Comment by dannyobrien
3 months ago
Fun fact: this is one of the few situations in the US where a prosecutor could claim that this is criminal speech (though I hope and trust they would not, and if it did it would get thrown out by any court respecting the First Amendment).
Not a civil issue, like libel or fraud, but the sort of talk that can get a policeman to come and drag you off to jail. If you've ever wondered why DRM is so roundly hated by engineers of a certain age, it's because not only it dumb makework that they are required to implement, not only is it extremely irritating to discover it interfering with your own computer, but if you do effectively point out how dumb, irritating, and eminently circumventable it is, they made it against the law to even tell anyone.
https://www.eff.org/press/releases/licensing-scheme-fair-use...
Remember when it was illegal to export strong cryptography from the US? There was no law to restrict that, so they just made something up. It basically went like this:
Problem: we can't make cryptography exports (software exports) illegal
-> what actually IS illegal to export?
-> munitions!
-> let's just declare that cryptography is "munitions"
-> problem solved
https://en.wikipedia.org/wiki/Export_of_cryptography_from_th...
Do you also remember the researcher Philip Zimmerman’s hack to get around the cryptography-is-munitions edict? The source code to PGP was published by MIT Press as a book that just happened to be in a format suitable for OCR. That framing made it into a First Amendment issue, one the researchers were confident they’d win in court.
https://archive.org/details/pgpsourcecodeint0000zimm
My university had that book, I think it can be used as a weapon actually, given its weight.
6 replies →
As far as legal hacks go I always liked xkcd joke on the matter.
https://xkcd.com/504/
If it is a munition the US government has limitations on it's actions controlling it covered under the 2nd amendment to the constitution.
In reality it nor the first amendment(freedom of speech) hack probably would not work. The limitation was on exporting strong crypto, not using or importing it. It was stupid and impossible to control. But I would guess any charges would be espionage(illegal speech) and smuggling(illegal goods). regardless of how you packaged it.
Was a t shirt too. I regret not getting a hold of one back then.
Not that I agree with it, but I do see the logic. The word "munitions" can be replaced with "materials," since it literally refers to materials used for warfare. That isn't necessarily limited to things that shoot or explode. It's a brilliant bit of pedantry if you step back and think about it.
So it can refer to people and what is in their minds too?
Anyway I'm not surprised. This kind of pedantry is what lawyers do for a living.
5 replies →
On the upside, when my Dad bought a G4 Mac, the brief block on exporting it due to its dangerous power was maximum nerd points.
They had a great add then (I also had a lot of G4’s ;-)
1 reply →
> There was no law to restrict that, so they just made something up.
That's a rather facetious interpretation. You're complaining that there was no law preventing software being distributed, and as there was a need to prevent that then lawmakers fixed that problem. That's hardly surprising, isn't it?
You also seem surprised that including cryptography software in existing lists designed to prevent export of military and/or dual-use technology is also surprising, unexpected, or outlandish. If you actually think about it, is it really?
The lawmakers did not have any involvement. The executive branch unilaterally abused its power to declare that encryption was a munition, to work around the fact it had no other power to restrict it without convincing the legislature to actually make a law.
If you go by the common interpretation of "munitions" and by and large the contents of that list, then it clearly does was not intended to include mathematics.
2 replies →
‘Lawmakers’ fixed no problems, no laws were made. Enforcers leveraged existing laws in ways that are clearly not intended purposed for their own goals; that will always be ripe for abuse and must be discouraged. Cryptography is not a munition.
The word "need" is doing some heavy lifting. "Desire" or "wish" seems more appropriate.
I’m no fan of the DMCA, but I am pretty skeptical of your apparent claim that this post itself is a potential violation of 17 USC § 1201. Obviously the act of circumvention itself qualifies, as does the code in the GitHub repository the post links to, but can you point to any prosecution of someone for a _prose description_ of circumvention (as opposed to actually making code available)?
https://www.law.cornell.edu/uscode/text/17/1201
The law says “no person shall circumvent” DRM, and later prohibits the distribution of “technology, product, service, device, component, or part thereof” to break DRM. It’s worded pretty carefully to avoid prohibiting more traditional forms of speech like this post, and as far as I’m aware has never been used in the manner you suggest.
> but can you point to any prosecution of someone for a _prose description_ of circumvention (as opposed to actually making code available)?
I'll do you one better: 2600 Magazine was prohibited from saying which website hosted DRM-circumvention code:
https://en.wikipedia.org/wiki/Universal_City_Studios,_Inc._v...
They were legally prohibited from saying, on their own website, words like "You can get DeCSS from http://lemuria.org/~tom/DeCSS/" and nothing else. Criminalised speech.
This is going to date me, but I had a t-shirt with basically a code-golf version of DeCSS printed on it and it said "This shirt is illegal" on it or something like that. I never actually wore it in public.
