|
Audio Asylum Thread Printer Get a view of an entire thread on one page |
For Sale Ads |
66.65.40.90
In Reply to: Looking for rootkits is illegal! posted by andy_c on April 16, 2007 at 23:04:47:
Section 103, Chapter 12, sections 1201 & 1202.`Sec. 1201. Circumvention of copyright protection systems
`(a) VIOLATIONS REGARDING CIRCUMVENTION OF TECHNOLOGICAL MEASURES- (1)(A) No person shall circumvent a technological measure that effectively controls access to a work protected under this title. The prohibition contained in the preceding sentence shall take effect at the end of the 2-year period beginning on the date of the enactment of this chapter.
`(B) The prohibition contained in subparagraph (A) shall not apply to persons who are users of a copyrighted work which is in a particular class of works, if such persons are, or are likely to be in the succeeding 3-year period, adversely affected by virtue of such prohibition in their ability to make noninfringing uses of that particular class of works under this title, as determined under subparagraph (C).
****B is interesting. According to SonyBMG, it was only copy protection, not malware; so, unless identified as malware, which was not even attempted by folks like Norton & the like, or even Microsoft, it's not malware, and Russinovich does not qualify for an exemption.
****
`(2) No person shall manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof, that--`(A) is primarily designed or produced for the purpose of circumventing a technological measure that effectively controls access to a work protected under this title;
`(B) has only limited commercially significant purpose or use other than to circumvent a technological measure that effectively controls access to a work protected under this title; or
`(C) is marketed by that person or another acting in concert with that person with that person's knowledge for use in circumventing a technological measure that effectively controls access to a work protected under this title.
****I wasn't the one who looked at this & said 'looking for rootkits is illegal!' However, some people did, and I have seen nothing that says this is NOT the case. So, as I said, in providing an unbelievably necessary public service to anyone who buys pop music CDs, Russinovich was, as I stated, BREAKING THE LAW. Got it now?
****
`(3) As used in this subsection--
`(A) to `circumvent a technological measure' means to descramble a scrambled work, to decrypt an encrypted work, or otherwise to avoid, bypass, remove, deactivate, or impair a technological measure, without the authority of the copyright owner; and
`(B) a technological measure `effectively controls access to a work' if the measure, in the ordinary course of its operation, requires the application of information, or a process or a treatment, with the authority of the copyright owner, to gain access to the work.
`(b) ADDITIONAL VIOLATIONS- (1) No person shall manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof, that--
`(A) is primarily designed or produced for the purpose of circumventing protection afforded by a technological measure that effectively protects a right of a copyright owner under this title in a work or a portion thereof;
`(B) has only limited commercially significant purpose or use other than to circumvent protection afforded by a technological measure that effectively protects a right of a copyright owner under this title in a work or a portion thereof; or
`(C) is marketed by that person or another acting in concert with that person with that person's knowledge for use in circumventing protection afforded by a technological measure that effectively protects a right of a copyright owner under this title in a work or a portion thereof.
`(2) As used in this subsection--
`(A) to `circumvent protection afforded by a technological measure' means avoiding, bypassing, removing, deactivating, or otherwise impairing a technological measure; and
`(B) a technological measure `effectively protects a right of a copyright owner under this title' if the measure, in the ordinary course of its operation, prevents, restricts, or otherwise limits the exercise of a right of a copyright owner under this title.
****More of the same. This goes on for awhile. Getting boring, isn't it? There are exemptions, mind you. But it doesn't look like Russinovich qualified for any of them, although the section that refers to Encryption Research may have provided him an out...except that anyone with the ability to do research on the rootkit had already agreed to a legal digital document that said that it was only copy protection. So, why would there be a reason to believe that any research to try to find flaws would likely be considered to be valid enough as to qualify for an exemption? Especially when nobody else said a damned thing about the rootkit? The silence from Norton & Macafee, et al, was deafening. Which means either they were afraid to announce the discovery because it put them at legal risk (which it could have, of course only in theory, as nobody would've prosecuted them, Russinovich, or whoever unearthed the rootkit, though that's not the likely reason), or they were simply inept & didn't know about it in the first place. The consensus was that Russinovich & his Rootkit Revealer (which resembles everything the above quoted sections are saying is a no-no, doesn't it?) was the first & only example of someone nailing XCP's rootkit for what it was.
For everyone else, the only way you could find a way to expose Sony for having broken the law, was to not live up to the terms that you agreed to when you allowed the EULA! And if you didn't permit the EULA, you could not play the CD on yr computer.
The rest of the relevant section is available at
http://www.eff.org/IP/DMCA/hr2281_dmca_law_19981020_pl105-304.html
But I'll end this nonsense, for now, with a passage that further bolsters my assertion, which you for some reason see fit to deny, relating to how looking for a rootkit was indeed a violation of the DMCA. This is from a blog called Freedom To Tinker:
"Researchers like Professor Edward Felten and Alex Halderman waste valuable research time consulting attorneys due to concerns about liability under the DMCA. They must consult not only with their own attorneys but with the general counsel of their academic institutions as well. Unavoidably, the legal uncertainty surrounding their research leads to delays and lost opportunities. In the case of the CDs at issue, Halderman and Felten were aware of problems with the XCP software almost a month before the news became public, but they delayed publication in order to consult with counsel about legal concerns. This delay left millions of consumers at risk for weeks longer than necessary."
