List Info

Thread: can a random number be subject to a takedown?
can a random number be subject to a takedown?
country flaguser name
United States		 2007-05-01 14:53:32 
A lot of sites have been getting DMCA takedowns for the
HD-DVD
processing key that got leaked recently.

My question to the assembled: are cryptographic keys really
subject to
DMCA subject to takedown requests? I suspect they are not
copyrightable under the criterion from the phone directory
precedent.

-- 
Perry E. Metzger		perrypiermont.com

------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography"
to majordomometzdowd.com
Re: can a random number be subject to a takedown?
country flaguser name
United Kingdom		 2007-05-01 15:40:10 
> A lot of sites have been getting DMCA takedowns for the
HD-DVD
> processing key that got leaked recently.

> My question to the assembled: are cryptographic keys
really subject to
> DMCA subject to takedown requests? I suspect they are
not
> copyrightable under the criterion from the phone
directory
> precedent.

I'm as far from being a copyright lowyer as most of you.
http://www.dilbert.com/comics/pearls/
archive/images/pearls2007042261849.jpg

I suppose that we mean a "randomly-generated
number", rather than a "random number".
Then the production process would not be creative as
expected for direct copyright
and you'd be right that it can't be copyrighted.

As far as the DMCA is concerned I think this is a
paracopyright issue - the
(alleged) significance of the number in relation to HD-DVD
would make it a
circumvention tool and therefore subject to takedowns.  I
don't know whether an
alternative legitimate use is a defence, but you might have
a job finding such
a thing for a randomly-generated number (as opposed to
something more structured
like "Netscape engineers are weenies.").

------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography"
to majordomometzdowd.com
Re: can a random number be subject to a takedown?
country flaguser name
United States		 2007-05-01 16:33:01 
On May 1, 2007, at 12:53 PM, Perry E. Metzger wrote:

>
> A lot of sites have been getting DMCA takedowns for the
HD-DVD
> processing key that got leaked recently.
>
> My question to the assembled: are cryptographic keys
really subject to
> DMCA subject to takedown requests? I suspect they are
not
> copyrightable under the criterion from the phone
directory
> precedent.

My tongue is slightly in my cheek as I say this: once a
random number  
is known, it's not random any more. An idealized property of
random  
numbers like keys is that there be no algorithm for
producing it that  
is better than guessing. I can presently guess this key with
 
probability greater than 2^-128 using this algorithm in a
C-like  
pseudocode:

unsigned char* guess_key(void)
{
     unsigned
     char key[] = {0x0a, 0xFa, 0x12, 0x03,
                   0xD9, 0x42, 0x57, 0xC6,
                   0x9E, 0x75, 0xE4, 0x5C,
                   0x64, 0x57, 0x89, 0xC1};

     return key;
}

(Or it would if I'd put the actual AACS key in there.)

The question is if a *specific* key can be taken down. This
is open  
to argument, because the DMCA only applies to things that
are  
copyrightable, and one can argue that keys are not
copyrightable  
convincingly. (Sketch of argument: if keys were
copyrightable then I  
could copyright a list of all keys. I can't copyright a
database, or  
even a phone book, so the notion that I could copyright a
list of all  
numbers in the set [0..N] is absurd.)

As far as anti-circumvention goes, keys themselves can't be
used for  
circumvention. Assuming that the above were the AACS key, I
couldn't  
use it to circumvent because I don't know the right protocol
to use.  
Consider another scenario: one can use a brick to smash a
window, but  
possessing a brick does not mean you've broken windows. If I
have a  
proper key, but no software, I am not capable of
circumventing.  
Likewise, if I had software that could do the crypto, but no
key, I'm  
not capable. It is only if I have both the software and the
key that  
I have something that *might* be a circumvention device.
Even things  
that might be circumvention devices are not always. The test
in the  
DMCA is if its primary purpose is for circumvention. This is
why  
debuggers are not circumvention devices. It is only when you
use the  
potential circumvention device to circumvent that you've
done the  
equivalent of throwing the brick through the window.

	Jon

------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography"
to majordomometzdowd.com
RE: can a random number be subject to a takedown?
country flaguser name
United Kingdom		 2007-05-02 12:12:57 
On 01 May 2007 22:33, Jon Callas wrote:

> On May 1, 2007, at 12:53 PM, Perry E. Metzger wrote:

> unsigned char* guess_key(void)
> {
>      unsigned
>      char key[] = {0x0a, 0xFa, 0x12, 0x03,
>                    0xD9, 0x42, 0x57, 0xC6,
>                    0x9E, 0x75, 0xE4, 0x5C,
>                    0x64, 0x57, 0x89, 0xC1};
> 
>      return key;
> }
> 
> (Or it would if I'd put the actual AACS key in there.)

  Heh, that's a bit like the old issue of whether you can
publish an OTP that
has certain "interesting" properties when used to
en/decrypt some other public
domain information.

  See also http://preview.tiny
url.com/3dcse6 
           http://preview.tiny
url.com/2d3hm3
           http://preview.tiny
url.com/2ey2mj

for more variations on this theme.  Wonder if you can issue
a take-down notice
for a 301 redirect?

    cheers,
      DaveK
-- 
Can't think of a witty .sigline today....

------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography"
to majordomometzdowd.com
[1-4]

about | contact  Other archives ( Real Estate discussion Medical topics )