2 replies →
The USA has a lot of criminalised speech, despite the 1A. The most obvious historical example is "I am going to assassinate the president tomorrow at noon", but recently there have been a lot more things you can't say, such as "Fuck Donald Trump" which got someone arrested and deported.
13 replies →
> I'll do you one better
I think this is a weaker example.
1 reply →
https://en.wikipedia.org/wiki/United_States_v._Elcom_Ltd.
Found not guilty, but he was charged and tried.
Being found not guilty supports my contention. But that case was about distributing circumvention software, not traditional speech. Obviously distributing software that bypasses DRM is directly addressed by the law.
11 replies →
I wonder how that will if/when LLMs get to the point where they can turn a blog post about a DRM liberation into code. (Are they there already?)
These sorts of code are usually pretty short, right? It isn’t as if it needs to be maintainable or have a nice GUI.
I was thinking along the same lines. One of the many places that laws are going to have to catch up to reality. I’m 90% sure that current frontier models could turn this post into a working implementation with a good feedback loop.
1 reply →
They are there. Don't wanna say too much because of the DMCA. Worked on some ebook stuff recently. I even had some ebooks that had unknown encryption passwords on them. Claude came up with a 137-step plan to figure out the passwords and after about 50 different combinations of data it found the matching one.
I tried this and got plausible looking python code based on just the web page link. Can't test it as I'm travelling without my laptop.
The post includes a link to a GitHub repository containing code to circumvent the DRM, which probably counts as "technology" and "component".
I covered that in my comment. It’s likely the code violates § 1201 but I doubt the post does. And linking to infringing content is not legally the same thing as publishing it.
1 reply →
Where’s the link? Did he remove it, or am I missing some clever obfuscation of his own? (I’m on mobile so maybe the link isn’t obvious.)
10 replies →
I think that the link is already gone
I see you don’t remember the dvd decryption key ordeal.
I remember it well. DeCSS was code, not prose. I maintain that an English description of the decryption process without the key would not be liable.
1 reply →
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 BF
REDACTED
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C1
https://en.wikipedia.org/wiki/Illegal_number
1 reply →
been there, done that, got the t-shirt
1 reply →
> Obviously the act of circumvention itself qualifies, as does the code in the GitHub repository the post links to, but can you point to any prosecution of someone for a _prose description_ of circumvention (as opposed to actually making code available)?
There used to be some debate about whether a prose description is equivalent to computer code even though there are proofs in information theory that they are. English and C are just two different languages in which you can encode the same information.
But we don't even have to go there anymore. LLMs mean there are now machines that can execute a prose description. Code is speech and speech is code.
It does prevent linking to code though.
I wonder when/where did they make it against the law to even tell anyone. I remember(1) time when law guys made illegal (in US i believe? or EU?) creating software that circumvents certain DRMs, so I made plans to create a txt DRM that would rely on having a preambule like this :
if there is a !copy the text editor would not allow you to copy the text (like the acrobat reader does), and !save would not allow saving locally (this is even stupider)
The plan was to render notepad.exe and thus whole windows an illegal software because it allows to circumvent the existing DRM. Of course this would make illegal also less and vim, therefore I got scared of the power that lay in my hands, and cease to hit the atomic button.
_____
(1) I've noticed that I recently started to use "I remember" more and more on the hackernews. I'm getting old.
Your idea has a precedent.
The Serial Copy Management System (SCMS)[1] is a DRM standard built into digital audio tech like DAT, MiniDisc, DCC, and consumer audio CD recorders. It works by adding just 2 bits — but no encryption or obfuscation whatsoever — to the digital audio signal that tell the recorder if further digital copying is allowed. Importantly, SCMS only ever blocked making a digital copy of a copy — you could always make a first-generation copy from an original, but not chain further digital copies. The requirement was pushed by copyright holders: in the US, consumer devices had to implement SCMS to ensure you couldn’t endlessly duplicate perfect digital recordings, but pro studio gear was exempt. SCMS doesn’t restrict analog copying, just digital serial copying. Most people found it annoying rather than effective.
[1] https://en.wikipedia.org/wiki/Serial_Copy_Management_System
Yeah, I think this or another similar "copy protection" was my inspiration...
That law should be changed. If you distribute your intellectual property with DRM, that work should forever be exempt from copyright protection. You get to choose one or the other, but never both, because DRM effectively removes the work from the public domain in perpetuity.
Even accidentally releasing a demo or preview with DRM should invalidate copyright on that software/movie/book/whatever.
> because DRM effectively removes the work from the public domain in perpetuity.
This doesn't make for a good anti-DRM argument because the concern can simply be addressed by requiring a DRM-free copy to be deposited at the library of congress (or similar[1]) so it can be released in 150 years (or whatever) it actually becomes public domain.
