Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

HDCP Encryption Cracked, Details Unreleased Due To DMCA

Hemos posted about 13 years ago | from the bad-effects-of-law dept.

Encryption 362

Lord_Pall writes: "There's a very good article on SecurityFocus about a Dutch cryptographer. He apparently has cracked the HDCP video encryption standard, but won't release the research for fear of reprisals under the DMCA." Update: 08/15 06:10 PM by J : Meanwhile, see Keith Irwin's paper which has been released despite the DMCA. Update: 08/15 07:00 PM by J : And someone else points out this old thing. Everyone who hasn't written a paper on cracking HDCP raise your hand.

cancel ×

362 comments

Sorry! There are no comments related to the filter you selected.

That's about as useful to me as (1)

Glenda Slagg (464228) | about 13 years ago | (#2111177)

the drunk on the bus who claimed to have solved the problem of Middle East peace, but vomited and passed out before he could tell me...

Niels Ferguson (who is probably as vain as the rest of us) chose the only option available to him:

Leak the crack anonymously and miss out on the fame.

Release the crack and suffer the consequences.

Anounce the fact that he had cracked it but not disclose it.

It's great to see the fear and lothing that the Sklyarov case has caused. Still, information will out. These paranoia inducements will untilately be us useless as the encryption systems they are protecting. Eventually we'll get a suicide cracker...

I'll Release It (0)

Anonymous Coward | about 13 years ago | (#2118742)

Just give me the details and I'll release it. Hell, I'll even take the credit too if he wants me to.

What sorry person would like to go to the USA anyway?

Long arm of the law (3, Insightful)

camusflage (65105) | about 13 years ago | (#2122718)

Charming. Now foreign nationals who visit the US are afraid to release details of weaknesses.

Good, I say. Serves 'em right. Once something people want to steal is released with the format, then the details will come out, and people will steal it. By not quashing discussion, they might have been able to fix it while still in R&D, but by taking the I'm-putting-my-head-in-the-sand approach, they're shooting themselves in the foot.

The dominos start to fall (again?) (4, Interesting)

gmkeegan (160779) | about 13 years ago | (#2124195)

We start to see some of the indirect effects of the DMCA. The choices for secur ity experts and developers will be to A) not publish their works, leaving them f or a more malicious hacker to discover, or B) publish, just NEVER enter the US a gain. Either way research and development as well as security and technical con ferences will start to leave US locations, favoring those countries that won't a rrest their participants.

Other countries will leap ahead in encryption abilities, while the US rests on i ts DMCA laurels. Brings back memories of the smaller, more efficient, more reli able cars from Japan and Europe in the 60's and 70's that caught Detroit by surp rise. Took them 10 or 15 years to catch up.

Unfortunately, as long as there is money to be had from lobbyists, there will al ways be legislative sand for our politicians to stick their heads in.

"Those who forget history are doomed to repeat it."

Re:The dominos start to fall (again?) (1)

sqlrob (173498) | about 13 years ago | (#2111304)

B) publish, just NEVER enter the US a gain

You mean like how Niels was arrested in his native country? So much for that idea.

They are so stupid (5, Insightful)

rknop (240417) | about 13 years ago | (#2124934)

Intel spokesperson Daven Oswalt says the company has received several reports from people claiming that they have broken HDCP. But he says none have held up, and the company remains confident in the strength of the system.

...and yet all of these companies still think that the DMCA is good for them.

It's amazing how on how many levels the DMCA is a bad idea. It's squelching freedom of speech, and it's preventing the companies from producing technical systems that can effectively produce total control over their customers. Of course, the free-speech-squelching part is serving the total control purpose, and since it's the executive and legal divisions of the companies that decide what the companies "want," they probably are happier that way. And that is the real tragedy-- that and the fact that they can US legislation.

(To be fair, given the description of the attack, Intel is probably right that it still does prevent "casual copying." On the other hand, it angers me that they're trying to prevent casual (including fair use) copying, but don't mind that somebody willing to invest some money in hardware and a couple of weeks can start producing bootleg devices. Who's their real enemy here? Customers trying to exert fair use rights (and, yeah, maybe occasionally illegally copying content)? Or overseas customers producing and selling wholesale bootleg copies?)

-Rob

Mod this up (1)

jonr (1130) | about 13 years ago | (#2137962)

I have been thinking this exact thought each time some new 'copy(right)-protection' scheme is announced. Joe User will be annoyed and frustrated, but Joe Pirate will always have resources to crack/circumwent the protection. This is what happens when you let laywers run amok.
J.

We should combine technologies... (0)

Anonymous Coward | about 13 years ago | (#2125035)

Apparently owning a circumvention device and using it for fair-use rights is legal, but distributing it is illegal. So stuff like this (if it really exists and its not another hacker just bragging) and DeCSS is OK to use but not distribute.

er, so, do it anonymously, never tell a soul, attach it to the outlook-virus-of-the-week or IIS-worm-of-the-week and distribute it as a gift to the world's computers with notes on how it works.

Who are they going to sue? Widespread distribution and no one to sue but alas, since it magically appeared on my hard drive without my requesting it, I can apparently legally use it!

If you can't beat them, offer them a job (1)

stx23 (14942) | about 13 years ago | (#2125071)

It just seems stupid to persecute people for demonstrating insecurities/flaws/idiocy in DMCA products. Why aren't they being offered jobs to strengthen the product, rather than persecution for proving bad implementations?

Why not post anonymously? (1)

Quixote (154172) | about 13 years ago | (#2125511)

If I were this Dutch "hacker", I would have posted anonymously the technique to Slashdot, along with a digital signature that would have, at a later date, identified it as being mine if I wanted to reveal myself.
Information yearns to be free.

Re:Why not post anonymously? (0)

Anonymous Coward | about 13 years ago | (#2142507)

Anonymous to Slashdot ? Ha, you are one bright lad. Slashdot caved to CoS, expect Slashdot to cave to every legal threat.

Anonymous is good (3, Insightful)

chill (34294) | about 13 years ago | (#2125994)

One more reason the right to post anonymously [slashdot.org] is a good thing.

