> he decrypts it and then ignores it.  Perhaps it should be his fault for 
> decrypting it *and* allowing anyone to read it.

Unless the cryptosystem is so bad that no key is even required. In that
case, it's not really encrypted even though you think it is. It's just
hard to read. Learning to read something that is hard to read is not a
crime.

If it were, then understanding the fine print on personal loans would be
criminal.

> > That is like saying Microsoft isn't a monopoly because anyone is free to 
> > go install Linux, or Standard Oil wasn't a monopoly because anyone was 
> > free to go and drill for their own oil.  In some very narrow literal 
> > definition of "monopoly" it is true, but that definition isn't 
> > particularly useful.
> 
> Thesedays Linux is a real alternative.  And your Standard Oil example is 
> unfair because it costs millions to drill for oil.  Installing Linux and 
> watching the AniMatrix is free.  It's $30 less than buying a movie, 
> using DeCSS and watching it.

Perhaps you don't understand that AniMatrix is a DVD. The freely
downloaded episodes are free as in beer and are obviously not encrypted.
They therefore cost nothing. You still have to fork out $30 for the DVD
containing all 14 episodes. After doing that, you may still have to use
DeCSS to watch it, but either way this doesn't cost anthing either,
which is probably why the MPAA is so shitted off.

Appreciating this, I don't see a point to what you just wrote.

> You save money, obey the law and have a good time watching a "movie". 
> Could it be better than this?

No, but again I don't see the point. I happen to like saving money,
obeying the law, and watching movies. I don't mind spending money on
good movies either, but not if it requires me to buy another DVD player
or break the law.

> > You are being disingeneous here.  He wasn't talking about software itself, 
> > but pre-packaged boxed software.  Most (all?) people on this list would 
> > agree that while a book is a real physical object to which one can easily 
> > associate property rights, extending that notion to the abstract text 
> > itself is harder.  
> 
> Yes, a book is property and can be resold.  Abstract text is not 
> property, and can't be resold.  The box and CDROM are property and can

Aren't you arguing that abstract text *is* intellectual property?
Because if you are, then most of us here will agree with you. Perhaps
you aren't.

> be resold.  The license to use it is not property, and might not be able 
> to be resold.

Books are not licensed, they are purchased. On the other hand, council
wheelie-bins are received with the license to use them, they are not
bought. You have to know which you're getting. Software discs are almost
always sold, and the license to use the contained software comes with
them as part of the fee. They can revoke your right to use the software
if this is part of the EULA. They shouldn't have that right, as I paid
good money for it. A disc with software is useless without the right to
use the software in the manner that I paid for.

> Incidentally, get your abstract text from http://www.baen.com/.

cool

> And since I've posted links to legal free music and movies, here's a 
> link to free, current science fiction: 
> http://www.baen.com/library/defaultTitles.htm

appreciated

> > While I agree that (in the absence of any physical packaging) software is 
> > very different to a book, I think the idea of whether licences should be 
> > able to prohibit such things as reselling, is not a dead issue.
> 
> Indeed.  The problem as I understand it is that the licensor may wish to 
> be selective about who gets a license.  If you can onsell your license, 
> you might be entering the licensor into a relationship they don't want.

As I see them, EULAs never ever increase the responsibility of the
vendor. You would only be forcing the vendor to accept the
responsibilities given by law, of which there aren't many. Nobody can
shirk those no matter how much they cry about it.

> > But shrink-wrap licenses usually depend on contract law, and argue that 
> > clicking 'yes' or whatever is equivalent to you signing a contract with 
> > the supplier.  The GPL is completely different and only uses copyright 
> > law.
> 
> This is just me quibbling over a moot point, but the GPL itself 
> contradicts you here:

this is not a contradiction

> "You are not required to accept this License, since you have not signed 
> it. However, nothing else grants you permission to modify or distribute 
> the Program or its derivative works. These actions are prohibited by law 
> if you do not accept this License. Therefore, by modifying or 
> distributing the Program (or any work based on the Program), you 
> indicate your acceptance of this License to do so, and all its terms and 
> conditions for copying, distributing or modifying the Program or works 
> based on it."
> 
> Instead of clicking a button to accept the license, modifying or 
> distributing the GPL software is equivalent to signing a contract with 
> the copyright holder.

A contract which you are forced to understand, not agree to. You can
argue in court (as SCO are about to) that you do *not* accept the GPL.
How then do you explain all the copying and modifying you did? You're
now guilty of copyright violation because you had no license to do that.

So either a) accept the GPL and all the rights it gives you, or b) don't
accept it and you don't have any more rights than anybody who receives a
copyrighted CD - you can use it but not copy or modify it.

EULAs attempt to say a) accept them and use the software, or b) don't
accept them and don't use it. But as the law gives me the right to use
software I bought without seeing a license, you can jump in a lake. You
should have displayed the license in the shop where I bought it and I
sure as hell wouldn't have bought it. Which is why they never do that
and why it's unenforceable.

> > If Microsoft launches a big software patent action against open source 
> > software, then this might be true.
> 
> Oddly enough they've kept away from that approach.  Maybe we shouldn't 
> give them ideas.

Believe me they have a hive of lawyers contemplating it daily. They
funded SCO's lawsuits after all.

> >>Unfortunately it then insanely jumps to babbling about how you won't be 
> >>able to play DVDs in your DVD player.
> > 
> > 
> > On a linux.org.au site it is reasonable to suppose that they mean "play 
> > DVD's on your Linux DVD player".  In which case, yes, it is true.
> 
> Fair enough.  Regardless - the DVD issue?  I'd rather see it downplayed. 
>   We have covered many much more serious consequences of DMCA style laws 
> on list.

Most people will only care about DVDs - it's important that the other
potentially more important stuff doesn't prevent them from objecting
loudly to the FTA. After all the FTA is all or nothing, any one issue
can force it to be dropped dead in the water.

> I hear we can't amend the FTA.  So if we're going to argue it should be 
> rejected, we should be arguing about the massive economic damage to the 
> Australian economy.  Amy Ireland tells us we're looking at a billion 
> dollar addition to our trade deficit, and the open source community is 
> complaining about DVD players?

Because we know all about DVD players and bugger all about trade
deficits. I'm not about to shut up because I don't know about trade
deficits.

> >>Not only that, the petition veers into actual craziness in at least one 
> >>place.  The petition is just plain embaressing.
> >>
> > Which place were you referring to?
> 
> Rather than drop another 1000-word missive on the list, I'll pop it up here:
> http://babylon.alphacomplex.org/~jepri/Ban_the_petition.html

"We really need to shake these people out of the OSS community.."

Since these people *are* the OSS community, you'd best be founding your
own. You can then use it to argue against trade deficits or whatever it
is that this new community will know best.

I'm too tired to go on, I've lost 3 hours of my life getting wrapped up
in this thread. I fully admit that I shouldn't have done that, but being
openly insulted on a public forum tends to drive me a little crazier
than usual.

Have fun,
Darren



More information about the linux mailing list