[ISN] Reminder about WIPO Bill (from COAST)

From: mea culpa (jerichot_private)
Date: Fri Jul 03 1998 - 07:23:44 PDT

  • Next message: mea culpa: "Re: [ISN] Reminder about WIPO Bill (from COAST)"

    From: Gene Spafford <spaft_private>
    To: coastwatcht_private
    Normally, I try to avoid too much comment on political issues.  However, 
    every once in a while, something really disturbing comes down the pike.
    Shortly, the U.S. House of Representatives will be considering a bill already 
    passed by the Senate: HR 2281, implementation of laws supporting the WIPO 
    Treaty (the "Digital Millenium Act").
    If 2281 passes in anything close to its current form, it is very possible 
    that much of what we do at COAST and CERIAS will become illegal.  Products 
    such as the ISS scanner, SATAN, SAINT, and the like may no longer be legal to 
    develop, sell or distribute (or use).  Firewalls will need to be "dumbed 
    down" and not allowed to block or proxy traffic.  Anti-virus researchers may 
    be arrested for disassembling new viruses.  Penetration testing would be 
    illegal.   Security testing of products you want to purchase or deploy might 
    be a felony.
    In other words, Congress may shortly be passing a law that might render 
    illegal most of what we do in research and application of information 
    security.  The end result would be that the security of our networks and 
    computers would be endangered even further.
    Sounds pretty silly, doesn't it?  However, passage of the law is considered 
    likely at this time, and the way it is written it may be interpreted in ways 
    very negative to infosec professionals.  The bill has been written largely to 
    give extraordinary copyright protection to the entertainment industry and 
    large-scale software houses.   Rather than simply develop penalties for 
    actual infringement, the bill makes illegal attempts to disassemble or read 
    copyrighted information on computers and networks.  Development of products 
    that can be used to view such material is declared criminal by this bill.  
    Development of tools primarily intended for penetration or decryption would 
    be illegal.
    In other words, instead of criminalizing the act of copyright infringement, 
    the bill attempts to criminalize teaching, research, development, marketing, 
    and use of ideas and technology that could just possibly be used to 
    circumvent or defeat copyright protections.  It's as if, to reduce drunk 
    driving, they decided to criminalize the development, sale, and use of both 
    alcohol and automobiles!
    I strongly urge you to read about this bill.   Then, if you find it as much 
    of a disaster as so many of us do, then contact your Congress-critters and 
    complain (particularly your representatives in the House).   If it should 
    pass the House, then consider writing to the President to veto the law.
    Do this *soon*.  The bill will probably be voted on this month, after the 4th 
    of July break.
    If your company or university has contacts in Washington, you might also try 
    to alert them to how unsound this bill is.
    All is not completely glum, however.  There was another bill under 
    consideration, H.R. 3048, that is much better than 2281 (although still not 
    perfect).  You might point out to your representative that you are not 
    against reasonable copyright protection, and that H.R. 3048 was a better 
    alternative, and its features should be considered as amendments.   See the 
    enclosed references.
    For more details on these bills, I suggest you consult the following:
    *  For actual text of the bill, go to http://thomas.loc.gov/,
    and search for 'Digital Millennium Act'.
    * http://www.zdnet.com/pcweek/news/0622/22wipo.html
    * http://www.dfc.org   (See the comparison of 3048 and 2281).
    * http://www.eff.org/effector/#11
    Have a happy 4th of July.
    Subscribe: mail majordomot_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:57:44 PDT