Bad law or really bad law?

Over the past few weeks a number of state legislatures have started to consider similar bills – apparently at the behest of the copyright folks – that fail to take into account the unintended consequences of the Digital Millennium Copyright Act.

Over the past few weeks a number of state legislatures have started to consider similar bills – apparently at the behest of the copyright folks – that fail to take into account the unintended consequences of the Digital Millennium Copyright Act.

The DMCA has not done much to protect the legitimate rights of copyright holders, but it has hurt the quality of American software and American competitiveness. It has done this by making it illegal, or at least very risky, to tell a company that the security in the products it is using is crappy. If a company cannot find this out before the bad guys uncover its secrets, the company’s products and sometimes its very existence are at risk.

The same folks that brought you the DMCA are trying to improve it at the state level. Most parts of these laws are actually not as bad as the DMCA, although that wouldn’t be all that hard. But there is some sloppy writing that could have a worse effect than the DMCA does, and that would be hard.

The Texas version of the bill says, in part: A person commits an offense if he or she intentionally manufactures or sells a communication device with an intent to “conceal from a communication service provider, or from any lawful authority, the existence or place of origin or destination of any communication.”

Most of the bill is targeted at people who do things with an intent to defraud, but this section, if enforced literally, could outlaw network address translators and common configurations in firewalls, both of which conceal the actual source and/or destination of a communication by rewriting the network addresses. As I’ve written before, I’m no fan of these devices used in this way, but outlawing them would be quite silly.

But the real problem with the way this section is written is that it could be read to outlaw secure VPNs. Such VPNs are what everybody should use if they are connecting back to a corporate network when they are on the road or at home. But because secure VPNs are actually encrypted tunnels, all of my communication – including the destination and source of any e-mail that I read or send through a VPN – is concealed from the local service provider and any lawful authority that might be listening.

I hope this is not what the bill actually is trying to control. If it were trying to outlaw encrypted communications between travelers and the companies that employ them, silly would not be the word to describe the idea. Maybe someone with a tiny bit of clue will fix this before any of these bills get approved. Note that I’m not implying that these state-level bills will actually help fix the problems that the copyright people have – the only things that will help here are some new business models. But at least let’s not destroy American business to protect a few copyright holders.

Disclaimer: Harvard deals with bequests not behests, and the above is my own opinion.