nextbillgates
10-16-02, 08:36 AM
http://www.theregus.com/content/4/26656.html
If I tell you that I'll have to kill you: Red Hat fights the DMCA
By John Lettice
Posted: 10/16/2002 at 04:33 EST
Red Hat has struck a small blow against the DMCA, by publishing a security patch which can only be explained fully to people who are not within US jurisdiction. The company's position here seems to be not altogether voluntary - according to a spokesman "it is bizarre, and unfortunately something Red Hat cannot easily do much about," but like it or not Red Hat has been recruited to the campaign to make the DMCA look ridiculous.
The patch itself is on the Red Hat site, on this page, and the oddity here can be seen if you go down to the bottom. Under the heading "references" there is a link to http://www.thefreeworld.net/non-US/. At this point, those of you reading this while within US jurisdiction should have a care. We will endeavour to unfold the tale to you without exposing ourselves to action under the DMCA, but we stress now that we are not encouraging you to do so, nor is it our intention to provide you with the tools to do so.
Thefreeworld.net is not as yet an especially widely-known site, but its purpose is explained here. Briefly, it notes that the US has shown a readiness to bust individuals who perfectly legally publish information and software outside of the US, on the basis that this is published to people within US jurisdiction, among others. In order to publish this information without getting busted, Thefreeworld.net uses a licensing agreement which specifically rules out people within US jurisdiction. You can see the licence here, and again we stress that people within US jurisdiction should not accept this licence.
This bit makes it all nice and clear:
By continuing you warrant that you:
* are not a citizen of the USA.
* are not under US jurisdiction, including embassies, naval vessels, military bases and other areas of US jurisdiction.
* are permitted to import security information that may include information that can be used to subvert copy or content protection, even though this is not the primary purpose of the supply of this information.
* are not obtaining the information with the intent to commit a crime.
* understand the information is provided without fee and without warranty and/or guarantee of correctness of any kind.
* acknowledge that by downloading the data outside of the European Union you are performing an act of importation.
This rules out several Register staffers, and as Mr Orlowski in particular, not being a US citizen but being within easy reach of the feds, is particularly vulnerable to being lined up in front of a military tribunal in Cuba and shot, we caution him to stay away.
So what's all this got to do with Red Hat? Well, non-qualifying people, we can't exactly tell you that. But when we asked Red Hat about it we got an official comment which at least partially explains it: "RHSA-2002-158 is an errata kernel which addresses certain security vulnerabilities. Quite simply, these vulnerabilities were discovered and documented by ppl outside of the US, and due to the Digital Millenium Copyright Act legislation in the US, it is potentially dangerous to disclose any information on security vulnerabilities, which may also be used in order to circumvent digital security - i.e. computer security. For this reason, RH cannot publish this security information, as it is not available from the community in the first instance. The www.thefreeworld.net site allows for accessing this information, but requires you agree to terms which protect the author and documenter of the patches from being accusations that they themselves have breached DMCA."
Got that? In some instances at least, the very act of explaining what has been fixed by a security patch could be construed as explaining how the security of a product could be breached, and hence could be viewed as a breach of the DMCA.
Read the article for more.
Can someone plase explain to me how this is NOT a violation of the 1st amendment?
If I tell you that I'll have to kill you: Red Hat fights the DMCA
By John Lettice
Posted: 10/16/2002 at 04:33 EST
Red Hat has struck a small blow against the DMCA, by publishing a security patch which can only be explained fully to people who are not within US jurisdiction. The company's position here seems to be not altogether voluntary - according to a spokesman "it is bizarre, and unfortunately something Red Hat cannot easily do much about," but like it or not Red Hat has been recruited to the campaign to make the DMCA look ridiculous.
The patch itself is on the Red Hat site, on this page, and the oddity here can be seen if you go down to the bottom. Under the heading "references" there is a link to http://www.thefreeworld.net/non-US/. At this point, those of you reading this while within US jurisdiction should have a care. We will endeavour to unfold the tale to you without exposing ourselves to action under the DMCA, but we stress now that we are not encouraging you to do so, nor is it our intention to provide you with the tools to do so.
Thefreeworld.net is not as yet an especially widely-known site, but its purpose is explained here. Briefly, it notes that the US has shown a readiness to bust individuals who perfectly legally publish information and software outside of the US, on the basis that this is published to people within US jurisdiction, among others. In order to publish this information without getting busted, Thefreeworld.net uses a licensing agreement which specifically rules out people within US jurisdiction. You can see the licence here, and again we stress that people within US jurisdiction should not accept this licence.
This bit makes it all nice and clear:
By continuing you warrant that you:
* are not a citizen of the USA.
* are not under US jurisdiction, including embassies, naval vessels, military bases and other areas of US jurisdiction.
* are permitted to import security information that may include information that can be used to subvert copy or content protection, even though this is not the primary purpose of the supply of this information.
* are not obtaining the information with the intent to commit a crime.
* understand the information is provided without fee and without warranty and/or guarantee of correctness of any kind.
* acknowledge that by downloading the data outside of the European Union you are performing an act of importation.
This rules out several Register staffers, and as Mr Orlowski in particular, not being a US citizen but being within easy reach of the feds, is particularly vulnerable to being lined up in front of a military tribunal in Cuba and shot, we caution him to stay away.
So what's all this got to do with Red Hat? Well, non-qualifying people, we can't exactly tell you that. But when we asked Red Hat about it we got an official comment which at least partially explains it: "RHSA-2002-158 is an errata kernel which addresses certain security vulnerabilities. Quite simply, these vulnerabilities were discovered and documented by ppl outside of the US, and due to the Digital Millenium Copyright Act legislation in the US, it is potentially dangerous to disclose any information on security vulnerabilities, which may also be used in order to circumvent digital security - i.e. computer security. For this reason, RH cannot publish this security information, as it is not available from the community in the first instance. The www.thefreeworld.net site allows for accessing this information, but requires you agree to terms which protect the author and documenter of the patches from being accusations that they themselves have breached DMCA."
Got that? In some instances at least, the very act of explaining what has been fixed by a security patch could be construed as explaining how the security of a product could be breached, and hence could be viewed as a breach of the DMCA.
Read the article for more.
Can someone plase explain to me how this is NOT a violation of the 1st amendment?