Moreover how would you even define what "DRM" is? Is spotify refusing to provide a .mp3 file download for their streaming service a "DRM"? What if they implement streaming via webrtc, to make it extra-annoying to manually download? For games, is it "DRM" to add mandatory online requirements even for single player? What if there's an ostensible reason for the online requirement, like if the gameplay is computed server-side a-la world of warcraft?
[1] https://en.wikipedia.org/wiki/Legal_deposit
>This doesn't make for a good anti-DRM argument because the concern can simply be addressed by requiring a DRM-free copy to be deposited at the library of congress
Then do that. It's not my job to try to argue your side of things. No one does that, as you well know, so my argument not only stands, but wins.
>Moreover how would you even define what "DRM" is?
Anything that interferes with copying the work in question.
>Is spotify refusing to provide a .mp3 file download for their streaming service a "DRM"?
Yes. This is an obnoxiously juvenile question. The nature of streaming services is that they send the media to the node (on demand). If that is done in a way that makes it difficult to play it a second time except to "stream" it again, you can hardly claim this is incidental. They go to great lengths to prevent it.
>For games, is it "DRM" to add mandatory online requirements even for single player?
Again, yes. There is no other purpose to such a requirement, and no one makes it a secret that this is done specifically to thwart so-called "piracy" attempts.
>What if there's an ostensible reason for the online requirement, like if the gameplay is computed server-side a-la world of warcraft?
You mean like with Blizzard, where they sued the programmers who did bnetd and prevented people from connecting to third party servers which computed gameplay? That wasn't even done to further piracy, by the way, they were just being dicks.
> Moreover how would you even define what "DRM" is? Is spotify refusing to provide a .mp3 file download for their streaming service a "DRM"?
This is a nonsensical complaint, because the actually existing DMCA already conditions legal consequences on whether DRM is present.
Would private fan servers qualify as fair use once wow is in the public domain?
yeah, in 150 years Disney bought all rights to library of congress
Potential issue: what EXACTLY DRM is? Is "you can only read this book/view this video on tivoized device which have it's own cellular connection to mothership and no USB/Ethernet/WiFi" counts as DRM for this purposes? What about "you can only buy this book at some obscure store which have it's own obscure reader which only work on specific versions of specific OS"? What if said OS is out-of-date? What about "you can buy only from specific store, store provides you reader app als specifically allows you to gift reader and books to friends,etc but reader app is personalized and will tell your name on start up"?(btw,I did buy some books protected this way in 00s)
Not extreme enough. Copyright itself should be abolished straight up. It's the information age, the AI age. Artificial limitations nonsense like copyright does nothing but hold us back. Even the corporations think so: they violate copyright at massive scales on a daily basis just to train their AI models. Why rules for us but not for them? That particular hipocrisy should have caused the elimination of copyright worldwide.
>Why rules for us but not for them?
Fair use exists for both people and corporations. Just because a corporation copies something in a way that is fre use, that doesn't mean that people should be able to freely copy it.
4 replies →
> Copyright itself should be abolished straight up.
I wouldn't go that far. 18 months is long enough though.
1 reply →
Analogously to the choice between trade secret and patent.
The law is especially difficult to change because the law is based upon copyright treaties that the country (e.g. the US) has entered into.
Tangentially related to the question of legality of prose describing otherwise illegal instructions, I'm reminded of the epic DeCSS haiku [1]. (CSS here being 90's era DVD DRM).
[1] https://www.cs.cmu.edu/~dst/DeCSS/Gallery/decss-haiku.txt
Content Scrambling System vs Cascading Style Sheets
I do remember trying to learn CSS for web definitely made me feel like it was a Cascading Style Scrambling
Layout engines back then were pretty bad, and often resulted in scrambled web pages.
OTOH this is not DRM nor copy protection. It is just obfuscation.
And that can be your legal argument while you await sentencing!
Indeed. If DRM had the technical merits to protect against copying, why would we need a (law like DMCA) against tinkering with that technology?
Eh, I wouldn't be so sure. Reading the DMCA, their code does seem to do what the law says you can't do[1]:
with these definitions[2]:
I think (A) pretty clearly applies: the glyphs being randomized in each request obviously counts as being "scrambled", the method used by the author with the hashes clearly descrambles them by matching the provided SVG images to the letters rendered with the book's font.
I'm less sure about (B), not being a lawyer, but I think it's so generic that it does apply: the "ordinary course of [...] operation" of reading the book requires running the apps provided by Amazon. This seems to fit "requires the application of [...] a process [...] with the authority of the copyright owner".
[1] https://www.law.cornell.edu/uscode/text/17/1201
[2] https://www.law.cornell.edu/definitions/uscode.php?width=840...
All DRM where the content can be played back on your own devices is just obfuscation.
DRM is obfuscation that it's illegal to mess with.