Will the DMCA hurt encryption badly? (5, Insightful)

baptiste (256004) | about 13 years ago | (#2125995)

I just can't help but think that as more and more people discover flaws in encryption standards that we the users lose in the end. If crackers won't release details of how they cracked an encryption standard, where's the motivation for that standard to be improved? You can say the bad press is enough, but heck - if nobody releases details, how are we to believe its true?

There was a time when encryption was done to ensure it couldn't be broken. Now it seems like organziations are using the DMCA as a way to prop up bogus standrads that are dangerous due to their flaws (*cough*ebook*cough*)

Its hard enough trying to explain why Dimitry should be freed. But how can you convince a legislator or govt official that the DMCA is bad for encryption without risking prosecution? Its a scary catch 22.

Even though the Dimitry case is getting some press (Time Mag had a 2 page article - well written), I still only see proposals to slightly change the law. Not enough to allow full reverse engineering for research and the ability to expose flaws in products. Seriously - an encryption standard used to say encrypt some copyrighted work gets hacked, the victims sue showing why its such a bad encryption std and the lawyers for teh company using the bad encryption get it disqualified because its illegal to bypass encryption or copyright schemes.

Far fetched, maybe, but I really fear we will continue to see substandard encryption schemes passed off as workable because folks are less likely to publicize flaws in them if they are tied to teh DMCA.

Sure this may help open encryption standards, but we all know where the commerical money goes, so goes the world. Bad encryption standards used for IP materials and protected by the DMCA would soon be sold to businesses for privacy and such - exposing those businesses to serious exposure since the encryption std is probably less secure due to less folks trying to find flaws for fear of prosecution.

Maybe we need a contest - free tshirt to the person who manages to come up with the Chicken Little 'the sky is falling' explanation for why the DMCA is bad that'll get Joe six-pack up in arms :)

Re:Will the DMCA hurt encryption badly? (3, Insightful)

Raleel (30913) | about 13 years ago | (#2114565)

I think a fairly straight forward explanation such as "Would you want to drive a car that hadn't been independently crash tested?" or something. The ability to test encryption schemes would be easier for the lay person to understand.

Re:Will the DMCA hurt encryption badly? (1)

soboroff (91667) | about 13 years ago | (#2141521)

This is why encryption algorithms and standards need to be developed out in the open. Everyone who's taken a crypto class has thought up the Next Best Encryption Scheme, only to quickly find the many flaws.

If someone hands you a closed crypto algorithm and says "trust me", you have to do just that. In contrast, we might place the same trust in someone like Phil Zimmerman, but we're also trusting that thousands of qualified folks have looked at the code, fixes have been made, and no exploits have been found in a while.

If this spate of standards and resulting hack contests spells the end of the closed, proprietary, DMCA-protected encryption algorithm, it can only be good for the users.

DMCA makes encryption a dubious concept (2, Insightful)

dcavanaugh (248349) | about 13 years ago | (#2154200)

Thanks to DMCA and rabid lawyers, we're creating an "underground internet" that generally ignores the law. In a scenario like this, how will anyone know which encryption standards are working and which have been compromised? We can't assume that anyone who cracks and encryption scheme is going to publish the results, but what if no one publishes anything? What happens then?

Imagine the people who design & use encryption standards as the occupants of a castle, and the hackers are trying to use a battering ram to enter the facility. Thanks to DMCA, the walls are padded, so the people inside don't hear the pounding of a battering ram on their door. The king overruled the castle engineers who wanted a thicker door. "No need for that", says the king. "My DMCA padded walls will take care of the noise, therefore I proclaim that the hacker problem is solved!" Of course, when the door gives way, it will be quite a suprise to the occupants!

Re:Will the DMCA hurt encryption badly? (1)

mach-5 (73873) | about 13 years ago | (#2157717)

Maybe we need a contest - free tshirt to the person who manages to come up with the Chicken Little 'the sky is falling' explanation for why the DMCA is bad that'll get Joe six-pack up in arms :)
The DMCA has already nullified the first amendment. Why was Skylarov arrested? For giving a speech.

I believe that Adobe should be able to sue Skylarov for leaking "industry secrets," but he should not be criminally prosecuted for giving a speech.

Just because he's dutch... (1)

SupremeOverlord (76353) | about 13 years ago | (#2128225)

...doesn't mean he's totally immume to prosecution. It remains possible that either the World Intellectual Property Organization Copyright Treaty or the WIPO Performances and Phonograms Treaty could possibly be used to prosecute him, despite the fact that he is not a US citizen. The recent arrest of Skylarov has cast a lot of FUD in this area when a Russian citizen was arrested under US law.


What probably would have been the best way to handle this was to have anonymously written a detailed description of the encryption and then posted it to FreeNet, or any number of semi-anonymous bulletin boards, and not sign it. He couldn't take credit for it, but that's not what this is about, is it?

Essay by Ferguson (5, Informative)

Apotsy (84148) | about 13 years ago | (#2131198)

Here [macfergus.com] is where Ferguson explains his position.

This is a very good essay. It does an excellent job of explaining the problem with the DMCA succinctly, and in a manner than anyone can understand. I'm going to keep this link and use it whenever I want to explain the problem with the DMCA to someone non-technical.

You can't legislate physics. (1)

dave-fu (86011) | about 13 years ago | (#2131222)

But apparently, you can legislate human emotions. Fear comes to mind here.

can you really blame him? (1)

xtermz (234073) | about 13 years ago | (#2131499)

seriously? I think the whole "scene" will start reverting back to being 'underground' again for fear of reprisal. I am a majorly anti-'security through obscurity', but now it seems like only a select few will be able to secure their stuff now. it's sad that ingenuity is being hampered. This sort of stuff really makes me wonder why i didn't go into landscaping or something......

In related news (5, Funny)

alexjohns (53323) | about 13 years ago | (#2132354)

I've uncovered the secret ingredients in the Colonel's spices and McDonald's Special Sauce. I figured out where Amelia Earhart has been all these years. I know whether or not the moon landings were faked, who shot Kennedy, and how many stones there are in the Washington Monument.

