Fun fact: this is one of the few situations in the US where a prosecutor could claim that this is criminal speech (though I hope and trust they would not, and if it did it would get thrown out by any court respecting the First Amendment).
Not a civil issue, like libel or fraud, but the sort of talk that can get a policeman to come and drag you off to jail. If you've ever wondered why DRM is so roundly hated by engineers of a certain age, it's because not only it dumb makework that they are required to implement, not only is it extremely irritating to discover it interfering with your own computer, but if you do effectively point out how dumb, irritating, and eminently circumventable it is, they made it against the law to even tell anyone.
Remember when it was illegal to export strong cryptography from the US? There was no law to restrict that, so they just made something up. It basically went like this:
Problem: we can't make cryptography exports (software exports) illegal
-> what actually IS illegal to export?
-> munitions!
-> let's just declare that cryptography is "munitions"
Do you also remember the researcher Philip Zimmerman’s hack to get around the cryptography-is-munitions edict? The source code to PGP was published by MIT Press as a book that just happened to be in a format suitable for OCR. That framing made it into a First Amendment issue, one the researchers were confident they’d win in court.
If it is a munition the US government has limitations on it's actions controlling it covered under the 2nd amendment to the constitution.
In reality it nor the first amendment(freedom of speech) hack probably would not work. The limitation was on exporting strong crypto, not using or importing it. It was stupid and impossible to control. But I would guess any charges would be espionage(illegal speech) and smuggling(illegal goods). regardless of how you packaged it.
Not that I agree with it, but I do see the logic. The word "munitions" can be replaced with "materials," since it literally refers to materials used for warfare. That isn't necessarily limited to things that shoot or explode. It's a brilliant bit of pedantry if you step back and think about it.
Yes kind of. The "born secret" doctrine says all knowledge related to the creation of nuclear weapons, ranging from nuclear fusion to the production of fissile material, as “born classified".
The doctrine has never been tested in court as no case involving it has gone to trail.
I've definitely figured some things out about nuclear weapons and proliferation that I've never told anyone because of that doctrine. I met a real nuclear engineer at a conference and had dinner and he told me about how he was concerned that people would nick Np237 from a fuel reprocessing system to make nuclear weapons and I pointed out that it was OK to talk about that because I'd seen it in the literature.
If Ukraine did not retire their nuclear weapons... (Russia was surprisingly all too happy to oblige)
All I am saying is that I am not sure it's so simple: sure, if everyone had them, the risk that there is some lunatic crazy enough to actually put them to use rises; but it also potentially stops a bunch of wars, especially bigger countries going after smaller ones.
> There was no law to restrict that, so they just made something up.
That's a rather facetious interpretation. You're complaining that there was no law preventing software being distributed, and as there was a need to prevent that then lawmakers fixed that problem. That's hardly surprising, isn't it?
You also seem surprised that including cryptography software in existing lists designed to prevent export of military and/or dual-use technology is also surprising, unexpected, or outlandish. If you actually think about it, is it really?
The lawmakers did not have any involvement. The executive branch unilaterally abused its power to declare that encryption was a munition, to work around the fact it had no other power to restrict it without convincing the legislature to actually make a law.
If you go by the common interpretation of "munitions" and by and large the contents of that list, then it clearly does was not intended to include mathematics.
> The lawmakers did not have any involvement. The executive branch unilaterally abused its power to declare that encryption was a munition, to work around the fact it had no other power to restrict it without convincing the legislature to actually make a law.
I think you are trying very hard to imagine inconsistencies where there are none. Not only are you trying to argue that cryptographical software is not relevant to military uses, which is an absurd argument to make, but you are also trying to argue that managing what items feature in an export control list is not the responsibility of an executive branch.
The only requirement to export-control something is that the item features in an export-control list. You're complaining that a specific type of software was added to such a list. Tell me exactly what part you don't, can't, or refuse to understand.
‘Lawmakers’ fixed no problems, no laws were made.
