Search /
Advanced search  |  Help  |  Site map
Click for Layer 8! No, really, click NOW!
Networking for Small Business
Where's my gigabit Internet, anyway?
Americans cool with lab-grown organs, but not designer babies
IE6: Retired but not dead yet
Enterprise who? Google says little about Apps, business cloud services in Q1 report
DDoS Attackers Change Techniques To Wallop Sites
Can we talk? Internet of Things vendors face a communications 'mess'
AMD's profitability streak ends at two quarters
Michaels says breach at its stores affected nearly 3M payment cards
Exclusive: Google's Project Loon tests move to LTE band in Nevada
H-1B loophole may help California utility offshore IT jobs
How a cyber cop patrols the underworld of e-commerce
For Red Hat, it's RHEL and then…?
Will the Internet of Things Become the Internet of Broken Things?
Kill switches coming to iPhone, Android, Windows devices in 2015
Israeli start-up, working with GE, out to detect Stuxnet-like attacks
Galaxy S5 deep-dive review: Long on hype, short on delivery
Google revenue jumps 19 percent but still disappoints
Windows XP's retirement turns into major security project for Chinese firm
Teen arrested in Heartbleed attack against Canadian tax site
Still deploying 11n Wi-Fi?  You might want to think again
Collaboration 2.0: Old meets new
9 Things You Need to Know Before You Store Data in the Cloud
Can Heartbleed be used in DDoS attacks?
Secure browsers offer alternatives to Chrome, IE and Firefox
Linksys WRT1900AC Wi-Fi router: Faster than anything we've tested

IETF debates lawsuit risks of U.S. copyright act

Related linksToday's breaking news
Send to a friendFeedback

The Internet's premier standards-setting body is concerned that its participants could be subject to criminal or civil lawsuits under the U.S. Digital Millennium Copyright Act as they develop security protocols that can be used to protect copyrighted materials on the `Net.

Although the risk is slim, the Internet Engineering Task Force (IETF) will discuss the issue at an open mike session being held in Salt Lake City Thursday night.

The IETF's leadership became aware of the DMCA threat a few weeks ago, and they have contacted their attorneys as well as experts at the Electronic Frontier Foundation (EFF) for advice. At issue is whether ongoing research in digital rights management or development of encryption protocols puts the organization at risk.

"Our lawyers have cautioned us not to disregard the threat, but the likelihood of the IETF being challenged under DMCA is very small," says Scott Bradner, the IETF's external liaison and a director of the IETF's transport area.

Bradner adds that the public image of a copyright holder that sued the IETF for trying to improve Internet security would be badly damaged.

"There's a theoretical liability, but I don't believe there's an actual liability," Bradner adds.

Passed in 1998, the much-maligned DMCA was a comprehensive reform of U.S. copyright law designed to take into account advances in digital communications. DMCA has provisions that allow the U.S. government to file criminal charges against individuals who circumvent copyright protection systems for commercial gain. DMCA also allows private lawsuits against individuals who investigate the circumvention of copyright protection systems.

The IETF's digital rights management research - conducted by the group's companion Internet Research Task Force - is not investigating copyright protection systems. But "in the design of building good systems, we learn from breaking systems," admits Thomas Hardjono, co-chair of the digital rights management research group and a principal scientist with VeriSign.

The research group is surveying work in digital rights management that is being done in R&D labs, other standards bodies and in industry groups to investigate the impact of these technologies on the IP network architecture. Launched six months ago, the research group has met twice.

At this point, the IETF has no plans to shut down or scale back the digital rights management research effort. However, the IETF leadership is discussing changing the name of the group to lower its profile.

John Klensin, chair of the IETF's Internet Architecture Board, which oversees the digital rights management research, says it's important for the IETF to do a threat analysis but it should continue with its work.

"It's important to be very aware of these issues…and then to proceed because the alternative is paralysis," Klensin told the digital rights management research group at its meeting Tuesday.

Another option is for the IETF to require companies that pitch their security technologies as potential standards to sign a disclaimer waiving their rights to DMCA claims, much as they already sign a disclaimer on intellectual property claims.

"The DMCA could run the risk of really hurting the standards process by making people afraid to test and publish their research,'' says Cindy Cohn, legal director at the EFF. DMCA disclaimers "would restore confidence that the technologies that are being rolled out as standards have been thoroughly tested and vetted."

Two recent, high-profile DMCA cases have caused anxiety among IETF participants and other network researchers:

* In July, the FBI arrested Dmitry Sklyarov, a Russian computer science student, for an alleged violation of DMCA. Sklyarov delivered a speech in a Las Vegas hotel pointing out security holes in Adobe's eBooks software.

* In November, Princeton University Professor Ed Felten challenged the DMCA on free speech grounds in federal district court, but the court dismissed the case. Felten and a team of researchers from Princeton University, Rice University and Xerox discovered security vulnerabilities in the digital watermark technology under development to protect music sold on the `Net. Two recording industry groups - the Recording Industry Association of America and the Secure Digital Music Initiative Foundation - threatened to file suit against Felten and his team if they published their research at a conference. After intense media scrutiny, the two groups allowed Felten to publish his work.

Some members of the IETF community fear that because of these cases, the DMCA will have a chilling effect on security-related research.

"Among academics and scientists in the security area, the level of concern is very high," Cohn says, pointing out that some security workshops will be held overseas next year because of DMCA. "Many foreign scientists will not publish their work because they don't want to get arrested."

Related Links

NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.