Save up to $300/year on phone bills
- Related Stories
-
Homeland Security official suggests outlawing rootkits
February 16, 2006 -
Sony settles 'rootkit' class action lawsuit
December 29, 2005 -
Did Sony 'rootkit' pluck from open source?
November 18, 2005 -
Sony 'rootkit' prompts office clampdown on CD use
November 14, 2005 -
Microsoft will wipe Sony's 'rootkit'
November 13, 2005 -
FAQ: Sony's 'rootkit' CDs
November 11, 2005 -
Antivirus firms target Sony 'rootkit'
November 9, 2005
But those strict legal restrictions should stay in effect, entertainment industry lobbyists said Friday, when they urged the U.S. Copyright Office to avoid making any changes to the Digital Millennium Copyright Act.
"There are many other avenues to address these questions, and certainly many other laws that may be relevant in this circumstance," said Steven Metalitz, a senior vice president at the International Intellectual Property Alliance. The group represents large copyright holders.
Computer security experts have asked the Copyright Office to alter the DMCA to protect their research. Edward Felten, a professor of computer science at Princeton University, said Friday that he and graduate student J. Alex Halderman uncovered the Sony problem a month before the news about it broke in November--but feared a lawsuit under Section 1201 of the DMCA if they disclosed it without the record label's authorization.
Because of the lag time, "a great many of consumers were at risk every day," Felten said. "Our exemption request is fundamentally asking for protection for those consumers."
Under federal law, the Copyright Office is required to solicit public opinion every few years on whether any amendments--called "exemptions"--to the DMCA are necessary. Section 1201 of the law broadly restricts circumventing "a technological measure that effectively controls access" to a copyright work.
Sony rootkit's lesson
In the past, security researchers would notify the vendors first of any bugs, but now they're afraid to disclose such flaws without first consulting a lawyer, Felten said. He added that the DMCA has discouraged security researchers from embarking on new projects and has driven some away from the field. (Felten once was threatened with a DMCA lawsuit by the recording industry for exposing weaknesses in a music-watermarking scheme.)
After a public outcry last fall, Sony voluntarily said it would halt production of certain copy-protected CDs. Those CDs installed a bundle of software, including a "rootkit" used to mask the presence of copy-protection software--and, if abused, malicious programs as well. The incident prompted one Homeland Security official to suggest banning rootkits.
Aaron Perzanowski, a law student at the University of California at Berkeley's Samuelson Law, Technology and Public Policy Clinic, and clinic director Deirdre Mulligan, said that Felten could have been subject to legal liability if he had disclosed his findings about the Sony rootkits. After he found the flaw, Felten said he called lawyers and spent a month in negotiations with them, and decided not to publish his results right away. Programmer Mark Russinovich did instead.
Lobbyist Metalitz offered a detailed list of reasons why he said such an interpretation of the DMCA was incorrect. The law already provides sufficient protection in Section 1201 for researchers like Felten to do their work, he said. (That section, 1201(j), permits bypassing anticopying technology "solely for the purpose of good faith testing, investigating, or correcting, a security flaw or vulnerability.")
But in the Sony BMG incident, the record label's first crack at an uninstaller proved riddled with new problems, Felten said, and even the latest version of the patch won't prevent reinstallation of the rootkit each time the type of copy-protected CD is inserted into a computer. Felten and other security professionals have been able to devise alternative uninstallers that would prevent such reinstallation indefinitely, but are worried that their "unauthorized" methods could get them sued.
"It's this uncertainty that creates the very risk," agreed Matthew Schruers, a lawyer for the Computer and Communications Industry Association, whose members include Sun Microsystems, Verizon and Yahoo. "So that raises for me a perplexing question: Why on earth are we putting cybersecurity in the hands of copyright lawyers?"
Previous DMCA exemptions granted by the Copyright Office include: Researchers into filtering could study blacklisting techniques, and obsolete copy-protection schemes could be legally bypassed.
When reviewing the DMCA, the Library of Congress is required to consider the impact that the anticircumvention sections have "on criticism, comment, news reporting, teaching, scholarship or research (and) the effect of circumvention of technological measures on the market for or value of copyrighted works."
The Copyright Office received more than 100 comments on its notice of proposed rulemaking published last year and plans to release its final determinations by the end of October. Marybeth Peters, the Register of Copyrights, said that the office has reached no conclusions yet on any of the exemptions.
See more CNET content tagged:
DMCA,
rootkit,
Sony BMG Music Entertainment,
lobbyist,
Sony Corp.
Imagine that you have purchased several DVD's and want to watch them on your notebook on a long flight you are about to take. If you choose to use a utility to copy those files onto your hard drive, that is arguably a violation of the "anti-circumvention" provisions of the DMCA, even though it is completely consistent with your fair-use rights.
