Re: Xbox (Was -Online Games Consoles and Security Implications)

From: Stephen D. B. Wolthusen (woltat_private)
Date: Wed Jun 05 2002 - 09:33:09 PDT

  • Next message: Rob Shein: "Re: Trillian Messaging Software"

    Hi,
    
    Thor Larholm <Thorat_private> writes:
    
    > This may be somewhat offtopic, but how does the DMCA 'handle' foreign
    > countries? There's quite a big world outside of the US of A, and being part
    > of that outside world makes me somewhat ignorant and irrelevant to any
    > restrictions laid out by the DMCA since it has no jurisdiction anywhere
    > else.
    > 
    > Does it specifically mention how to handle 'sensitive' research outside of
    > its borders? Should I tripple check before planning any visits to the
    > states? ;)
    
    This is really not about the DMCA per se, but rather the result of two
    international treaties under the WTO umbrella, commonly referred to as the
    WIPO -- the World Intellectual Property Organization, a sub-body of the WTO
    -- treaties (specifically, the WIPO Copyright Treaty and the WIPO
    Performances and Phonograms Treaty) dating back to 1996.
    
    Nations party to these treaties (which includes more or less the entire
    developed world) must translate this into national law to be compliant
    under WTO rules. 
    
    While the WIPO treaties require legal protection for ``technical protection
    measures'' only when they deny copyright infringement (article 11 of the
    Copyright Treaty), DMCA couldn't leave well enough alone and made the
    language so sweeping (Hi, Sen. Hollings...)  that it has become almost a
    blanket outlawing of reverse engineering. That alone had a chilling effect
    -- and is a boon to lawyers. The SSSCA or whatever form the final result
    will take will make things even worse.
    
    Unfortunately, the EU repeated more or less the same grave mistakes made
    back stateside three years before. I guess that was mostly due to the same
    lobbyists' efforts that resulted in the DMCA etc. The Directive 2001/29/EC
    was issued in May 2001
    (http://europa.eu.int/smartapi/cgi/sga_doc?smartapi!celexplus!prod!CELEXnumdoc&numdoc=32001L0029&lg=EN).
    Member nations have a grace period until December 2002 to transform this
    into national legislation. When you look at article 6, the language is just
    as broad as that of the DMCA. 
    
    Bottom line: Even though technical means of content protection cannot work
    because of a fundamental contradiction between having the plaintext made
    available to the consumer and the playback device being under the physical
    control of the consumer, this has a very good chance of putting a cork in
    security research and reverse engineering for legitimate purposes. The bad
    guys aren't going to care, but any research institution, university, or
    company will be very much afraid of the risks from exposure to lawsuits and
    accusations -- even if the research falls into the (narrow) exception
    categories.
    
    -- 
    	later,
    	Stephen
    
    Fraunhofer-IGD                 | mailto:
    Stephen Wolthusen              | woltat_private
    Fraunhoferstr. 5  	       | swolthusenat_private
    64283 Darmstadt                | swolthusenat_private
    GERMANY                        | 
    			       | 
    Tel +49 (0) 6151 155 539       | Fax: +49 (0) 6151 155 499 
    



    This archive was generated by hypermail 2b30 : Wed Jun 05 2002 - 12:21:06 PDT