I have decrypted the secret code in the Bible, correlated it with the secret codes of the Baghavad Ghita, Talmud and Qur'an and now now the inner thoughts of all gods. I have unified field theory and quantum theory and will soon have a device that will bend all matter to my will.

I know the secrets of teleportation, telekinesis, telepathy, and how to get women to want me. I know the secrets of every three-letter agency in government, the Psychic Friends network, and the US Postal Service.

Unfortunately, due to the nature of the DMCA, I am unable to share my findings with others. I suppose I'll have to get on my FTL spaceship and find a more genial planet. Ta-ta!

Re:In related news (1)

Muad'Dave (255648) | about 13 years ago | (#2157584)


You forgot to mention that you know where Jimmy Hoffa is buried...

Re:In related news (0, Offtopic)

fobbman (131816) | about 13 years ago | (#2157635)

Not bad, but let us not forget that it is Barry Manilow that writes the songs that make the whole world sing. And that, my friends, should be prosecuted to the fullest extent of the law.

sigh (1)

xsteinberger (224520) | about 13 years ago | (#2132515)

sigh... things like this should be allowed to be published... people will always find bugs in software, crack encryption algorithms, and exploits in security of nearly everything. when documented properly, published, the developers are identified of the problem after which they can make the necessary ammendments. also, properly documented bug reports notify users and system admins of the problems, outlining the need to upgrade or patch as instructed by the software vendor (taken as an example). no doubt sooner or later another tech savvy 'user' will accomplish the same as the first. a bug may become relatively well known, and allow exploits by malicious 'users', while it has not been called to the software vendor's attention. occasionally, the 'user' who discovers a bug, workaround, or cracks an encryption algorithm, may not be of the right ethical nature to bring it forward, contact the relevant parties to have it resolved, or make it public domain--and instead may be of a malicious nature, as per Code Red. no doubt it was a new undocumented exploit--had some user found it 2 months ago and documented it properly, well, this could have been prevented, somewhat. had some user found it 2 months ago and left it silent, well, just look at what has happened.

DMCA: Best FUD tool ever created! (2, Funny)

Anonymous Coward | about 13 years ago | (#2133963)

You people are overlooking the upside of all this.

Now we can FUD any copy restriction technology top death by claiming that we broke it, and refusing to give any details due to the threat of prosecution under DMCA!

The question is, would this be effective enough to get the media companies to stop using it?

fp! (-1, Offtopic)

TheABomb (180342) | about 13 years ago | (#2137366)

foobar

Nice job. (-1)

CmdrTaco on (468152) | about 13 years ago | (#2130140)

Thanks for keeping the FP out of AC hands. God only knows what they would do with it. The AC to LC (Logged-in Coward) ratio is way to close to favoring the AC scum.

Hello? (1)

ErikZ (55491) | about 13 years ago | (#2137438)

Guys! This is GREAT news.

When the DCMA eventually is challenged in court, the good guys will need all the ammo they can get.

If you say the DCMA squelches free speech, you're going to need examples, proof, like this situation. I hope many more researchers announce that they fear to publish because of the DCMA.

Security through ignorance (-1)

stinkgeek.com (450152) | about 13 years ago | (#2137965)

Forget about security through obscurity, security through ignorance is the name of the new game. It will be a crime having knowledge about network and computer security without being in the employ of a major corporation.

A Smart move... Really. (1)

IPFreely (47576) | about 13 years ago | (#2137966)

That was a smart move. It doesn't mean he's giving in. It means he knows how to release the information in a way that the DMCA can't hurt him.

He saw what happened to DeCSS. What he needs to do is create a whole product/application that has real legal uses (along with possibly some infrenging uses). Then release that. The legal uses should make the application valid under DMCA, while the information can "leak" through code or specifications.

Not to say the powers that bee won't try to stop it anyway, but a valid application goes a long way towards sidesteping the DMCA.

Imagine if Livid had been released before DeCSS. Same code, real usefull application. It can't be labeled a pirate tool, but it still releases the information.

Me Too ... Me Too ... (2, Troll)

ReidMaynard (161608) | about 13 years ago | (#2138973)

I too have broken Intel Corp.'s HDCP ... and like Niels Ferguson, I must remain silent.

Re:Me Too ... Me Too ... (1)

jeffy124 (453342) | about 13 years ago | (#2134709)

that reminds me of an old math joke tha tgoes something like this:

A mathmatician announces a lecture about the solving of some age old problem (I forget the exact theorm). He gets a large crowd for the lecture. But he discusses something completely different. Afterwards, a friend asks him why he didn't talk about solving the problem like he said he did. "Did you find something wrong in your proof?" was one question that was asked. The scientist answers, "That's my backup in case I die during my tripto the lecture. This way I'll go down in history as solving the problem and taking it to my grave."

a lame joke yes, but applicable to this Dutch scientist

Good! (5, Funny)

JoeShmoe (90109) | about 13 years ago | (#2138975)

This is a Good Thing(tm)! If the details aren't released, then it's just rumor, speculation and slander against the HDCP standard!

That means the HDCP consortium can continue on their merry way to rolling out their video solution...and then after we have all this great content available...THEN we can have someone release the information (I see Lawrence Lessig waving his hand there in the back).

Think about it. If the Crack SDMI has come back with nothing but failure...then maybe we would all have GB of juicy full-quality (minus watermarks, ahem) songs sitting on our harddrive awaiting a simple watermark snipper.

Thank you DMCA! Chilling research only delays the inevitable! It doesn't stop it!

- JoeShmoe

Poetic justice. (3, Insightful)

Black Parrot (19622) | about 13 years ago | (#2133768)

Lots of us said that for the SDMI contest we should say "yeah, I can crack that" but not release any details (even if we really could crack it). Let them sweat it out.

Now the industry is starting to get this treatment because of its own heavy-handedness. If some FUDster claims he can crack $ANTIPIRACYTECHNOLOGY but won't prove it, no one will will be able to call his bluff effectively.

Meanwhile, full-quality bootlegs continue to pour out of Taiwan. Society has nothing but reduced rights and privileges to show for all this.

