Re: can a random number be subject to a takedown?

> My question to the assembled: are cryptographic keys
really subject to
> DMCA subject to takedown requests? I suspect they are
not
> copyrightable under the criterion from the phone
directory
> precedent.

A sample demand letter from the AACS Licensing Authority
appears at:

h
ttp://www.chillingeffects.org/notice.cgi?sID=03218

>From what I can see, there is no claim that the key is
copyrighted.
Rather, the letter refers to the provisions of the DMCA
which govern
circumvention of technological protection measures.  It
demands that
the key be taken down in order to avoid "legal
liability".

This seems odd to me because my understanding of the DMCA's
anti-circumvention provisions is that they are criminal
rather than civil
law.  Violations would lead to charges from legal authority
and not from a
copyright owner.  So it's not clear that AACSLA has any
power to enforce
these demands, other than trying to get some government
agency involved.

The letter specifically cites 17 USC 1201(a)2 and (b)1,
which can be read
here:

http://cyber.law.harvard.edu/openlaw/DVD/1201.html#a2

Hal Finney

------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography"
to majordomometzdowd.com

halfinney.org ("Hal Finney") writes:
> A sample demand letter from the AACS Licensing
Authority appears at:
>
> h
ttp://www.chillingeffects.org/notice.cgi?sID=03218
>
>>From what I can see, there is no claim that the key
is copyrighted.
> Rather, the letter refers to the provisions of the DMCA
which govern
> circumvention of technological protection measures.  It
demands that
> the key be taken down in order to avoid "legal
liability".

However, a 128 bit number is not a circumvention tool, any
more than
an explanation of how AACS can be attacked is a
circumvention tool. A
circumvention tool would have to be something like a program
or a
device that would permit circumvention, not mere description
of
one. Source code to a circumvention tool is probably a
sticky issue,
but the a 128 bit integer is not something you can then
compile and
get a hacking tool out of.

Can one really consider publication of an integer to be
circumvention?

> This seems odd to me because my understanding of the
DMCA's
> anti-circumvention provisions is that they are criminal
rather than civil
> law.  Violations would lead to charges from legal
authority and not from a
> copyright owner.  So it's not clear that AACSLA has any
power to enforce
> these demands, other than trying to get some government
agency involved.

That would indeed seem to be the case from me as well.
Takedown
notices are only for copyrighted material. This is not per
se a
standard takedown notice.

-- 
Perry E. Metzger		perrypiermont.com

------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography"
to majordomometzdowd.com

At 05:04 PM 5/1/2007 -0400, Perry E. Metzger wrote:

>halfinney.org ("Hal Finney") writes:
> > A sample demand letter from the AACS Licensing
Authority appears at:
> >
> > h
ttp://www.chillingeffects.org/notice.cgi?sID=03218

...

> > This seems odd to me because my understanding of
the DMCA's
> > anti-circumvention provisions is that they are
criminal rather than civil
> > law.  Violations would lead to charges from legal
authority and not from a
> > copyright owner.  So it's not clear that AACSLA
has any power to enforce
> > these demands, other than trying to get some
government agency involved.
>
>That would indeed seem to be the case from me as well.
Takedown
>notices are only for copyrighted material. This is not
per se a
>standard takedown notice.


It isn't a standard 17 USC 512(c)(3) takedown notice, it is
a 
non-statutory notice advising Google of possible liability
if the 
allegedly offending sites aren't taken down.

Without getting into a lengthy discussion of whether this is
a 
violation of the DMCA anti-circumvention provisions, alleged

violations certainly can be pursued in civil court as well
as 
criminal court.  The semi-infamous 2600 case, involving the
posting 
of DeCSS to many sites, was a civil case.  Court of Appeals
Opinion 
at 
<http://www.eff.org/IP/Video/M
PAA_DVD_cases/?f=20011128_ny_appeal_decision.html>. 


