A news at security focus said that Niels Provos thesis work on honeypot and steganography are illegal regarding a michigan law.
You can found more here
Printable View
A news at security focus said that Niels Provos thesis work on honeypot and steganography are illegal regarding a michigan law.
You can found more here
He actually is moving his stuff offshore proactively because the law seems to make his work illegal.
The Michigan state, and other state Super-DMCA laws pending and passed have yet to be tested in court to really define the scope of what they apply to versus what their actual intent was.
This was discussed in another thread as well. See: Michigan Super-DMCA
I think the offshore reaction was a childish overreaction. Leave the work there the EFF or ACLU will give you free legal help if the state tries to prosecute you. This law is invalid on a number of points (states can't enact copy write laws only the federal government can do that. too broad to be useful ect.)
Running away and crying dose nothing productive. its stupid and pointless, Hell the law probably doesn’t even apply to his work. None of his work has the malicious intent to defraud anyone.
EDIT: also see on security focus the article about why super DCMA isn't inherently evil
http://www.securityfocus.com/columnists/153
Whiney people not reading laws and overreacting to them are getting on my nervs, yes the Super-DCMA statutes seem dumb and bad, but before you freak out or go running around screaming that the world is ending let things work themselves out...after the first few test cases we can see how the law stands.
On another note those of you in Europe need to understand how the US works, your parliaments create working laws, here senates (state or federal) pass nonworking laws and let the courts figure out how to fix them. We trust our judges a LOT more then we trust our politicos.
Being forced to move information and deny access because of fear of litigation is definately not a good sign.
So all of those of you that are on AO and are from those states are not allowed to:Quote:
From the article
A University of Michigan graduate student noted for his research into steganography and honeypots -- techniques for concealing messages and detecting hackers, respectively -- says he's been forced to move his research papers and software offshore and prohibit U.S. residents from accessing it, in response to a controversial new state law that makes it a felony to possess software capable of concealing the existence or source of any electronic communication.
a) research, build, investigate or consider a honeypot
b) research, create, develop or fund any type of cryptography (although the issue in this case is steganography the prinicples are the same, although the method/media is slightly different).
Even with "intent to fraud" it makes it easy to get around the law. "I wasn't trying to take anything from anyone.. I was just playing around". These laws are a joke. I hope someone does put them to a test soon.Quote:
From the article
In response to the early criticism, the industry groups pushing for the law released a new version of their model legislation on April 1st that, among other things, adds an "intent to defraud" to the language -- significantly narrowing the scope of the law.
Can we get the two threads combined...and note MSMittens the law dosn't say that hony pots are illigal its just an overreaction by the researcher
I wonder what the paranoid would say to this subject. I can imagine a few things that could be the cause of this, but the officials would never admitt it. Can anyone of you take a wild guess what im talking about ;) . Remember the thread about firewalls becoming illegal? Slowly slowly it all makes sense, but to understand that, you would have to be paranoid in a sense.
Cheers.
bballad, I'm brought up thinking paranoia was a good thing when it comes to security..
And I'm taking security beyond protection of your data.. also protection of knowlege..
The USA makes it seem like the second cold war.. only this time they are the "Sharing of Knowlege Suppressing Super Power"
I agree with MsMittens on the part that most part of the law won't stand a chance..
You just can't prove most of them..
leave it to Michigan to be a penis, lol this damn state gets on my nerves sometimes.
The "intent to defraud" wording was added later. Because Michigan was one of the first out of the gate with this legislation that is not a part of the Michigan law.Quote:
Hell the law probably doesn’t even apply to his work. None of his work has the malicious intent to defraud anyone.
Besides, isn't "intent to defraud" relative? By hiding my internal IP addressing with NAT or using a product like Anonymizer, is it not my intent to defraud someone? The whole point is to defraud those who should not be reading my data.
I don't personally think that adding "with intent to defraud" changes the law enough to make it reasonable. They can still twist that and use it inappropriately.
