Vulnerability Development mailing list archives
Re: Xbox (Was -Online Games Consoles and Security Implications)
From: wolt () igd fhg de (Stephen D. B. Wolthusen)
Date: 05 Jun 2002 18:33:09 +0200
Hi, Thor Larholm <Thor () jubii dk> writes:
This may be somewhat offtopic, but how does the DMCA 'handle' foreign countries? There's quite a big world outside of the US of A, and being part of that outside world makes me somewhat ignorant and irrelevant to any restrictions laid out by the DMCA since it has no jurisdiction anywhere else. Does it specifically mention how to handle 'sensitive' research outside of its borders? Should I tripple check before planning any visits to the states? ;)
This is really not about the DMCA per se, but rather the result of two international treaties under the WTO umbrella, commonly referred to as the WIPO -- the World Intellectual Property Organization, a sub-body of the WTO -- treaties (specifically, the WIPO Copyright Treaty and the WIPO Performances and Phonograms Treaty) dating back to 1996. Nations party to these treaties (which includes more or less the entire developed world) must translate this into national law to be compliant under WTO rules. While the WIPO treaties require legal protection for ``technical protection measures'' only when they deny copyright infringement (article 11 of the Copyright Treaty), DMCA couldn't leave well enough alone and made the language so sweeping (Hi, Sen. Hollings...) that it has become almost a blanket outlawing of reverse engineering. That alone had a chilling effect -- and is a boon to lawyers. The SSSCA or whatever form the final result will take will make things even worse. Unfortunately, the EU repeated more or less the same grave mistakes made back stateside three years before. I guess that was mostly due to the same lobbyists' efforts that resulted in the DMCA etc. The Directive 2001/29/EC was issued in May 2001 (http://europa.eu.int/smartapi/cgi/sga_doc?smartapi!celexplus!prod!CELEXnumdoc&numdoc=32001L0029&lg=EN). Member nations have a grace period until December 2002 to transform this into national legislation. When you look at article 6, the language is just as broad as that of the DMCA. Bottom line: Even though technical means of content protection cannot work because of a fundamental contradiction between having the plaintext made available to the consumer and the playback device being under the physical control of the consumer, this has a very good chance of putting a cork in security research and reverse engineering for legitimate purposes. The bad guys aren't going to care, but any research institution, university, or company will be very much afraid of the risks from exposure to lawsuits and accusations -- even if the research falls into the (narrow) exception categories. -- later, Stephen Fraunhofer-IGD | mailto: Stephen Wolthusen | wolt () igd fhg de Fraunhoferstr. 5 | swolthusen () acm org 64283 Darmstadt | swolthusen () ieee org GERMANY | | Tel +49 (0) 6151 155 539 | Fax: +49 (0) 6151 155 499
Current thread:
- RE: Xbox (Was -Online Games Consoles and Security Implications) Ken Pfeil (Jun 04)
- RE: Xbox (Was -Online Games Consoles and Security Implications) Deus, Attonbitus (Jun 04)
- <Possible follow-ups>
- RE: Xbox (Was -Online Games Consoles and Security Implications) Robert Freeman (Jun 04)
- RE: Xbox (Was -Online Games Consoles and Security Implications) Damien (Jun 05)
- RE: Xbox (Was -Online Games Consoles and Security Implications) Thor Larholm (Jun 05)
- Re: Xbox (Was -Online Games Consoles and Security Implications) Doug (Jun 05)
- Re: Xbox (Was -Online Games Consoles and Security Implications) Stephen D. B. Wolthusen (Jun 05)
- Re: Xbox (Was -Online Games Consoles and Security Implications) Robert Freeman (Jun 05)
- RE: Xbox (Was -Online Games Consoles and Security Implications) Ashcraft, Brian S (Contractor) (Jun 05)