He is Dutch, DMCA doesn't apply (1, Interesting)

Anonymous Coward | about 13 years ago | (#2138984)

What is it with people today, they all act like a fearful bunch of wussies. With folks like that we don't need any DMCA enforcement.

Re:He is Dutch, DMCA doesn't apply (4, Insightful)

Tim C (15259) | about 13 years ago | (#2122719)

Tell that to Sklyarov.

However, even by claiming to have broken the encryption, he's placing himself at risk of being investigated, and possibly detained and questioned should he ever visit the US. (If I were to publicly announce that I had commited a crime, I would expect the authorities to take interest in me.)

Cheers,

Tim

Re:He is Dutch, DMCA doesn't apply (2)

Kjella (173770) | about 13 years ago | (#2133229)

Actually he can do whatever he wants in Holland without fearing the DMCA, but he can *not* even talk about it in the USA. Sklyarov isn't charged with breaking the encryption while in Russia, but standing on US soil telling people what he had discovered. Unless his work to break the encryption has partly been done in the USA, I don't see the problem.

Kjella

Re:He is Dutch, DMCA doesn't apply (0)

Anonymous Coward | about 13 years ago | (#2133964)

In the event he even discusses it in his home country and someone, anyone brings that information back into the U.S. he could be sued under the DMCA. While it may not stand up in court, he can't afford to deal with it. He's right.

As he said, he travels to the U.S. a lot.

Re:He is Dutch, DMCA doesn't apply (4, Informative)

FreeUser (11483) | about 13 years ago | (#2142003)

However, even by claiming to have broken the encryption, he's placing himself at risk of being investigated, and possibly detained and questioned should he ever visit the US.

You are probably right, as the DMCA is clearly intended to be used as a club to squelch information and discussion under the (woefully thin) guise of protecting copyright holders.

However ...

(If I were to publicly announce that I had commited a crime, I would expect the authorities to take interest in me.)

... even the DMCA hasn't made it illegal to figure out how to decrypt encrypted copyright material, but rather has made the trafficking in devices using that knowledge illegal. By announcing he's done it, but not sharing the methodology, he cannot in any way be said to have "trafficked" in a circumvention device. To do so he would have to publish, and this he has not done. Not that that will stop Intel or someone else affiliated with the Copyright Cartels from swearing out a false afidavit and falsely imprisoning this individual (and, interestingly, while the Sklyrov case goes forward I do not see anyone from Adobe being arrested for Perjury, which swearing out a false affidavit is ... hence the term "swear").

Of course, it is only a matter of time until someone does publish, probably anonymously, and DHCP dies the death it so richly deserves.

The software world, which relies on restricted copy priveleges (copyright) far more heavilly than even the Media Moguls of Hollywood and New York, learned over a decade ago just how futil copy protection schemes were. Instead, they chose to go another route, making serial-numbered copies traceable rather than uncopiable (something which has been shown mathematically to be myth in any event). Interestingly enough, having people's names attached to serialized copies of software had a chilling effect on copyright violation that no amount of copy-protection schemes and hardware dongles was able to achieve. It didn't eliminate it, but it sure cut down on the number of people willing to share their copies of software with anyone other than, at most, their closest friends.

The Copyright Cartels and Media Conglomerates refused to learn this obvious lesson, prefering instead to believe they have purchased protection through the DMCA sufficient to allow even the most flawed "copy protection" to stand through artificial threat with a government gun in contradiction to both information theory and basic physics in the physical world.

Of course, when "casual copying" has been mostly eliminated and fair use is dead, the industrial copyright violators will still be producing illegale wares in quantity, until they in turn are shut down using methods and laws which have been around for decades. Which underscores the real motivation and target behind MPAA and RIAA purchased legislation such as the DMCA: the individual consumer, not the commercial copyright violator.

Re:He is Dutch, DMCA doesn't apply (2, Interesting)

el_nino (4271) | about 13 years ago | (#2138561)

.. even the DMCA hasn't made it illegal to figure out how to decrypt encrypted copyright material, but rather has made the trafficking in devices using that knowledge illegal.

I refer you to US Code Title 17 section 1201, AKA the Digital Millennium Copyright Act:

(2) No person shall manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof, that -
(A) is primarily designed or produced for the purpose of circumventing a technological measure that effectively controls access to a work protected under this title;
Note the word manufacture. If he cracked the encryption, as opposed to just figuring out that it was possible, it's a crime under the DMCA even if he didn't distribute anything.

Re:He is Dutch, DMCA doesn't apply (0)

Anonymous Coward | about 13 years ago | (#2143377)

and DHCP dies the death it so richly deserves"

Right on. Death to all dynamic IPs. The internet was meant to be static.

Uh, that was meant to be funny. I know the guy just typo'd.

No more DHCP? (1)

Nick Number (447026) | about 13 years ago | (#2157841)

Of course, it is only a matter of time until someone does publish, probably anonymously, and DHCP dies the death it so richly deserves.

Whee, static IPs for everybody!

Re:He is Dutch, DMCA doesn't apply (-1, Offtopic)

Anonymous Coward | about 13 years ago | (#2140128)

Tell that to Dimitri Skylerov...dumbass.

Re:He is Dutch, DMCA doesn't apply (4, Informative)

Drone-X (148724) | about 13 years ago | (#2140129)

He is Dutch, DMCA doesn't apply
Maybe he doesn't want to lose the ability to travel to the USA, if he puts it up for download he'd be violating American law (at least in California they seem to think the Internet means you're *everywhere*).

Re:He is Dutch, DMCA doesn't apply (3, Informative)

Chelloveck (14643) | about 13 years ago | (#2121107)

I know this guy, though I haven't talked with him for about six months. He does come to the USA periodically. His girlfriend is American and while they're both living in the Netherlands now, they do come over here once in a while. After the Sklyarov thing I'm not terribly surprised about his reluctance to come forth.

Last I knew, he was working with Bruce Schneier and Counterpane. It's possible that his connection to a US corporation also enters into the decision.

