Re: Linux 2.2.20pre10

Tom Sightler (ttsig@tuxyturvy.com)
Mon, 22 Oct 2001 15:55:17 -0400


> In conclusion, I tried to make two points in the above rant:
>
> 1. A description of a security hole is constitutionally protected
> speech, and as such cannot be construed as violating the sections of the
> DMCA. If such description fits the definition of "technology, product,
> service, device, component, or part thereof", then we're in big trouble,
> because source code itself is much closer to the definition of a
> "product" than a description of the source code.
>
> 2. A description of a security hole, or unpatched source code, or even
> exploit code do not meet the criteria set forward by the DMCA for
> illegal circumvention devices.

Very good point indeed. I would like for someone, anyone, to explain to me
exactly how disclosing security issues in open code would ever violate the
DMCA. Alan stated that it comes from a legal opinion, I would like to see
this opinion and know who it was from. Partially because I am from South
Carolina, the same state as SSSCA co-author Sen Hollings. I would love to
be able to spell out this "doomsday" can't publish security issues scenario
and hear his response, but I just don't see it in the DMCA. I would love
for someone to enlighten me on how they came to this conclusion with an
intelligent sentance other than "that what the DMCA says." Where does it
say that? How can you interpret that?

Everyone wants to bring up the Sklyarov case, but he didn't just expose the
weakness of the code, his company actively sold a product for financial gain
that circumvented the protection. While I still don't think the Sklyarov
himself should be the target, it has very little similarity to any open
source products like Linux.

To meet the criteria for criminal prosecution under DMCA you must violate
the rules "willfully and for purposes of commercial advantage or private
financial gain." This is the only case in which the government can pursue
you without another parties involvement.

Later,
Tom

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/