House Bill Would Ban Crucial Crypto Research
By Will Rodger, ZDNet
Research crucial to producing secure computer systems in the U.S. could be
banned outright if wording in proposed legislation to extend copyright law
to cyberspace becomes law, experts warned last week.
"This is scary. Everything we've worked for could go away," said Bruce
Schneier, author of the seminal text Applied Cryptography.
With just days to go before the House Telecommunications Subcommittee
votes on the measure, industry lobbyists and cryptographers are scrambling
to convince drafters of the House World Intellectual Property Organization
Copyright Treaties Implementation Act to strike language that would ban
devices "primarily" designed to circumvent copyright protections such as
digital watermarks and validation codes.
Those protections are crucial to preventing online counterfeiting. But
making sure they remain secure requires that computer technologists try to
break them in the first place, rendering nonsensical distinctions between
legitimate software used to test computer security and the hacking tools
the bill would attempt to ban. Satan, a freely available software tool
used for network analysis by computer security specialists, for instance,
also is a favorite tool of network vandals.
In a June 4 letter, the Association for Computing Machinery urged
Telecommunications Subcommittee Chairman Billy Tauzin, R-La., to drop
anti-circumvention language affecting cryptographic research as well as
basic network operations.
"Often, the exact same technology [encryption] is used to control access
both to a copyrighted digital work and to certain components of a computer
security system," wrote Barbara Simons, ACM Public Policy Chair. "System
operators have important, legitimate reasons to circumvent such access
control technologies to confirm the security of the password file or other
vulnerable elements of the system."
Senate drafters dealt with the same issues before passing a companion bill
last month, but left their clarifications to a report accompanying the
bill rather than the bill itself. This time, computer groups want language
in the bill itself.
The Senate can be reached at www.senate.gov
-o-
Subscribe: mail majordomo@sekurity.org with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
Received on Tue Jun 16 09:02:05 1998