Today, someone proposed, in sfnet.atk.sodat, that since DMCA is used to control the reverse engineering, maybe it could also be used against security exploit publication. Here's my little extrapolation that I posted to the newsgroup.

Microsoft has recently been saying that people should not posting exploits; I wonder if DMCA would allow them to slap people for that, would they do that? Quite possibly. Or maybe not.


"Samuli Lehti" <slehti@pp.htv.NOUCRAP.fi> writes:

[DMCA]
> Could this same law be used against the people who find security holes?

In other words, this is what you're proposing:

"Our Great Operating System is a holed piece of crap that a kid can crack before going to preschool. We would, however, like to point out that mentioning this fact anywhere is illegal."

The problem is that those nasty hAx0rz couldn't care less of the law. After all, it has ocassionally been seen that a person, who will nevertheless be severely punished will and can do anything. According to the current law, you will go to the prison if you crack into some place. According to this law... hey! If you break into the system, you will go to the prison! Progress!

> And this will solve all problems, because everyone who knows anything about computer security will go to jail. In other words, no knowledge, no problems. And the rest of the people who work with the code have signed a multi-page NDA.

But if there is no people who know anything of security, there's no one who could take the security in account when designing the systems! Those who would know would not be able to give their information to anyone else, due to the agreements they've signed. New programmers could not read the code from old programmers, because - horrors - they might understand that there might be a Hole, making them guilty of a Thoughtcrime.

The "holed" systems could naturally never be recoded to, say, CVS.

"We have no security problems. We have never had any security problems."

"But I remember clearly, that only a week ago, we had a security problem - - - AAAARGH!" That was eight.

After a few generations, no one could build a secure system. And the hax0rz would still blow through the holes in the system....

"Worm! Look out, guv'nor! Bang coming in in the network monitor! Lay down quick!"

*Ptooowm*

This is what it would be in the worst case, unless we would say that people would still talk about security matters "under the ground" as soon as the watchful eye looks the other way. (This claim is erroneus rubbish that is believed to come from the traitor Goldstein from the American magazine "2600".)

This rubbish in question has, among other things, very traitorous claims that are contrary to the Company's official propaganda. The drivel says that previously (somewhere before the year 2100), actually secure systems existed, and the current "eternal upgrade rhumba" is actually just a front for security bug fixes, and the citizens are told that upgrades are only there for new features (as Gates said in one famous claim of his).

"If you want a picture of the future, Winchester, imagine a human booting his computers - for ever."