If it is now illegal in Michigan to:
as well as being illegal to provide written instructions to do so I think that it is reasonable for Mr. Provos to believe he is in violation of this law.Quote:
"assemble, develop, manufacture, possess, deliver, offer to deliver, or advertise" any device or software that conceals "the existence or place of origin or destination of any telecommunications service." SecurityFocus Article
I agree the law is crap and will hopefully be shot down the first time they try to use it. Organizations like the ACLU or EFF may jump in and help defend someone prosecuted under this law, but maybe Mr. Provos has better things to do with his time / life than being that guinea pig. Often by the time the decision is appealed and re-appealed to the Supreme Court it is too late to help the martyr who is fighting.
I have somewhat of a working relationship with my Michigan State Senator and plan to write her on this issue. I want to at least make sure the government is aware of the feathers they've ruffled since I doubt they're surfing SecurityFocus or AntiOnline.
i just remembered you live here too...sad state huh? laws here are mostly ****.
The State DMCA laws, if interpreted the way they are worded, are also in conflict with the National Strategy to Secure Cyberspace from the illustrious President Bush in February 2003.
Quote:
To meet these needs, the Director of OSTP will coordinate the development, and update on an annual basis, a federal government research and development agenda that includes near-term (1-3 years), mid-term (3-5 years), and later (5 years out and longer) IT security research for Fiscal Year 2004 and beyond. Existing priorities include, among others, intrusion detection, Internet infrastructure security (including protocols such as BGP and DNS), application security, DoS, communications security (including SCADA system encryption and authentication), high-assurance systems, and secure system composition. (A/R 2-11) processes and procedures that diminish the possibilities of erroneous code, malicious code, or trap doors that could be introduced during development.
Quote:
Home users and small businesses can help the Nation secure cyberspace by securing their own connections to it. Installing firewall software and updating it regularly, maintaining current antivirus software, and regularly updating operating systems and major applications with security enhancements are actions that individuals security enhancements are actions that individuals and enterprise operators can take to help secure cyberspace. <see file attachment>
So, if a home user follows the lead of the federal government to secure cyberspace, they would be in violation of Michigan state law.
Gore: I'm here too....... Yes MI Sux....... Yesterday 82 degrees f here, tonight freezing rain, a week ago 5" of snow..... It's bloody April for gods sake....... :(
This law is a wonderful example of why government should stay out of technology. They have no clue and half the time the people advising the lawmakers are the government IT people. I can assure you where talent and knowledge are concerned those govt. IT staff were often at the back of the queue when it was handed out.......<sigh>
Let me first state that I am vary opposed to this law, and living in Illinois I am affected also (we passed a super dcma before Michigan) but I have also noticed that there has been no prosecution under these laws (its been around in IL for about a year I believe), because they are paper tigers.
The way to defeat them is to not run away and cry when you think your software is in violation. This guy in Mi is acting like a drama queen…oh I’m going to hide in a corner because the mean government might come and get me (all the while making sure every one knows that I’m hiding). Quit acting like children or independent security researchers will always be treated like children (this is also true for the Linux community)
The solution is to do what we always do in this country, let our court system fix the law. It amazes me how little most techies understand the working of our legal system, the politicians pass laws that are basically suggestions then the courts make the law.
Run your firewall, make your honey pots. they are not illegal and the only way to get rid of super-dcma legislation is if someone is charged under it so it can go to court. The fact that the stat governments where these laws have been passed still use firewalls and NAT should give you an idea of the likelihood anyone ever being prosecuted (the state has to fallow their own law).
in reference to this law....
we need to try and figure out a way of making what the lawmakers are attempting work. If they are looking for some sort of defined set of rules, regulations, and identities, it's going to happen. If they get some people to come up with and suggest better ideas, they are going to take them. the law is not necessarily against us, and we aren't fighting "the man." this is probably just the best idea a bunch of rich old white guys could come up with.