As of this moment, the security level of the Internet has taken a big hit. And its not because of a new worm or some nefarious hacker collective; its because of a set of badly conceived laws that have been passed by several states.
These measures, referred to as Super DMCA laws (see Freedom-to-Tinkers Super DMCA page) are badly designed laws promoted by the Motion Picture Association of America. Super DMCA legislation has already been passed in Colorado, Delaware, Illinois, Michigan, Oregon, Pennsylvania and Wyoming.
Now Super DMCA has claimed one of its first victims, the award-winning open-source application LaBrea, which is designed to stop the spread of worms such as Nimda across the Internet. Tom Liston, the developer of LaBrea, has stopped distribution of the program for fear of prosecution under the Illinois version of this law.
Why would a program that stops harmful worms from spreading run afoul of a law that is on the surface intended to stop cable theft? Because, like the less-damaging federal DMCA law, Super DMCA is overly broad and lacks common sense (see Peter Coffees column on these laws).
One of the common aspects of these laws is that they make illegal any device or program that can “conceal or to assist another to conceal from any communication service provider or from any lawful authority the existence or place of origin or destination of any communication.” Aside from LaBrea, this makes a whole set of common IT programs and hardware illegal, from firewalls to VPNs to privacy applications.
So if you live in one of these states, you are now breaking the law if you run a firewall. And if youre an IT admin that has all of your internal systems running on NAT, you could face as much as five years in prison and up to a quarter-million-dollar fine.
Tom Listons LaBrea, which I named the most useful application of 2001 and which was also a finalist in eWEEK and PC Magazines 2002 I3 Awards, clearly violates the letter if not the spirit of these laws.
Some would say that Liston probably wouldnt face any legal action, but under the federal DMCA, several companies and individuals have faced legal consequences for actions that had nothing to do with the original intent of the law. Russian programmer Dmitry Sklyarov was even jailed for a time under the DMCA.
Page Two
Liston outlined several of these concerns to me in an e-mail exchange. He wrote: “The real issue here is that the law is just so utterly vague that you cant be sure of anything. Everyone has been telling me that I need to get a lawyers opinion on this, but somehow hiring a lawyer to tell me whether or not I can legally give away what I know is perfectly legitimate software just strikes me as wrong. Just plain wrong.”
Liston also told me that he had been working on a next-generation “LaBrea on steroids,” but this is now in limbo until the Illinois law gets straightened out.
So now, possibly millions of people in these states are breaking the letter of these laws—with fines and jail time possible, if unlikely, penalties. And because of these laws, a highly effective program that stops the spread of worms is no longer available.
So if the spread of a worm ravages your company, you might want to thank the legislatures of Colorado, Delaware, Illinois, Michigan, Oregon, Pennsylvania and Wyoming for making it more likely.
If you live in one of these states, or in a state that is considering one of these Super DMCA laws, you should contact your representatives immediately. And you might want to remind them that if they have any kind of normal IT setup, they are probably also breaking these laws.
For more information on the Super DMCA laws and to see where your state stands, go to the Electronic Frontier Foundations Super DMCA page.
East Coast Technical Director Jim Rapoza can be reached at [email protected].
Search for more stories by Jim Rapoza.
Search for more stories on DMCA.