And here's a link to the paper eventually published by those researchers, which I haven't read in its entirety, to be perfectly honest. Tell you what, if it turns out that I'm wrong about this, I'll have no problem admitting it. I never saw a source that talked about the IRONY of Russinovich having been in violation of the DMCA that I didn't find trustworthy. You are free to disagree.
Follow Ups:
turning off autorun on your computer CD drive is a criminal act.Common sense should tell you that nobody will ever be prosecuted for this.
Nor will Russinovich be prosecuted for providing a free rootkit remover. I'm sure you understand this is not going to happen.
So the fundamentalist interpretation of the law is really not useful.
First of all, it wasn't my interpretation, it was the interpretation of legal and computer security experts. I saw this posed in many places, not challenged, but perhaps poorly understood.Disabling autoplay has nothing to do with it. If it was disabled, you still couldn't play the CD unless you agreed to the installation of the included player, which of course came with the malware that SonyBMG claimed was only copy protection.
The only person who did anything that was illegal, and only then in a strictly technical, legal sense, was Russinovich. Once declared malware by Microsoft, nobody was committing any illegal acts by doing anything to find, alter, or remove the rootkit, or to circumvent the copy protection as part of that process. Whether or not Russinovich would've been prosecuted--and of course we all know he didn't--doesn't change the fact that what he did was a violation of the DMCA.
And just because you see no worth in identifying the extremes of the law for what they are, doesn't mean that none exists: pointing to the fact that Russinovich's actions constituted a violation is exactly why we're able to make a determination that the law is absurd & needs an overhaul. Perhaps that case could be made anyway, but there are some who would disagree--the RIAA, for instance, who are on record, I do believe, as saying these types of copyright protections don't go far enough!
I won't argue that this is a relatively trivial point in the scheme of things, but I will say that being able to point to this as an example of exactly how extremely absurd the law is, is not insignificant in the debate, and the discussion that will hopefully lead to an overhaul of this legislation.
The way this type of copy protection works is to install a player and play a DRM file instead of the WAV files. The WAV files are also on the disk, or else it could not play on a normal non-computer CD player.If you disable autorun, there is no EULA, no player installation, and you can play the WAV files on the computer just as though it was a standalone CD player. On a PC, you do this through the registry.
Now again, since you have gotten around copy protection, your narrow interpration would have to rule this an illegal act.
The point is, courts interpret laws all the time. There are many marginal cases that are hard to predict. This is not one of them. Again, Russinovich is not going to be prosecuted. So the narrow interpretation posited on the Internet is obviously not going to be the court interpretation. The law is what the courts say in the end.
I hate the DCMA and I hate rootkits almost as much as you do, although I will still go to a Sony motion picture. I'd be glad to see it overturned myself.
We agree more than we disagree. But I remember this from when SonyBMG first went into damage control mode, and guess what, it's still posted on their FAQ page devoted to the XCP/MediaMax issue. You may very well be correct about this, and I probably saw conflicting reports about this, but if what you're saying is true, they're still lying about these discs. The Wikipedia page I linked to in my initial post in the thread does contain links to pages that offer advice on circumventing the rootkit, but I remain curious, as I'm still not 100% on whether or not these CDs can be safely & properly used even with autorun disabled. I sure don't trust them. If you're right, then why would they still have this posted on their FAQ site?"When listening to music directly off the disc, you must use the player provided on the disc. Attempting to play the audio on the disc (while the disc is spinning in the computer drive) with another player (i.e. Windows Media Player, Real Player, iTunes) will result in distorted sound."
They are being a little deceptive.If you put one of these disks in your computer even one time without disabling autorun, there is no telling what crap they might install. Once a rootkit is installed, it may act to prevent proper playback of the WAV files on this computer using any normal playback software. And once it is on there, you're screwed, it's tough to remove a rootkit.
However, if autorun is disabled from the very first time you insert this disk, nothing can be installed on your computer from this disk. In this case, you can play the WAV files using any normal CD software including Windows Media Player etc.
It is in their interest to make people think they cannot play these files or rip them, that they are stuck with the DRM files.
And since most people don't mess with the registry, in most cases people will be stuck with the DRM files.
But people with just a little computer savvy will not. So I do not believe these are completely honest statements that they have written.
How is it in their interest to continue even a low level of deception?
In my opinion, the content companies have always tried to present an image of unbreakable copy protection. And the copy protection on popular media is all cracked. DVDs are cracked. SACDs are not. But if any substantial number of people bought SACDs, they'd be cracked too.But the companies will not ever admit any vulnerability in their copy protection schemes. That would make the whole effort seem pointless. So they posture as though they have taken effective measures.
This post is made possible by the generous support of people like you and our sponsors: