SoylentNews is people
SoylentNews
from the people-who-show-how-to-fix-stuff-are-dangerous dept.
From https://www.eff.org/press/releases/eff-asks-court-block-us-prosecuting-security-researcher-detecting-and-publishing we learn that the EFF is helping fight the case of a Security Researcher:
Washington, D.C.—The Electronic Frontier Foundation (EFF) asked a court Thursday for an order that would prevent the government from prosecuting its client, security researcher Matthew Green, for publishing a book about making computer systems more secure.
Green is writing a book about methods of security research to recognize vulnerabilities in computer systems. This important work helps keep everyone safer by finding weaknesses in computer code running devices critical to our lives—electronic devices, cars, medical record systems, credit card processing, and ATM transactions. Green's aim is to publish research that can be used to build more secure software.
But publishing the book, tentatively entitled Practical Cryptographic Engineering, could land Green in jail under an onerous and unconstitutional provision of copyright law. To identify security vulnerabilities in a device he has purchased, Green must work directly with copyrighted computer code, bypassing control measures meant to prevent the code from being accessed. Even though this kind of research is traditionally a "fair use" permitted by copyright law, Digital Millennium Copyright Act (DMCA) Section 1201 threatens criminal and civil penalties— including jail time—for performing it or publishing information about the methods of security research. The exemptions Congress included in the 1998 DMCA to protect security researchers from prosecution are vague, limited, and provide inadequate assurance against the serious legal ramifications of Section 1201 lawsuits—something the government itself has acknowledged.
"Under Section 1201, computer researchers can face serious penalties just for selling a book that would help people build better, more secure computer systems," said EFF Legal Director Corynne McSherry. "As we explained when we filed a legal challenge to the law in July, such penalties violate the First Amendment and threaten ordinary people for publishing research or even talking about circumventing computer code that's embedded in nearly everything we own. With the lawsuit underway, we're asking the court to bar the government from prosecuting Dr. Green so he can publish a book that's clearly in the public interest."
[...] For more about this case: https://www.eff.org/cases/green-v-us-department-justice
(Score: 0) by Anonymous Coward on Monday October 03 2016, @07:05AM
EFF will spend huge amounts of money chasing this up to the circuit court only to be told that they accept the government's promise not to prosecute legit researchers like Green.
(Score: 0) by Anonymous Coward on Monday October 03 2016, @07:57AM
Oh you want DJB 2.0 do you? You forgot one detail of DJB 1.0: legit researcher must lose, for being uppity. The case will go away, but the government will not lose the case. Government always wins.
(Score: 2) by davester666 on Monday October 03 2016, @08:58AM
1. The gov't would never make such a promise. At best, they might say something along the lines of "we promise not to prosecute this particular person for writing this particular book".
2, Any promise they give is only worth something if they write it in the margin of a $10 bill.
(Score: 2) by Hyperturtle on Monday October 03 2016, @03:55PM
Did constitutional lawyers determine if the actual law was unconstitutional, or is that just what they believe is the case because the hacker ethos demands that information must be free?
Whenever I read "blah blah unconstitutional" or "evil and nefarious" etc, I always am curious to know who made the decision, and if things are evil and unconstitutional, why it is a law. I suppose it could be an unconstitutional law, but the argument loses some credibility when it is used to further the financial gains of the author.
If it was made outside of this context, I would take it more seriously.
That said, I hope that he is allowed to publish his book. There is too much in our modern era that will be lost and never enter our recorded history, just as people commented about old TV broadcasts and lost films. Instead, we will have encrypted stuff that is scattered on clouds and perhaps difficult to piece together even if the encryption is broken. Or flat out erased due to commercial interests not wanting others to have access to stuff.
That's off topic; I was thinking of the DMCA and how it locks down a lot of things; his discussion covers this in part. Securing networks and IT environments in general, and the discussion of it, is the focus and I concur that there written discussion should not be legal. If anything, the NSA should use it as a guideline as to what he didn't cover and chase after that newly revealed low hanging fruit.
If he wants some legal safeguards, perhaps he can encrypt his own works and show how to unencrypt them and defeat the DMCA as it applies to his own creative works. I imagine that would limit the pool of troublemaking suitors he could feasibly anger in demonstrating security methods.
I don't believe information wants to be free, but I do think it is hard to control... We haven't hit that balance yet; or maybe we have. Businesses have the control and we're all part of the sharing economy where consumers often give up control for ephemeral pleasures that won't last nearly as long as we will as products, let alone violated products when the security surrounding our exploitation is poor. If that's the balance, I can see that he has an uphill battle since our side is weighted heavily towards being exploited as products. Making it harder to abuse people for profit would surely see some invested interests make an appearance to help dissuade his arguments.
(Score: 1, Interesting) by Anonymous Coward on Monday October 03 2016, @07:43PM
Of course information doesn't want to be free... it's not alive, it doesn't want anything. But humans, being naturally curious, want information to be free.
Securing networks and IT environments in general, and the discussion of it, is the focus and I concur that there written discussion should not be legal.
Wait, what? Is that a typo or are you really advocating for censorship of anything to do with network security?