Even more compelling are recent comments from Professor Felten at a conference at the University of Michigan.
These same concerns were echoed in Canada in a 2005 letter from the Digital Security Coalition to the then-Ministers of Canadian Heritage and Industry. The letter noted that:
Understand that the science and business of digital security implicates the practical application of circumvention technologies. To understand security threats, researchers must understand security weaknesses. We are not in the business of circumventing technological safeguards for the purposes of exploiting the weaknesses we find; rather, we are in the businesses of finding and addressing those weaknesses.
Security weaknesses are best found – and addressed – when a variety of security researchers examine a platform or application. The odds of one party devising the best response to a security issue are slim; the likelihood of an optimal response improves significantly when a community of security researchers has the opportunity to examine and test a platform or application. Anti-circumvention laws throw a shroud of legal risk over that community, and dampen security research at the edges. Simply, anti-circumvention laws that provide for excessive control make for bad security policy.
Any new legislation must ensure that researchers and the companies typified by the Digital Security Coalition (which include Canadian leaders such as Third Brigade, Certicom, and Borderware Technologies) are free to conduct their work and to publish their results without fear of legal threats arising from anti-circumvention provisions. If Canada is to establish a U.S.-style DMCA, it must include an explicit circumvention right that covers security research (both the activity and its dissemination) in academic and commercial settings.
Musician and Curmudgeon
This is truly chilling. I live in the U.S., and it amazes me the contradictions that abound in the new copyright and DRM laws. Knowledgeable legislators and the industry flagrantly thumb their noses at long-standing principles, concepts, and protections of copyright and fair use, while ignorant legislators and the general public are forced to go along for the ride.
I’m thankful for Sony’s newsworthy DRM debacle. If such issues don’t happen this early in the game, people will remain unaware of the security problems that TPM can create. As time goes on, the number of more insidious incursions and resulting problems that might accumulate on PCs and servers full of personal and financial data could be more difficult to fix.
Jonathan Ramsey
[ link ]
tranquileye.com
Just to be clear, the \”conference\” at which Sklyarov was \”presenting a paper\” was the hacker convention DEFCON, which I actually attended that year.