Friday, October 10, 2003

It seems that SunnComm have decided not to sue Alex Haderman after all.

"SunnComm president and CEO Peter Jacobs said he changed his mind.

Jacobs said in an interview late last night that a successful lawsuit would do
little to reverse the damage done by the paper Halderman published Monday
about his research, and any suit would likely hurt the research community by
making computer scientists think twice about researching copy-protection

"I don't want to be the guy that creates any kind of chilling effect on
research," Jacobs said."
AT LUNCHTIME TODAY, I moderated a panel discussion on digital downloading and music,
featuring a bunch of musicians, songwriters, and industry people from Nashville. Here's the
scary bit: one of the industry guys said that their big legislative priority is to try to create a
regime where you have to register with a unique, verifiable ID to access the Internet.

No doubt the next step would be to take away that ID as punishment for "misconduct" on the
Internet. Shades of Vernor Vinge's True Names.

posted at 04:12 PM by Glenn Reynolds
Donna and Derek have a pretty good set of links and comments on the Halderman story. As Derek says:

"But the fact that we're even having this
discussion is ridiculous. It's a total joke. Yet I'm
not laughing."
Alex Halderman, a Princeton student, who discovered that holding down the shift key while loading a CD into a computer, allows you to beat the latest copy protection technology, is about to get sued by the company that produced the technology. I'm with Ernest Miller on this one. I can't see them going ahead with it. It's a pretty lousy PR exercise - a student points out your security is not very good and you react how? By improving the security? No, of course not! You must sue the student, or preferably have the authorities go after him with criminal charges. We're not in the real world, we're in DMCA-land. We'll have our very own version, EUCD-land, in the UK by the end of the month.

Thursday, October 09, 2003

Eolas have filed for an injunction to stop Microsoft distributing their IE browser, in the wake of their recent $520 million patent infringement victory against the software giant.
The UK has passed legislation to implement the EU Copyright directive. The actual legislation is largely unchanged from the original draft regulations that were subject to such a long period of consultation. There now appears to be an exception for researchers. Section 296ZA2 states:

"This section does not apply where a person, for the purposes
of research into cryptography, does anything which circumvents effective
technological measures unless in so doing, or in issuing information
derived from that research, he affects prejudicially the rights of the
copyright owner."

It remains to be seen what "affects prejudicially the rights of the copyright owner" actually means in practice. The DMCA also has an exception for security researchers. Ben Edelman at Harvard wants to get access to a lists of websites blocked by certain commercially available filter software programmes, in order to test their effectiveness.
As a researcher, the DMCA provides an exception which allows him to bypass the digital locks which keep those lists secret. At the same time, however, it makes it illegal for him to build the tool that would enable him to bypass those digital locks. I wonder if Section 296ZA(2) will have a similar effect? are reporting on a way of beating the latest CD copy protection technology. I wonder how such a report is affected by the implemention of the copyright directive now?