The DMCA was an incredibly far-reaching power grab by the studios against the interest of the consumer. Congress should be embarrassed that they passed this horribly one-sided piece of legislation.
Imagine that you have purchased several DVD's and want to watch them on your notebook on a long flight you are about to take. If you choose to use a utility to copy those files onto your hard drive, that is arguably a violation of the "anti-circumvention" provisions of the DMCA, even though it is completely consistent with your fair-use rights.
The DMCA was an incredibly far-reaching power grab by the studios against the interest of the consumer. Congress should be embarrassed that they passed this horribly one-sided piece of legislation.
besides..I'm sure is a politicians DVD went bad..they would get a free replacement...however, we the poor public will have to pay...
I'll continue to use whatever resources are available to protect "MY FAIR & HONEST USE".
all we can do is keep figting...
How can the Congress and Senate and Supreme Court allow these people to trasspass into my computer without my permission and destroy my PC? This is NOT a free country people, this is government out of control. We need to smack them down hard.
How can the Congress and Senate and Supreme Court allow these people to trasspass into my computer without my permission and destroy my PC? This is NOT a free country people, this is government out of control. We need to smack them down hard.
Robert
I'm afraid what rootkits prove is that our government can't be trusted not to abuse it's own people.
Robert
I'm afraid what rootkits prove is that our government can't be trusted not to abuse it's own people.
All too frequently many of these copyrighted products arrive on our systems rife with defects and security holes. We have already seen that the consumer cannot rely on the copyright holders to locate and correct those defects--there is simply no profit in this post-production quality control.
As long as DMCA mindlessly targets anyone who might bypass security to research defects in code, the consumer has absolutely no right to quality copyrighted products. Nor will we have any right to timely modifications should defects turn up. (I won't even mention the millions of dollars in costs consumers bear in correcting defective products.)
Bottom line: as long as the copyright holders themselves are the only ones legally entitled to protect the consumer from defects, the consumer will NOT be protected in any credible manner.
One of the key recommendations I suggest on my biztechnet.org blog is that you should closely track and document every penny in costs related to finding and correcting defects and security holes in copyrighted products. Then, when it comes time to negotiate any license and support agreements with that the copyright holder you should begin demanding that they compensate you for those costs with price reductions. There is much more to this process but this is not the proper forum for me to explain.
All too frequently many of these copyrighted products arrive on our systems rife with defects and security holes. We have already seen that the consumer cannot rely on the copyright holders to locate and correct those defects--there is simply no profit in this post-production quality control.
As long as DMCA mindlessly targets anyone who might bypass security to research defects in code, the consumer has absolutely no right to quality copyrighted products. Nor will we have any right to timely modifications should defects turn up. (I won't even mention the millions of dollars in costs consumers bear in correcting defective products.)
Bottom line: as long as the copyright holders themselves are the only ones legally entitled to protect the consumer from defects, the consumer will NOT be protected in any credible manner.
One of the key recommendations I suggest on my biztechnet.org blog is that you should closely track and document every penny in costs related to finding and correcting defects and security holes in copyrighted products. Then, when it comes time to negotiate any license and support agreements with that the copyright holder you should begin demanding that they compensate you for those costs with price reductions. There is much more to this process but this is not the proper forum for me to explain.
- DMCA and the lack of software Quality Control
-
by
April 2, 2006 6:27 AM PDT
- While DMCA, as written, clearly addresses the rights of the software and copyrighted products industry, this law does not protect the rights of the consumer. We have seen--very consistently--that many of the top operating system and software players have no problem with "beta testing" their products on unsuspecting consumers.
-
Reply to this comment
-
See all 32 Comments >>All too frequently many of these copyrighted products arrive on our systems rife with defects and security holes. We have already seen that the consumer cannot rely on the copyright holders to locate and correct those defects--there is simply no profit in this post-production quality control.
As long as DMCA mindlessly targets anyone who might bypass security to research defects in code, the consumer has absolutely no right to quality copyrighted products. Nor will we have any right to timely modifications should defects turn up. (I won't even mention the millions of dollars in costs consumers bear in correcting defective products.)
Bottom line: as long as the copyright holders themselves are the only ones legally entitled to protect the consumer from defects, the consumer will NOT be protected in any credible manner.
One of the key recommendations I suggest on my biztechnet.org blog is that you should closely track and document every penny in costs related to finding and correcting defects and security holes in copyrighted products. Then, when it comes time to negotiate any license and support agreements with that the copyright holder you should begin demanding that they compensate you for those costs with price reductions. There is much more to this process but this is not the proper forum for me to explain.