Let??™s get back to the law at hand. If the DMCA indicates that no service can be offered
that is primarily designed to circumvent a technology that protects a copyrighted work,
where does this start and stop? What are the boundaries of the prohibited activity?
The fear of many in the information security industry is that this provision could be
interpreted and used to prosecute individuals carrying out commonly applied security
practices. For example, a penetration test is a service performed by information security
professionals where an individual or team attempts to break or slip by access control
mechanisms. Security classes are offered to teach people how these attacks take place so
they can understand what countermeasure is appropriate and why. Sometimes people are
hired to break these mechanisms before they are deployed into a production environment
or go to market, to uncover flaws and missed vulnerabilities. That sounds great: hack my
stuff before I sell it. But howwill people learn howto hack, crack, and uncover vulnerabilities
and flaws if the DMCA indicates that classes, seminars, and the like cannot be conducted
to teach the security professionals these skills? The DMCA provides an explicit
exemption allowing ???encryption research??? for identifying flaws and vulnerabilities of
encryption technologies.
Pages:
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134