Re:He is Dutch, DMCA doesn't apply (1)

ByTor-2112 (313205) | about 13 years ago | (#2157771)

As long as he is reluctant to come forward, the DMCA is not only doing its job in America but the international community is letting it do its job across the globe. If the international community does not stand up against things like this, they will be forever bound by it.

Re:He is Dutch, DMCA doesn't apply (-1, Offtopic)

Anonymous Coward | about 13 years ago | (#2131197)

What if he published in Holland and Intel downloaded his results into the U.S. in order to sue him under the DMCA, could Intel be done for entrapment?

Re: entrapment (1)

maddogsparky (202296) | about 13 years ago | (#2133601)

No.

Entrapment only applies to law enforcement personel. Last I checked, we're not messed up enough in the US to the point where private companies have legal jurisdiction (with the exception of a few areas like San Fransisco, where law enforcement is contracted out by the city to security companies). But who knows what the future holds? It's a well established legal principle in the US that politicians can be bought.

DMCA-like legislation coming ot a country near you (5, Informative)

hillct (230132) | about 13 years ago | (#2141238)

Many countries are cinsidering DMCA type legislation to bring them into compliance with the WIPO [wipo.org] Intelectual Property Treaties [wipo.int] . For more on the the legal constructs being cinsidered by the World Intellectual Property Organization, see their whitepaper "Technical Protection Measures: The Intersection of Technology, Law, and Commercial Licenses [wipo.org] " (M$ Word or PDF). Take a good look at this stuff. It's important that people fully understand the actions being taken by WIPO and begin to realize that arguing about your rights or my rights isn't the critical issue. The critical issue is that if WIPO has their way, there will be no protection for citizens of any country, from potentially usurous and monopolistic IP practices.

--CTH

Re:He is Dutch, DMCA doesn't apply (1)

bmongar (230600) | about 13 years ago | (#2143493)

Maybe he plans to visit the US sometime and doesn't want to get arrested like Dimitri,

Re:He is Dutch, DMCA doesn't apply (1)

erroneus (253617) | about 13 years ago | (#2143835)

He's Russian! The DMCA doesn't apply!

What is it with people today, they all act like a fearful bunch of wussies. With folks like that we don't need any DMCA enforcement.

Re:He is Dutch, DMCA doesn't apply (0)

Anonymous Coward | about 13 years ago | (#2156120)

What is it with people today, they all act like a fearful bunch of wussies. With folks like that we don't need any DMCA enforcement.

I would like to see if YOU would like to leave your family and go to jail for some years just because of the DMCA... If I was to break DMCA I would certainly not publicly say it and would release it on the Underground, silently and swiftly... Hell, that was why old-school hackers did illegal stuff and were so paranoid, for freedom of speech...

Honestly, I dont see a bright future for us geeks... At least not a bright legal future...

Re:He is Dutch, DMCA doesn't apply (1)

bsc7080 (58260) | about 13 years ago | (#2157575)

I am as proud as the next U.S. citizen to be in the United States, but this DMCA is becoming more of a Gestapo organization with the goal of stomping out anything they believe to be a threat. The quality of the internet was founded on people building a tighter system due to flaws that were discovered. Why should the industry be forced to stick their heads in the sand and ignore the problem. Fix your source coding or encryption scheme, and move on. In the future..do better testing.

So that's what he cracked! (1)

Jacco de Leeuw (4646) | about 13 years ago | (#2139118)

I mentioned it in a comment on last Monday's Dmitri story [slashdot.org] .

I was packing up after his talk when he mentioned he had cracked something so I missed what he had cracked...

Umm...what's all the hubbub? (2)

dillon_rinker (17944) | about 13 years ago | (#2139453)

How to do this is already public knowledge and it's being implemented on a wide scale. Even Windows can do it (though no one knows when it will be able to do it correctlye. Look here. [ohio-state.edu]

DMCA (0)

JumboMessiah (316083) | about 13 years ago | (#2140126)

Dumb Mega-Corporation Accomplishment?

The Complete Document (5, Informative)

Anonymous Coward | about 13 years ago | (#2140824)

The Complete Document can be found here:

http://www.macfergus.com/niels/dmca/index.html

Very good stuff. Too bad they didn't link it in the story.

DMCA is International? (2)

scott1853 (194884) | about 13 years ago | (#2140825)

I didn't think that anybody in another country could be prosecuted under the DMCA unless the came to America and tried to publish the information. Wasn't that the whole issue with Dmitri? Or are they referring to this guy's nationality and he already lives in America?

Re:DMCA is International? (2)

camusflage (65105) | about 13 years ago | (#2135978)

I don't know about you, but if it's my ass going to prison, I'm going to err on the side of caution. Sure, they might not go after you as long as you don't disseminate information in the US, but because of the fact Elcomsoft used a US server as part of the buying process, even though at no point did that server house any code, that was deemed sufficient to invoke jurisdiction.

Re:DMCA is International? (2)

BeanThere (28381) | about 13 years ago | (#2142913)

Hint: Its called "reading the article before posting".

The guy travels to the USA "regularly for both personal and professional reasons".

Re:DMCA is International? (0, Offtopic)

scott1853 (194884) | about 13 years ago | (#2133227)

Hint: Its called "reading the article before posting".

What for? Nobody else does unless there's cool pictures or video.

Ferguson's Mistake (4, Insightful)

rknop (240417) | about 13 years ago | (#2140826)

"You can be sure that somehow, somewhere, someone will duplicate my results especially because I am telling them that I have results," says Ferguson. "Someone who is braver, who has less money, and who doesn't travel to the U.S."

This, right here, is his mistake. If, in the near future, those master keys are published, I bet a nickel that Ferguson gets hauled up for a lawsuit (or perhaps even criminal prosecution), for exactly the reasons that he states here himself. It's extremely stupid, but on the other hand, I can easiliy see an overpaid bunch of useless humanity (i.e. corporate lawyers) effectively convincing judges and law enforcement officials that Ferguson should be liable. They would be right that he probably helped along other efforts to crack the encryption doing nothing more letting people know that it was possible. Ferguson's mistake is in thinking that the dunderheads who thought that arresting Sklyarov was a good idea will let him slide after he's said this.

