Sunday, August 30, 2009

So use DMCA Counter-Claim!


In a recent event, it appears that the secure-boot key for the TI-83+ calculator was brute-forced, and Texas Instruments is trying to put the genie back in the bottle by sending out DMCA take down notices. Those receiving the notices are responding foolishly to them instead of filing proper counter-claims. I don't know why.

SECURE BOOT

Many devices are configured so that they will only boot a "signed" operating system. This means that the iPhone's hardware will only boot software signed by Apple, so you cannot install Linux or Windows Mobile on it.

Secure-boot is designed primarily for things that load copyrighted material, like music, videos, and games. However, it's a standard feature of hardware/software development kits. Thus, even simple things like the TI-83+ calculator support secure boot.

The TI-83+'s key was recently cracked with brute-force. This is an interesting milestone. While we have known for some time that it is theoretically practical to crack a 512-bit key, the practical achievement of that feat changes how we think of cybersecurity. That means hackers can pretend to be TI and sign their own operating system for the TI-83+ device. It has implications for everything else using 512-bit RSA keys.

Apparently, the key was cracked with a single desktop computer (dual-core 1.9-GHz) in around 73 days of compute time using software called GNFS (GGNFS+MSieve). It required a database of 52-million relations or 4.9-gigabytes, it used 2.5-gigabytes of RAM.

DMCA TAKEDOWN

TI doesn't like this. Their lawyers have been sending out DMCA "takedown" notices to everyone publishing the key, as well as anybody linking to the key.

Curiously, receivers of the takedown notice have posted "responses" on their sites that have nothing to do with the DMCA. Brandon Wilson has replied to this notice with this response. Tom Cross responds to this notice with this response.

I don't understand the purposes of these responses. They aren't proper "counter-notices" under the DMCA. They have no effect. The lawyers who receive them don't care. They have no impact on publicity. It's like sending a letter to Santa Claus that you didn't like your Xmas presents. It's like yelling at your car when it breaks -- the car doesn't really care. Such responses have no effect on anything.

The law is like code. Actually, the law IS code. We use computer "code" as an analogy for the original definition of code as used in law. The original DMCA notice is programmed according to a specific code. If you want your response to have an effect, it must likewise be coded according to the law.

Consider this line from the original TI takedown notice:

"I hereby confirm that I have a good faith belief that use of the Illegal Material in the manner complained of in this letter is not authorized by the copyright owner"


That line doesn't exist because the sender wanted it to be there, it exists because the law [512(c)(3)(A)(v)] requires such a statement. It's code.

COUNTER-CLAIM

You have to respond in the same code. Simply assert that the material was taken down in error, and that you consent to the jurisdiction of the local federal courts to decide the matter, and that you'll have to put the content back on your site within 14-days. Here is an example counternotice from ChillingEffects.org. They have a automatic counter-notice form here.

This situation is a bit more complicated than that. The original takedown notices are in error. It's not like TI sending a takedown notice to blogger.com to remove something on this blog. In Tom Cross's case, he is both the operator AND the person posting the content.

Of course, when you do this, you are asking TI to sue you. They probably won't, but it's a chance you'll be taking. They spam out a bunch of these letters without ever really caring if people comply with them or not. But here's the thing: you can't sit at home and whine about how unfair the man is. You have to be willing to stand up for what you believe in.

THE TIME AND PLACE

The place to make your arguments is in the courts. That's the only place where they will listen.

In your discussions with TI, they don't explain to you why they think it's infringing. They simply promise you, under threat of perjury, that they have good reasons to think so. Likewise, you don't state your reasons for believing the opposite. You simply state, under threat of perjury, that you have good reason to disagree.

Then, you both go to court and explain your reasons.

Making your arguments to TI will have no effect. They have selective deafness. If they listened to your arguments, they might believe them, and would no longer be able to, in good faith, send out takedown notices. Therefore, no matter how many e-mail you send them, they won't listen.

It's like debt collectors (which many in this economic climate may have dealings with). Arguing that you don't owe them anything doesn't work, they don't care, they aren't listening. But can simply tell them that you believe (in good faith) you don't owe them any money. They then have to stop calling you (according to the legal code) and address the issue in the courts.

I AM A BASTERD, NOT A REVOLUTIONARY

I don't like the DMCA. I'm not going to cave to the man like this. I don't think these links infringe copyright. I don't know the link these guys were asked to take down, but I believe it is "http://www.unitedti.org/index.php?showtopic=8888" (or maybe this link to the older Google cache of that page). Therefore, TI may be sending a message to Google in the near future asking them to take this down. If they do, this will be my counter-claim (to Google/Blogger):

In regards to the material at "http://erratasec.blogspot.com" removed by you pursuant to 17 U.S.C. Section 512. I have a good faith belief that this material was removed or disabled in error as a result of mistake or misidentification of the material. I declare that this is true and accurate under penalty of perjury under the laws of the United States of America.
For the purposes of this matter, I consent to the jurisdiction of the Federal District Court for the judicial district in Northern Geogia. I also consent to service of process by the person providing notification under Section 512(c)(1)(C) or that person's agent. However, by this letter, I do not waive any other rights, including the ability to pursue an action for the removal or disabling of access to this material, if wrongful.
Having complied with the requirements of Section 512(g)(3), I remind you that you must now replace the blocked or removed material and cease disabling access to it within fourteen business days of your receipt of this notice. Please notify me when this has been done.
I appreciate your prompt attention to this matter. If you have any questions about this notice, please do not hesitate to contact me.

Sincerely,
Robert David Graham
robert_david_graham@yahoo.com

6 comments:

nickhacks said...

Sure, sending the counter-claims is one thing, but using the Streisand Effect to get the word out and spread information that is being taken down is an effective strategy as well. Which, by linking, you effectively did. I'm sure if there hadn't been a DMCA take down campaign over this, you probably wouldn't have linked to that site ;)

Paul Dixon said...

Amen to the Streisand Effect, which I mentioned in my blog post after pastebin.com got a DMCA request from TI (see http://blog.dixo.net/2009/09/18/pastebin-the-ti-89-signing-keys-and-the-dmca/)

Unknown said...

FYI, The Electronic Frontier Foundation has graciously offered to provide me with pro bono legal representation vis-a-vis TI.

Unknown said...

The EFF has responded to TI.

Anonymous said...

You need think about it. Despite the emails, the overwhelming evidence showing global warming is happening hasn't changed.
"The e-mails do nothing to undermine the very strong scientific consensus . . . that tells us the Earth is warming, that warming is largely a result of human activity," Jane Lubchenco, who heads the National Oceanic and Atmospheric Administration, told a House committee. She said that the e-mails don't cover data from NOAA and NASA, whose independent climate records show dramatic warming.

Anonymous said...

What you think about news - GOPers Hold 'Prayercast' to Ask God to Stop Health Reform ?
Wanna hear your opinion