Enforcers leveraged existing laws in ways that are clearly not intended purposed for their own goals; that will always be ripe for abuse and must be discouraged.
Cryptography is not a munition.
> they made it against the law to even tell anyone.
I’m no fan of the DMCA, but I am pretty skeptical of your apparent claim that this post itself is a potential violation of 17 USC § 1201. Obviously the act of circumvention itself qualifies, as does the code in the GitHub repository the post links to, but can you point to any prosecution of someone for a _prose description_ of circumvention (as opposed to actually making code available)?
The law says “no person shall circumvent” DRM, and later prohibits the distribution of “technology, product, service, device, component, or part thereof” to break DRM. It’s worded pretty carefully to avoid prohibiting more traditional forms of speech like this post, and as far as I’m aware has never been used in the manner you suggest.
They were legally prohibited from saying, on their own website, words like "You can get DeCSS from http://lemuria.org/~tom/DeCSS/" and nothing else. Criminalised speech.
This is going to date me, but I had a t-shirt with basically a code-golf version of DeCSS printed on it and it said "This shirt is illegal" on it or something like that. I never actually wore it in public.
The USA has a lot of criminalised speech, despite the 1A. The most obvious historical example is "I am going to assassinate the president tomorrow at noon", but recently there have been a lot more things you can't say, such as "Fuck Donald Trump" which got someone arrested and deported.
This is the general problem with having a bunch of laws sitting around that allow the government to punish people for things ordinary people regularly do, but then exercise the "discretion" not to punish them until they do something the government doesn't like.
Because then you don't really have any rights. They can't formally punish you for speech but they can punish you for breaking the same unrelated law a million other people broke without knowing and that only you were prosecuted for, "coincidentally" right after you said something they didn't like.
They do have that right, but at the same time, a chaotic and vindictive adminstration can revoke the visa of, and then physically abduct, a non-citizen. They can then make statements that plainly make it clear they did that because of what the non-citizen wrote.
They can also contravene a number of other legal safeguards along the way, and disregard judges' orders.
It appears the US has elected an administration that wants to turn the country into a lawless shithole, where the powerful do whatever the fuck they want, and they deliberately fuck with laws and safeguards, and deliberately target their political enemies (e.g. student activists), to flex how powerful they are.
> They can then make statements that plainly make it clear they did that because of what the non-citizen wrote.
I kind of hate the thing where people want to make this the part that matters, because Trump is a massive outlier who doesn't care about that and says the thing he's not supposed to say.
But the people who still do the prosecution under the pretext and then don't admit to why are even worse, because they're doing the same thing and then lying about it on top of that. If all you do is punish people for not lying, that's not going to solve anything. You need to take away their ability to trump up charges against random people.
I wouldn't be surprised if publishing circumvention code would be argued in court to be violence against earning money for political oriented books (spending money is a necessary and inseparable part of political communication).
These two things aren't even remotely in the same category. Committing a crime, then documenting how you committed that crime and then publishing the instructions for others to repeat that crime with the clear intent to have others repeat that crime, has nothing to do with saying a bunch of words that you haven't even acted on.
Dispute that this should constitute a crime as much as you want (and please, do. Take it to court, get the laws changed, go into politics, get the US fixed, this is bullshit) but for as long as it is: being charged with a crime for "doing crime and teaching others to do the same crime" is not a first amendment violation.
There aren't many words in the first amendment, and none of them are "unless you're telling someone how to commit a crime"
The current regime (before it was a regime) got away with a lot of very bad speech because "the first amendment says all speech is allowed, no matter what" and should be made to hold everyone to the same standard they hold themselves to.
Which part of the text "You can get DeCSS from http://lemuria.org/~tom/DeCSS/" on a website constitutes distribution of "technology, product, service, device, component, or part thereof" ?
Judge Kaplan very likely went beyond what the law allows, in issuing the injunction against Eric Corley for even _adding a hyperlink_ to the DeCSS code on his website.
However, we don't know this for sure, because Corley did not take this to the Supreme Court. There is a chance that the SCOTUS would have accepted the case, and found that neither a hyperlink to computer source code, nor computer source code itself, constitutes "technology, product, service, device, component, or part thereof"... but at the same time, maybe they wouldn't accept it, and maybe they would but it'd cost a lot of money Corley didn't have to see the case through. So who knows? Corley seemed satisfied enough that, even though he was personally enjoined from linking to DeCSS, it nonetheless spread like wildfire all over the world, and DVDs were effectively copyable from that day forward.
Being found not guilty supports my contention. But that case was about distributing circumvention software, not traditional speech. Obviously distributing software that bypasses DRM is directly addressed by the law.
Not necessarily. A cynical modern legal strategy is to bombard people with frivolous legal actions that only the well-heeled can afford. Defendants can argue that claims are baseless or frivolous, but to make that argument, they must hire a lawyer and appear in court.
To see my point, look at the number of frivolous prosecutions now being launched by ... ah, never mind, I don't want to get political.
But individuals have been successfully prosecuted for "aiding and abetting" violations of the DMCA, where speech was a material element of the proscribed behavior. Oh, and -- IANAL.
Not necessarily. Being found not guilty just means that the facts of that specific case, as determined by the jury, did not fit a guilty verdict. It doesn't mean that someone who did a similar or analogous thing couldn't be prosecuted under the same law and found guilty.
I was thinking along the same lines. One of the many places that laws are going to have to catch up to reality. I’m 90% sure that current frontier models could turn this post into a working implementation with a good feedback loop.
> that laws are going to have to catch up to reality
Reality is moving away from states, and is now moving faster than legacy "laws" can ever hope to catch up.
That's a big part of what's fueling the wave of abandonment of DRM. I mostly play bluegrass - and given the lineal connection between traditional music and internet freedom, it probably comes as no surprise - but every serious bluegrass album is DRM-free now. Every grammy winner in the bluegrass and americana categories since at least 2020 has been DRM-free.
They are there. Don't wanna say too much because of the DMCA. Worked on some ebook stuff recently. I even had some ebooks that had unknown encryption passwords on them. Claude came up with a 137-step plan to figure out the passwords and after about 50 different combinations of data it found the matching one.
I covered that in my comment. It’s likely the code violates § 1201 but I doubt the post does. And linking to infringing content is not legally the same thing as publishing it.
2600 got enjoined from linking to DeCSS and that got upheld on appeal, on the basis that linking violated the DMCA's anti-trafficking provisions. From the district court case:
> Defendants then linked their site to those "mirror" sites, after first checking to ensure that the mirror sites in fact were posting DeCSS or something that looked like it, and proclaimed on their own site that DeCSS could be had by clicking on the hyperlinks on defendants' site. By doing so, they offered, provided or otherwise trafficked in DeCSS.
The appeal was mostly about whether the DMCA and/or the specific injunction in question violated the First Amendment, and the court found that it didn't.
(Universal City Studios vs. Reimerdes at the district court level, Universal City Studios v. Corley at the circuit)
Yes. FWIW, as of a few minutes ago when I cloned this one, all the non-git files have the same hashes as the copy of the original I cloned when it was still up.
(to clarify, I wasn't talking about any git-specific hashes, just regular sha2/blake2b hashes of python, json, and font files. However, the two sha1 commit hashes in the git history match as well.)
This is a weird thing with how GitHub forks work. All the objects within a fork network are stored within a global namespace, so you can change the repository name in the URL and find objects that appear to belong to one repository despite being unique to a fork.
Sorry, I don't comment very often and not trolling. I had GitHub open to the repo on my phone and seeing that it had been taken down grabbed a screenshot of the page
https://imgur.com/a/IzUA8mP
The HN thread began on Oct 16 at 20:22 Z. If you visited that github page instantly and took that screenshot instantly, even accounting for 21 hours due to rounding, the commit in that screenshot had to be after Oct 15 23:22.
The repo as I and many other people cloned it has the first commit ("first commit", not "initial commit") at Oct 12 23:20 Z, and the "done" commit at Oct 15 19:37 Z.
A likely explanation is that pixelmelt squashed both commits at or after they put up the blog post, but didn't force-push the rewritten history to github until it hit HN and blew up.
> Obviously the act of circumvention itself qualifies, as does the code in the GitHub repository the post links to, but can you point to any prosecution of someone for a _prose description_ of circumvention (as opposed to actually making code available)?
There used to be some debate about whether a prose description is equivalent to computer code even though there are proofs in information theory that they are. English and C are just two different languages in which you can encode the same information.
But we don't even have to go there anymore. LLMs mean there are now machines that can execute a prose description. Code is speech and speech is code.
I wonder when/where did they make it against the law to even tell anyone. I remember(1) time when law guys made illegal (in US i believe? or EU?) creating software that circumvents certain DRMs, so I made plans to create a txt DRM that would rely on having a preambule like this :
!copy !save
if there is a !copy the text editor would not allow you to copy the text (like the acrobat reader does), and !save would not allow saving locally (this is even stupider)
The plan was to render notepad.exe and thus whole windows an illegal software because it allows to circumvent the existing DRM. Of course this would make illegal also less and vim, therefore I got scared of the power that lay in my hands, and cease to hit the atomic button.
_____
(1) I've noticed that I recently started to use "I remember" more and more on the hackernews. I'm getting old.
The Serial Copy Management System (SCMS)[1] is a DRM standard built into digital audio tech like DAT, MiniDisc, DCC, and consumer audio CD recorders. It works by adding just 2 bits — but no encryption or obfuscation whatsoever — to the digital audio signal that tell the recorder if further digital copying is allowed. Importantly, SCMS only ever blocked making a digital copy of a copy — you could always make a first-generation copy from an original, but not chain further digital copies. The requirement was pushed by copyright holders: in the US, consumer devices had to implement SCMS to ensure you couldn’t endlessly duplicate perfect digital recordings, but pro studio gear was exempt. SCMS doesn’t restrict analog copying, just digital serial copying. Most people found it annoying rather than effective.
That law should be changed. If you distribute your intellectual property with DRM, that work should forever be exempt from copyright protection. You get to choose one or the other, but never both, because DRM effectively removes the work from the public domain in perpetuity.
Even accidentally releasing a demo or preview with DRM should invalidate copyright on that software/movie/book/whatever.
> because DRM effectively removes the work from the public domain in perpetuity.
This doesn't make for a good anti-DRM argument because the concern can simply be addressed by requiring a DRM-free copy to be deposited at the library of congress (or similar[1]) so it can be released in 150 years (or whatever) it actually becomes public domain.
Moreover how would you even define what "DRM" is? Is spotify refusing to provide a .mp3 file download for their streaming service a "DRM"? What if they implement streaming via webrtc, to make it extra-annoying to manually download? For games, is it "DRM" to add mandatory online requirements even for single player? What if there's an ostensible reason for the online requirement, like if the gameplay is computed server-side a-la world of warcraft?
>This doesn't make for a good anti-DRM argument because the concern can simply be addressed by requiring a DRM-free copy to be deposited at the library of congress
Then do that. It's not my job to try to argue your side of things. No one does that, as you well know, so my argument not only stands, but wins.
>Moreover how would you even define what "DRM" is?
Anything that interferes with copying the work in question.
>Is spotify refusing to provide a .mp3 file download for their streaming service a "DRM"?
Yes. This is an obnoxiously juvenile question. The nature of streaming services is that they send the media to the node (on demand). If that is done in a way that makes it difficult to play it a second time except to "stream" it again, you can hardly claim this is incidental. They go to great lengths to prevent it.
>For games, is it "DRM" to add mandatory online requirements even for single player?
Again, yes. There is no other purpose to such a requirement, and no one makes it a secret that this is done specifically to thwart so-called "piracy" attempts.
>What if there's an ostensible reason for the online requirement, like if the gameplay is computed server-side a-la world of warcraft?
You mean like with Blizzard, where they sued the programmers who did bnetd and prevented people from connecting to third party servers which computed gameplay? That wasn't even done to further piracy, by the way, they were just being dicks.
Potential issue: what EXACTLY DRM is?
Is "you can only read this book/view this video on tivoized device which have it's own cellular connection to mothership and no USB/Ethernet/WiFi" counts as DRM for this purposes?
What about "you can only buy this book at some obscure store which have it's own obscure reader which only work on specific versions of specific OS"? What if said OS is out-of-date?
What about "you can buy only from specific store, store provides you reader app als specifically allows you to gift reader and books to friends,etc but reader app is personalized and will tell your name on start up"?(btw,I did buy some books protected this way in 00s)
Not extreme enough. Copyright itself should be abolished straight up. It's the information age, the AI age. Artificial limitations nonsense like copyright does nothing but hold us back. Even the corporations think so: they violate copyright at massive scales on a daily basis just to train their AI models. Why rules for us but not for them? That particular hipocrisy should have caused the elimination of copyright worldwide.
Fair use exists for both people and corporations. Just because a corporation copies something in a way that is fre use, that doesn't mean that people should be able to freely copy it.
Then the court is either stupid or subservient to corporate interests. In both of these cases they deserve zero respect.
> Equally cynically, it's fair use because if it isn't, the entire economy collapses overnight.
Sounds about right. If they had the moral fortitude to apply the laws as they were supposed to, they'd do the right thing and if it collapses the economy then so be it. The fact they didn't reveals political calculation in their judgements.
When laws are stripped of their moral advantage, resistance to laws, courts and authorities becomes civil disobedience and a moral imperative of citizens. We cannot have mutually exclusive ideas existing simultaneously. That's how we get distortions like "you citizen must pay outta the nose for everything but the elite corporations can do whatever they want with complete impunity". The only acceptable way for them to resolve their conundrum is to either hold corporations accountable for their copyright infringement or abolish copyright for all. Anything else can and should cause civil unrest.
Tangentially related to the question of legality of prose describing otherwise illegal instructions, I'm reminded of the epic DeCSS haiku [1]. (CSS here being 90's era DVD DRM).
Eh, I wouldn't be so sure. Reading the DMCA, their code does seem to do what the law says you can't do[1]:
"No person shall circumvent a technological measure that effectively controls access to a work protected under this title [...]"
with these definitions[2]:
(A) to “circumvent a technological measure” means to descramble a scrambled work, to decrypt an encrypted work, or otherwise to avoid, bypass, remove, deactivate, or impair a technological measure, without the authority of the copyright owner; and
(B) a technological measure “effectively controls access to a work” if the measure, in the ordinary course of its operation, requires the application of information, or a process or a treatment, with the authority of the copyright owner, to gain access to the work.
I think (A) pretty clearly applies: the glyphs being randomized in each request obviously counts as being "scrambled", the method used by the author with the hashes clearly descrambles them by matching the provided SVG images to the letters rendered with the book's font.
I'm less sure about (B), not being a lawyer, but I think it's so generic that it does apply: the "ordinary course of [...] operation" of reading the book requires running the apps provided by Amazon. This seems to fit "requires the application of [...] a process [...] with the authority of the copyright owner".
Not a civil issue, like libel or fraud, but the sort of talk that can get a policeman to come and drag you off to jail. If you've ever wondered why DRM is so roundly hated by engineers of a certain age, it's because not only it dumb makework that they are required to implement, not only is it extremely irritating to discover it interfering with your own computer, but if you do effectively point out how dumb, irritating, and eminently circumventable it is, they made it against the law to even tell anyone.
https://www.eff.org/press/releases/licensing-scheme-fair-use...