------------------------------------------------------------
--------
James S. Tyre                                     
jstyrejstyre.com
Law Offices of James S. Tyre         
310-839-4114/310-839-4602(fax)
10736 Jefferson Blvd., #512               Culver City, CA
90230-4969
Co-founder, The Censorware Project             http://censorware.net
Policy Fellow, Electronic Frontier Foundation     http://www.eff.org

------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography"
to majordomometzdowd.com

http://www
.youtube.com/watch?v=L9HaNbsIfp0

------------------------------------------------------------
--------
James S. Tyre                                     
jstyrejstyre.com
Law Offices of James S. Tyre         
310-839-4114/310-839-4602(fax)
10736 Jefferson Blvd., #512               Culver City, CA
90230-4969
Co-founder, The Censorware Project             http://censorware.net
Policy Fellow, Electronic Frontier Foundation     http://www.eff.org

------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography"
to majordomometzdowd.com

Hal Finney wrote:
>> My question to the assembled: are cryptographic
keys really subject to
>> DMCA subject to takedown requests? I suspect they
are not
>> copyrightable under the criterion from the phone
directory
>> precedent.
> 
> A sample demand letter from the AACS Licensing
Authority appears at:
> 
> h
ttp://www.chillingeffects.org/notice.cgi?sID=03218
> 
>>From what I can see, there is no claim that the key
is copyrighted.
> Rather, the letter refers to the provisions of the DMCA
which govern
> circumvention of technological protection measures.  It
demands that
> the key be taken down in order to avoid "legal
liability".
> 
> This seems odd to me because my understanding of the
DMCA's
> anti-circumvention provisions is that they are criminal
rather than civil
> law.  Violations would lead to charges from legal
authority and not from a
> copyright owner.  So it's not clear that AACSLA has any
power to enforce
> these demands, other than trying to get some government
agency involved.
> 
> The letter specifically cites 17 USC 1201(a)2 and (b)1,
which can be read
> here:
> 
> http://cyber.law.harvard.edu/openlaw/DVD/1201.html#a2
> 

>From an explanation of the justification for the take
down notices:
http://www.out-law.c
om/page-8022

  Fred von Lohman, an attorney at the Electronic Frontier
Foundation,
  said in his blog that sites which carry the code or links
to it are
  unlikely to be able to use a traditional defence of 'safe
harbor'.

  "While no court has ruled on the issue, AACS will
almost certainly
  argue that the DMCA safe harbors do not protect online
service
  providers who host or link to the key," he said.
"The DMCA safe
  harbors apply to liabilities arising from 'infringement of
copyright.'
  Several courts have suggested that trafficking in
circumvention tools
  is not 'copyright infringement,' but a separate violation
of a
  'para-copyright' provision."

  "The AACS takedown letter is not claiming that the
key is
  copyrightable, but rather that it is (or is a component
of) a
  circumvention technology," said von Lohman. "The
DMCA does not require
  that a circumvention technology be, itself, copyrightable
to enjoy
  protection."

One would think that the recent SCOTUS findings in Microsoft
v. AT&T
would demonstrate that intangibiles such as software (and
perhaps large
integers) were not components or parts thereof, unless in
place in a
"device":

http://www.webster.com/cgi-bin/di
ctionary?sourceid=Mozilla-search&va=device

  f : a piece of equipment or a mechanism designed to serve
a special
  purpose or perform a special function <an electronic
device>

>From http://cyber.law.harvard.edu/openlaw/DVD/1201.html#a2

17 USC 1201:

  (b) Additional Violations. -

      (1) No person shall manufacture, import, offer to the
public,
        provide, or otherwise traffic in any technology,
product,
        service, device, component, or part thereof, that -

         o (A) is primarily designed or produced for the
purpose of
            circumventing protection afforded by a
technological measure
            that effectively protects a right of a copyright
owner under
            this title in a work or a portion thereof;
         o (B) has only limited commercially significant
purpose or use
            other than to circumvent protection afforded by
a
            technological measure that effectively protects
a right of a
            copyright owner under this title in a work or a
portion
            thereof; or
         o (C) is marketed by that person or another acting
in concert
            with that person with that person's knowledge
for use in
            circumventing protection afforded by a
technological measure
            that effectively protects a right of a copyright
owner under
            this title in a work or a portion thereof.


I'd strongly suspect that most if not all of the 2 million
hits would
not reveal "another acting in concert with that
person's knowledge".
While this instance is not indicative of a trend to the
lawyer
equivalent of judicial activism, I don't see any protection
under the
DMCA against distributing the Processing Keys as what
appears to be a
political statement (which could be held to be protected
speech).

(IANAL)

Freds blog entry:  http
://www.eff.org/deeplinks/archives/005229.php




------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography"
to majordomometzdowd.com