From: Gene Spafford <spaf@cs.purdue.edu>
To: coastwatch@cs.purdue.edu
Normally, I try to avoid too much comment on political issues. However,
every once in a while, something really disturbing comes down the pike.
Shortly, the U.S. House of Representatives will be considering a bill already
passed by the Senate: HR 2281, implementation of laws supporting the WIPO
Treaty (the "Digital Millenium Act").
If 2281 passes in anything close to its current form, it is very possible
that much of what we do at COAST and CERIAS will become illegal. Products
such as the ISS scanner, SATAN, SAINT, and the like may no longer be legal to
develop, sell or distribute (or use). Firewalls will need to be "dumbed
down" and not allowed to block or proxy traffic. Anti-virus researchers may
be arrested for disassembling new viruses. Penetration testing would be
illegal. Security testing of products you want to purchase or deploy might
be a felony.
In other words, Congress may shortly be passing a law that might render
illegal most of what we do in research and application of information
security. The end result would be that the security of our networks and
computers would be endangered even further.
Sounds pretty silly, doesn't it? However, passage of the law is considered
likely at this time, and the way it is written it may be interpreted in ways
very negative to infosec professionals. The bill has been written largely to
give extraordinary copyright protection to the entertainment industry and
large-scale software houses. Rather than simply develop penalties for
actual infringement, the bill makes illegal attempts to disassemble or read
copyrighted information on computers and networks. Development of products
that can be used to view such material is declared criminal by this bill.
Development of tools primarily intended for penetration or decryption would
be illegal.
In other words, instead of criminalizing the act of copyright infringement,
the bill attempts to criminalize teaching, research, development, marketing,
and use of ideas and technology that could just possibly be used to
circumvent or defeat copyright protections. It's as if, to reduce drunk
driving, they decided to criminalize the development, sale, and use of both
alcohol and automobiles!
I strongly urge you to read about this bill. Then, if you find it as much
of a disaster as so many of us do, then contact your Congress-critters and
complain (particularly your representatives in the House). If it should
pass the House, then consider writing to the President to veto the law.
Do this *soon*. The bill will probably be voted on this month, after the 4th
of July break.
If your company or university has contacts in Washington, you might also try
to alert them to how unsound this bill is.
All is not completely glum, however. There was another bill under
consideration, H.R. 3048, that is much better than 2281 (although still not
perfect). You might point out to your representative that you are not
against reasonable copyright protection, and that H.R. 3048 was a better
alternative, and its features should be considered as amendments. See the
enclosed references.
For more details on these bills, I suggest you consult the following:
* For actual text of the bill, go to http://thomas.loc.gov/,
and search for 'Digital Millennium Act'.
* http://www.zdnet.com/pcweek/news/0622/22wipo.html
* http://www.dfc.org (See the comparison of 3048 and 2281).
* http://www.eff.org/effector/#11
Have a happy 4th of July.
-o-
Subscribe: mail majordomo@sekurity.org with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
Received on Mon Jul 6 08:15:48 1998