Re: Fwd: HBGary Mirrors?

["Thor (Hammer of God)" <thor () hammerofgod com>]

It would ultimately come down to "intent."  Technically of course, the encrypted file is not the original file.  Never 
will be.  Can't be.  They keys are not either.   Used together they can reproduce the copyright data.   So legally, 
there would certainly be an interesting argument about what is and what isn't legal.   But there would be plenty of 
cause for an injunction which would put the kibosh on distribution until that legal decision was made.  It doesn't have 
to make sense, and it doesn't have to be strictly "legal" but it is up to a judge.  Recall that 9th circuit judge 
Kermit (I believe) ruled against emails on an ISPs server being in scope for wiretap laws since, at the time the ISP 
was reading them, they were not "in transit."  Go figure.

If a judge ruled that you were purposely encrypting data and distributing keys to get around copyright laws, he could 
easily rule against you anyway.

t



From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of 
decoder
Sent: Friday, February 18, 2011 10:56 AM
To: full-disclosure () lists grok org uk
Subject: Re: [Full-disclosure] Fwd: HBGary Mirrors?

I can't answer the question but it would be even more interesting to answer this if you're using a One-Time-Pad (i.e. 
two files of equal size on two different servers, both XORed give you the data). There exists a mathematical proof that 
none of the two files leak a single bit of information of the original data :)


Chris


On 02/18/2011 07:50 PM, Cal Leeming [Simplicity Media Ltd] wrote:
Sorry, when I say eligible, I mean "which server would they be allowed to take down by law?".

I'm not too hot on the laws of encryption, but I'm sure there is something which states that hosting encrypted files 
are not illegal, it's distributing the key which allows you to gain access to those fails, which is actually illegal.

*DISCLAIMER: I don't know if the above is true or not, so apologies if I got this wrong*


On Fri, Feb 18, 2011 at 6:46 PM, ck <c.kernstock () googlemail com<mailto:c.kernstock () googlemail com>> wrote:
I go with the server hosting the files since the key should be
significant smaller than the files and therefor much easier to mirror.

On Fri, Feb 18, 2011 at 7:37 PM, Cal Leeming [Simplicity Media Ltd]
<cal.leeming () simplicitymedialtd co uk<mailto:cal.leeming () simplicitymedialtd co uk>> wrote:
> So here's a thought.
> If illegally distributed files (such as this one) were encrypted and hosted
> on one server, and the key hosted on another, which server would
> be eligible for take down?








_______________________________________________

Full-Disclosure - We believe in it.

Charter: http://lists.grok.org.uk/full-disclosure-charter.html

Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/