The world is a cold, demon-haunted place nowadays. It sickens me to be a citizen of this country that so hypocritically prides itself on being free.

-Rob

Re:Ferguson's Mistake (1)

ArtDent (83554) | about 13 years ago | (#2117109)

Which is why it's a clever move, not a mistake.

Sure, let them sue him for saying that the technology is crackable. Then next time, they can sue for saying that the technology may have an exploitable weakness. After that, they can sue the guy who thought about potential weaknesses.

Eventually, some judge somewhere along the line and, perhaps more importantly, the public are going to realize how absurd this law is.

Re:Ferguson's Mistake (0)

Anonymous Coward | about 13 years ago | (#2154201)

"Eventually, some judge somewhere along the line and, perhaps more importantly, the public are going to realize how absurd this law is."
I fear you underestimate the stupidity, ignorance and apathy of the Great Unwashed.
Here in the UK it has been illegal for more than 6 people to stand in close proximity in public since 1995 (Criminal Justice Act) amongst other things.

Re:Ferguson's Mistake (1)

shokk (187512) | about 13 years ago | (#2124576)

The world is a cold, demon-haunted place nowadays. It sickens me to be a citizen of this country that so hypocritically prides itself on being free.

Yet it would sicken you more to be a citizen of a country that did not even attempt to claim free speech and jailed you for discussing the very things you are talking about. It would sicken you to the point of not being able to eat their jail food or deal with the goons from the cell next door that beat the crap out of you every day. You are freer here than anywhere else; this is just a minor setback that will correct over time.

His mistake was using his real name at this time, but no one should ever be afraid of using their real name in the face of these companies. They may yet be his masters, but in the long run they will not succeed so long as people like Ferguson and Skylarov cnotinue their efforts no matter what the consequences. So much for the huddled masses, though. That this one thing could for a moment make people think that coming to the US from another country is a frightening thing ranks right up there with Prohibition and the Red Scares.

Re:Ferguson's Mistake (0)

Anonymous Coward | about 13 years ago | (#2157693)

More free than the few worst is definitely not the same as "freer here than anywhere else".

You mention prison conditions - the US has some of the worst of industrialized democracies...

Re:Ferguson's Mistake (0)

Anonymous Coward | about 13 years ago | (#2130661)

"You mention prison conditions - the US has some of the worst of industrialized democracies..."

Yes, including officials who condone the rape and sexual assault of prisoners by prisoners.

Re:Ferguson's Mistake (2)

JoeShmoe (90109) | about 13 years ago | (#2132504)

I don't think so. The matter at hand is "reasonable doubt" and I think it would be easy to produce reasonable doubt that Ferguson was the source of the master keys, especially if the protection is trivial.

We here in the US have a stupid law that says if I flip the bits in my content then it is "encrypted" and it is illegal for you to distribute a decryption device (a bit flipper).

However, if I find a "decrypted" copy of my content floating around the internet, all you have to do is say "look, it's just bit flipping, anyone with a basic knowledge of math could have decrypted it" and then at that point it is up to me to find something that conclusively pins it to you...like a copy of "BiTFLiPPER 1.2 by rkn0p" floating around.

- JoeShmoe

Re:Ferguson's Mistake (1)

sqlrob (173498) | about 13 years ago | (#2157487)

Reasonable doubt is for criminal trials. Doesn't mean diddley in civil. Intel could still place a civil suit.

Re:Ferguson's Mistake (2)

rknop (240417) | about 13 years ago | (#2157606)

I don't think so. The matter at hand is "reasonable doubt" and I think it would be easy to produce reasonable doubt that Ferguson was the source of the master keys, especially if the protection is trivial.

IANAL, of course, but I believe that what you say here might only get him off in a criminal case. My understanding of civil law is such that all those great constitutional protections we enjoy under criminal law don't apply. E.g., "innocent until proven guilty" doesn't seem to apply, and I don't think that proof beyond a reasonable doubt applies either. Nor do I think that double jeapordy applies.

After all, OJ was found liable for Nicole's death under a civil lawsuit, even though the criminal courts decided that they couldn't convict him beyond a reasonable doubt. Think what you will about OJ and what the criminal courts did there, I was a little... surprised to find out that civil law meant that double jeapordy and reasonable doubt were out the window in that case. And you'd better believe that the MPAA has substantially more resources (i.e. killer-lawyer hiring ability) than Ron Goldman.

-Rob

Great (1)

HerrGlock (141750) | about 13 years ago | (#2141805)

So, now no one can read about the crack, rather how it was done. No one can learn from the mistakes of others and no one can make a better encryption technique because of the stupid DMCA. Wasn't there something about everyone coming out better when there is discussion and people didn't have to re-make the same mistakes?

So, how long do you think it's going to take for this to make it to some server in Zanzabar where the DMCA doesn't cover?

DanH

Crap. (1, Informative)

sn0wdude (317116) | about 13 years ago | (#2142506)

Why are you linking to a crappy article on Securityfocus.com ? Please go read the original document:

http://www.macfergus.com/niels/dmca/index.html

He talks about why DMCA sucks. The Copyright issues, Jurisdiction, Freedom of Speech etc.

A must read !

Re:Crap. (0)

Anonymous Coward | about 13 years ago | (#2119244)

How about making your link clickable, eh?
There ya go. Sheesh.

the essential sentence (1)

thopo (315128) | about 13 years ago | (#2142671)

"This is a country that tells others they should protect human rights, but they have trampled on mine," says Ferguson. "The U.S. Congress is telling me what I can or cannot say in my own country."

Don't you smell the hipocracy Mr.G.W.B?

He didn't break it :) (1)

ravi_n (175591) | about 13 years ago | (#2142915)

Not releasing the details just means he didn't really break the HDCP encryption. He just wanted some publicity and blaming the DMCA is trendy...

And the really great thing about the DMCA is that he can't do anything to refute my trolling because it would expose him to civil or criminal liability (remember the DMCA even outlaws acts of circumvention, and given past experience I'd guess that that provision can be streched to apply outside US border as well).

