RE: telnetd exploit code

[Dylan Reeve <dylan () wibble net>]

On Wed, 25 Jul 2001 aleph1 () securityfocus com wrote:

> The are quite a few responses to this thread but its painfully obvious
> that no one is quite sure if what they are saying is backed by law.
> Lots of IANAL. So unless someone with more than a simply opinion posts
> I'll kill the thread here.

I am not a lawyer, but...

Recently I have been doing a lot of reading with regard to copyright law
and it's effects in the 'digital realm'[1] - all my information it from
New Zealand copyright law, however that is based on British law and is
party to international treaties (Berne Convention 1928 and Universal
Copyright Convention 1952). My assumptions are based on current law, which
is not cut out to handle the adaptions brought about by the internet.

Copyright ownershave the following rights on all their works:
To copy the work;
To issue copies of the work in public;
To perform the work in public;
To play the work in public;
To show the work in public;
To broadcast the work;
To make an adaption of the work;
To do any of the above acts in relation to an adaption of the work;
To authorise another person to do any of these acts;

Copyright protection is automatic.

Copyright owners also have moral rights (from the Berne Convention) which
unlike copyright cannot be assigned, however they can be waived - these are:
The right to be identified as the author of a work (right of attribution);
The right to object to any distortion or modification of a work where
that treatment is prejudicial to the honour or reputation of the author
(right of integrity);

In the case of computer code such as the telnetd exploit the author could
make it available to individuals without weakening his position as
copyright owner of the work. The act of posting it to a public forum such
as Bugtraq is either showing the work in public, or broadcasting it - in
either case, if that act is not done by the copyright holder or a party
he has authorised to do that, then it is an infringement.

As far as a cracker placing his copyright code on another machine, that
would be seen as issuing a copy of the work, the administrator would be
within their right to remove it I imagine, but alteration would be an
infringement.

It could be argued that the configuration of your system 'just so' is a
protected work, a cracker placing code on that system would be modifying
your work, which is an infringement.

Coders who right GPL code are authorising the public as a whole to perform
any protected act. They do however retain their moral right, in that they
retain credit and GPL code cannot be used in commercial software (the
right of integrity).

The US also has the DMCA of course, which introduces a number of new
protections and alters some aspects of fair use. I am not sure how they
would impact on this.

Notes:
[1] I am preparing a submission for the New Zealand Government based on
the discussion paper "Digital Technology and The Copyright Act 1994" -
http://www.med.govt.nz/buslt/digital/

-- 
Dylan Reeve - dylan () wibble net

"Um, yeah."