[Full-Disclosure] Fw: Comment on DMCA, Security, and Vuln Reporting]

From: HggdH (full-disclosure@lists.netsys.com)
Date: 08/02/02

From: full-disclosure@lists.netsys.com (HggdH)
Date: Thu, 1 Aug 2002 17:26:46 -0600

----- Original Message -----
From: "Declan McCullagh" <declan@well.com>
To: <glenn.wolf@we-inc.com>
Cc: <bugtraq@securityfocus.com>; <vuln-dev@securityfocus.com>;
Sent: Thursday, August 01, 2002 08:12
Subject: Re: Comment on DMCA, Security, and Vuln Reporting]

[I subscribe to bugtraq but haven't seen Glenn's message appear. It did go
out to vuln-dev, and someone forwarded the message to me. I'm not on
vuln-dev; feel free to forward this to the list.]

"Wolf, Glenn" <glenn.wolf@we-inc.com> wrote:
>In light of the fact that 2600 was successfully sued over merely linking to
>DeCSS source code under the DMCA (and losing a subsequent appeal), and
>especially since News.com mentioned that fact in their article, I'm
>absolutely AMAZED that they would do just that, linking directly to exploit
>code in three separate places in the article!!! Oh, and HP is apparently a
>corporate sponsor of News.com (by the ad banners that pop up on their
>I wonder how THIS will play out...

I'm the author of the CNET News.com article, though I do not speak for my
employer. Three points:

* 2600 was sued for *posting* the DeCSS.exe utility, not for linking to it:
>Defendant Eric Corley a/k/a Emmanuel Goldstein also posted DeCSS on his
>Internet web site...

* The judge in the case crafted a rule limiting but not banning linking:
>there may be no injunction against, nor liability for, linking to a site
>containing circumvention technology, the offering of which is unlawful
>under the DMCA, absent clear and convincing evidence that [lots of details]

* When I was at Wired News, we joined an amicus brief in the 2600 case that
said journalists should have the right to link to controversial material
such as DeCSS.exe: