The Digital Millennium Copyright Act, which protects copyright so fiercely it may put computer security professionals out of business (CI No 3,441), has passed the House Commerce Committee. Worse still for cryptographers, Republican leader Newt Gingrich has sworn to see it through the House. The bill implements treaties signed at the World Intellectual Property Organization summit in 1996. While it does protect internet service providers from being held liable for their customers who infringe copyrights, the legislation has been bitterly opposed by many in the information industries for its draconian strictures against copyright ‘circumvention’. The bill defines circumvention so loosely that reverse engineering encryption algorithms and unleashing network sniffer tools to test security may soon be punishable by substantial fines. Security site L0pht Heavy Industries has long been a vocal opponent of the Digital Millennium Copyright Act. Digital content providers like ourselves will not be able to ‘open up the hood’ of the encryption mechanisms that we buy to protect software we distribute, it explained in an editorial today. We know that this way of protecting systems is ‘security by obscurity’. There are ways to build systems that are truly secure. By making it a crime to pick apart systems, any systems, the legislature is harboring shoddy protection mechanisms and making it a crime to be a whistle blower.