Re:He didn't break it :) (3, Informative)

(void*) (113680) | about 13 years ago | (#2133240)

How asinine. He could make a video stream encoded with the master key for example. And we could all verify it with the public key.

That's the great about assymetric key encryption.

Re:He didn't break it :) (1)

rhadamanthus (200665) | about 13 years ago | (#2157460)

That is the precisely the point! He feels he is unable to even do something as trivial as that for fear of persecution via the DMCA.

Did you read the article or his essay?

--------------rhad

Alias and Freenet (2)

shokk (187512) | about 13 years ago | (#2143232)

Sounds like he should pick up a good hacker-type alias (no one ever figures out who these folks are), and post to Freenet. That's sure to boost Freenet's usage if it is only centrally released there and the alias would protect him if he ever decides to transit through an American airport lest they pull a Skylarov on him. Surely there's enough anonymity tools out there to mask his identity?

No, he won't. (1)

Jacco de Leeuw (4646) | about 13 years ago | (#2142911)

Immediately after his talk at the HAL2001 [hal2001.org] (wait for the video recordings to show up on this site!) hackers from the audience shouted: "Give us the paper! We'll get the word out!".

Ferguson of course declined.

Duplication (4, Insightful)

Apotsy (84148) | about 13 years ago | (#2143494)

Sound like it will be easy for others to duplicate his efforts:
"An experienced IT person could recover the master key in two weeks given four standard PCs and fifty HDCP displays," said Ferguson. "The master key allows you to recover every other key in the system and lets you decrypt [HDCP video content], impersonate a device, or create new displays and start selling HDCP compatible devices."


[snip] ... he says it is a textbook example of a cryptographic attack.
Even if he never releases it himself, it'll be all over the place before too long, now that it's known to be possible. He gives a pretty good hint about how to duplicate his results.

Next DMCA test - prosecution for doing research (4, Insightful)

hillct (230132) | about 13 years ago | (#2132514)

It will be interesting to see if once it does get out, if companies will seek to hold him responsible, even if e doesn't release it himself. I winder if the DMCA covers the eventuality of having done research which facilitates bypassing encryption. It really isn't that far to go from doing research (and finding the solution) to writing the software that actually performs the operation. Will it become a crime to do research?

--CTH

Re:Next DMCA test - prosecution for doing research (-1, Offtopic)

Anonymous Coward | about 13 years ago | (#2157778)

What gets me is that companies are failing to make tough protection schemes and yet they get 'angry' when the protection scheme gets broken. I thought in the US, business is supposed to be all about competing to make profit. So rather than big business getting its act together to fix a weak product, they hide behind the law (DMCA). Some corporations (read: Associations) are such lazy asses....

Re:Next DMCA test - prosecution for doing research (2)

erroneus (253617) | about 13 years ago | (#2157424)

It's not the size of the lock, it's the fact that it's locked.

The courts, especially the criminal courts, understand that no matter HOW well something is locked up, it's still breaking and entering. Never in the history of US law has their been a case where the judge ruled for the defendant because the lock was too weak. Would you people *PLEASE!* stop making that argument!!! It's utterly useless.

What you should be arguing are the points that can be used effectively. These points include academic research and ability to share knowledge. (Knowledge and research without proof isn't knowledge so proof of concept code is virtually required in all cases.) Others could include reverse engineering; a topic related to academic research. How about "Public Safety" or "Public Interest" as an important point? Imagine "copyrighting food only to find later that they included some very tastey toxins? We're not allowed to know what we are eating? Yes, I know, but we aren't allowed to know what we are installing into our own PCs (regardless of whether we own the code or license or whatever.)? For me, that's a scary issue. I want to be able to "trust" the software industry but truthfully, we cannot trust ANY industry and we have butt-loads of other watchdog agencies "protecting the public" but we don't have one for software (yet). Ever wonder when that will happen?

So please, people, stop arguing the one point that continues to turn people AWAY from the validity of the arguments against the DMCA. It's a lock, effective or not, it's a lock. If it can be broken "accidentally" it's not a lock, but so far, I haven't seen one that can be broken accidentally.

Re:Next DMCA test - prosecution for doing research (5, Funny)

wiredog (43288) | about 13 years ago | (#2157804)

Will it become a crime to do research?

Of course not. What, do you think some company is going to file charges and get the FBI to arrest someone from Russia just because they give a talk about their work in Vegas? Or that an industry trade group would threaten a lawsuit if a college professor tried to present a research paper? My god, people are paranoid around here! Next thing you know they'll be saying that the Big Corporations are trying to outlaw reverse engineering!

Re:Duplication (1)

stx23 (14942) | about 13 years ago | (#2138395)

Consider this Tivo story [salon.com] .
Hacker A cracks the code, tells the world he won't release it, 6 months later Hacker B releases it. I see history repeating.

Re:Duplication (2)

dschuetz (10924) | about 13 years ago | (#2142359)

The master key allows you to [...] create new displays and start selling HDCP compatible devices.

Now I may be hopelessly naive or idealistic, but wouldn't the goal of selling HDCP compatible devices permit the disclosure of the system? Or can "they" really, legally, absolutely, limit the entry of independent 3rd-party hardware manufacturers to the game?

What if Diamond wanted to start selling HDCP displays, but didn't want to pay the $$$$ that they're probably requiring for membership in the "club"? This research could allow them to create fully functional, compliant, standards based displays.

As long as they don't deliberately leave backdoors in their display to give end-users access to the raw digital stream (which would make the display itself a circumvention device), they should be in compliance with DMCA, right?

And, since they developed the system after someone outside of DMCA jurisdiction (if there is such a place, truly) reverse-engineered it, there's no trade-secret violation, they've signed no NDAs, etc., so they're free to publish their spec, right?

Or is this just a pipe dream?

How do we get a decent-sized player like Rio to start selling DeCSS-based DVD players, publishing their spec as they go "so that other manufacturers can do the same"? :)

Re:Duplication (1)

Apotsy (84148) | about 13 years ago | (#2138398)

I doubt that sort of thing would fly. A lawyer could probably argue that including an unauthorized copy of the key in any product would make it a "circumvention device", and thus illegal -- even if it didn't actually let users get at the data.

