Maybe and maybe not. Firstly, I'm not a lawyer... but... Truth: The DMCA is - albeit not fully tested in the courts - the law of the land (USA) until such time as the courts speak. Plus, if it's like most laws, it will be subject to a series of decisions as the courts struggle to find a balance between two opposing positions. Meaning? It may not be clear for years - if ever... European? Don't be so smug until you read the EU directive on copyrights... http://www.eurorights.org/eudmca/ - at least as an American I can fight it in court, call and yell at my CongressCritter, etc. Second, despite what you all wish, the 1st Amendment (to the US Constitution) is not absolute. "Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances." A great discussion is at http://caselaw.lp.findlaw.com/data/constitution/amendment01/ Remember, this is "Congress shall" - it says NOTHING about and provides NO LIMITS for private limits on speech. And, even with the explicit wording of the 1st amendment, there have long been recognized exceptions. From Whitney v. California, 274 U.S. 357, 375 -76 (1927) (Justice Brandeis concurring): "But, although the rights of free speech and assembly are fundamental, they are not in their nature absolute. Their exercise is subject to restriction, if the particular restriction proposed is required in order to protect the State from destruction or from serious injury, political, economic or moral." This leads to accepted limits where "free speech" is: - Against public policy, e.g. obscene material, child por*******y (as differentiated from regular old por*******y), etc. - Libel and Slander - etc. People frequently forget that there is whole category of speech, "Commercial speech" which is entitled to much weaker protection. Discussed at http://caselaw.lp.findlaw.com/data/constitution/amendment01/17.html "Commercial Speech .--In recent years, the Court's treatment of ''commercial speech'' has undergone a transformation, from total nonprotection under the First Amendment to qualified protection." <snip /> "While commercial speech is entitled to First Amendment protection, the Court has clearly held that it is not wholly undifferentiable from other forms of expression; it has remarked on the commonsense differences between speech that does no more than propose a commercial transaction and other varieties." Don't think this is relevant... what about "Our XYZ OS is the most secure OS in the Solar System"? Or "One remote hole in the default install, in nearly 6 years!"? Trade claims and such may well make it commercial?? Another restriction? You can - as part of a valid contract - give up your 1st Amendment rights, for example by accepting employment with the government you may give up the right to say certain things. Or the famous EULA's which prohibit publication of disparaging comments about the software... Let's face it - the only thing you can do is to vote with your feet and dollars (euros, pesos, whatever). Don't like the restrictions in the EULA - don't use the software. Don't like a vendor's policy on "full disclosure" - find another vendor. -----Burton -----Original Message----- From: Stephen Samuel [mailto:samuelat_private] Sent: Friday, August 02, 2002 12:58 PM To: Richard Forno Cc: bugtraqat_private; vuln-devat_private; johnmacsgroupat_private Subject: Re: Comment on DMCA, Security, and Vuln Reporting If something like this HP attack on security research actually flies in court, then I think there is a very good chance that it can be killed on the basis of the first amendment. To play with the analogy used in one supreme court decision on the first amendment: This law makes it illegal to stand up and yell "fire" in a crowded theatre-- but only if there really is a fire. Richard Forno wrote: > Given the recent news about HP using DMCA to shutter a Bugtraq disclosure of > Tru64 vulnerability, I felt it appropriate to chime in. I hope you find my > comments of-value and worthy of relaying onto the list. ..... > The way we're going, thanks to HP's legal geniuses, we may as well call > NIST, NSA, SANS, and IETF to rewrite a new 'industry standard' definition > for 'computer security' that places the vendor's profit and public image > above the confidentiality, integrity, and availability of end-user data and > systems. For all intents and purposes, Congress has already done that with > DMCA and Berman's proposed "Hollywood Hacking" Bill -- they just forgot to > inform (or seek counsel from) those of us working in the real information > security community. > > Bleeping idiots. Congress and Corporate America. When it comes to technology > policy, neither has the first clue . No wonder we're in the state we're in. -- Stephen Samuel +1(604)876-0426 samuelat_private http://www.bcgreen.com/~samuel/ Powerful committed communication, reaching through fear, uncertainty and doubt to touch the jewel within each person and bring it to life.
This archive was generated by hypermail 2b30 : Fri Aug 02 2002 - 18:44:56 PDT