http://www.boston.com/dailyglobe2/228/business/Silence_of_a_code_cracker+.shtml By Hiawatha Bray 8/16/2001 Princeton computer science professor Ed Felten spilled the beans last night, revealing his method for breaking into supposedly unbreakable digital music recordings. And the good news is, Felten didn't even have to post bail. I told you about Felten a few months ago. He fell afoul of one of the nation's weirdest laws, the Digital Millennium Copyright Act. Under the DMCA, it's a crime to figure out ways to defeat digital encryption technologies used to block unauthorized access to computer software, digital music, and movies. Mind you, it's not about actually making pirate copies - that was illegal before the DMCA was enacted in 1998. No, the new law makes it illegal to simply tell the world how such pirate copies can be made. The music recording industry told Felten that he could be prosecuted for announcing his discovery at a scientific conference. The music folks later backed down - Felten is a scientist and the law makes an exception for scholarly researchers - but that hasn't stopped Felten from suing to challenge the constitutionality of the DMCA. He and his supporters argue the DMCA is so vague that even a university research report could be interpreted as a violation of the law. In any case, Felten's newfound right to publish didn't cut any ice in the case of Dmitry Sklyarov. He works for Elcomsoft, a Moscow firm that makes software to defeat the encryption of electronic books. Elcomsoft's product is perfectly legal in Russia, and nearly everywhere else on earth. But when Sklyarov came to Las Vegas to talk about it in July, the FBI slapped on the handcuffs. After two weeks in jail, a federal judge finally let Sklyarov post bail last week, but the FBI is holding his passport, in effect exiling Sklyarov from his homeland, his wife, and his two young children. It's the sort of thing to make you think twice about hacking code. It's certainly had that effect on Niels Ferguson of Amsterdam. He thinks he's figured out a major weakness in software created by Intel Corp. to prevent the pirating of digital video recordings. But Ferguson has decided to shut up about it. Actually, Ferguson shared his discovery with fellow geeks at a Dutch hackers' convention last weekend. And he's contacted Intel's crypto experts, who have expressed interest in his discovery. But Ferguson has refused to publish the details of his theory, or even to send an e-mail to Intel headquarters, because Intel is based in the United States. Mind you, Ferguson is quite partial to our country; he used to work for Counterpane Internet Security Inc., a computer security firm in California. He still pays a visit from time to time; in fact, he'll be flying in next Saturday. And because Ferguson hasn't published his research materials, he won't have to worry about the FBI cuffing him at the airport. ''I'm scared to publish my research and then go to the United States,'' he says. ''Felten was threatened. Dmitry was arrested.'' And Ferguson, 35, and self-employed as a crypto consultant, can't afford the legal bills. Silence is safer. Silencing people is exactly what the DMCA is meant to do, says Bruce Schneier, president of Counterpane and Ferguson's former boss. ''The idea here is to spread the maximum amount of fear and doubt,'' he says. Schneier believes most digital security products can be broken. Indeed, if the stuff worked, there'd be no need for the DMCA. Schneier thinks companies want to keep making and using unreliable security software, while pretending everything's fine. ''We're in a situation where companies are producing bad security, and making it illegal for you to check,'' he says. Intel spokesman Chuck Mulloy doubts Ferguson has really found a practical hack. ''This code was developed to prevent casual copying,'' he said. ''Our view is it still does what it's meant to do.'' He says Intel is interested in getting a peek at Ferguson's work. But he concedes that publication of the research might make Ferguson a wanted man in the United States. ''We really can't help him there,'' says Mulloy. ''We don't have the authority to indemnify him or anybody else from a federal law.'' Indeed, this is a job for the courts or, better yet, for Congress. Digital media producers and software companies have a legitimate interest in protecting their intellectual property. But free speech is the most valuable intellectual property of all. Hiawatha Bray can be reached by e-mail at brayat_private - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Fri Aug 17 2001 - 03:26:18 PDT