On the other hand, someone could make a device that included everything you needed except the key. By itself, it would not be a circumvention device, but if the user input the master key -- boom! Free access to everything. All the manufacturer would have to do is include a disclaimer that said, "You must have an authorized copy of the master key to use it with our device. We do not support unauthorized use of the master key." Of course, the device would probably also need to serve some useful function without the key. Kind of like DVD players that the manufacturer purposely makes easily-moddable to be region free. That might actually work. All that's needed is for someone to leak the master key, which is bound to happen sooner or later (as Ferguson points out).

But... (-1, Offtopic)

Anonymous Coward | about 13 years ago | (#2143525)

The DMCA doesn't apply in Holland.

Re:But... (-1, Offtopic)

Anonymous Coward | about 13 years ago | (#2138396)

Doesn't apply in Russia, either. Go tell it to Dmitri.

Re:But... (0)

Cratylus (156571) | about 13 years ago | (#2138986)

Yes, but if he ever gives a presentation in the United States, he could suffer the fate of Dimitri.

And the DMCA scores! (1)

CyberPhunk (457518) | about 13 years ago | (#2143798)

As much as I'd like to mention how the DMCA probably means very little to those that live overseas, the DMCA has done a good job at doing exactly what it was meant to do. Intimidate people into fearing the release of anything. I can almost hear big brother jumping up and down in joy, planning another party for tonight!

Hmm... (3, Interesting)

fanatic (86657) | about 13 years ago | (#2143834)

"I have found a proof of this theorem which is too long to fit in this margin." Think it actuallly exists?

Fermat's Last Theorem, revised. (2, Funny)

Anonymous Coward | about 13 years ago | (#2144124)

...For this I have found a truly wonderful proof, but the DMCA prevents me from publishing it.

send the results to me (1)

4n0nym0u$ C0w4rd (471100) | about 13 years ago | (#2157251)

I'll proudly publicize the results of his work (giving him full credit for the discovery). After all I live in the U.S and personally wouldn't mind 3 meals and a cott plus an extension to my summer vacation. Not to mention the lawsuits to follow my arrest (yeah I know I'd have no legal grounds but when has that ever mattered?) should pay my way through college. Or better yet why doesn't he let a Dutch friend who doesn't plan on visiting the land of the oppressed anytime soon or just post it anonymously. There seems to be no point in keeping it secret now, after all he did openly admit violating the DMCA already (it's illegal to do it, not just to publish your work) and I have a feeling that if he comes to the U.S anytime soon he'll be sitting in a jail cell right next to Dmitry (well at least where Dmitry was before he made bail).

Whats worse than us having to wait a bit longer to find out how he cracked the encryption, is the fact that now the U.S will think that the DMCA is working and will fight for it much harder. I understand his fear, but the fact is he's already violated the DMCA (I won't bring jurisdiction into play, after all the U.S obviously doesn't understand the word, except when it comes to chasing after murderers and rapists...then it's strictly observed).

Re:send the results to me (3, Interesting)

weave (48069) | about 13 years ago | (#2143470)

After all I live in the U.S and personally wouldn't mind 3 meals and a cott plus an extension to my summer vacation.

You forgot about the all the sex you can take [spr.org] part...

Seriously, those that are sitting around claiming that U.S. prisons are pieces of cake have obviously never been in one. My father, a minister, visits prisons all the times and it's not a nice place to be. Maybe if you're rich and in a fed prison for defrauding someone of 100 million bucks you're OK, but if you commit the more serious crime of holding up a 7-eleven for 20 bucks using the ole finger in the coat pocket trick, you get to do some hard time in a state pen...

p.s. slashdot can really suck at times. I try to be a nice @home customer and use their proxy servers to keep their inter-connect traffic down but whenever I try to post it says I can't cause my IP address has posted too many moded down posts recently. Well D'OH, that IP has a few million people behind it. Learn about how a proxy works guys. It just forces me to uncheck my proxy connection but then I can't post because I get an invalid key msg (probably cause my IP address changes). So I open up a new browser section, hit reply, copy/paste my reply over, and the bitch tells me I have to wait 20 seconds after hitting reply before I submit. Arrrgh...

Re:send the results to me (1)

4n0nym0u$ C0w4rd (471100) | about 13 years ago | (#2142672)

true, prison probably wouldn't be all that great (even though I'd be chilling in a minimum security country club) but I'm pretty sure that they can't even put you in a minimum security prison until your convicted, I might be wrong but I think people awaiting trial are held somewhere a little more agreeable. If I did have some problems with a fellow prisoners, I'm sure my 250+ pounds and martial arts training would come in handy :). Worse comes to worse, smack a gaurd and get thrown in solitary for a few weeks (I like being by myself) then when your found innocent claim Post-Traumatic Stress Syndrome from the confinement (provable by the feces you rubbed on the wall of solitary while singing "I'm a Little Teapot") and get a nice fat check from the government. The real reason prisons are no fun is because people aren't creative enough, my father had some experience with prisons too (goes with his "profession"), he acted like a loon (not too far from the truth) and he was pretty much left alone.

release it on Freenet! (1)

Benjiman McFree (321140) | about 13 years ago | (#2157439)

And don't leave your key laying around on your system.

What are we designing this freespeech network for anyway?

what if... (1)

pinkelefant (471762) | about 13 years ago | (#2157488)

somebody breaks into his house ,steals the pc and spreads the crack ??.... who will be arrested ? better yet...somebody should make a bunch of all these "cracks" and spread it as CodeRedIII .. then what?

I found a hint on the KEY! (4, Funny)

thopo (315128) | about 13 years ago | (#2157617)

"An experienced IT person could recover the master key in two weeks given four standard PCs and fifty HDCP displays"

1
2 or 14
4
50

Therefore the key is:
12450 or
114450 or
12450 * 114450 = 1424902500 or
sqrt(12450^114450).

q.e.d.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>