by Niall Douglas in association with NamesFacesPlaces
This is the fifth in a series of articles about threats to our industry - not just to the IT contracting industry, but to any part of IT which is indigenous to Europe and most specifically the United Kingdom, which is in my opinion the most vulnerable of the IT industries within the EU.
This article along with others in this series explores the consequences of the draft UK implementation of the European Copyright Directive (2001/29/EC) if the draft were to pass into law as-is. Since the cut-off date for public commentary has passed, be prepared to lobby your MP to fight for amendments to the bill in the Commons sometime in Spring 2003.
Thankfully, I don't have to paint fanciful pictures of babies starving in streets as two other major economic areas have already put draconian copyright laws like the one we are discussing into practice - namely, Japan and the US. In Japan it is called something I couldn't find in the Roman alphabet so I'll have to concentrate on the US's implementation which is called the Digital Millennium Copyright Act, or DMCA for short.
As previously mentioned, the EU directive isn't as draconian as the DMCA as it contains much lower penalties for infraction and also many optional exceptions. The UK implementation appears to place a maximum of two years and a fine per area transgressed ie; one could accumulate a maximum of six years in prison and a hefty fine. However, as this series of articles has hopefully made clear, it is extremely easy to break these laws often in the course of everyday life.
Probably anyone involved with IT will have heard this name during the last year or so. Dmitry was the first person to be prosecuted under the DMCA. Basically, his company (which is Russian and is based in Russia) sold a product which circumvented Adobe's E-Book encryption mainly because said encryption was a laughable child's attempt which anyone half-intelligent could bypass with a bit of effort. Now Adobe, rather than fix its laughable attempt at encryption, instead had the FBI arrest Skylarov when he was giving a speech about E-Book's lousy security at a conference in the US and he was looking at a 25 year stint in prison until a massive grass-roots campaign mollified the authorities and especially Adobe.
The DMCA of course, like many US laws, applies to all nationals of any country if it can be remotely proved a single US citizen was affected and thankfully that isn't the case here. However, the UK draft makes each person individually liable so infractions performed while working for a company means the worker instead of the employer is liable.
This case illustrates three points in our case against the UK Copyright Law as it currently stands: (a) making encryption failings public will be illegal (b) if the company responsible for the product prefers to smokescreen their incompetence, from this law's enactment they will be able to lock up those who publicise it rather than fix the problem and (c) it is the individual who gets it in the neck!
Ah, but perhaps you're thinking cryptographic research and academia won't suffer like this? Well, you'd be wrong. The Secure Digital Music Initiative (SDMI) invited attacks on their watermarking technology and Princeton Professor Felten took up the challenge. When he discovered it was riddled with holes and went to publish his findings in an academic journal, he was informed that if he did he would be prosecuted under the DMCA.
In other words, the SDMI used the DMCA to quash the fact its technology didn't work. Expect this to become commonplace in Europe shortly!
Because a patch to fix a security hole must at least partially explain what the hole is, it therefore becomes a circumvention device and therefore illegal under the DMCA (or proposed UK Copyright Law). In other words, as the law stands, some fixes for security problems will be illegal!
This has already begun in the US where some patch documentation cannot legally be read by US citizens. This crazy situation is coming here, quickly, unless you help do something to stop it!
16th October 2002