Security warning draws DMCA threat


"I can't believe the news today. I can't close my eyes and make it go away." Does this come out of a U2 song or is it how I feel after reading the following news? It is both. HP has warned people who discover security bugs in their software, that they might sue them with the help of the DMCA.

In a letter sent on Monday, an HP vice president warned SnoSoft, a loosely organized research collective, that it "could be fined up to $500,000 and imprisoned for up to five years" for its role in publishing information on a bug that lets an intruder take over a Tru64 Unix system.

HP's dramatic warning appears to be the first time the DMCA has been invoked to stifle research related to computer security. Until now, it's been used by copyright holders to pursue people who distribute computer programs that unlock copyrighted content such as DVDs or encrypted e-books.

If HP files suit or persuades the federal government to prosecute, the company could set a precedent that stifles research into computer security flaws, a practice that frequently involves publishing code that demonstrates vulnerabilities. The DMCA restricts code that "is primarily designed or produced for the purpose of circumventing protection" of copyrighted works.

I can already here it: "Software declared bugfree". Of course it won't, but who is going to inform the public about bugs if this case would pass?

This is definitely proof that the DMCA is a bad law. Where it started with some good intentions, it can now be used for matters it wasn't designed for. I wonder what will be next? As always you can read the entire article.

Source: Cnet

No posts to display